From df189246ff8f53916baf45e604c00d23066f42de Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 02:50:52 +0900 Subject: [PATCH 01/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: fix sections title Signed-off-by: Suguru Hirahara --- ...nfiguring-playbook-appservice-draupnir-for-all.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 9766af929f1..66b79a7c697 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -16,9 +16,9 @@ Normal Draupnir does come with the benefit of access to Synapse Admin features. Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it can't access Draupnir's user account. -## Installation +## Prerequisites -### Create a main management room. +### Create a main management room The playbook does not create a management room for your Main Draupnir. This task you have to do on your own. @@ -29,11 +29,11 @@ This management room is used to control who has access to your D4A deployment. T As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. >Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. -### Give your main management room an alias. +### Give your main management room an alias Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase. -### Adjusting the playbook configuration. +## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): @@ -45,7 +45,7 @@ matrix_appservice_draupnir_for_all_enabled: true matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" ``` -### Installing +## Installing After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below: @@ -76,7 +76,7 @@ The bot requires a powerlevel of 50 in the management room to control who is all To allow users or whole homeservers you type /plain @draupnir-main:example.com allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially. -### How to provision a D4A once you are allowed to. +### How to provision a D4A once you are allowed to Open a DM with @draupnir-main:example.com and if using an Element client send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. From 66b4ddc14dcd710a462a6df2209b8494d0ecd791 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 02:57:25 +0900 Subject: [PATCH 02/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: merge configuration sections Signed-off-by: Suguru Hirahara --- ...ng-playbook-appservice-draupnir-for-all.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 66b79a7c697..3c7447831f1 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -45,6 +45,28 @@ matrix_appservice_draupnir_for_all_enabled: true matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" ``` +You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable. For example, to change Draupnir's `protectAllJoinedRooms` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +matrix_appservice_draupnir_for_all_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_draupnir_for_all_yaml`. + protectAllJoinedRooms: true +``` + +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation. + +**Notes**: + +- The playbook ships a full copy of the example config that does transfer to provisioned Draupnirs in the production-bots.yaml.j2 file in the template directory of the role. + +- Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyway. It instead touches the config passed to the Draupnirs that your Appservice creates. So the example above (`protectAllJoinedRooms: true`) makes all provisioned Draupnirs protect all joined rooms. + ## Installing After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below: @@ -81,25 +103,3 @@ To allow users or whole homeservers you type /plain @draupnir-main:example.com a Open a DM with @draupnir-main:example.com and if using an Element client send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment. - -### Configuration of D4A - -You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation. Please note that the playbook ships a full copy of the example config that does transfer to provisioned Draupnirs in the production-bots.yaml.j2 file in the template directory of the role. - -Please note that Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyways. Config extension instead touches the config passed to the Draupnirs that your Appservice creates. So for example below makes all provisioned Draupnirs protect all joined rooms. - -You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable to your `inventory/host_vars/matrix.example.com/vars.yml` file. - -For example to change Draupnir's `protectAllJoinedRooms` option to `true` you would add the following to your `vars.yml` file. - -```yaml -matrix_appservice_draupnir_for_all_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_appservice_draupnir_for_all_yaml`. - protectAllJoinedRooms: true -``` From 120b37f3ea29101be3baf0856d5d23491db9309e Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 03:03:55 +0900 Subject: [PATCH 03/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: small edits Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-appservice-draupnir-for-all.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 3c7447831f1..ca9275725bb 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -27,7 +27,8 @@ The management room has to be given an alias and be public when you are setting This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element clients call this powerlevel. As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. ->Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. + +**Anyone in this room can control the bot so it is important that you only invite trusted users to this room.** The room must be unencrypted since the playbook does not support installing Pantalaimon yet. ### Give your main management room an alias @@ -100,6 +101,6 @@ To allow users or whole homeservers you type /plain @draupnir-main:example.com a ### How to provision a D4A once you are allowed to -Open a DM with @draupnir-main:example.com and if using an Element client send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. +To provision a D4A, you need to start a chat with `@draupnir-main:example.com`. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience. Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment. From 3aed18d950a176b043106be2e0b1b34d956013ff Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 11:20:22 +0900 Subject: [PATCH 04/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: remove a note abour Pantalaimon's unavailability Pantalaimon can be installed and it has become available for matrix-bot-draupnir and matrix-bot-mjolnir already. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-appservice-draupnir-for-all.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index ca9275725bb..997a4cc4703 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -28,7 +28,9 @@ This management room is used to control who has access to your D4A deployment. T As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. -**Anyone in this room can control the bot so it is important that you only invite trusted users to this room.** The room must be unencrypted since the playbook does not support installing Pantalaimon yet. +**Anyone in this room can control the bot so it is important that you only invite trusted users to this room.** The room must be unencrypted. + + ### Give your main management room an alias From ee8ba5a3219e95647c38cbba066f4acd811f38c4 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 22:25:24 +0900 Subject: [PATCH 05/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: edit instruction of setting an alias to the management room Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-appservice-draupnir-for-all.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 997a4cc4703..29a0129ab02 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -32,9 +32,11 @@ As noted in the Draupnir install instructions the control room is sensitive. The -### Give your main management room an alias +### Set an alias to the management room -Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase. +Next, set an alias to the management room. + +This alias can be anything you want. However, for increased security during the setup phase, it is recommended to make this alias be a random string. When it has been locked down after setup phase, you can give your room a secondary human readable alias. ## Adjusting the playbook configuration From 9cf1d0bf0adb341f376da753deb200183dc85298 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 11:33:20 +0900 Subject: [PATCH 06/21] Update docs/configuring-playbook-bot-draupnir.md: remove 'c.' from the section title The section is not related to choosing E2EE support. Also: replace the instruction to go to the section with the anchor link. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 0b9714280e2..6ac31771769 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -6,7 +6,7 @@ See the project's [documentation](https://github.com/the-draupnir-project/Draupn This documentation page is about installing Draupnir in bot mode. As an alternative, you can run a multi-instance Draupnir deployment by installing [Draupnir in appservice mode](./configuring-playbook-appservice-draupnir-for-all.md) (called Draupnir-for-all) instead. -If your migrating from Mjolnir skip to step 5b. +If your migrating from Mjolnir skip to [this section](#migrating-from-mjolnir-only-required-if-migrating). ## Register the bot account @@ -101,7 +101,7 @@ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -### c. Migrating from Mjolnir (Only required if migrating.) +### Migrating from Mjolnir (Only required if migrating) Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable Mjolnir if you're doing migration. From 0c033bb66223e4ad5d2c93a58e3a9d99caab46a8 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 11:30:14 +0900 Subject: [PATCH 07/21] Update docs/configuring-playbook-bot-draupnir.md and docs/configuring-playbook-bot-mjolnir.md: create a section for common configs Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 22 ++++++++++++---------- docs/configuring-playbook-bot-mjolnir.md | 22 ++++++++++++---------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 6ac31771769..0ec2273b38c 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -48,6 +48,17 @@ Finally invite the `@bot.draupnir:example.com` account you created earlier into ## Adjusting the playbook configuration +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): + +You must replace `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own value. + +```yaml +# Enable Draupnir +matrix_bot_draupnir_enabled: true + +matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). ### a. Configuration with E2EE support @@ -60,17 +71,12 @@ Add the following configuration to your `inventory/host_vars/matrix.example.com/ # Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md matrix_pantalaimon_enabled: true -# Enable Draupnir -matrix_bot_draupnir_enabled: true - # Tell Draupnir to use Pantalaimon matrix_bot_draupnir_pantalaimon_use: true # User name and password for the bot. Required when using Pantalaimon. matrix_bot_draupnir_pantalaimon_username: "DRAUPNIR_USERNAME_FROM_STEP_1" matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account - -matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Draupnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: @@ -91,14 +97,10 @@ When NOT using Pantalaimon, Draupnir does not log in by itself and you must give Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): -You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own values. +You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. ```yaml -matrix_bot_draupnir_enabled: true - matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" - -matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` ### Migrating from Mjolnir (Only required if migrating) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index f3d2bf95c29..735a775967e 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -44,6 +44,17 @@ Finally invite the `@bot.mjolnir:example.com` account you created earlier into t ## Adjusting the playbook configuration +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): + +You must replace `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own value. + +```yaml +# Enable Mjolnir +matrix_bot_mjolnir_enabled: true + +matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). ### a. Configuration with E2EE support @@ -56,17 +67,12 @@ Add the following configuration to your `inventory/host_vars/matrix.example.com/ # Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md matrix_pantalaimon_enabled: true -# Enable Mjolnir -matrix_bot_mjolnir_enabled: true - # Tell Mjolnir to use Pantalaimon matrix_bot_mjolnir_pantalaimon_use: true # User name and password for the bot. Required when using Pantalaimon. matrix_bot_mjolnir_pantalaimon_username: "MJOLNIR_USERNAME_FROM_STEP_1" matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account - -matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Mjolnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: @@ -87,14 +93,10 @@ When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): -You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own values. +You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. ```yaml -matrix_bot_mjolnir_enabled: true - matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" - -matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` ## Adding Mjolnir synapse antispam module (optional) From 9e3c337080ecb113157c964badc80e5d4c2b0102 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Wed, 11 Dec 2024 11:40:09 +0900 Subject: [PATCH 08/21] Update draupnir and mjolnir docs: create "Extending the configuration" sections Signed-off-by: Suguru Hirahara --- ...ng-playbook-appservice-draupnir-for-all.md | 6 +++- docs/configuring-playbook-bot-draupnir.md | 36 +++++++++---------- docs/configuring-playbook-bot-mjolnir.md | 34 +++++++++--------- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 29a0129ab02..a2c023431e9 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -50,7 +50,11 @@ matrix_appservice_draupnir_for_all_enabled: true matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" ``` -You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable. For example, to change Draupnir's `protectAllJoinedRooms` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: +### Extending the configuration + +You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable. + +For example, to change Draupnir's `protectAllJoinedRooms` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: ```yaml matrix_appservice_draupnir_for_all_extension_yaml: | diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 0ec2273b38c..07bf6e07d51 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -103,6 +103,24 @@ You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" ``` +### Extending the configuration + +You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable. + +For example, to change Draupnir's `recordIgnoredInvites` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +matrix_bot_draupnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_draupnir_configuration_yaml`. + recordIgnoredInvites: true +``` + ### Migrating from Mjolnir (Only required if migrating) Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable Mjolnir if you're doing migration. @@ -196,24 +214,6 @@ To **enable a given protection**, send a command like this: `!draupnir enable PR To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`). -## Extending the configuration - -You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.example.com/vars.yml` file. - -For example to change Draupnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file. - -```yaml -matrix_bot_draupnir_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_bot_draupnir_configuration_yaml`. - recordIgnoredInvites: true -``` - ## Abuse Reports Draupnir supports two methods to receive reports in the management room. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 735a775967e..f2f252277a1 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -99,6 +99,24 @@ You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" ``` +### Extending the configuration + +You can configure additional options by adding the `matrix_bot_mjolnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.example.com/vars.yml` file. + +For example, to change Mjolnir's `recordIgnoredInvites` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +matrix_bot_mjolnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_mjolnir_configuration_yaml`. + recordIgnoredInvites: true +``` + ## Adding Mjolnir synapse antispam module (optional) Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): @@ -133,19 +151,3 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use ## Usage You can refer to the upstream [documentation](https://github.com/matrix-org/mjolnir) for additional ways to use and configure Mjolnir. Check out their [quickstart guide](https://github.com/matrix-org/mjolnir#quickstart-guide) for some basic commands you can give to the bot. - -You can configure additional options by adding the `matrix_bot_mjolnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.example.com/vars.yml` file. - -For example to change Mjolnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file. - -```yaml -matrix_bot_mjolnir_configuration_extension_yaml: | - # Your custom YAML configuration goes here. - # This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_bot_mjolnir_configuration_yaml`. - recordIgnoredInvites: true -``` From 8222c415ce85da048bc091449cf4d13ed3355009 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 15:19:40 +0900 Subject: [PATCH 09/21] Update docs/configuring-playbook-bot-draupnir.md and docs/configuring-playbook-bot-mjolnir.md: create the "End-to-End Encryption support" section Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 10 +++++++--- docs/configuring-playbook-bot-mjolnir.md | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 07bf6e07d51..cf141d9b438 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -59,9 +59,13 @@ matrix_bot_draupnir_enabled: true matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). +### End-to-End Encryption support -### a. Configuration with E2EE support +Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. + +To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +#### Configuration with E2EE support When using Pantalaimon, Draupnir will log in to its bot account itself through Pantalaimon, so configure its username and password. @@ -91,7 +95,7 @@ matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matr matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" ``` -### b. Configuration without E2EE support +#### Configuration without E2EE support When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index f2f252277a1..9c9d66996a1 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -55,9 +55,13 @@ matrix_bot_mjolnir_enabled: true matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). +### End-to-End Encryption support -### a. Configuration with E2EE support +Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. + +To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md). + +#### Configuration with E2EE support When using Pantalaimon, Mjolnir will log in to its bot account itself through Pantalaimon, so configure its username and password. @@ -87,7 +91,7 @@ matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matri matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" ``` -### b. Configuration without E2EE support +#### Configuration without E2EE support When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account. From 96cb6bb2642ccab0eadec8b972a0a9ead7d017b3 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 15:24:31 +0900 Subject: [PATCH 10/21] Update docs/configuring-playbook-bot-mjolnir: adjust the section hierarchy Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-mjolnir.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 9c9d66996a1..cdb5cddc19d 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -103,6 +103,18 @@ You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" ``` +### Adding Mjolnir synapse antispam module (optional) + +To enable Mjolnir synapse antispam module, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): + +```yaml +matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: true +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages: false +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] +``` + ### Extending the configuration You can configure additional options by adding the `matrix_bot_mjolnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.example.com/vars.yml` file. @@ -121,18 +133,6 @@ matrix_bot_mjolnir_configuration_extension_yaml: | recordIgnoredInvites: true ``` -## Adding Mjolnir synapse antispam module (optional) - -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -```yaml -matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: true -matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true -matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages: false -matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false -matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] -``` - ## Installing After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below: From 988dbf626815c98008e371056337699759d41b3d Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 16:18:33 +0900 Subject: [PATCH 11/21] Update draupnir and mjolnir docs: replace numbering This is a follow-up to e5ab17cafd62feb6e68e3234d434d69cbb383962. Signed-off-by: Suguru Hirahara --- ...uring-playbook-appservice-draupnir-for-all.md | 6 ++---- docs/configuring-playbook-bot-draupnir.md | 16 ++++++---------- docs/configuring-playbook-bot-mjolnir.md | 14 +++++--------- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index a2c023431e9..874f3f029bb 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -40,14 +40,12 @@ This alias can be anything you want. However, for increased security during the ## Adjusting the playbook configuration -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -You must replace `ALIAS_FROM_STEP_2_GOES_HERE` with the alias you created in step 2. +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `MANAGEMENT_ROOM_ALIAS_HERE`. ```yaml matrix_appservice_draupnir_for_all_enabled: true -matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE" +matrix_appservice_draupnir_for_all_master_control_room_alias: "MANAGEMENT_ROOM_ALIAS_HERE" ``` ### Extending the configuration diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index cf141d9b438..c6364700064 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -48,15 +48,13 @@ Finally invite the `@bot.draupnir:example.com` account you created earlier into ## Adjusting the playbook configuration -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -You must replace `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own value. +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `MANAGEMENT_ROOM_ID_HERE`. ```yaml # Enable Draupnir matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +matrix_bot_draupnir_management_room: "MANAGEMENT_ROOM_ID_HERE" ``` ### End-to-End Encryption support @@ -79,7 +77,7 @@ matrix_pantalaimon_enabled: true matrix_bot_draupnir_pantalaimon_use: true # User name and password for the bot. Required when using Pantalaimon. -matrix_bot_draupnir_pantalaimon_username: "DRAUPNIR_USERNAME_FROM_STEP_1" +matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account ``` @@ -99,12 +97,10 @@ matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_ When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account. -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#get-an-access-token). ```yaml -matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" +matrix_bot_draupnir_access_token: "ACCESS_TOKEN_HERE" ``` ### Extending the configuration @@ -228,7 +224,7 @@ The first method intercepts the report API endpoint of the client-server API, wh matrix_bot_draupnir_abuse_reporting_enabled: true ``` -The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user (see step 1). To enable it, set `pollReports: true` in Draupnir's config: +The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user ([see above](#register-the-bot-account)). To enable it, set `pollReports: true` in Draupnir's config: ```yaml matrix_bot_draupnir_configuration_extension_yaml: | diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index cdb5cddc19d..b8fa35f4cd9 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -44,15 +44,13 @@ Finally invite the `@bot.mjolnir:example.com` account you created earlier into t ## Adjusting the playbook configuration -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -You must replace `ROOM_ID_FROM_STEP_4_GOES_HERE` with your own value. +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `MANAGEMENT_ROOM_ID_HERE`. ```yaml # Enable Mjolnir matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +matrix_bot_mjolnir_management_room: "MANAGEMENT_ROOM_ID_HERE" ``` ### End-to-End Encryption support @@ -75,7 +73,7 @@ matrix_pantalaimon_enabled: true matrix_bot_mjolnir_pantalaimon_use: true # User name and password for the bot. Required when using Pantalaimon. -matrix_bot_mjolnir_pantalaimon_username: "MJOLNIR_USERNAME_FROM_STEP_1" +matrix_bot_mjolnir_pantalaimon_username: "bot.mjolnir" matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account ``` @@ -95,12 +93,10 @@ matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_u When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account. -Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): - -You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` with your own value. +Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#get-an-access-token). ```yaml -matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" +matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_HERE" ``` ### Adding Mjolnir synapse antispam module (optional) From 743593c89c69c0edad4db25e24dc3cbd0c5ee00e Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 16:28:11 +0900 Subject: [PATCH 12/21] Update draupnir and mjolnir docs: create "Prerequisites" section Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 10 ++++++---- docs/configuring-playbook-bot-mjolnir.md | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index c6364700064..eb62e01aafa 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -8,7 +8,9 @@ This documentation page is about installing Draupnir in bot mode. As an alternat If your migrating from Mjolnir skip to [this section](#migrating-from-mjolnir-only-required-if-migrating). -## Register the bot account +## Prerequisites + +### Register the bot account The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. @@ -24,11 +26,11 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupni If you would like Draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ([see below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. -## Get an access token +### Get an access token Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). -## Make sure the account is free from rate limiting +### Make sure the account is free from rate limiting You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. @@ -36,7 +38,7 @@ If your Synapse Admin API is exposed to the internet for some reason like runnin The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit` Replace `@bot.draupnir:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir itself. If you made Draupnir Admin you can just use the Draupnir token. -## Create a management room +### Create a management room Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index b8fa35f4cd9..e8fbd071563 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -4,7 +4,9 @@ The playbook can install and configure the [Mjolnir](https://github.com/matrix-o See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you. -## Register the bot account +## Prerequisites + +### Register the bot account The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. @@ -20,11 +22,11 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. -## Get an access token +### Get an access token Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). -## Make sure the account is free from rate limiting +### Make sure the account is free from rate limiting You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. @@ -32,7 +34,7 @@ If your Synapse Admin API is exposed to the internet for some reason like runnin The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit` Replace `@bot.mjolnir:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir itself. If you made Mjolnir Admin you can just use the Mjolnir token. -## Create a management room +### Create a management room Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. From f1bb17907d8a1f3c7fb9d5d2bda05bc738f1e8d5 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 16:30:51 +0900 Subject: [PATCH 13/21] Update draupnir and mjolnir docs: emphasize necessity of disabling rate limit Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 4 +++- docs/configuring-playbook-bot-mjolnir.md | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index eb62e01aafa..673e75d6603 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -32,7 +32,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ### Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. +You will need to prevent Synapse from rate limiting the bot's account. **This is not an optional step. If you do not do this step Draupnir will crash.** + +This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](configuring-playbook-synapse-admin.md) or running `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index e8fbd071563..12f8e1c6e4d 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -28,7 +28,9 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ### Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. +You will need to prevent Synapse from rate limiting the bot's account. **This is not an optional step. If you do not do this step Mjolnir will crash.** + +This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](configuring-playbook-synapse-admin.md) or running `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. From b632912e447011c45cb150729f8dfa800ec91073 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 12 Dec 2024 20:54:49 +0900 Subject: [PATCH 14/21] Update draupnir and mjolnir docs: instruction for discharging rate limit on Synapse Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 22 ++++++++++++++++++---- docs/configuring-playbook-bot-mjolnir.md | 22 ++++++++++++++++++---- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 673e75d6603..46060ccf2e9 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -32,13 +32,27 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ### Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. **This is not an optional step. If you do not do this step Draupnir will crash.** +If your homeserver's implementation is Synapse, you will need to prevent it from rate limiting the bot's account. **This is a required step. If you do not configure it, Draupnir will crash.** -This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. +This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). It can be accessed both externally and internally. -If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](configuring-playbook-synapse-admin.md) or running `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. +To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit` Replace `@bot.draupnir:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir itself. If you made Draupnir Admin you can just use the Draupnir token. +```yaml +matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true +``` + +The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md). + +**Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). + +To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.draupnir:example.com` with the MXID of your Draupnir and `example.com` with your homeserver domain: + +```sh +curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit +``` + +You can obtain an access token for a homeserver admin account in the same way as you can do so for Draupnir itself. If you have made Draupnir an admin, you can just use the Draupnir token. ### Create a management room diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 12f8e1c6e4d..8949f596ae5 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -28,13 +28,27 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ### Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. **This is not an optional step. If you do not do this step Mjolnir will crash.** +If your homeserver's implementation is Synapse, you will need to prevent it from rate limiting the bot's account. **This is a required step. If you do not configure it, Mjolnir will crash.** -This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. +This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). It can be accessed both externally and internally. -If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](configuring-playbook-synapse-admin.md) or running `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. +To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit` Replace `@bot.mjolnir:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir itself. If you made Mjolnir Admin you can just use the Mjolnir token. +```yaml +matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true +``` + +The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md). + +**Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). + +To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.mjolnir:example.com` with the MXID of your Mjolnir and `example.com` with your homeserver domain: + +```sh +curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit +``` + +You can obtain an access token for a homeserver admin account in the same way as you can do so for Mjolnir itself. If you have made Mjolnir an admin, you can just use the Mjolnir token. ### Create a management room From 704bfa41ccfaa77add8877db9b1f91cc2203978c Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 00:17:37 +0900 Subject: [PATCH 15/21] Update draupnir and mjolnir docs: edit the placeholder for matrix_bot_draupnir_pantalaimon_password and matrix_bot_mjolnir_pantalaimon_password Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 4 ++-- docs/configuring-playbook-bot-mjolnir.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 46060ccf2e9..9bde3204dbc 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -94,9 +94,9 @@ matrix_pantalaimon_enabled: true # Tell Draupnir to use Pantalaimon matrix_bot_draupnir_pantalaimon_use: true -# User name and password for the bot. Required when using Pantalaimon. +# User name and password for the bot you have created above. Required when using Pantalaimon. matrix_bot_draupnir_pantalaimon_username: "bot.draupnir" -matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account +matrix_bot_draupnir_pantalaimon_password: "PASSWORD_FOR_THE_BOT" ``` The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Draupnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 8949f596ae5..f2f01371d64 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -90,9 +90,9 @@ matrix_pantalaimon_enabled: true # Tell Mjolnir to use Pantalaimon matrix_bot_mjolnir_pantalaimon_use: true -# User name and password for the bot. Required when using Pantalaimon. +# User name and password for the bot you have created above. Required when using Pantalaimon. matrix_bot_mjolnir_pantalaimon_username: "bot.mjolnir" -matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account +matrix_bot_mjolnir_pantalaimon_password: "PASSWORD_FOR_THE_BOT" ``` The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Mjolnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`: From 9f02a157e965b5693b526832a7451255be056f8e Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 00:24:28 +0900 Subject: [PATCH 16/21] Update draupnir and mjolnir docs: add an anchor link to "Configuration with E2EE support" Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 2 +- docs/configuring-playbook-bot-mjolnir.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 9bde3204dbc..9240abaa8fb 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -58,7 +58,7 @@ You can obtain an access token for a homeserver admin account in the same way as Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. -If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see [below](#configuration-with-e2ee-support)). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element Web you can do this by going to the room's settings, clicking Advanced, and then copying the internal room ID. The room ID will look something like `!qporfwt:example.com`. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index f2f01371d64..76eea4e5c4c 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -54,7 +54,7 @@ You can obtain an access token for a homeserver admin account in the same way as Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. -If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below). +If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see [below](#configuration-with-e2ee-support)). Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element Web you can do this by going to the room's settings, clicking Advanced, and then copying the internal room ID. The room ID will look something like `!qporfwt:example.com`. From 66f2413817ea4a499d7e38ea4eb0e5c7d53d05d8 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 01:03:54 +0900 Subject: [PATCH 17/21] Update docs/configuring-playbook-bot-draupnir.md: move the "Abuse Reports" section above Also: use "pollReports: true" as an example for extending the configuration. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 33 ++++++++++------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 9240abaa8fb..8cf52a00425 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -121,11 +121,23 @@ Add the following configuration to your `inventory/host_vars/matrix.example.com/ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_HERE" ``` +### Abuse Reports + +Draupnir supports two methods to receive reports in the management room. + +The first method intercepts the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver. If you are using traefik, this playbook can set this up for you: + +```yaml +matrix_bot_draupnir_abuse_reporting_enabled: true +``` + +The other method polls an Synapse Admin API endpoint, hence it is available only if using Synapse and if the Draupnir user is an admin (see [above](#register-the-bot-account)). To enable it, set `pollReports: true` on `vars.yml` file as below. + ### Extending the configuration You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable. -For example, to change Draupnir's `recordIgnoredInvites` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: +For example, to change Draupnir's `pollReports` option to `true`, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: ```yaml matrix_bot_draupnir_configuration_extension_yaml: | @@ -136,7 +148,7 @@ matrix_bot_draupnir_configuration_extension_yaml: | # # If you need something more special, you can take full control by # completely redefining `matrix_bot_draupnir_configuration_yaml`. - recordIgnoredInvites: true + pollReports: true ``` ### Migrating from Mjolnir (Only required if migrating) @@ -231,20 +243,3 @@ To **set a specific option for a given protection**, send a command like this: ` To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`). To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`). - -## Abuse Reports - -Draupnir supports two methods to receive reports in the management room. - -The first method intercepts the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver. If you are using traefik, this playbook can set this up for you: - -```yaml -matrix_bot_draupnir_abuse_reporting_enabled: true -``` - -The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user ([see above](#register-the-bot-account)). To enable it, set `pollReports: true` in Draupnir's config: - -```yaml -matrix_bot_draupnir_configuration_extension_yaml: | - pollReports: true -``` From ab5408779cd337fcdd0b4a50baad282767168784 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 00:41:34 +0900 Subject: [PATCH 18/21] Update docs/configuring-playbook-bot-draupnir.md and docs/configuring-playbook-bot-mjolnir.md: small edits Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 12 +++++------- docs/configuring-playbook-bot-mjolnir.md | 10 ++++------ 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 8cf52a00425..5270fb10104 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -12,9 +12,7 @@ If your migrating from Mjolnir skip to [this section](#migrating-from-mjolnir-on ### Register the bot account -The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. - -You **need to register the bot user manually** before setting up the bot. +The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot. Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. @@ -24,17 +22,17 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` -If you would like Draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports ([see below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. +If you would like Draupnir to be able to deactivate users, move aliases, shutdown rooms, show abuse reports (see [below](#abuse-reports)), etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. ### Get an access token -Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). +The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ### Make sure the account is free from rate limiting If your homeserver's implementation is Synapse, you will need to prevent it from rate limiting the bot's account. **This is a required step. If you do not configure it, Draupnir will crash.** -This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). It can be accessed both externally and internally. +This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally. To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. @@ -46,7 +44,7 @@ The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/syna **Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). -To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.draupnir:example.com` with the MXID of your Draupnir and `example.com` with your homeserver domain: +To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.draupnir:example.com` with the MXID of your Draupnir: ```sh curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 76eea4e5c4c..398869c38e0 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -8,9 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/mjolnir) to lear ### Register the bot account -The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. - -You **need to register the bot user manually** before setting up the bot. +The playbook does not automatically create users for you. You **need to register the bot user manually** before setting up the bot. Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. @@ -24,13 +22,13 @@ If you would like Mjolnir to be able to deactivate users, move aliases, shutdown ### Get an access token -Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). +The bot requires an access token to be able to connect to your homeserver. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ### Make sure the account is free from rate limiting If your homeserver's implementation is Synapse, you will need to prevent it from rate limiting the bot's account. **This is a required step. If you do not configure it, Mjolnir will crash.** -This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). It can be accessed both externally and internally. +This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally. To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. @@ -42,7 +40,7 @@ The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/syna **Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). -To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.mjolnir:example.com` with the MXID of your Mjolnir and `example.com` with your homeserver domain: +To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. Before running it, make sure to replace `@bot.mjolnir:example.com` with the MXID of your Mjolnir: ```sh curl --header "Authorization: Bearer " -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit From 1724551f3c9462b6227313c36a5cfea164b93cef Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 13:05:55 +0900 Subject: [PATCH 19/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: use a common expression cf. docs/configuring-playbook-alertmanager-receiver.md Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-appservice-draupnir-for-all.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 874f3f029bb..4a03189a748 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -20,7 +20,7 @@ Draupnir for all does not support external tooling like [MRU](https://mru.rory.g ### Create a main management room -The playbook does not create a management room for your Main Draupnir. This task you have to do on your own. +The playbook does not create a management room for your Main Draupnir. You **need to create the room manually** before setting up the bot. The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites and invites to the management room. From bfba7a3c0b28fa8e8d6a6e5c2c26caa9eb1e6002 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 13:13:57 +0900 Subject: [PATCH 20/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: integrate the description for installation by Draupnir into our description Check the original one: 120b37f3ea29101be3baf0856d5d23491db9309e Signed-off-by: Suguru Hirahara --- ...configuring-playbook-appservice-draupnir-for-all.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index 4a03189a748..be1ed67d7c5 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -22,15 +22,15 @@ Draupnir for all does not support external tooling like [MRU](https://mru.rory.g The playbook does not create a management room for your Main Draupnir. You **need to create the room manually** before setting up the bot. -The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites and invites to the management room. +Note that the room must be unencrypted. -This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element clients call this powerlevel. + -As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions. +The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites and invites to the management room. -**Anyone in this room can control the bot so it is important that you only invite trusted users to this room.** The room must be unencrypted. +This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element clients call this powerlevel. - +As noted in the Draupnir install instructions the control room is sensitive. **Anyone in this room can control the bot so it is important that you only invite trusted users to this room.** ### Set an alias to the management room From 9c2ff994b21beb622ce52eeb31d1c7b3f773282b Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 13 Dec 2024 13:26:37 +0900 Subject: [PATCH 21/21] Update docs/configuring-playbook-appservice-draupnir-for-all.md: fix a typo Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-appservice-draupnir-for-all.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-appservice-draupnir-for-all.md b/docs/configuring-playbook-appservice-draupnir-for-all.md index be1ed67d7c5..a6269552637 100644 --- a/docs/configuring-playbook-appservice-draupnir-for-all.md +++ b/docs/configuring-playbook-appservice-draupnir-for-all.md @@ -95,7 +95,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it. -The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for allis almost identical to Draupnir bot mode. +The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode. ### Granting Users the ability to use D4A