diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index d3a1fb00..d09189b4 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -56,15 +56,15 @@ - name: "create bridge folders" file: - path: "{{docker_compose_instance_directory}}{{item.bridge_name}}" + path: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}" state: directory mode: 0755 loop: "{{ bridges }}" - name: add multiple mautrix bridge configuration template: - src: "{{item.bridge_name}}.config.yml.j2" - dest: "{{docker_compose_instance_directory}}{{item.bridge_name}}/config.yaml" + src: "mautrix/{{item.bridge_name}}.config.yml.j2" + dest: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/config.yaml" notify: docker compose project setup loop: "{{ bridges }}" notify: docker compose project setup @@ -103,14 +103,14 @@ - name: wait for registration files wait_for: - path: "{{docker_compose_instance_directory}}{{item.bridge_name}}/registration.yaml" + path: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml" state: present timeout: 120 loop: "{{ bridges }}" - name: move registration files command: - cmd: mv {{docker_compose_instance_directory}}{{item.bridge_name}}/registration.yaml {{docker_compose_instance_directory}}registrations/{{item.bridge_name}}.registration.yaml + cmd: mv {{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml {{docker_compose_instance_directory}}registrations/{{item.bridge_name}}.registration.yaml chdir: "{{ docker_compose_instance_directory }}" loop: "{{ bridges }}" diff --git a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 index 6efb0223..f04dbc17 100644 --- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 +++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 @@ -34,12 +34,12 @@ services: {% include 'templates/docker-container-networks.yml.j2' %} {% for item in bridges %} - {{item.bridge_name}}: - container_name: {{item.bridge_name}} - image: dock.mau.dev/{{ item.bridge_name | replace("-", "/") }}:latest + mautrix-{{item.bridge_name}}: + container_name: matrix-{{item.bridge_name}} + image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest restart: {{docker_restart_policy}} volumes: - - ./{{item.bridge_name}}:/data + - ./mautrix/{{item.bridge_name}}:/data - ./registrations:{{registration_file_folder}} {% include 'templates/docker-container-networks.yml.j2' %} diff --git a/roles/docker-matrix-compose/templates/mautrix-signal.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 similarity index 100% rename from roles/docker-matrix-compose/templates/mautrix-signal.config.yml.j2 rename to roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 diff --git a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 new file mode 100644 index 00000000..9e1a42db --- /dev/null +++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 @@ -0,0 +1,295 @@ +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: http://synapse:8008 + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: {{synapse_domain}} + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: http://mautrix-slack:29335 + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29335 + + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: postgres://mautrix_slack_bridge:{{mautrix_slack_bridge_database_password}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: slack + # Appservice bot details. + bot: + # Username of the appservice bot. + username: slackbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Slack bridge bot + avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "This value is generated when generating the registration" + hs_token: "This value is generated when generating the registration" + +# Bridge config +bridge: +{% raw %} + # Localpart template of MXIDs for Slack users. + # {{.}} is replaced with the internal ID of the Slack user. + username_template: slack_{{.}} + # Displayname template for Slack users. + # TODO: document variables + displayname_template: '{{.RealName}} (S)' + bot_displayname_template: '{{.Name}} (bot)' + channel_name_template: '#{{.Name}}' +{% endraw %} + portal_message_buffer: 128 + + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack? + delivery_receipts: true + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should incoming custom emoji reactions be bridged as mxc:// URIs? + # If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available. + custom_emoji_reactions: true + + # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. + sync_with_custom_puppets: false + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + + # Servers to always allow double puppeting from + double_puppet_server_map: + {{synapse_domain}}: https://{{synapse_domain}} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: + {{synapse_domain}}: foobar + + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: 10s + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 60s + + # The prefix for commands. Only required in non-management rooms. + command_prefix: '!slack' + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Slack bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + backfill: + # Allow backfilling at all? Requires MSC2716 support on homeserver. + enable: false + + # Maximum number of conversations to fetch from Slack when syncing team from Slack. + # Must be 0-999 + conversations_count: 200 + + # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack. + # Set to -1 to let any chat be unread. + unread_hours_threshold: 720 + + # Number of messages to immediately backfill when creating a portal. + immediate_messages: 10 + + # Settings for incremental backfill of history. + incremental: + # Maximum number of messages to backfill per batch. + messages_per_batch: 100 + # The number of seconds to wait after backfilling the batch of messages. + post_batch_delay: 20 + # The maximum number of messages to backfill per portal, split by the chat type. + # If set to -1, all messages in the chat will eventually be backfilled. + max_messages: + # Channels + channel: -1 + # Group direct messages + group_dm: -1 + # 1:1 direct messages + dm: -1 + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Slack account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "*": relay + "{{synapse_domain}}": user + "@{{matrix_admin_name}}:{{synapse_domain}}": admin + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: debug + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: ./logs/mautrix-slack.log + max_size: 100 + max_backups: 10 + compress: true \ No newline at end of file diff --git a/roles/docker-matrix-compose/templates/mautrix-telegram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 similarity index 100% rename from roles/docker-matrix-compose/templates/mautrix-telegram.config.yml.j2 rename to roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 diff --git a/roles/docker-matrix-compose/templates/mautrix-whatsapp.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 similarity index 100% rename from roles/docker-matrix-compose/templates/mautrix-whatsapp.config.yml.j2 rename to roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 diff --git a/roles/docker-matrix-compose/vars/main.yml b/roles/docker-matrix-compose/vars/main.yml index 36eda8e6..57723d2d 100644 --- a/roles/docker-matrix-compose/vars/main.yml +++ b/roles/docker-matrix-compose/vars/main.yml @@ -3,20 +3,24 @@ docker_compose_project_name: "matrix" database_password: "{{matrix_database_password}}" database_type: "postgres" registration_file_folder: "/data/registration/" -mautrix_registration_file: "{{registration_file_folder}}mautrix-whatsapp.registration.yaml" bridges: - database_password: "{{ mautrix_whatsapp_bridge_database_password }}" database_username: "mautrix_whatsapp_bridge" database_name: "mautrix_whatsapp_bridge" - bridge_name: "mautrix-whatsapp" + bridge_name: "whatsapp" - database_password: "{{ mautrix_telegram_bridge_database_password }}" database_username: "mautrix_telegram_bridge" database_name: "mautrix_telegram_bridge" - bridge_name: "mautrix-telegram" + bridge_name: "telegram" - database_password: "{{ mautrix_signal_bridge_database_password }}" database_username: "mautrix_signal_bridge" database_name: "mautrix_signal_bridge" - bridge_name: "mautrix-signal" + bridge_name: "signal" + + - database_password: "{{ mautrix_slack_bridge_database_password }}" + database_username: "mautrix_slack_bridge" + database_name: "mautrix_slack_bridge" + bridge_name: "slack" \ No newline at end of file