mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-08-20 22:01:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:a5f3ded99acdcdb370b9a161b6b40bac7f9eb3be
Branches Tags
mirror:master mirror:stabilize-mas mirror:element-call-stack mirror:element-call-integration mirror:synapse-cache-tuning mirror:HarHarLinks/hookshot-encryption
...
compare: mirror:20f01968070a9715e6497e0cc45ed6ecc52ae61e
Branches Tags
mirror:master mirror:stabilize-mas mirror:element-call-stack mirror:element-call-integration mirror:synapse-cache-tuning mirror:HarHarLinks/hookshot-encryption

2 Commits
a5f3ded99a ... 20f0196807

Author SHA1 Message Date
Catalan Lover
20f0196807 Emphasise the State of D4A mode 2024-02-29 23:26:45 +01:00
Catalan Lover
672e699c0d Change Documentation to mention a fixed simpler provisioning flow. 
Use of /plain allows us to bypass the bugs encountered during the development of this role with clients attempting to escape our wildcards causing the grief that led to using curl.

This reworded commit does still explain you can automatically inject stuff into the room if you wanted to.
 2024-02-29 21:57:10 +01:00
1 changed files with 6 additions and 12 deletions
Expand all files Collapse all files

18
docs/configuring-playbook-appservice-draupnir-for-all.md
View File

@@ -4,7 +4,9 @@ The playbook can install and configure the [Draupnir](https://github.com/the-dra
Appservice mode can be used together with the regular [Draupnir bot](configuring-playbook-bot-draupnir.md) or independently.
D4A compared to Draupnir Normal.
Draupnir Appservice mode compared to Draupnir bot mode.
The administrative functions for managing the appservice are alpha quality and very limited. However, the experience of using an appservice provisioned Draupnir is on par with the experience of using Draupnir from bot mode except in the case of avatar customisation as described later on in this document.
Draupnir for all is the way to go if you need more than 1 Draupnir but you don't need access to Synapse Admin features as they are not accessible thru Draupnir for All (Even tho the commands do show up in help).
@@ -12,9 +14,7 @@ Draupnir for all in the playbook is rate limit exempt automatically as its part
Normal Draupnir does come with the benefit of access to Synapse Admin features. You are also able to more easily customise your normal Draupnir than D4A as D4A even on the branch with the Avatar command (To be Upstreamed to Mainline Draupnir) that command is clunky as it requires the use of things like Element devtools. In normal draupnir this is a quick operation where you login to Draupnir with a normal client and set Avatar and Display name normally.
Draupnir for all does also not support external tooling like [MRU](https://mru.rory.gay) as it cant access Draupnirs user account like is needed to use it.
Last downside of Draupnir for all is the state of the Admin side of the user experience being Alpha quality. This flaw is not in regular Draupnir and is mostly not in the provisioned Draupnirs either.
Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it cant access Draupnirs user account like is needed to use it.
## 1. Create a main management room.
@@ -60,15 +60,9 @@ This side of Draupnir for all is very much Alpha quality in the user experience
## 1. Granting Users the ability to use D4A
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or manually sending the state event via either curl or devtools in Element.
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
If you want to give individual users access grants the recommended way is via the chat. To use the chat to tell Draupnir to do things you need to ping it in a specific way. Clients like Element and nheko will do this correctly by default because they send `<a href=\"https://matrix.to/#/@example:example.com\">Example</a>:` when you try to mention a user. Draupnir expects this format and will NOT respond to anything else in the main control room. As mentioned earlier D4A is Alpha in its user experience for the main control room.
The command is `<a href=\"https://matrix.to/#/@example:example.com\">Example</a>: allow mxid`
If you want to allow all users on your homeserver you instead send a `m.policy.rule.user` event with the contents being `{"entity": "@*:matrix-homeserver-domain", "recommendation": "org.matrix.mjolnir.allow"}` and a `state_key` that is `_*:matrix-homeserver-domain`.
Using curl you can send this via `curl --request PUT --url 'https://homeserver_url/_matrix/client/v3/rooms/management_room_room_ID/state/m.policy.rule.user/_*:matrix-homeserver-domain' --header 'Authorization: Bearer ACCESS_TOKEN_HERE' --header 'Content-Type: application/json' --data '{"entity": "@*:matrix-homeserver-domain", "recommendation": "org.matrix.mjolnir.allow"}'`
To allow users or whole homeservers you type /plain @draupnir-main:matrix-homeserver-domain allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially.
## 2. How to provision a D4A once you are allowed to.