overmind
/
matrix-docker-ansible-deploy
огледало од https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Креирај огранак 0
Код Дискусије 0 Издања 0 Вики Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8761 Комити
16 Гране
963 MiB
 
 
Дрво: b1faaa60ec
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'b1faaa60ec'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

268 lines
11 KiB
Датотека Blame Историја 

  1. {#

  2. SPDX-FileCopyrightText: 2024 MDAD Team and contributors

  3. 

  4. SPDX-License-Identifier: AGPL-3.0-or-later

  5. #}

  6. 

  7. # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),

  8. # set this to the pantalaimon URL if you're using that.

  9. homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}

  10. 

  11. # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),

  12. # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.

  13. rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}

  14. 

  15. # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.

  16. accessToken: {{ matrix_bot_draupnir_access_token | to_json }}

  17. 

  18. {% if matrix_bot_draupnir_pantalaimon_use %}

  19. # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)

  20. pantalaimon:

  21.   # Whether or not Draupnir will use pantalaimon to access the Matrix homeserver,

  22.   # set to `true` if you're using pantalaimon.

  23.   #

  24.   # Be sure to point homeserverUrl to the pantalaimon instance.

  25.   #

  26.   # Draupnir will log in using the given username and password once,

  27.   # then store the resulting access token in a file under dataPath.

  28.   use: true

  29. 

  30.   # The username to login with.

  31.   username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }}

  32. 

  33.   # The password Draupnir will login with.

  34.   #

  35.   # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.

  36.   password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }}

  37. {% endif %}

  38. 

  39. # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.

  40. dataPath: "/data"

  41. 

  42. # If true (the default), Draupnir will only accept invites from users present in managementRoom.

  43. autojoinOnlyIfManager: true

  44. 

  45. # If `autojoinOnlyIfManager` is false, only the members in this space can invite

  46. # the bot to new rooms.

  47. #acceptInvitesFromSpace: "!qporfwt:example.com"

  48. 

  49. # Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).

  50. recordIgnoredInvites: false

  51. 

  52. # The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.

  53. #

  54. # Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!

  55. #

  56. # This should be a room alias or room ID - not a matrix.to URL.

  57. #

  58. # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.

  59. # (see verboseLogging to adjust this a bit.)

  60. managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}

  61. 

  62. # Deprecated and will be removed in a future version.

  63. # Running with verboseLogging is unsupported.

  64. # Whether Draupnir should log a lot more messages in the room,

  65. # mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.

  66. #verboseLogging: false

  67. 

  68. # The log level of terminal (or container) output,

  69. # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.

  70. #

  71. # This should be at INFO or DEBUG in order to get support for Draupnir problems.

  72. logLevel: "INFO"

  73. 

  74. # Whether or not Draupnir should synchronize policy lists immediately after startup.

  75. # Equivalent to running '!draupnir sync'.

  76. syncOnStartup: true

  77. 

  78. # Whether or not Draupnir should check moderation permissions in all protected rooms on startup.

  79. # Equivalent to running `!draupnir verify`.

  80. verifyPermissionsOnStartup: true

  81. 

  82. # Whether or not Draupnir should actually apply bans and policy lists,

  83. # turn on to trial some untrusted configuration or lists.

  84. noop: false

  85. 

  86. # Whether or not Draupnir should apply `m.room.server_acl` events.

  87. # DO NOT change this to `true` unless you are very confident that you know what you are doing.

  88. disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}

  89. 

  90. # Whether Draupnir should check member lists quicker (by using a different endpoint),

  91. # keep in mind that enabling this will miss invited (but not joined) users.

  92. #

  93. # Turn on if your bot is in (very) large rooms, or in large amounts of rooms.

  94. fasterMembershipChecks: false

  95. 

  96. # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.

  97. #

  98. # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,

  99. # it will also remove the user's messages automatically.

  100. #

  101. # Typically this is useful to avoid having to give two commands to the bot.

  102. # Advanced: Use asterisks to have the reason match using "globs"

  103. # (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").

  104. #

  105. # See here for more info: https://www.digitalocean.com/community/tools/glob

  106. # Note: Keep in mind that glob is NOT regex!

  107. automaticallyRedactForReasons:

  108.   - "spam"

  109.   - "advertising"

  110. 

  111. # A list of rooms to protect. Draupnir will add this to the list it knows from its account data.

  112. #

  113. # It won't, however, add it to the account data.

  114. # Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes.

  115. #

  116. # Note: These must be matrix.to URLs

  117. #protectedRooms:

  118. #  - "https://matrix.to/#/#matrix:example.org"

  119. 

  120. # Whether or not to add all joined rooms to the "protected rooms" list

  121. # (excluding the management room and watched policy list rooms, see below).

  122. #

  123. # Note that this effectively makes the protectedRooms and associated commands useless

  124. # for regular rooms.

  125. #

  126. # Note: the management room is *excluded* from this condition.

  127. # Explicitly add it as a protected room to protect it.

  128. #

  129. # Note: Ban list rooms the bot is watching but didn't create will not be protected.

  130. # Explicitly add these rooms as a protected room list if you want them protected.

  131. protectAllJoinedRooms: false

  132. 

  133. # Increase this delay to have Draupnir wait longer between two consecutive backgrounded

  134. # operations. The total duration of operations will be longer, but the homeserver won't

  135. # be affected as much. Conversely, decrease this delay to have Draupnir chain operations

  136. # faster. The total duration of operations will generally be shorter, but the performance

  137. # of the homeserver may be more impacted.

  138. backgroundDelayMS: 500

  139. 

  140. # Server administration commands, these commands will only work if Draupnir is

  141. # a global server administrator, and the bot's server is a Synapse instance.

  142. admin:

  143.   # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room

  144.   # (with enough permissions) to "make" a user an admin.

  145.   #

  146.   # This only works if a local user with enough admin permissions is present in the room.

  147.   enableMakeRoomAdminCommand: false

  148. 

  149. # Misc options for command handling and commands

  150. commands:

  151.   # Whether or not the `!draupnir` prefix is necessary to submit commands.

  152.   #

  153.   # If `true`, will allow commands like `!ban`, `!help`, etc.

  154.   #

  155.   # Note: Draupnir can also be pinged by display name instead of having to use

  156.   # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"

  157.   # will address only my_moderator_bot.

  158.   allowNoPrefix: false

  159. 

  160.   # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.

  161.   additionalPrefixes:

  162.     - "draupnir-bot"

  163.     - "draupnir_bot"

  164.     - "draupnir"

  165. 

  166.   # Whether or not commands with a wildcard (*) will require an additional `--force` argument

  167.   # in the command to be able to be submitted.

  168.   confirmWildcardBan: true

  169. 

  170.   # The default reasons to be prompted with if the reason is missing from a ban command.

  171.   ban:

  172.     defaultReasons:

  173.       - "spam"

  174.       - "brigading"

  175.       - "harassment"

  176.       - "disagreement"

  177. 

  178. # Configuration specific to certain toggle-able protections

  179. #protections:

  180. #  # Configuration for the wordlist plugin, which can ban users based if they say certain

  181. #  # blocked words shortly after joining.

  182. #  wordlist:

  183. #    # A list of case-insensitive keywords that the WordList protection will watch for from new users.

  184. #    #

  185. #    # WordList will ban users who use these words when first joining a room, so take caution when selecting them.

  186. #    #

  187. #    # For advanced usage, regex can also be used, see the following links for more information;

  188. #    #  - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions

  189. #    #  - https://regexr.com/

  190. #    #  - https://regexone.com/

  191. #    words:

  192. #      - "LoReM"

  193. #      - "IpSuM"

  194. #      - "DoLoR"

  195. #      - "aMeT"

  196. #

  197. #    # For how long (in minutes) the user is "new" to the WordList plugin.

  198. #    #

  199. #    # After this time, the user will no longer be banned for using a word in the above wordlist.

  200. #    #

  201. #    # Set to zero to disable the timeout and make users *always* appear "new".

  202. #    # (users will always be banned if they say a bad word)

  203. #    minutesBeforeTrusting: 20

  204. 

  205. # Options for advanced monitoring of the health of the bot.

  206. health:

  207.   # healthz options. These options are best for use in container environments

  208.   # like Kubernetes to detect how healthy the service is. The bot will report

  209.   # that it is unhealthy until it is able to process user requests. Typically

  210.   # this means that it'll flag itself as unhealthy for a number of minutes

  211.   # before saying "Now monitoring rooms" and flagging itself healthy.

  212.   #

  213.   # Health is flagged through HTTP status codes, defined below.

  214.   healthz:

  215.     # Whether the healthz integration should be enabled (default false)

  216.     enabled: false

  217. 

  218.     # The port to expose the webserver on. Defaults to 8080.

  219.     port: 8080

  220. 

  221.     # The address to listen for requests on. Defaults to all addresses.

  222.     address: "0.0.0.0"

  223. 

  224.     # The path to expose the monitoring endpoint at. Defaults to `/healthz`

  225.     endpoint: "/healthz"

  226. 

  227.     # The HTTP status code which reports that the bot is healthy/ready to

  228.     # process requests. Typically this should not be changed. Defaults to

  229.     # 200.

  230.     healthyStatus: 200

  231. 

  232.     # The HTTP status code which reports that the bot is not healthy/ready.

  233.     # Defaults to 418.

  234.     unhealthyStatus: 418

  235. 

  236. {% if matrix_bot_draupnir_web_enabled %}

  237. # Options for exposing web APIs.

  238. web:

  239.   # Whether to enable web APIs.

  240.   enabled: true

  241. 

  242.   # The port to expose the webserver on. Defaults to 8080.

  243.   port: 8080

  244. 

  245.   # The address to listen for requests on. Defaults to only the current

  246.   # computer.

  247.   address: 0.0.0.0

  248. 

  249.   # A web API designed to intercept Matrix API

  250.   # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}

  251.   # and display readable abuse reports in the moderation room.

  252.   #

  253.   # If you wish to take advantage of this feature, you will need

  254.   # to configure a reverse proxy, see e.g. test/nginx.conf

  255.   abuseReporting:

  256.     # Whether to enable this feature.

  257.     enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}

  258. {% endif %}

  259. 

  260. # Whether or not to actively poll synapse for abuse reports, to be used

  261. # instead of intercepting client calls to synapse's abuse endpoint, when that

  262. # isn't possible/practical.

  263. pollReports: false

  264. 

  265. # Whether or not new reports, received either by webapi or polling,

  266. # should be printed to our managementRoom.

  267. displayReports: {{ matrix_bot_draupnir_display_reports | to_json }}