From e97a2738c932dee918dd4b9480cb23bc47ca7421 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 20 Jan 2024 13:36:47 +0100 Subject: [PATCH] Added mautrix-facebook --- .../templates/mautrix/facebook.config.yml.j2 | 449 ++++++++++++++++++ .../templates/mautrix/signal.config.yml.j2 | 4 +- .../templates/mautrix/slack.config.yml.j2 | 4 +- .../templates/mautrix/telegram.config.yml.j2 | 4 +- .../templates/mautrix/whatsapp.config.yml.j2 | 4 +- roles/docker-matrix-compose/vars/main.yml | 7 +- 6 files changed, 463 insertions(+), 9 deletions(-) create mode 100644 roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 diff --git a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 new file mode 100644 index 00000000..3b3756dc --- /dev/null +++ b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 @@ -0,0 +1,449 @@ +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: http://synapse:8008 + # The domain of the homeserver (for MXIDs, etc). + domain: {{matrix_server_name}} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's Facebook MQTT connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: http://mautrix-facebook:29319 + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29319 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are supported. + # Format examples: + # SQLite: sqlite:filename.db + # Postgres: postgres://username:password@hostname/dbname + database: postgres://mautrix_facebook_bridge:{{mautrix_facebook_bridge_database_password}}@{{database_host}}/mautrix_facebook_bridge + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. + # Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs). + database_opts: + min_size: 1 + max_size: 10 + + # Public part of web server for out-of-Matrix interaction with the bridge. + public: + # Whether or not the public-facing endpoints should be enabled. + enabled: false + # The prefix to use in the public-facing endpoints. + prefix: /public + # The base URL where the public-facing endpoints are available. The prefix is not added + # implicitly. + external: https://example.com/public + # Shared secret for integration managers such as mautrix-manager. + # If set to "generate", a random string will be generated on the next startup. + # If null, integration manager access to the API will not be possible. + shared_secret: generate + # Allow logging in within Matrix. If false, users can only log in using the web interface. + allow_matrix_login: true + + # The unique ID of this appservice. + id: facebook + # Username of the appservice bot. + bot_username: facebookbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Facebook bridge bot + bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: true + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "This value is generated when generating the registration" + hs_token: "This value is generated when generating the registration" + +# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. +analytics: + # Hostname of the tracking server. The path is hardcoded to /v1/track + host: api.segment.io + # API key to send with tracking requests. Tracking is disabled if this is null. + token: null + # Optional user ID for tracking events. If null, defaults to using Matrix user ID. + user_id: null + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/mautrix-facebook.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + +# Bridge config +bridge: + # Localpart template of MXIDs for Facebook users. + # {userid} is replaced with the user ID of the Facebook user. + username_template: "facebook_{userid}" + # Displayname template for Facebook users. + # {displayname} is replaced with the display name of the Facebook user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: "{displayname} (FB)" + # Available keys: + # "name" (full name) + # "first_name" + # "last_name" + # "nickname" + # "own_nickname" (user-specific!) + displayname_preference: + - name + - first_name + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!fb" + + # Whether or not the Facebook users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: false + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: + {{matrix_server_name}}: {{synapse_domain}} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + # If using this for other servers than the bridge's server, + # you must also set the URL in the double_puppet_server_map. + login_shared_secret_map: + {{matrix_server_name}}: {{matrix_registration_shared_secret}} + # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, + # so it might be more suspicious to Facebook. + presence_from_facebook: false + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to Facebook. + delivery_receipts: false + # Whether or not delivery errors should be reported as messages in the Matrix room. + delivery_error_reports: true + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Settings for backfilling messages from Facebook. + backfill: + # Allow backfilling at all? + enable: true + # Use MSC2716 for backfilling? If this is disabled, backfilling only happens when syncing threads, + # and the incremental settings below don't apply. + # + # This requires a server with MSC2716 support, which is currently an experimental feature in Synapse. + # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml. + msc2716: false + # Use double puppets for backfilling? + # + # If using MSC2716, the double puppets must be in the appservice's user ID namespace + # (because the bridge can't use the double puppet access token with batch sending). + # + # Even without MSC2716, bridging old messages with correct timestamps requires the double + # puppets to be in an appservice namespace, or the server to be modified to allow + # overriding timestamps anyway. + double_puppet_backfill: false + # The maximum number of conversations that should be synced. + # Other conversations will be backfilled on demand when the start PM + # provisioning endpoint is used or when a message comes in from that + # chat. + # If set to -1, all conversations will by synced. + max_conversations: 20 + # The minimum amount of time to wait between syncing each thread. This + # helps avoid situations where you sync too quickly. + min_sync_thread_delay: 5 + # If this value is greater than 0, then if the conversation's last + # message was more than this number of hours ago, then the conversation + # will automatically be marked it as read. + # Conversations that have a last message that is less than this number + # of hours ago will have their unread status synced from Facebook. + unread_hours_threshold: 0 + + # Settings for how quickly to backoff when rate-limits are encountered + # while backfilling. + backoff: + # How many seconds to wait after getting rate limited during a + # thread list fetch. + thread_list: 300 + # How many seconds to wait after getting rate limited during a + # message history fetch. + message_history: 300 + + # Settings for backfills. + # + # During initial/incremental sync, the entirety of the thread that is + # available will be backfilled. For example, on initial sync, about 20 + # messages are included for each thread in the thread list returned by + # the server. After that, incremental backfills will be run for each of + # the portals in a round-robin fashion until all portals have been + # backfilled as configured below. + incremental: + # The maximum number of pages to backfill per batch. + max_pages: 10 + # The maximum number of total pages to backfill per portal. + # If set to -1, infinite pages will be synced. + max_total_pages: -1 + # The number of seconds to wait between backfilling each page. + page_delay: 5 + # The number of seconds to wait after backfilling the batch of + # messages. + post_batch_delay: 20 + + periodic_reconnect: + # Interval in seconds in which to automatically reconnect all users. + # This can be used to automatically mitigate the bug where Facebook stops sending messages. + # Set to -1 to disable periodic reconnections entirely. + # Set to a list of two items to randomize the interval (min, max). + interval: -1 + # What to do in periodic reconnects. Either "refresh" or "reconnect" + mode: refresh + # Should even disconnected users be reconnected? + always: false + # Only reconnect if the user has been connected for longer than this value + min_connected_time: 0 + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # The maximum number of conversations that should be synced when we get a + # message sync error. In general, 1 page (20) is sufficient. + max_startup_thread_sync_count: 20 + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: false + # Disable bridge notices entirely + disable_bridge_notices: false + # Should Matrix m.notice-type messages be bridged to Facebook? + bridge_matrix_notices: true + on_reconnection_fail: + # What to do if a reconnection attempt fails? Options: reconnect, refresh, null + action: reconnect + # Seconds to wait before attempting to refresh the connection, set a list of two items to + # to randomize the interval (min, max). + wait_for: 0 + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + # If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or + # other configuration. This may be useful if you don't want to use the default proxy for large files. + sandbox_media_download: false + # URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable). + get_proxy_api_url: null + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Disable generating reply fallbacks? Some extremely bad clients still rely on them, + # but they're being phased out and will be completely removed in the future. + disable_reply_fallbacks: false + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Allowed to be relayed through the bridge, no access to commands. + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "*": relay + "{{matrix_server_name}}": user + "@{{matrix_admin_name}}:{{matrix_server_name}}": admin + + relay: + # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to Messenger via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: '$sender_displayname sent a file' + m.image: '$sender_displayname sent an image' + m.audio: '$sender_displayname sent an audio file' + m.video: '$sender_displayname sent a video' + m.location: '$sender_displayname sent a location' + +facebook: + device_seed: generate + default_region_hint: ODN + connection_type: WIFI + carrier: Verizon + hni: 311390 + + mqtt_keepalive: 60 + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): mautrix_facebook.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: normal + filename: ./mautrix-facebook.log + maxBytes: 10485760 + backupCount: 10 + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + maufbapi: + level: DEBUG + paho: + level: INFO + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [file, console] \ No newline at end of file diff --git a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 index 6a12c9db..cef87dcb 100644 --- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 @@ -141,7 +141,7 @@ bridge: federate_rooms: true # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{matrix_server_name}} + {{matrix_server_name}}: https://{{synapse_domain}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -150,7 +150,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: foobar + {{matrix_server_name}}: {{matrix_registration_shared_secret}} # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. diff --git a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 index 6db1c15b..8463eb7c 100644 --- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 @@ -118,7 +118,7 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{matrix_server_name}} + {{matrix_server_name}}: https://{{synapse_domain}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -127,7 +127,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: foobar + {{matrix_server_name}}: {{matrix_registration_shared_secret}} message_handling_timeout: # Send an error message after this timeout, but keep waiting for the response until the deadline. diff --git a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 index e6f34b68..74ff307a 100644 --- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 @@ -198,7 +198,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{matrix_server_name}} + {{matrix_server_name}}: https://{{synapse_domain}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -209,7 +209,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{matrix_server_name}}: foobar + {{matrix_server_name}}: {{matrix_registration_shared_secret}} # Set to false to disable link previews in messages sent to Telegram. telegram_link_preview: true # Whether or not the !tg join command should do a HTTP request diff --git a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 index 8d2dfba5..0d2d815b 100644 --- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 @@ -236,7 +236,7 @@ bridge: force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{matrix_server_name}} + {{matrix_server_name}}: https://{{synapse_domain}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -245,7 +245,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: foobar + {{matrix_server_name}}: {{matrix_registration_shared_secret}} # Whether to explicitly set the avatar and room name for private chat portal rooms. # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. # If set to `always`, all DM rooms will have explicit names and avatars set. diff --git a/roles/docker-matrix-compose/vars/main.yml b/roles/docker-matrix-compose/vars/main.yml index ab156607..3ef3859d 100644 --- a/roles/docker-matrix-compose/vars/main.yml +++ b/roles/docker-matrix-compose/vars/main.yml @@ -24,4 +24,9 @@ bridges: - database_password: "{{ mautrix_slack_bridge_database_password }}" database_username: "mautrix_slack_bridge" database_name: "mautrix_slack_bridge" - bridge_name: "slack" \ No newline at end of file + bridge_name: "slack" + + - database_password: "{{ mautrix_facebook_bridge_database_password }}" + database_username: "mautrix_facebook_bridge" + database_name: "mautrix_facebook_bridge" + bridge_name: "facebook" \ No newline at end of file