Implemented matrix slack bridge

2024-11-25 06:01:04 +01:00 · 2024-01-18 21:31:52 +01:00 · 2024-01-18 21:31:52 +01:00 · b288d51c82
commit b288d51c82
parent 3b78cc1604
7 changed files with 312 additions and 13 deletions
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -56,15 +56,15 @@

 - name: "create bridge folders"
  file:
-    path: "{{docker_compose_instance_directory}}{{item.bridge_name}}"
+    path: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}"
    state: directory
    mode: 0755
  loop: "{{ bridges }}"

 - name: add multiple mautrix bridge configuration
  template: 
-    src:  "{{item.bridge_name}}.config.yml.j2" 
-    dest: "{{docker_compose_instance_directory}}{{item.bridge_name}}/config.yaml"
+    src:  "mautrix/{{item.bridge_name}}.config.yml.j2" 
+    dest: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/config.yaml"
  notify: docker compose project setup
  loop: "{{ bridges }}"
  notify: docker compose project setup
@ -103,14 +103,14 @@

 - name: wait for registration files
  wait_for:
-    path: "{{docker_compose_instance_directory}}{{item.bridge_name}}/registration.yaml"
+    path: "{{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml"
    state: present  
    timeout: 120
  loop: "{{ bridges }}"

 - name: move registration files
  command:
-    cmd: mv {{docker_compose_instance_directory}}{{item.bridge_name}}/registration.yaml {{docker_compose_instance_directory}}registrations/{{item.bridge_name}}.registration.yaml
+    cmd: mv {{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml {{docker_compose_instance_directory}}registrations/{{item.bridge_name}}.registration.yaml
    chdir: "{{ docker_compose_instance_directory }}"
  loop: "{{ bridges }}"

--- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2
@ -34,12 +34,12 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}

 {% for item in bridges %}
-  {{item.bridge_name}}:
-    container_name: {{item.bridge_name}}
-    image: dock.mau.dev/{{ item.bridge_name | replace("-", "/") }}:latest
+  mautrix-{{item.bridge_name}}:
+    container_name: matrix-{{item.bridge_name}}
+    image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest
    restart: {{docker_restart_policy}}
    volumes:
-      - ./{{item.bridge_name}}:/data
+      - ./mautrix/{{item.bridge_name}}:/data
      - ./registrations:{{registration_file_folder}}

 {% include 'templates/docker-container-networks.yml.j2' %}
--- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
--- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
@ -0,0 +1,295 @@
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: http://synapse:8008
+    # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+    domain: {{synapse_domain}}
+
+    # What software is the homeserver running?
+    # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+    software: standard
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint: null
+    # Endpoint for reporting per-message status.
+    message_send_checkpoint_endpoint: null
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: false
+
+    # Should the bridge use a websocket for connecting to the homeserver?
+    # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+    # mautrix-asmux (deprecated), and hungryserv (proprietary).
+    websocket: false
+    # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+    ping_interval_seconds: 0
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: http://mautrix-slack:29335
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 29335
+
+    # Database config.
+    database:
+        # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+        type: postgres
+        # The database URI.
+        #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+        #           https://github.com/mattn/go-sqlite3#connection-string
+        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+        uri: postgres://mautrix_slack_bridge:{{mautrix_slack_bridge_database_password}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable
+        # Maximum number of connections. Mostly relevant for Postgres.
+        max_open_conns: 20
+        max_idle_conns: 2
+        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+        # Parsed with https://pkg.go.dev/time#ParseDuration
+        max_conn_idle_time: null
+        max_conn_lifetime: null
+
+    # The unique ID of this appservice.
+    id: slack
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: slackbot
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: Slack bridge bot
+        avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
+
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+    ephemeral_events: true
+
+    # Should incoming events be handled asynchronously?
+    # This may be necessary for large public instances with lots of messages going through.
+    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+    async_transactions: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "This value is generated when generating the registration"
+    hs_token: "This value is generated when generating the registration"
+
+# Bridge config
+bridge:
+{% raw %}
+    # Localpart template of MXIDs for Slack users.
+    # {{.}} is replaced with the internal ID of the Slack user.
+    username_template: slack_{{.}}
+    # Displayname template for Slack users.
+    # TODO: document variables
+    displayname_template: '{{.RealName}} (S)'
+    bot_displayname_template: '{{.Name}} (bot)'
+    channel_name_template: '#{{.Name}}'
+{% endraw %}
+    portal_message_buffer: 128
+
+    # Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
+    delivery_receipts: true
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
+    # Should incoming custom emoji reactions be bridged as mxc:// URIs?
+    # If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
+    custom_emoji_reactions: true
+
+    # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
+    sync_with_custom_puppets: false
+    # Should the bridge update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # Whether or not created rooms should have federation enabled.
+    # If false, created portal rooms will never be federated.
+    federate_rooms: true
+    # Whether to explicitly set the avatar and room name for private chat portal rooms.
+    # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+    # If set to `always`, all DM rooms will have explicit names and avatars set.
+    # If set to `never`, DM rooms will never have names and avatars set.
+    private_chat_portal_meta: default
+
+    # Servers to always allow double puppeting from
+    double_puppet_server_map:
+        {{synapse_domain}}: https://{{synapse_domain}}
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+    #
+    # If set, double puppeting will be enabled automatically for local users
+    # instead of users having to find an access token and run `login-matrix`
+    # manually.
+    login_shared_secret_map:
+        {{synapse_domain}}: foobar
+
+    message_handling_timeout:
+        # Send an error message after this timeout, but keep waiting for the response until the deadline.
+        # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
+        # If the message is older than this when it reaches the bridge, the message won't be handled at all.
+        error_after: 10s
+        # Drop messages after this timeout. They may still go through if the message got sent to the servers.
+        # This is counted from the time the bridge starts handling the message.
+        deadline: 60s
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: '!slack'
+    # Messages sent upon joining a management room.
+    # Markdown is supported. The defaults are listed below.
+    management_room_text:
+        # Sent when joining a room.
+        welcome: "Hello, I'm a Slack bridge bot."
+        # Sent when joining a management room and the user is already logged in.
+        welcome_connected: "Use `help` for help."
+        # Sent when joining a management room and the user is not logged in.
+        welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
+        # Optional extra text sent when joining a management room.
+        additional_help: ""
+
+    backfill:
+        # Allow backfilling at all? Requires MSC2716 support on homeserver.
+        enable: false
+
+        # Maximum number of conversations to fetch from Slack when syncing team from Slack.
+        # Must be 0-999
+        conversations_count: 200
+
+        # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
+        # Set to -1 to let any chat be unread.
+        unread_hours_threshold: 720
+
+        # Number of messages to immediately backfill when creating a portal.
+        immediate_messages: 10
+
+        # Settings for incremental backfill of history.
+        incremental:
+            # Maximum number of messages to backfill per batch.
+            messages_per_batch: 100
+            # The number of seconds to wait after backfilling the batch of messages.
+            post_batch_delay: 20
+            # The maximum number of messages to backfill per portal, split by the chat type.
+            # If set to -1, all messages in the chat will eventually be backfilled.
+            max_messages:
+                # Channels
+                channel: -1
+                # Group direct messages
+                group_dm: -1
+                # 1:1 direct messages
+                dm: -1
+
+    # End-to-bridge encryption support options.
+    #
+    # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+    encryption:
+        # Allow encryption, work in group chat rooms with e2ee enabled
+        allow: false
+        # Default to encryption, force-enable encryption in all portals the bridge creates
+        # This will cause the bridge bot to be in private chats for the encryption to work properly.
+        default: false
+        # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+        appservice: false
+        # Require encryption, drop any unencrypted messages.
+        require: false
+        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+        # You must use a client that supports requesting keys from other users to use this feature.
+        allow_key_sharing: false
+        # Options for deleting megolm sessions from the bridge.
+        delete_keys:
+            # Beeper-specific: delete outbound sessions when hungryserv confirms
+            # that the user has uploaded the key to key backup.
+            delete_outbound_on_ack: false
+            # Don't store outbound sessions in the inbound table.
+            dont_store_outbound: false
+            # Ratchet megolm sessions forward after decrypting messages.
+            ratchet_on_decrypt: false
+            # Delete fully used keys (index >= max_messages) after decrypting messages.
+            delete_fully_used_on_decrypt: false
+            # Delete previous megolm sessions from same device when receiving a new one.
+            delete_prev_on_new_session: false
+            # Delete megolm sessions received from a device when the device is deleted.
+            delete_on_device_delete: false
+            # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+            periodically_delete_expired: false
+            # Delete inbound megolm sessions that don't have the received_at field used for
+            # automatic ratcheting and expired session deletion. This is meant as a migration
+            # to delete old keys prior to the bridge update.
+            delete_outdated_inbound: false
+        # What level of device verification should be required from users?
+        #
+        # Valid levels:
+        #   unverified - Send keys to all device in the room.
+        #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+        #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+        #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+        #                           Note that creating user signatures from the bridge bot is not currently possible.
+        #   verified - Require manual per-device verification
+        #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+        verification_levels:
+            # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+            receive: unverified
+            # Minimum level that the bridge should accept for incoming Matrix messages.
+            send: unverified
+            # Minimum level that the bridge should require for accepting key requests.
+            share: cross-signed-tofu
+        # Options for Megolm room key rotation. These options allow you to
+        # configure the m.room.encryption event content. See:
+        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+        # more information about that event.
+        rotation:
+            # Enable custom Megolm room key rotation settings. Note that these
+            # settings will only apply to rooms created after this option is
+            # set.
+            enable_custom: false
+            # The maximum number of milliseconds a session should be used
+            # before changing it. The Matrix spec recommends 604800000 (a week)
+            # as the default.
+            milliseconds: 604800000
+            # The maximum number of messages that should be sent with a given a
+            # session before changing it. The Matrix spec recommends 100 as the
+            # default.
+            messages: 100
+
+            # Disable rotating keys when a user's devices change?
+            # You should not enable this option unless you understand all the implications.
+            disable_device_change_key_rotation: false
+
+    # Settings for provisioning API
+    provisioning:
+        # Prefix for the provisioning API paths.
+        prefix: /_matrix/provision
+        # Shared secret for authentication. If set to "generate", a random secret will be generated,
+        # or if set to "disable", the provisioning API will be disabled.
+        shared_secret: generate
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #    relay - Talk through the relaybot (if enabled), no access otherwise
+    #     user - Access to use the bridge to chat with a Slack account.
+    #    admin - User level and some additional administration tools
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions:
+        "*": relay
+        "{{synapse_domain}}": user
+        "@{{matrix_admin_name}}:{{synapse_domain}}": admin
+
+# Logging config. See https://github.com/tulir/zeroconfig for details.
+logging:
+    min_level: debug
+    writers:
+    - type: stdout
+      format: pretty-colored
+    - type: file
+      format: json
+      filename: ./logs/mautrix-slack.log
+      max_size: 100
+      max_backups: 10
+      compress: true
--- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
--- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
--- a/roles/docker-matrix-compose/vars/main.yml
+++ b/roles/docker-matrix-compose/vars/main.yml
@ -3,20 +3,24 @@ docker_compose_project_name:  	      "matrix"
 database_password:  	                "{{matrix_database_password}}"
 database_type:                        "postgres"
 registration_file_folder:             "/data/registration/"
-mautrix_registration_file:            "{{registration_file_folder}}mautrix-whatsapp.registration.yaml"

 bridges:
  - database_password: "{{ mautrix_whatsapp_bridge_database_password }}"
    database_username:  "mautrix_whatsapp_bridge"
    database_name:      "mautrix_whatsapp_bridge"
-    bridge_name:        "mautrix-whatsapp"   
+    bridge_name:        "whatsapp"   

  - database_password:  "{{ mautrix_telegram_bridge_database_password }}"
    database_username:  "mautrix_telegram_bridge"
    database_name:      "mautrix_telegram_bridge"
-    bridge_name:        "mautrix-telegram"
+    bridge_name:        "telegram"

  - database_password:  "{{ mautrix_signal_bridge_database_password }}"
    database_username:  "mautrix_signal_bridge"
    database_name:      "mautrix_signal_bridge"
-    bridge_name:        "mautrix-signal"
+    bridge_name:        "signal"
+
+  - database_password:  "{{ mautrix_slack_bridge_database_password }}"
+    database_username:  "mautrix_slack_bridge"
+    database_name:      "mautrix_slack_bridge"
+    bridge_name:        "slack"