Lemmy Bouncer makes it so that users who aren't from instances in an allow-list cannot post or comment in your community without having each post/comment vetted by a community moderator. If you know someone from another instance is safe, you can add them to a user allow-list so they don't have to have all of their activity vetted.
The bot requires NodeJS version 18 or higher to run. You can install dependencies using any of the popular JS package managers (npm, yarn, pnpm). Since the lockfile for the repo is generated from pnpm, you may get faster installation times by using pnpm.
In order to perform moderator actions, your bot will need an account. Don't forget to appoint the bot as a moderator of the community you want it to protect!
Create a file titled .env in the topmost directory of the repo. Here, you can set the following environment variables:
The instance your bot's account will be on. Make sure to use just the domain name instead of a full URL. i.e:
✅ lemmy.ml
❌ https://lemmy.ml
The instance must also be the same instance as the community the bot will be protecting. This means, for example, @bouncer@lemmy.ml can protect !safeplace@lemmy.ml, but not !safeplace@lemmy.world.
The username of your bouncer bot.
The password for your bouncer bot's account.
The path to a sqlite database file that will be used to store the user allow-list and other information needed to run the bot. E.g. db.sqlite3.
The name of the community the bouncer bot should protect. If the webfinger for your community is !safe@place.xyx, the correct name to use is "safe".
Space separated list of federated instances that users can post from without needing to be manually vetted or added to the user allow-list.
Your .env file should end up looking something like this:
LOCAL_INSTANCE = lemmy.ml
USERNAME = bouncer
PASSWORD = mySecurePassword
DB_FILE = db.sqlite3
COMMUNITY = safe
FEDERATED_INSTANCE_ALLOWLIST = lemm.ee midwest.social startrek.website
Start your bot by running npm run start (or equivalent for other package managers).
Once you start running your bot, posts and comments from non-allowed users in your community will:
- Be replied to by the bouncer to explain why the post/comment is being removed
- Report the content with a reason saying that the post/comment needs to be vetted
- Remove the post/comment with a reason similar to the one in step 2
Some bare-bones templates for a Dockerfile and a systemd unit file can be found here.
To add users to the user allow-list, privately message the bouncer with mentions of the accounts being added. It will message you back once it is finished adding them to tell you the results of your addition. If someone who isn't a moderator of the protected community privately messages the bouncer, it will not respond at all.
A message you might send to the bouncer:
Add @nice@lemmy.world, @good@hexbear.net, and @wholesome@forum.basedcount.com please!
The precise wording doesn't matter: all that matters is that each person you want to add to the allow-list is specified in the format @person@instance.