Mjolnir can now be run as an application service, meaning it will host multiple independent mjolnirs that can be requested by users. If the user is on the same homeserver as the appservice is deployed on, then they can provision a mjolnir via a widget https://github.com/matrix-org/mjolnir-widget. Otherwise they can invite the appservice bot to a room they want to protect. This will create them a mjolnir, a management room and a policy list. The appservice shares the same docker image as the bot, but is started slightly differently by specifying "appservice" as the first argument to docker run (this s managed by `mjolnir-entrypoint.sh`. We could have used another Dockerfile for the appservice, extending the existing one but we decided not to because there would have been lots of fiddling around the entrypoint and logistics involved around adding a tag for it via github actions. Not to mention that this would be duplicating the image just to run it with a different binary. A list of followup issues can be found here https://github.com/issues?q=is%3Aopen+is%3Aissue+author%3AGnuxie+archived%3Afalse+label%3AA-Appservice. Somewhat relevant and squashed commit messages(regrettably squashing because frankly these won't make sense in isolation): * draft widget backend * add `managementRoomId` to `provisionNewMjolnir` * remove ratelimits from appservice mjolnirs * add /join endpoint to api backend * tighter guard around room type in PolicyList matrix-bot-sdk imporved the types for this * enable esModuleInterop * launch and use postgres in a container whilst using mx-tester * limited access control policy list used for access control * Redesign initialization API of many mjolnir. It's much harder to forget to initialize the components now that you have to in order to construct them in the first place. * Ammend config not to clash with existing CI this means that the appsrvice bot is now called 'mjolnir-bot' by default which was easier than going through old code base and renaming * Change entrypoint in Dockerfile so that we can start the appservice. We could have used another Dockerfile for the appservice, extending the exising one but we decided not to because there would have been lots of fiddling around the entrypoint and logistics involved around adding a tag for it via github actions. Not to mention that this would be duplicating the image just to run it with a different binary. This solution is much simpler, backwards compatible, and conscious about the future. Co-authored-by: gnuxie <gnuxie@element.io>
2.4 KiB
Mjolnir can be run as an appservice, allowing users you trust or on your homeserver to run their own Mjolnir without hosting anything themselves. This module is currently alpha quality and is subject to rapid changes, it is not recommended currently and support will be limited.
Prerequisites
This guide assumes you will be using Docker and that you are able to provide a postgres database for Mjolnir to connect to in application service mode.
Setup
-
Create a new Matrix room that will act as a policy list for who can use the appservice. FIXME: Currently required to be aliased. FIXME: Should really be created and managed by the admin room, but waiting for command refactor before doing that.
-
Decide on a spare local TCP port number to use that will listen for messages from the matrix homeserver. Take care to configure firewalls appropriately. We will call this port
$MATRIX_PORT
in the remaining instructions. -
Create a
config/config.appservice.yaml
file that can be copied from the example insrc/appservice/config/config.example.yaml
. Your config file needs to be accessible to the docker container later on. To do this you could create a directory calledmjolnir-data
so we can map it to a volume when we launch the container later on. -
Generate the appservice registration file. This will be used by both the appservice and your homeserver. Here, you must specify the direct link the Matrix Homeserver can use to access the appservice, including the Matrix port it will send messages through (if this bridge runs on the same machine you can use
localhost
as the$HOST
name):docker run -rm -v /your/path/to/mjolnir-data:/data matrixdotorg/mjolnir appservice -r -u "http://$HOST:$MATRIX_PORT" -f /data/config/mjolnir-registration.yaml
-
Step 4 created an application service bot. This will be a bot iwth the mxid specified in
mjolnir-registration.yaml
undersender_localpart
. You now need to invite it in the access control room that you have created in Step 1. -
Start the application service
docker run -v /your/path/to/mjolnir-data/:/data/ matrixdotorg/mjolnir appservice -c /data/config/config.appservice.yaml -f /data/config/mjolnir-registration.yaml -p $MATRIX_PORT
-
Copy the
mjolnir-registration.yaml
to your matrix homeserver and refer to it inhomeserver.yaml
like so:
app_service_config_files:
- "/data/mjolnir-registration.yaml"