Raw YAML - Releases: latest, v26.04, v26.03, v26.02, v26.01, v25.12, v25.11, v25.10
1# Homeserver settings
2homeserver:
3 # The address that Meowlnir can use to connect to the homeserver.
4 address: http://localhost:8008
5 # The server name of the homeserver.
6 domain: example.com
7
8# Meowlnir server settings
9meowlnir:
10 # The unique ID for the appservice.
11 id: meowlnir
12 # Set to generate to generate random tokens.
13 as_token: generate
14 hs_token: generate
15
16 # The address that the homeserver can use to connect to Meowlnir.
17 address: http://localhost:29339
18 # The hostname and port where Meowlnir should listen
19 hostname: 0.0.0.0
20 port: 29339
21
22 # Management secret used for the management API. If set to generate, a random secret will be generated.
23 # If prefixed with sha256:, the rest of the string will be hex-decoded and used as the hash of the secret.
24 # Can also be set to `disable` to disable the API entirely.
25 management_secret: generate
26 # Secret used for the /_meowlnir/data API. Same rules apply as for management_secret.
27 data_secret: generate
28 # If dry run is set to true, meowlnir won't take any actual actions,
29 # but will do everything else as if it was going to take actions.
30 dry_run: false
31 # Should all bots be considered as untrusted?
32 # This will enable some additional checks, e.g. to prevent subscribing to a policy list without being in the room
33 # if another bot has subscribed to it. In the future, this will be configurable per bot.
34 untrusted: false
35
36 # Which management room should handle requests to the Matrix report API?
37 report_room: '!roomid:example.com'
38 # Which management room should be in charge of deleting rooms from the server?
39 # Room bans will not be processed in other management rooms.
40 room_ban_room: null
41 # If true, Meowlnir will load all room IDs from the Synapse database on startup.
42 load_all_room_hashes: true
43 # If a policy matches any of these entities, the policy is ignored entirely.
44 # This can be used as a hacky way to protect against policies which are too wide.
45 #
46 # The example values can be left here and will already prevent banning everyone,
47 # but you should also add some known-good users and servers that should never get banned.
48 hacky_rule_filter:
49 - "@user:example.com"
50 - example.com
51 # If a policy reason matches any of these patterns, the bot will automatically redact all messages from the banned
52 # target. The reason `spam` is already implicit. Ignored for takedowns.
53 # Uses a glob pattern to match.
54 hacky_redact_patterns:
55 - "spam"
56
57 # If you don't want to or can't give your moderation bot the admin flag in Synapse, but still want
58 # to be able to use admin API features, you can specify a custom admin access token here for each bot.
59 # This is required when using MAS, as only special tokens have admin API access there.
60 # If this is not specified, the bot will try to use its own as_token for admin API access.
61 #
62 # Example command for MAS-CLI how to generate an admin compatibility token:
63 # mas-cli manage issue-compatibility-token <Username_Localpart> --device-id <Device_ID> --yes-i-want-to-grant-synapse-admin-privileges
64 # https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-issue-compatibility-token
65 admin_tokens:
66 "@abuse:example.com": admin_token
67
68# Settings for provisioning new bots using the !provision command.
69# None of this is relevant unless you offer moderation bots to other users.
70meowlnir4all:
71 # The management room ID that is allowed to use the !provision command.
72 admin_room: null
73 # The user ID template for new bots
74 # {{ uuidgen }} will be replaced with a random UUIDv4.
75 # {{ randstr n }} will be replaced with a random lowercase alphanumeric string of length n.
76 # {{ .OwnerLocalpart }} will be replaced with the localpart of the owner of the bot.
77 # {{ .OwnerDomain }} will be replaced with the server name of the owner of the bot.
78 localpart_template: "meowlnir_{{ uuidgen }}"
79 # The default displayname for new bots.
80 displayname: "Administrator"
81 # The default avatar URL for new bots.
82 avatar_url: "mxc://matrix.org/NZGChxcCXbBvgkCNZTLXlpux"
83 # The default room name for new management rooms.
84 room_name: "Meowlnir Management Room"
85 # The default lists to subscribe new bots to.
86 default_watched_lists:
87 - name: CME bans
88 room_id: "!fTjMjIzNKEsFlUIiru:neko.dev"
89 shortcode: cme
90 auto_unban: true
91 - name: Cat's Active Threats
92 room_id: "!QJKZNWnsItkUuthamp:feline.support"
93 shortcode: cat
94 auto_unban: true
95
96antispam:
97 # Secret used for the synapse-http-antispam API. Same rules apply as for management_secret under meowlnir.
98 secret: generate
99 # If true, Meowlnir will check local invites for spam too instead of only federated ones.
100 filter_local_invites: false
101 # If set, Meowlnir will use this token to reject pending invites from users who get banned.
102 #
103 # This should be an appservice with access to all local users. If you have a double puppeting
104 # appservice set up for bridges, you can reuse that token. If not, just follow the same
105 # instructions: https://docs.mau.fi/bridges/general/double-puppeting.html
106 auto_reject_invites_token:
107 # Should the management room receive a notice about blocked invites?
108 notify_management_room: false
109
110# Configuration for the policy server.
111policy_server:
112 # If enabled, always issue redactions for events that are blocked by the policy server.
113 # This is useful to prevent failed events from reaching servers that do not yet respect policy servers.
114 always_redact: true
115 # The Synapse-style private signing key for the policy server. If set to generate, a new random key will be generated.
116 signing_key: generate
117
118# Encryption settings.
119encryption:
120 # Should encryption be enabled? This requires MSC3202, MSC4190 and MSC4203 to be implemented on the server.
121 # Meowlnir also implements MSC4153, which means only verified devices will be allowed to send/receive messages.
122 enable: true
123 # Pickle key used for encrypting encryption keys.
124 # If set to generate, a random key will be generated.
125 pickle_key: generate
126
127# Database config for meowlnir itself.
128database:
129 # The database type. "sqlite3-fk-wal" and "postgres" are supported.
130 type: postgres
131 # The database URI.
132 # SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
133 # https://github.com/mattn/go-sqlite3#connection-string
134 # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
135 # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
136 uri: postgres://user:password@host/database?sslmode=disable
137 # Maximum number of connections. Mostly relevant for Postgres.
138 max_open_conns: 20
139 max_idle_conns: 2
140 # Maximum connection idle time and lifetime before they're closed. Disabled if null.
141 # Parsed with https://pkg.go.dev/time#ParseDuration
142 max_conn_idle_time: null
143 max_conn_lifetime: null
144
145# Database config for accessing the Synapse database. Only postgres is supported.
146synapse_db:
147 type: postgres
148 uri: postgres://user:password@host/synapse?sslmode=disable
149 max_open_conns: 2
150 max_idle_conns: 1
151 max_conn_idle_time: null
152 max_conn_lifetime: null
153
154# Logging config. See https://github.com/tulir/zeroconfig for details.
155logging:
156 min_level: debug
157 writers:
158 - type: stdout
159 format: pretty-colored
160 - type: file
161 format: json
162 filename: ./logs/meowlnir.log
163 max_size: 100
164 max_backups: 10
165 compress: false