Raw YAML - Releases: latest, v26.04, v26.03, v26.02, v26.01, v25.12, v25.11, v25.10
1# Homeserver settings
2homeserver:
3 # The address that Meowlnir can use to connect to the homeserver.
4 address: http://localhost:8008
5 # The server name of the homeserver.
6 domain: example.com
7
8# Meowlnir server settings
9meowlnir:
10 # The unique ID for the appservice.
11 id: meowlnir
12 # Set to generate to generate random tokens.
13 as_token: generate
14 hs_token: generate
15
16 # The address that the homeserver can use to connect to Meowlnir.
17 address: http://localhost:29339
18 # The hostname and port where Meowlnir should listen
19 hostname: 0.0.0.0
20 port: 29339
21
22 # Management secret used for the management API. If set to generate, a random secret will be generated.
23 # If prefixed with sha256:, the rest of the string will be hex-decoded and used as the hash of the secret.
24 # Can also be set to `disable` to disable the API entirely.
25 management_secret: generate
26 # Secret used for the /_meowlnir/data API. Same rules apply as for management_secret.
27 data_secret: generate
28 # Should the /_meowlnir/mxauth APIs be enabled, which allow querying certain data using any Matrix account?
29 # This is necessary for the management web interface.
30 federation_auth: false
31 # If dry run is set to true, meowlnir won't take any actual actions,
32 # but will do everything else as if it was going to take actions.
33 dry_run: false
34 # Should all bots be considered as untrusted?
35 # This will enable some additional checks, e.g. to prevent subscribing to a policy list without being in the room
36 # if another bot has subscribed to it. In the future, this will be configurable per bot.
37 untrusted: false
38
39 # Which management room should handle requests to the Matrix report API?
40 report_room: '!roomid:example.com'
41 # Which management room should be in charge of deleting rooms from the server?
42 # Room bans will not be processed in other management rooms.
43 room_ban_room: null
44 # If true, Meowlnir will load all room IDs from the Synapse database on startup.
45 load_all_room_hashes: true
46 # If a policy matches any of these entities, the policy is ignored entirely.
47 # This can be used as a hacky way to protect against policies which are too wide.
48 #
49 # The example values can be left here and will already prevent banning everyone,
50 # but you should also add some known-good users and servers that should never get banned.
51 hacky_rule_filter:
52 - "@user:example.com"
53 - example.com
54 # If a policy reason matches any of these patterns, the bot will automatically redact all messages from the banned
55 # target. The reason `spam` is already implicit. Ignored for takedowns.
56 # Uses a glob pattern to match.
57 hacky_redact_patterns:
58 - "spam"
59
60 # If you don't want to or can't give your moderation bot the admin flag in Synapse, but still want
61 # to be able to use admin API features, you can specify a custom admin access token here for each bot.
62 # This is required when using MAS, as only special tokens have admin API access there.
63 # If this is not specified, the bot will try to use its own as_token for admin API access.
64 #
65 # Example command for MAS-CLI how to generate an admin compatibility token:
66 # mas-cli manage issue-compatibility-token <Username_Localpart> --device-id <Device_ID> --yes-i-want-to-grant-synapse-admin-privileges
67 # https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-issue-compatibility-token
68 admin_tokens:
69 "@abuse:example.com": admin_token
70
71# Settings for provisioning new bots using the !provision command.
72# None of this is relevant unless you offer moderation bots to other users.
73meowlnir4all:
74 # The management room ID that is allowed to use the !provision command.
75 admin_room: null
76 # The user ID template for new bots
77 # {{ uuidgen }} will be replaced with a random UUIDv4.
78 # {{ randstr n }} will be replaced with a random lowercase alphanumeric string of length n.
79 # {{ .OwnerLocalpart }} will be replaced with the localpart of the owner of the bot.
80 # {{ .OwnerDomain }} will be replaced with the server name of the owner of the bot.
81 localpart_template: "meowlnir_{{ uuidgen }}"
82 # The default displayname for new bots.
83 displayname: "Administrator"
84 # The default avatar URL for new bots.
85 avatar_url: "mxc://matrix.org/NZGChxcCXbBvgkCNZTLXlpux"
86 # The default room name for new management rooms.
87 room_name: "Meowlnir Management Room"
88 # The default lists to subscribe new bots to.
89 default_watched_lists:
90 - name: CME bans
91 room_id: "!fTjMjIzNKEsFlUIiru:neko.dev"
92 shortcode: cme
93 auto_unban: true
94 - name: Cat's Active Threats
95 room_id: "!QJKZNWnsItkUuthamp:feline.support"
96 shortcode: cat
97 auto_unban: true
98
99antispam:
100 # Secret used for the synapse-http-antispam API. Same rules apply as for management_secret under meowlnir.
101 secret: generate
102 # If true, Meowlnir will check local invites for spam too instead of only federated ones.
103 filter_local_invites: false
104 # If set, Meowlnir will use this token to reject pending invites from users who get banned.
105 #
106 # This should be an appservice with access to all local users. If you have a double puppeting
107 # appservice set up for bridges, you can reuse that token. If not, just follow the same
108 # instructions: https://docs.mau.fi/bridges/general/double-puppeting.html
109 auto_reject_invites_token:
110 # Should the management room receive a notice about blocked invites?
111 notify_management_room: false
112
113# Configuration for the policy server.
114policy_server:
115 # If enabled, always issue redactions for events that are blocked by the policy server.
116 # This is useful to prevent failed events from reaching servers that do not yet respect policy servers.
117 always_redact: true
118 # The Synapse-style private signing key for the policy server. If set to generate, a new random key will be generated.
119 signing_key: generate
120
121# Encryption settings.
122encryption:
123 # Should encryption be enabled? This requires MSC3202, MSC4190 and MSC4203 to be implemented on the server.
124 # Meowlnir also implements MSC4153, which means only verified devices will be allowed to send/receive messages.
125 enable: true
126 # Pickle key used for encrypting encryption keys.
127 # If set to generate, a random key will be generated.
128 pickle_key: generate
129
130# Database config for meowlnir itself.
131database:
132 # The database type. "sqlite3-fk-wal" and "postgres" are supported.
133 type: postgres
134 # The database URI.
135 # SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
136 # https://github.com/mattn/go-sqlite3#connection-string
137 # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
138 # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
139 uri: postgres://user:password@host/database?sslmode=disable
140 # Maximum number of connections. Mostly relevant for Postgres.
141 max_open_conns: 20
142 max_idle_conns: 2
143 # Maximum connection idle time and lifetime before they're closed. Disabled if null.
144 # Parsed with https://pkg.go.dev/time#ParseDuration
145 max_conn_idle_time: null
146 max_conn_lifetime: null
147
148# Database config for accessing the Synapse database. Only postgres is supported.
149synapse_db:
150 type: postgres
151 uri: postgres://user:password@host/synapse?sslmode=disable
152 max_open_conns: 2
153 max_idle_conns: 1
154 max_conn_idle_time: null
155 max_conn_lifetime: null
156
157# Logging config. See https://github.com/tulir/zeroconfig for details.
158logging:
159 min_level: debug
160 writers:
161 - type: stdout
162 format: pretty-colored
163 - type: file
164 format: json
165 filename: ./logs/meowlnir.log
166 max_size: 100
167 max_backups: 10
168 compress: false