Draupnir

Moderation bot for Matrix servers

Declared in: projects/Draupnir/default.nix

Try the service in a VM

Options

services.draupnir
services.draupnir.enable

Whether to enable Draupnir, a moderations bot for Matrix.

Type:
boolean
Default:
false
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.package

The draupnir package to use.

Type:
package
Default:
pkgs.draupnir
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.secrets.accessToken

File containing the access token for Draupnir's Matrix account to be used in place of {option}services.draupnir.settings.accessToken.

Type:
null or absolute path
Default:
null
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.secrets.pantalaimon.password

File containing the password for Draupnir's Matrix account when used in conjunction with Pantalaimon to be used in place of {option}services.draupnir.settings.pantalaimon.password.

::: {.warning} Take note that upstream has limited Pantalaimon and E2EE support: https://the-draupnir-project.github.io/draupnir-documentation/bot/encryption and https://the-draupnir-project.github.io/draupnir-documentation/shared/dogfood#e2ee-support. :::

Type:
null or absolute path
Default:
null
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.secrets.web.synapseHTTPAntispam.authorization

File containing the secret token when using the Synapse HTTP Antispam module to be used in place of {option}services.draupnir.settings.web.synapseHTTPAntispam.authorization.

See https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam for details.

Type:
null or absolute path
Default:
null
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.settings

Free-form settings written to Draupnir's configuration file. See Draupnir's default configuration for available settings.

Type:
open submodule of (YAML 1.1 value)
Default:
{ }
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.settings.dataPath
Read-only

The path Draupnir will store its state/data in.

::: {.warning} This option is read-only. :::

::: {.note} If you want to customize where this data is stored, use a bind mount. :::

Type:
absolute path
Default:
"/var/lib/draupnir"
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.settings.homeserverUrl

Base URL of the Matrix homeserver that provides the Client-Server API.

::: {.note} When using Pantalaimon, set this to the Pantalaimon URL and {option}services.draupnir.settings.rawHomeserverUrl to the public URL. :::

Type:
string
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.settings.managementRoom

The room ID or alias where moderators can use the bot's functionality.

The bot has no access controls, so anyone in this room can use the bot - secure this room! Do not enable end-to-end encryption for this room, unless set up with Pantalaimon.

::: {.warning} When using a room alias, make sure the alias used is on the local homeserver! This prevents an issue where the control room becomes undefined when the alias can't be resolved. :::

Type:
string
Declared in:
nixos/modules/services/matrix/draupnir.nix
services.draupnir.settings.rawHomeserverUrl

Public base URL of the Matrix homeserver that provides the Client-Server API when using the Draupnir's Report forwarding feature.

::: {.warning} When using Pantalaimon, do not set this to the Pantalaimon URL! :::

Type:
string
Default:
config.services.draupnir.settings.homeserverUrl
Declared in:
nixos/modules/services/matrix/draupnir.nix

Examples

Enable Draupnir 
# https://github.com/NixOS/nixpkgs/blob/c7661dfc33f947d81443ec911549e2d0f6414085/nixos/tests/matrix/draupnir.nix
{ ... }:

let
  port = 8008;
in
{
  # We want a server for demos.
  services.matrix-synapse = {
    enable = true;
    log.root.level = "WARNING";
    settings = {
      database.name = "sqlite3";
      # Do *NOT* do this in production!
      registration_shared_secret = "supersecret-registration";

      listeners = [
        {
          bind_addresses = [
            "::"
          ];
          inherit port;
          resources = [
            {
              compress = true;
              names = [ "client" ];
            }
            {
              compress = false;
              names = [ "federation" ];
            }
          ];
          tls = false;
          type = "http";
          x_forwarded = false;
        }
      ];
    };
  };

  services.draupnir = {
    enable = true;
    settings = {
      homeserverUrl = "http://localhost:${toString port}";
      managementRoom = "#moderators:homeserver";
    };
    secrets = {
      # This needs be set up before the service is started.
      accessToken = "/tmp/draupnir-access-token";
    };
  };

  # demo-vm
  networking.firewall.allowedTCPPorts = [ port ];
}

Declared in: projects/Draupnir/example.nix

This project is funded by NLnet through these subgrants:

Core
Draupnir

Related links: