# Homeserver settings homeserver: # The address that Meowlnir can use to connect to the homeserver. address: http://localhost:8008 # The server name of the homeserver. domain: example.com # Meowlnir server settings meowlnir: # The unique ID for the appservice. id: meowlnir # Set to generate to generate random tokens. as_token: generate hs_token: generate # The address that the homeserver can use to connect to Meowlnir. address: http://localhost:29339 # The hostname and port where Meowlnir should listen hostname: 0.0.0.0 port: 29339 # Management secret used for the management API. If set to generate, a random secret will be generated. # If prefixed with sha256:, the rest of the string will be hex-decoded and used as the hash of the secret. # Can also be set to `disable` to disable the API entirely. management_secret: generate # Secret used for the /_meowlnir/data API. Same rules apply as for management_secret. data_secret: generate # Should the /_meowlnir/mxauth APIs be enabled, which allow querying certain data using any Matrix account? # This is necessary for the management web interface. federation_auth: false # If dry run is set to true, meowlnir won't take any actual actions, # but will do everything else as if it was going to take actions. dry_run: false # Should all bots be considered as untrusted? # This will enable some additional checks, e.g. to prevent subscribing to a policy list without being in the room # if another bot has subscribed to it. In the future, this will be configurable per bot. untrusted: false # Which management room should handle requests to the Matrix report API? report_room: '!roomid:example.com' # Which management room should be in charge of deleting rooms from the server? # Room bans will not be processed in other management rooms. room_ban_room: null # If true, Meowlnir will load all room IDs from the Synapse database on startup. load_all_room_hashes: true # If a policy matches any of these entities, the policy is ignored entirely. # This can be used as a hacky way to protect against policies which are too wide. # # The example values can be left here and will already prevent banning everyone, # but you should also add some known-good users and servers that should never get banned. hacky_rule_filter: - "@user:example.com" - example.com # If a policy reason matches any of these patterns, the bot will automatically redact all messages from the banned # target. The reason `spam` is already implicit. Ignored for takedowns. # Uses a glob pattern to match. hacky_redact_patterns: - "spam" # If you don't want to or can't give your moderation bot the admin flag in Synapse, but still want # to be able to use admin API features, you can specify a custom admin access token here for each bot. # This is required when using MAS, as only special tokens have admin API access there. # If this is not specified, the bot will try to use its own as_token for admin API access. # # Example command for MAS-CLI how to generate an admin compatibility token: # mas-cli manage issue-compatibility-token --device-id --yes-i-want-to-grant-synapse-admin-privileges # https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-issue-compatibility-token admin_tokens: "@abuse:example.com": admin_token # If true, Meowlnir will override the profile of banned users to make them less identifiable. # This does not work for all clients who may still display the original profile information. # This is ideal if you are dealing with spam where abusive user IDs are in use. # # This will replace the displayname with "Banned User" and the avatar with a generic placeholder. obfuscate_bans: false # Settings for provisioning new bots using the !provision command. # None of this is relevant unless you offer moderation bots to other users. meowlnir4all: # The management room ID that is allowed to use the !provision command. admin_room: null # The user ID template for new bots # {{ uuidgen }} will be replaced with a random UUIDv4. # {{ randstr n }} will be replaced with a random lowercase alphanumeric string of length n. # {{ .OwnerLocalpart }} will be replaced with the localpart of the owner of the bot. # {{ .OwnerDomain }} will be replaced with the server name of the owner of the bot. localpart_template: "meowlnir_{{ uuidgen }}" # The default displayname for new bots. displayname: "Administrator" # The default avatar URL for new bots. avatar_url: "mxc://matrix.org/NZGChxcCXbBvgkCNZTLXlpux" # The default room name for new management rooms. room_name: "Meowlnir Management Room" # The default lists to subscribe new bots to. default_watched_lists: - name: CME bans room_id: "!fTjMjIzNKEsFlUIiru:neko.dev" shortcode: cme auto_unban: true - name: Cat's Active Threats room_id: "!QJKZNWnsItkUuthamp:feline.support" shortcode: cat auto_unban: true antispam: # Secret used for the synapse-http-antispam API. Same rules apply as for management_secret under meowlnir. secret: generate # If true, Meowlnir will check local invites for spam too instead of only federated ones. filter_local_invites: false # If set, Meowlnir will use this token to reject pending invites from users who get banned. # # This should be an appservice with access to all local users. If you have a double puppeting # appservice set up for bridges, you can reuse that token. If not, just follow the same # instructions: https://docs.mau.fi/bridges/general/double-puppeting.html auto_reject_invites_token: # Should the management room receive a notice about blocked invites? notify_management_room: false # Inviting any of the users listed here will be blocked by default, # unless separately allowed with the !allow-invite command block_invites_to: - "@user:example.com" # Configuration for the policy server. policy_server: # If enabled, always issue redactions for events that are blocked by the policy server. # This is useful to prevent failed events from reaching servers that do not yet respect policy servers. always_redact: true # The Synapse-style private signing key for the policy server. If set to generate, a new random key will be generated. signing_key: generate # Encryption settings. encryption: # Should encryption be enabled? This requires MSC3202, MSC4190 and MSC4203 to be implemented on the server. # Meowlnir also implements MSC4153, which means only verified devices will be allowed to send/receive messages. enable: true # Pickle key used for encrypting encryption keys. # If set to generate, a random key will be generated. pickle_key: generate # Database config for meowlnir itself. database: # The database type. "sqlite3-fk-wal" and "postgres" are supported. type: postgres # The database URI. # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. # https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql uri: postgres://user:password@host/database?sslmode=disable # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 # Maximum connection idle time and lifetime before they're closed. Disabled if null. # Parsed with https://pkg.go.dev/time#ParseDuration max_conn_idle_time: null max_conn_lifetime: null # Database config for accessing the Synapse database. Only postgres is supported. synapse_db: type: postgres uri: postgres://user:password@host/synapse?sslmode=disable max_open_conns: 2 max_idle_conns: 1 max_conn_idle_time: null max_conn_lifetime: null # Logging config. See https://github.com/tulir/zeroconfig for details. logging: min_level: debug writers: - type: stdout format: pretty-colored - type: file format: json filename: ./logs/meowlnir.log max_size: 100 max_backups: 10 compress: false