├── charts └── draupnir │ ├── templates │ ├── NOTES.txt │ ├── secret.yaml │ ├── pvc.yaml │ ├── service.yaml │ ├── tests │ │ └── test-connection.yaml │ ├── ingress.yaml │ ├── _helpers.tpl │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ └── values.yaml ├── README.md ├── .gitattributes ├── .editorconfig ├── .pre-commit-config.yaml └── .github └── workflows ├── release.yaml └── test.yaml /charts/draupnir/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Your draupnir is set up. Please follow the docs for further setup steps. 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Draupnir Helm Charts 2 | 3 | This is a WIP Repo. Please do not use it in production yet. Please check back later. 4 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2024 Aminda Suomalainen 2 | # 3 | # SPDX-License-Identifier: CC0-1.0 4 | 5 | * text=auto eol=lf 6 | *.gif filter=lfs diff=lfs merge=lfs -text 7 | -------------------------------------------------------------------------------- /charts/draupnir/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: 4 | name: {{ include "draupnir.fullname" . }}-config-secret 5 | labels: 6 | {{- include "draupnir.labels" . | nindent 4 }} 7 | data: 8 | config.yaml: {{ .Values.config | b64enc | quote }} 9 | -------------------------------------------------------------------------------- /charts/draupnir/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled -}} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "draupnir.fullname" . }}-pvc 6 | spec: 7 | {{- with .Values.persistence.accessModes }} 8 | accessModes: 9 | {{- toYaml . | nindent 8 }} 10 | {{- end }} 11 | 12 | {{- with .Values.persistence.resources }} 13 | resources: 14 | {{- toYaml . | nindent 8 }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/draupnir/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/draupnir/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "draupnir.fullname" . }} 6 | labels: 7 | {{- include "draupnir.labels" . | nindent 4 }} 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - port: 8080 12 | targetPort: http 13 | protocol: TCP 14 | name: http 15 | selector: 16 | {{- include "draupnir.selectorLabels" . | nindent 4 }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*.{ts, tsx, js, jsx}] 4 | charset = utf-8 5 | indent_style = space 6 | indent_size = 2 7 | end_of_line = lf 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*{.md}] 12 | end_of_line = lf 13 | trim_trailing_whitespace = true 14 | insert_final_newline = true 15 | charset = utf-8 16 | indent_style = space 17 | indent_size = 4 18 | 19 | [{LICENSE,NOTICE,*.{yml,yaml,json}}] 20 | trim_trailing_whitespace = false 21 | indent_style = space 22 | indent_size = unset 23 | -------------------------------------------------------------------------------- /charts/draupnir/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "draupnir.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "draupnir.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "draupnir.fullname" . }}:8080/health'] 15 | securityContext: 16 | allowPrivilegeEscalation: false 17 | capabilities: 18 | drop: 19 | - ALL 20 | readOnlyRootFilesystem: true 21 | runAsNonRoot: true 22 | restartPolicy: Never 23 | -------------------------------------------------------------------------------- /charts/draupnir/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: draupnir 3 | description: A Helm chart for the Draupnir moderation bot 4 | 5 | type: application 6 | 7 | # This is the chart version. This version number should be incremented each time you make changes 8 | # to the chart and its templates, including the app version. 9 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 10 | version: 0.1.0 11 | 12 | # This is the version number of the application being deployed. This version number should be 13 | # incremented each time you make changes to the application. Versions are not expected to 14 | # follow Semantic Versioning. They should reflect the version the application is using. 15 | # It is recommended to use it with quotes. 16 | appVersion: "v2.2.0" 17 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # See https://pre-commit.com for more information 2 | # See https://pre-commit.com/hooks.html for more hooks 3 | # See https://pre-commit.ci for more information 4 | ci: 5 | autoupdate_schedule: weekly 6 | repos: 7 | - repo: https://github.com/pre-commit/pre-commit-hooks 8 | rev: v5.0.0 9 | hooks: 10 | - id: trailing-whitespace 11 | args: ["--markdown-linebreak-ext", "md"] 12 | exclude_types: [svg] 13 | - id: end-of-file-fixer 14 | - id: check-yaml 15 | exclude: ^charts/(draupnir|draupnir-appservice)/templates/ 16 | - id: check-added-large-files 17 | - repo: https://github.com/editorconfig-checker/editorconfig-checker.python 18 | rev: "3.2.1" 19 | hooks: 20 | - id: editorconfig-checker 21 | alias: ec 22 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | release: 5 | types: [created] 6 | workflow_dispatch: 7 | 8 | jobs: 9 | release: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | contents: write 13 | packages: write 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | 20 | - name: Configure Git 21 | run: | 22 | git config user.name "$GITHUB_ACTOR" 23 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 24 | 25 | - name: Run chart-releaser 26 | uses: bitdeps/helm-oci-charts-releaser@v0.1.4 27 | with: 28 | oci_registry: ghcr.io/the-draupnir-project 29 | oci_username: the-draupnir-project 30 | oci_password: ${{ secrets.GITHUB_TOKEN }} 31 | github_token: ${{ secrets.GITHUB_TOKEN }} 32 | skip_gh_release: true 33 | mark_as_latest: true 34 | -------------------------------------------------------------------------------- /charts/draupnir/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "draupnir.fullname" . }} 6 | labels: 7 | {{- include "draupnir.labels" . | nindent 4 }} 8 | {{- with .Values.ingress.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- with .Values.ingress.className }} 14 | ingressClassName: {{ . }} 15 | {{- end }} 16 | {{- if .Values.ingress.tls }} 17 | tls: 18 | {{- range .Values.ingress.tls }} 19 | - hosts: 20 | {{- range .hosts }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | secretName: {{ .secretName }} 24 | {{- end }} 25 | {{- end }} 26 | rules: 27 | {{- range .Values.ingress.hosts }} 28 | - host: {{ .host | quote }} 29 | http: 30 | paths: 31 | {{- range .paths }} 32 | - path: {{ .path }} 33 | {{- with .pathType }} 34 | pathType: {{ . }} 35 | {{- end }} 36 | backend: 37 | service: 38 | name: {{ include "draupnir.fullname" $ }} 39 | port: 40 | number: 8080 41 | {{- end }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: Deployment Test 2 | 3 | on: 4 | pull_request: 5 | jobs: 6 | helm-lint-test: 7 | runs-on: ubuntu-latest 8 | needs: build 9 | steps: 10 | - name: Checkout 11 | uses: actions/checkout@v4 12 | with: 13 | fetch-depth: 0 # need main branch to diff against 14 | - name: Set up Helm 15 | uses: azure/setup-helm@v4 16 | - uses: actions/setup-python@v5 17 | with: 18 | python-version: "3.12" 19 | check-latest: true 20 | - name: Set up chart-testing 21 | uses: helm/chart-testing-action@v2.7.0 22 | - name: Check if Helm charts updated (run chart-testing list-changed) 23 | id: list-changed 24 | run: | 25 | changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) 26 | if [[ -n "$changed" ]]; then 27 | echo "changed=true" >> "$GITHUB_OUTPUT" 28 | fi 29 | - name: Run chart-testing (lint) 30 | if: steps.list-changed.outputs.changed == 'true' 31 | # --validate-maintainers is disabled because it tries to resolve the name as GitHub user 32 | run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} 33 | - name: Create kind cluster 34 | if: steps.list-changed.outputs.changed == 'true' 35 | uses: helm/kind-action@v1.12.0 36 | - name: Run chart-testing (install) 37 | if: steps.list-changed.outputs.changed == 'true' 38 | run: | 39 | echo "Running chart-testing install for ${{ env.SHORT_SHA }}" 40 | ct install --target-branch ${{ github.event.repository.default_branch }} 41 | -------------------------------------------------------------------------------- /charts/draupnir/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "draupnir.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "draupnir.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "draupnir.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "draupnir.labels" -}} 37 | helm.sh/chart: {{ include "draupnir.chart" . }} 38 | {{ include "draupnir.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "draupnir.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "draupnir.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/draupnir/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "draupnir.fullname" . }} 5 | labels: 6 | {{- include "draupnir.labels" . | nindent 4 }} 7 | annotations: 8 | # Makes sure a config change will trigger a rollout 9 | checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | {{- include "draupnir.selectorLabels" . | nindent 6 }} 15 | strategy: 16 | rollingUpdate: 17 | maxSurge: 25% 18 | maxUnavailable: 25% 19 | type: RollingUpdate 20 | template: 21 | metadata: 22 | {{- with .Values.podAnnotations }} 23 | annotations: 24 | {{- toYaml . | nindent 8 }} 25 | {{- end }} 26 | labels: 27 | {{- include "draupnir.labels" . | nindent 8 }} 28 | {{- with .Values.podLabels }} 29 | {{- toYaml . | nindent 8 }} 30 | {{- end }} 31 | spec: 32 | {{- with .Values.imagePullSecrets }} 33 | imagePullSecrets: 34 | {{- toYaml . | nindent 8 }} 35 | {{- end }} 36 | {{- with .Values.podSecurityContext }} 37 | securityContext: 38 | {{- toYaml . | nindent 8 }} 39 | {{- end }} 40 | containers: 41 | - name: {{ .Chart.Name }} 42 | {{- with .Values.securityContext }} 43 | securityContext: 44 | {{- toYaml . | nindent 12 }} 45 | {{- end }} 46 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 47 | imagePullPolicy: {{ .Values.image.pullPolicy }} 48 | ports: 49 | - name: http 50 | containerPort: 8080 51 | protocol: TCP 52 | livenessProbe: 53 | failureThreshold: 3 54 | httpGet: 55 | path: /healthz 56 | port: 8080 57 | initialDelaySeconds: 30 58 | periodSeconds: 30 59 | readinessProbe: 60 | failureThreshold: 3 61 | httpGet: 62 | path: /health 63 | port: 8080 64 | initialDelaySeconds: 30 65 | periodSeconds: 30 66 | {{- with .Values.resources }} 67 | resources: 68 | {{- toYaml . | nindent 12 }} 69 | {{- end }} 70 | volumeMounts: 71 | {{- with .Values.volumeMounts }} 72 | {{- toYaml . | nindent 12 }} 73 | {{- end }} 74 | {{- if .Values.persistence.enabled -}} 75 | - mountPath: /data/storage 76 | name: storage 77 | {{- end }} 78 | - mountPath: /tmp 79 | name: tmp 80 | - mountPath: /data/config/production.yaml 81 | name: config 82 | subPath: config.yaml 83 | readOnly: true 84 | volumes: 85 | {{- with .Values.volumes }} 86 | {{- toYaml . | nindent 8 }} 87 | {{- end }} 88 | {{- if .Values.persistence.enabled -}} 89 | - name: storage 90 | persistentVolumeClaim: 91 | claimName: {{ include "draupnir.fullname" . }}-pvc 92 | {{- end }} 93 | - name: tmp 94 | emptyDir: 95 | sizeLimit: 2048Mi 96 | - name: config 97 | secret: 98 | secretName: {{ include "draupnir.fullname" . }}-config-secret 99 | {{- with .Values.nodeSelector }} 100 | nodeSelector: 101 | {{- toYaml . | nindent 8 }} 102 | {{- end }} 103 | {{- with .Values.affinity }} 104 | affinity: 105 | {{- toYaml . | nindent 8 }} 106 | {{- end }} 107 | {{- with .Values.tolerations }} 108 | tolerations: 109 | {{- toYaml . | nindent 8 }} 110 | {{- end }} 111 | -------------------------------------------------------------------------------- /charts/draupnir/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for draupnir. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ 6 | image: 7 | repository: gnuxie/draupnir 8 | # This sets the pull policy for images. 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 14 | imagePullSecrets: [] 15 | # This is to override the chart name. 16 | nameOverride: "" 17 | fullnameOverride: "" 18 | 19 | # This is for setting Kubernetes Annotations to a Pod. 20 | # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 21 | podAnnotations: {} 22 | # This is for setting Kubernetes Labels to a Pod. 23 | # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 24 | podLabels: {} 25 | 26 | podSecurityContext: 27 | allowPrivilegeEscalation: false 28 | capabilities: 29 | drop: 30 | - ALL 31 | readOnlyRootFilesystem: true 32 | runAsNonRoot: true 33 | runAsGroup: 1000 34 | 35 | securityContext: 36 | {} 37 | # capabilities: 38 | # drop: 39 | # - ALL 40 | # readOnlyRootFilesystem: true 41 | # runAsNonRoot: true 42 | # runAsUser: 1000 43 | 44 | # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ 45 | # This is only required for things like reports 46 | ingress: 47 | enabled: false 48 | className: "" 49 | annotations: 50 | {} 51 | # kubernetes.io/ingress.class: nginx 52 | # kubernetes.io/tls-acme: "true" 53 | hosts: 54 | - host: chart-example.local 55 | paths: 56 | - path: / 57 | pathType: ImplementationSpecific 58 | tls: [] 59 | # - secretName: chart-example-tls 60 | # hosts: 61 | # - chart-example.local 62 | 63 | resources: 64 | {} 65 | # We usually recommend not to specify default resources and to leave this as a conscious 66 | # choice for the user. This also increases chances charts run on environments with little 67 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 68 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 69 | # limits: 70 | # cpu: 100m 71 | # memory: 128Mi 72 | # requests: 73 | # cpu: 100m 74 | # memory: 128Mi 75 | 76 | # Additional volumes on the output Deployment definition. 77 | volumes: [] 78 | # - name: foo 79 | # secret: 80 | # secretName: mysecret 81 | # optional: false 82 | 83 | # Additional volumeMounts on the output Deployment definition. 84 | volumeMounts: [] 85 | # - name: foo 86 | # mountPath: "/etc/foo" 87 | # readOnly: true 88 | 89 | nodeSelector: {} 90 | 91 | tolerations: [] 92 | 93 | affinity: {} 94 | 95 | # Used for the sqlite storage: 96 | persistence: 97 | enabled: false 98 | accessModes: 99 | - ReadWriteOnce 100 | resources: 101 | requests: 102 | storage: 512M 103 | 104 | # This is a copy of https://github.com/the-draupnir-project/Draupnir/blob/v2.2.0/config/default.yaml 105 | # See https://the-draupnir-project.github.io/draupnir-documentation/category/moderators-guide for more information 106 | # on the configuration options. 107 | config: 108 | # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API), 109 | # set this to the pantalaimon URL if you're using that. 110 | homeserverUrl: "https://matrix.org" 111 | 112 | # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/), 113 | # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. 114 | rawHomeserverUrl: "https://matrix.org" 115 | 116 | # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false. 117 | # This option can be loaded from a file by passing "--access-token-path " at the command line, 118 | # which would allow using secret management systems such as systemd's service credentials. 119 | accessToken: "YOUR_TOKEN_HERE" 120 | 121 | # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) 122 | pantalaimon: 123 | # Whether or not Draupnir will use pantalaimon to access the matrix homeserver, 124 | # set to `true` if you're using pantalaimon. 125 | # 126 | # Be sure to point homeserverUrl to the pantalaimon instance. 127 | # 128 | # Draupnir will log in using the given username and password once, 129 | # then store the resulting access token in a file under dataPath. 130 | use: false 131 | 132 | # The username to login with. 133 | username: draupnir 134 | 135 | # The password Draupnir will login with. 136 | # 137 | # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. 138 | # This option can be loaded from a file by passing "--pantalaimon-password-path " at the command line, 139 | # which would allow using secret management systems such as systemd's service credentials. 140 | password: your_password 141 | 142 | # Experimental usage of the matrix-bot-sdk rust crypto. 143 | # This can not be used with Pantalaimon. 144 | # Make sure to setup the bot as if you are not using pantalaimon for this. 145 | # 146 | # Warning: At this time this is not considered production safe. 147 | experimentalRustCrypto: false 148 | 149 | # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers. 150 | dataPath: "/data/storage" 151 | 152 | # If true (the default), Draupnir will only accept invites from users present in managementRoom. 153 | autojoinOnlyIfManager: true 154 | 155 | # If `autojoinOnlyIfManager` is false, only the members in this space can invite 156 | # the bot to new rooms. 157 | acceptInvitesFromSpace: "!example:example.org" 158 | 159 | # Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true). 160 | recordIgnoredInvites: false 161 | 162 | # The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir. 163 | # 164 | # Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it! 165 | # 166 | # This should be a room alias or room ID - not a matrix.to URL. 167 | # 168 | # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room. 169 | # (see verboseLogging to adjust this a bit.) 170 | managementRoom: "#moderators:example.org" 171 | 172 | # Deprecated and will be removed in a future version. 173 | # Running with verboseLogging is unsupported. 174 | # Whether Draupnir should log a lot more messages in the room, 175 | # mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room. 176 | verboseLogging: false 177 | 178 | # The log level of terminal (or container) output, 179 | # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. 180 | # 181 | # This should be at INFO or DEBUG in order to get support for Draupnir problems. 182 | logLevel: "INFO" 183 | 184 | # Whether or not Draupnir should check moderation permissions in all protected rooms on startup. 185 | # Equivalent to running `!draupnir verify`. 186 | verifyPermissionsOnStartup: true 187 | 188 | # Whether or not Draupnir should actually apply bans and policy lists, 189 | # turn on to trial some untrusted configuration or lists. 190 | noop: false 191 | 192 | # Whether or not Draupnir should apply `m.room.server_acl` events. 193 | # DO NOT change this to `true` unless you are very confident that you know what you are doing. 194 | disableServerACL: false 195 | 196 | # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. 197 | # 198 | # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, 199 | # it will also remove the user's messages automatically. 200 | # 201 | # Typically this is useful to avoid having to give two commands to the bot. 202 | # Advanced: Use asterisks to have the reason match using "globs" 203 | # (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). 204 | # 205 | # See here for more info: https://www.digitalocean.com/community/tools/glob 206 | # Note: Keep in mind that glob is NOT regex! 207 | automaticallyRedactForReasons: 208 | - "spam" 209 | - "advertising" 210 | 211 | # Whether or not to add all joined rooms to the "protected rooms" list 212 | # (excluding the management room and watched policy list rooms, see below). 213 | # 214 | # Note that this effectively makes the protectedRooms and associated commands useless 215 | # for regular rooms. 216 | # 217 | # Note: the management room is *excluded* from this condition. 218 | # Explicitly add it as a protected room to protect it. 219 | # 220 | # Note: Ban list rooms the bot is watching but didn't create will not be protected. 221 | # Explicitly add these rooms as a protected room list if you want them protected. 222 | protectAllJoinedRooms: false 223 | 224 | # Increase this delay to have Draupnir wait longer between two consecutive backgrounded 225 | # operations. The total duration of operations will be longer, but the homeserver won't 226 | # be affected as much. Conversely, decrease this delay to have Draupnir chain operations 227 | # faster. The total duration of operations will generally be shorter, but the performance 228 | # of the homeserver may be more impacted. 229 | backgroundDelayMS: 500 230 | 231 | # Server administration commands, these commands will only work if Draupnir is 232 | # a global server administrator, and the bot's server is a Synapse instance. 233 | admin: 234 | # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room 235 | # (with enough permissions) to "make" a user an admin. 236 | # 237 | # This only works if a local user with enough admin permissions is present in the room. 238 | enableMakeRoomAdminCommand: false 239 | 240 | # Misc options for command handling and commands 241 | commands: 242 | # Whether or not the `!draupnir` prefix is necessary to submit commands. 243 | # 244 | # If `true`, will allow commands like `!ban`, `!help`, etc. 245 | # 246 | # Note: Draupnir can also be pinged by display name instead of having to use 247 | # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" 248 | # will address only my_moderator_bot. 249 | allowNoPrefix: false 250 | 251 | # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`. 252 | additionalPrefixes: 253 | - "draupnir" 254 | 255 | # The default reasons to be prompted with if the reason is missing from a ban command. 256 | ban: 257 | defaultReasons: 258 | - "spam" 259 | - "brigading" 260 | - "harassment" 261 | - "disagreement" 262 | 263 | # Configuration specific to certain toggle-able protections 264 | protections: 265 | # Configuration for the wordlist plugin, which can ban users based if they say certain 266 | # blocked words shortly after joining. 267 | wordlist: 268 | # A list of case-insensitive keywords that the WordList protection will watch for from new users. 269 | # 270 | # WordList will ban users who use these words when first joining a room, so take caution when selecting them. 271 | # 272 | # The word list protection does not support regular expressions at this time. 273 | # The configuration in the past stated support for Regex erroneously. 274 | # 275 | words: 276 | - "LoReM" 277 | - "IpSuM" 278 | - "DoLoR" 279 | - "aMeT" 280 | 281 | # For how long (in minutes) the user is "new" to the WordList plugin. 282 | # 283 | # After this time, the user will no longer be banned for using a word in the above wordlist. 284 | # 285 | # Set to zero to disable the timeout and make users *always* appear "new". 286 | # (users will always be banned if they say a bad word) 287 | minutesBeforeTrusting: 20 288 | 289 | # The room state backing store writes a copy of the room state for all protected 290 | # rooms to the data directory. 291 | # It is recommended to enable this option unless you deploy Draupnir close to the 292 | # homeserver and know that Draupnir is starting up quickly. If your homeserver can 293 | # respond quickly to Draupnir's requests for `/state` then you might not need this option. 294 | roomStateBackingStore: 295 | enabled: true 296 | 297 | # Safe mode provides recovery options for some failure modes when Draupnir 298 | # fails to start. For example, if the bot fails to resolve a room alias in 299 | # a watched list, or if the server has parted from a protected room and can't 300 | # find a way back in. Safe mode will provide different options to recover from 301 | # these. Such as unprotecting the room or unwatching the policy list. 302 | # By default Draupnir will boot into safe mode only when the failure mode 303 | # is recoverable. 304 | # It may be desirable to prevent the bot from starting into safe mode if you have 305 | # a pager system when Draupnir is down, as Draupnir could prevent your monitoring 306 | # system from identifying a failure to start. 307 | #safeMode: 308 | # # The option for entering safe mode when Draupnir fails to start up. 309 | # # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default. 310 | # # - "Never" will never start the bot in safe mode when Draupnir fails to start normally. 311 | # # - "Always" will always start the bot in safe mode when Draupnir fails to start normally. 312 | # bootOption: RecoveryOnly 313 | 314 | # Options for advanced monitoring of the health of the bot. 315 | health: 316 | # healthz options. These options are best for use in container environments 317 | # like Kubernetes to detect how healthy the service is. The bot will report 318 | # that it is unhealthy until it is able to process user requests. Typically 319 | # this means that it'll flag itself as unhealthy for a number of minutes 320 | # before saying "Now monitoring rooms" and flagging itself healthy. 321 | # 322 | # Health is flagged through HTTP status codes, defined below. 323 | healthz: 324 | # Whether the healthz integration should be enabled (default false) 325 | enabled: false 326 | 327 | # The port to expose the webserver on. Defaults to 8080. 328 | port: 8080 329 | 330 | # The address to listen for requests on. Defaults to all addresses. 331 | address: "0.0.0.0" 332 | 333 | # The path to expose the monitoring endpoint at. Defaults to `/healthz` 334 | endpoint: "/healthz" 335 | 336 | # The HTTP status code which reports that the bot is healthy/ready to 337 | # process requests. Typically this should not be changed. Defaults to 338 | # 200. 339 | healthyStatus: 200 340 | 341 | # The HTTP status code which reports that the bot is not healthy/ready. 342 | # Defaults to 418. 343 | unhealthyStatus: 418 344 | 345 | # Sentry options. Sentry is a tool used to receive/collate/triage runtime 346 | # errors and performance issues. Skip this section if you do not wish to use 347 | # Sentry. 348 | sentry: 349 | # The key used to upload Sentry data to the server. 350 | # dsn: "https://XXXXXXXXX@example.com/YYY 351 | 352 | # Frequency of performance monitoring. 353 | # A number in [0.0, 1.0], where 0.0 means "don't bother with tracing" 354 | # and 1.0 means "trace performance at every opportunity". 355 | # tracesSampleRate: 0.5 356 | 357 | # Options for exposing web APIs. 358 | web: 359 | # Whether to enable web APIs. 360 | enabled: false 361 | 362 | # The port to expose the webserver on. Defaults to 8080. 363 | port: 8080 364 | 365 | # The address to listen for requests on. Defaults to only the current 366 | # computer. 367 | address: localhost 368 | 369 | # Alternative setting to open to the entire web. Be careful, 370 | # as this will increase your security perimeter: 371 | # 372 | # address: "0.0.0.0" 373 | 374 | # A web API designed to intercept Matrix API 375 | # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId} 376 | # and display readable abuse reports in the moderation room. 377 | # 378 | # If you wish to take advantage of this feature, you will need 379 | # to configure a reverse proxy, see e.g. test/nginx.conf 380 | abuseReporting: 381 | # Whether to enable this feature. 382 | enabled: false 383 | 384 | # Whether or not to actively poll synapse for abuse reports, to be used 385 | # instead of intercepting client calls to synapse's abuse endpoint, when that 386 | # isn't possible/practical. 387 | pollReports: false 388 | 389 | # Whether or not new reports, received either by webapi or polling, 390 | # should be printed to our managementRoom. 391 | displayReports: true 392 | --------------------------------------------------------------------------------