kevinveenbirkenbach
/
computer-playbook
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:722c017088126cf5fe630e36c3ebe6ca3b78cab1
Branches Tags
kevinveenbirkenbach:master
...
compare: kevinveenbirkenbach:9fe244bc2e0ba3af0759a75232e4bf76871c3233
Branches Tags
kevinveenbirkenbach:master

5 Commits
722c017088 ... 9fe244bc2e

Author SHA1 Message Date
Kevin Veen-Birkenbach 9fe244bc2e Solved refaktoring bug 2024-01-20 15:25:14 +01:00
Kevin Veen-Birkenbach 42f4cf1867 Solved network bug 2024-01-20 15:19:02 +01:00
Kevin Veen-Birkenbach cfa299410a Added drafts for imessage and instagram 2024-01-20 14:16:57 +01:00
Kevin Veen-Birkenbach e97a2738c9 Added mautrix-facebook 2024-01-20 13:36:47 +01:00
Kevin Veen-Birkenbach ea32b08a7b Solved matrix bugs 2024-01-20 12:46:07 +01:00
21 changed files with 1300 additions and 45 deletions
Show Stats Expand all files Collapse all files

2
roles/docker-akaunting/vars/main.yml
View File

@ -1,6 +1,6 @@
docker_compose_project_name: "akaunting"
docker_compose_file_path: "{{docker_compose_instance_directory}}docker-compose.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker/compose/backup.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker-compose.yml.backup"
database_type: "mariadb"
database_password: "{{akaunting_database_password}}"
repository_address: "https://github.com/akaunting/docker.git"

2
roles/docker-attendize/vars/main.yml
View File

@ -1,7 +1,7 @@
---
docker_compose_project_name: "attendize"
docker_compose_file_path: "{{docker_compose_instance_directory}}docker-compose.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker/compose/backup.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker-compose.yml.backup"
mail_interface_domain: "mail.{{domain}}"
database_type: "mariadb"
database_password: "{{attendize_database_password}}"

10
roles/docker-compose/handlers/main.yml
View File

@ -2,11 +2,11 @@
# It is necessary to shut the projects down, when reset is activated.
# Otherwise it can lead to this bug:
# https://github.com/ansible/ansible/issues/10244
- name: shut down docker compose project
command:
cmd: docker-compose -p "{{docker_compose_project_name}}" down
listen: docker compose project setup
when: mode_reset | bool
#- name: shut down docker compose project
# command:
# cmd: docker-compose -p "{{docker_compose_project_name}}" down
# listen: docker compose project setup
# when: mode_reset | bool
- name: docker compose project setup
command:

2
roles/docker-discourse/handlers/main.yml
View File

@ -1,5 +1,5 @@
---
- name: recreate discourse
command:
cmd: ./launcher rebuild discourse_application
cmd: "./launcher rebuild {{discourse_application_container}}"
chdir: "{{discourse_repository_directory}}"

6
roles/docker-discourse/tasks/main.yml
View File

@ -63,6 +63,12 @@
- name: flush, to recreate discourse app
meta: flush_handlers
- name: "add {{discourse_application_container}} to network central_postgres"
command:
cmd: "docker network connect central_postgres {{discourse_application_container}}"
ignore_errors: true
when: enable_central_database | bool
- name: "remove central database from {{docker_compose_project_name}}_default"
command:

2
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@ -119,4 +119,4 @@ run:
docker_args:
- --network={{docker_compose_project_name}}_default
- --name=discourse_application
- --name={{discourse_application_container}}

9
roles/docker-discourse/vars/main.yml
View File

@ -1,4 +1,5 @@
docker_compose_project_name: "discourse"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"
discourse_repository_directory: "{{ path_docker_compose_instances + docker_compose_project_name + '/repository/' }}"
docker_compose_project_name: "discourse"
discourse_application_container: "discourse_application"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"
discourse_repository_directory: "{{ path_docker_compose_instances + docker_compose_project_name + '/repository/' }}"

13
roles/docker-matrix-compose/README.md
View File

@ -43,6 +43,19 @@ for db in matrix mautrix_whatsapp_bridge mautrix_telegram_bridge mautrix_signal_
docker compose down -v
```
## Bridges
### General
Contact one of the following bots for more information:
- @signalbot:yourdomain.tld
- @telegrambot:yourdomain.tld
- @whatsappbot:yourdomain.tld
- @slackbot:yourdomain.tld
### Slack
For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/authentication.html).
## Debug:
- https://federationtester.matrix.org/

13
roles/docker-matrix-compose/tasks/main.yml
View File

@ -96,8 +96,17 @@
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
notify: docker compose project setup
- name: flush docker service
meta: flush_handlers
- name: docker compose project setup
command:
cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
register: result
until: result is succeeded
retries: 12
delay: 30
- name: wait for registration files
wait_for:

4
roles/docker-matrix-compose/templates/docker-compose.yml.j2
View File

@ -30,9 +30,7 @@ services:
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
{% for item in bridges %}
mautrix-{{item.bridge_name}}:
# The condition service_healthy does not work.
# In practice is does not make a difference anyhow, due to the reason that synapse will restart until it is running
condition: service_started
condition: service_healthy
{% endfor %}
{% include 'templates/docker/container/networks.yml.j2' %}

449
roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 Normal file
View File

@ -0,0 +1,449 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{matrix_server_name}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Facebook MQTT connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-facebook:29319
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_facebook_bridge:{{mautrix_facebook_bridge_database_password}}@{{database_host}}/mautrix_facebook_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# Shared secret for integration managers such as mautrix-manager.
# If set to "generate", a random string will be generated on the next startup.
# If null, integration manager access to the API will not be possible.
shared_secret: generate
# Allow logging in within Matrix. If false, users can only log in using the web interface.
allow_matrix_login: true
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# Hostname of the tracking server. The path is hardcoded to /v1/track
host: api.segment.io
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-facebook.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: "{displayname} (FB)"
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
- first_name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: {{synapse_domain}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Facebook.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether to allow inviting arbitrary mxids to portal rooms
allow_invites: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Facebook.
backfill:
# Allow backfilling at all?
enable: true
# Use MSC2716 for backfilling? If this is disabled, backfilling only happens when syncing threads,
# and the incremental settings below don't apply.
#
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
msc2716: false
# Use double puppets for backfilling?
#
# If using MSC2716, the double puppets must be in the appservice's user ID namespace
# (because the bridge can't use the double puppet access token with batch sending).
#
# Even without MSC2716, bridging old messages with correct timestamps requires the double
# puppets to be in an appservice namespace, or the server to be modified to allow
# overriding timestamps anyway.
double_puppet_backfill: false
# The maximum number of conversations that should be synced.
# Other conversations will be backfilled on demand when the start PM
# provisioning endpoint is used or when a message comes in from that
# chat.
# If set to -1, all conversations will by synced.
max_conversations: 20
# The minimum amount of time to wait between syncing each thread. This
# helps avoid situations where you sync too quickly.
min_sync_thread_delay: 5
# If this value is greater than 0, then if the conversation's last
# message was more than this number of hours ago, then the conversation
# will automatically be marked it as read.
# Conversations that have a last message that is less than this number
# of hours ago will have their unread status synced from Facebook.
unread_hours_threshold: 0
# Settings for how quickly to backoff when rate-limits are encountered
# while backfilling.
backoff:
# How many seconds to wait after getting rate limited during a
# thread list fetch.
thread_list: 300
# How many seconds to wait after getting rate limited during a
# message history fetch.
message_history: 300
# Settings for backfills.
#
# During initial/incremental sync, the entirety of the thread that is
# available will be backfilled. For example, on initial sync, about 20
# messages are included for each thread in the thread list returned by
# the server. After that, incremental backfills will be run for each of
# the portals in a round-robin fashion until all portals have been
# backfilled as configured below.
incremental:
# The maximum number of pages to backfill per batch.
max_pages: 10
# The maximum number of total pages to backfill per portal.
# If set to -1, infinite pages will be synced.
max_total_pages: -1
# The number of seconds to wait between backfilling each page.
page_delay: 5
# The number of seconds to wait after backfilling the batch of
# messages.
post_batch_delay: 20
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
# Set to a list of two items to randomize the interval (min, max).
interval: -1
# What to do in periodic reconnects. Either "refresh" or "reconnect"
mode: refresh
# Should even disconnected users be reconnected?
always: false
# Only reconnect if the user has been connected for longer than this value
min_connected_time: 0
# The number of seconds that a disconnection can last without triggering an automatic re-sync
# and missed message backfilling when reconnecting.
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
resync_max_disconnected_time: 5
# The maximum number of conversations that should be synced when we get a
# message sync error. In general, 1 page (20) is sufficient.
max_startup_thread_sync_count: 20
# Whether or not temporary disconnections should send notices to the notice room.
# If this is false, disconnections will never send messages and connections will only send
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
temporary_disconnect_notices: false
# Disable bridge notices entirely
disable_bridge_notices: false
# Should Matrix m.notice-type messages be bridged to Facebook?
bridge_matrix_notices: true
on_reconnection_fail:
# What to do if a reconnection attempt fails? Options: reconnect, refresh, null
action: reconnect
# Seconds to wait before attempting to refresh the connection, set a list of two items to
# to randomize the interval (min, max).
wait_for: 0
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or
# other configuration. This may be useful if you don't want to use the default proxy for large files.
sandbox_media_download: false
# URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable).
get_proxy_api_url: null
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Disable generating reply fallbacks? Some extremely bad clients still rely on them,
# but they're being phased out and will be completely removed in the future.
disable_reply_fallbacks: false
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_admin_name}}:{{matrix_server_name}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Messenger via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '<b>$sender_displayname</b>: $message'
m.notice: '<b>$sender_displayname</b>: $message'
m.emote: '* <b>$sender_displayname</b> $message'
m.file: '<b>$sender_displayname</b> sent a file'
m.image: '<b>$sender_displayname</b> sent an image'
m.audio: '<b>$sender_displayname</b> sent an audio file'
m.video: '<b>$sender_displayname</b> sent a video'
m.location: '<b>$sender_displayname</b> sent a location'
facebook:
device_seed: generate
default_region_hint: ODN
connection_type: WIFI
carrier: Verizon
hni: 311390
mqtt_keepalive: 60
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: normal
filename: ./mautrix-facebook.log
maxBytes: 10485760
backupCount: 10
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
maufbapi:
level: DEBUG
paho:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [file, console]

373
roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2 Normal file
View File

@ -0,0 +1,373 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The address to mautrix-wsproxy (which should usually be next to the homeserver behind a reverse proxy).
# Only the /_matrix/client/unstable/fi.mau.as_sync websocket endpoint is used on this address.
#
# Set to null to disable using the websocket. When not using the websocket, make sure hostname and port are set in the appservice section.
websocket_proxy: wss://synapse:8008
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The hostname and port where this appservice should listen.
# The default method of deploying mautrix-imessage is using a websocket proxy, so it doesn't need a http server
# To use a http server instead of a websocket, set websocket_proxy to null in the homeserver section,
# and set the port below to a real port.
hostname: 0.0.0.0
port: null
# Optional TLS certificates to listen for https instead of http connections.
tls_key: null
tls_cert: null
# Database config.
database:
# The database type. Only "sqlite3-fk-wal" is supported.
type: sqlite3-fk-wal
# SQLite database path. A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
uri: file:mautrix-imessage.db?_txlock=immediate
# The unique ID of this appservice.
id: imessage
# Appservice bot details.
bot:
# Username of the appservice bot.
username: imessagebot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: iMessage bridge bot
avatar: mxc://maunium.net/tManJEpANASZvDVzvRvhILdX
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# iMessage connection config
imessage:
# Available platforms:
# * mac: Standard Mac connector, requires full disk access and will ask for AppleScript and contacts permission.
# * ios: Jailbreak iOS connector when using with Brooklyn.
# * android: Equivalent to ios, but for use with the Android SMS wrapper app.
# * mac-nosip: Mac without SIP connector, runs Barcelona as a subprocess.
platform: mac
# Path to the Barcelona executable for the mac-nosip connector
imessage_rest_path: darwin-barcelona-mautrix
# Additional arguments to pass to the mac-nosip connector
imessage_rest_args: []
# The mode for fetching contacts in the no-SIP connector.
# The default mode is `ipc` which will ask Barcelona. However, recent versions of Barcelona have removed contact support.
# You can specify `mac` to use Contacts.framework directly instead of through Barcelona.
# You can also specify `disable` to not try to use contacts at all.
contacts_mode: ipc
# Whether to log the contents of IPC payloads
log_ipc_payloads: false
# For the no-SIP connector, hackily set the user account locale before starting Barcelona.
hacky_set_locale: null
# A list of environment variables to add for the Barcelona process (as NAME=value strings)
environment: []
# Path to unix socket for Barcelona communication.
unix_socket: mautrix-imessage.sock
# Interval to ping Barcelona at. The process will exit if Barcelona doesn't respond in time.
ping_interval_seconds: 15
# Should media on disk be deleted after bridging to Matrix?
delete_media_after_upload: false
bluebubbles_url:
bluebubbles_password:
# Segment settings for collecting some debug data.
segment:
key: null
user_id: null
hacky_startup_test:
identifier: null
message: null
response_message: null
key: null
echo_mode: false
send_on_startup: false
periodic_resolve: -1
# Bridge config
bridge:
# The user of the bridge.
user: "@you:example.com"
{% raw %}
# Localpart template of MXIDs for iMessage users.
# {{.}} is replaced with the phone number or email of the iMessage user.
username_template: imessage_{{.}}
# Displayname template for iMessage users.
# {{.}} is replaced with the contact list name (if available) or username (phone number or email) of the iMessage user.
displayname_template: "{{.}} (iMessage)"
# Should the bridge create a space and add bridged rooms to it?
personal_filtering_spaces: false
{% endraw %}
# Whether or not the bridge should send a read receipt from the bridge bot when a message has been
# sent to iMessage.
delivery_receipts: false
# Whether or not the bridge should send the message status as a custom
# com.beeper.message_send_status event.
message_status_events: true
# Whether or not the bridge should send error notices via m.notice events
# when a message fails to bridge.
send_error_notices: true
# The maximum number of seconds between the message arriving at the
# homeserver and the bridge attempting to send the message. This can help
# prevent messages from being bridged a long time after arriving at the
# homeserver which could cause confusion in the chat history on the remote
# network. Set to 0 to disable.
max_handle_seconds: 0
# Device ID to include in m.bridge data, read by client-integrated Android SMS.
# Not relevant for standalone bridges nor iMessage.
device_id: null
# Whether or not to sync with custom puppets to receive EDUs that are not normally sent to appservices.
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically instead of the user
# having to find an access token and run `login-matrix` manually.
login_shared_secret: null
# Homeserver URL for the double puppet. If null, will use the URL set in homeserver -> address
double_puppet_server_url: null
# Backfill settings
backfill:
# Should backfilling be enabled at all?
enable: true
# Maximum number of messages to backfill for new portal rooms.
initial_limit: 100
# Maximum age of chats to sync in days.
initial_sync_max_age: 0.5
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on iMessage.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
#########################################################################
# The settings below are only applicable if you are: #
# #
# 1. Using batch sending, which is no longer supported in Synapse. #
# 2. Running the bridge in backfill-only mode connecting to another #
# instance for portal creation via websocket commands. #
# #
# In other words, unless you are Beeper, the rest of the backfill #
# section very likely does not apply to you. #
#########################################################################
# Is this bridge only meant for backfilling chats?
only_backfill: false
# Settings for immediate backfills. These backfills should generally be small and their main purpose is
# to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
# so that you can continue conversations without losing context.
immediate:
# The maximum number of events to backfill initially.
max_events: 25
# Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
# the chat history that was not covered by the immediate backfills.
# These backfills generally should happen at a slower pace so as not to overload the homeserver.
# Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
# The fields are as follows:
# - start_days_ago: the number of days ago to start backfilling from.
# To indicate the start of time, use -1. For example, for a week ago, use 7.
# - max_batch_events: the number of events to send per batch.
# - batch_delay: the number of seconds to wait before backfilling each batch.
deferred:
# Last Week
- start_days_ago: 7
max_batch_events: 50
batch_delay: 5
# Last Month
- start_days_ago: 30
max_batch_events: 100
batch_delay: 10
# Last 3 months
- start_days_ago: 90
max_batch_events: 250
batch_delay: 10
# The start of time
- start_days_ago: -1
max_batch_events: 500
batch_delay: 10
# Whether or not the bridge should periodically resync chat and contact info.
periodic_sync: true
# Should the bridge look through joined rooms to find existing portals if the database has none?
# This can be used to recover from bridge database loss.
find_portals_if_db_empty: false
# Media viewer settings. See https://gitlab.com/beeper/media-viewer for more info.
# Used to send media viewer links instead of full files for attachments that are too big for MMS.
media_viewer:
# The address to the media viewer. If null, media viewer links will not be used.
url: null
# The homeserver domain to pass to the media viewer to use for downloading media.
# If null, will use the server name configured in the homeserver section.
homeserver: null
# The minimum number of bytes in a file before the bridge switches to using the media viewer when sending MMS.
# Note that for unencrypted files, this will use a direct link to the homeserver rather than the media viewer.
sms_min_size: 409600
# Same as above, but for iMessages.
imessage_min_size: 52428800
# Template text when inserting media viewer URLs.
# %s is replaced with the actual URL.
template: "Full size attachment: %s"
# Should we convert heif images to jpeg before re-uploading? This increases
# compatibility, but adds generation loss (reduces quality).
convert_heif: true
# Should we convert tiff images to jpeg before re-uploading? This increases
# compatibility, but adds generation loss (reduces quality).
convert_tiff: true
# Modern Apple devices tend to use h265 encoding for video, which is a licensed standard and therefore not
# supported by most major browsers. If enabled, all video attachments will be converted according to the
# ffmpeg args.
convert_video:
enabled: false
# Convert to h264 format (supported by all major browsers) at decent quality while retaining original
# audio. Modify these args to do whatever encoding/quality you want.
ffmpeg_args: ["-c:v", "libx264", "-preset", "faster", "-crf", "22", "-c:a", "copy"]
extension: "mp4"
mime_type: "video/mp4"
# The prefix for commands.
command_prefix: "!im"
# Should we rewrite the sender in a DM to match the chat GUID?
# This is helpful when the sender ID shifts depending on the device they use, since
# the bridge is unable to add participants to the chat post-creation.
force_uniform_dm_senders: true
# Should SMS chats always be in the same room as iMessage chats with the same phone number?
disable_sms_portals: false
# iMessage has weird IDs for group chats, so getting all messages in the same MMS group chat into the same Matrix room
# may require rerouting some messages based on the fake ReplyToGUID that iMessage adds.
reroute_mms_group_replies: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Send captions in the same message as images using MSC2530?
# This is currently not supported in most clients.
caption_in_message: false
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# End-to-bridge encryption support options.
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether or not to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
{% raw %}
# Settings for relay mode
relay:
# Whether relay mode should be allowed.
enabled: false
# A list of user IDs and server names who are allowed to be relayed through this bridge. Use * to allow everyone.
whitelist: []
# The formats to use when relaying messages to iMessage.
message_formats:
m.text: "{{ .Sender.Displayname }}: {{ .Message }}"
m.notice: "{{ .Sender.Displayname }}: {{ .Message }}"
m.emote: "* {{ .Sender.Displayname }} {{ .Message }}"
m.file: "{{ .Sender.Displayname }} sent a file: {{ .FileName }}"
m.image: "{{ .Sender.Displayname }} sent an image: {{ .FileName }}"
m.audio: "{{ .Sender.Displayname }} sent an audio file: {{ .FileName }}"
m.video: "{{ .Sender.Displayname }} sent a video: {{ .FileName }}"
{% endraw %}
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: debug
writers:
- type: stdout
format: pretty-colored
- type: file
format: json
filename: ./logs/mautrix-imessage.log
max_size: 100
max_backups: 10
compress: true
# This may be used by external config managers. mautrix-imessage does not read it, but will carry it across configuration migrations.
revision: 0

416
roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 Normal file
View File

@ -0,0 +1,416 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Instagram MQTT connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-instagram:29330
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29330
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_instagram_bridge:{{mautrix_instagram_bridge_database_password}}@{{database_host}}/mautrix_instagram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# The unique ID of this appservice.
id: instagram
# Username of the appservice bot.
bot_username: instagrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Instagram bridge bot
bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# Hostname of the tracking server. The path is hardcoded to /v1/track
host: api.segment.io
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-instagram.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
instagram:
# Seed for generating devices. This is secret because the seed is used to generate
# device IDs, which can apparently be used to bypass two-factor authentication after
# logging out, because Instagram is insecure.
device_seed: generate
mqtt_keepalive: 60
# Bridge config
bridge:
# Localpart template of MXIDs for Instagram users.
# {userid} is replaced with the user ID of the Instagram user.
username_template: "instagram_{userid}"
# Displayname template for Instagram users.
# {displayname} is replaced with the display name of the Instagram user.
# {username} is replaced with the username of the Instagram user.
displayname_template: "{displayname} (Instagram)"
# Displayname template for 1:1 chat portals. Same variables as displayname_template.
private_chat_name_template: "{displayname}"
# Displayname template for group chat portals. Only {name} is available.
group_chat_name_template: "{name}"
# Maximum length of displayname
displayname_max_length: 100
# The maximum number of conversations that should be synced when we get a
# message sync error. In general, 1 page (20) is sufficient.
max_startup_thread_sync_count: 20
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{matrix_server_name}}: https://{{synapse_domain}}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Instagram.
backfill:
# Enable initial backfill (~10 messages after creating portal)?
enable_initial: true
# Enable backfill queue? This is used for backfilling additional threads after the initial sync,
# and when MSC2716 is enabled, to backfill message history going backwards.
enable: false
# Use MSC2716 for backfilling? If this is disabled, backfilling only happens when syncing threads,
# and the incremental settings below don't apply.
#
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
msc2716: false
# Use double puppets for backfilling?
# In order to use this, the double puppets must be in the appservice's user ID namespace
# (because the bridge can't use the double puppet access token with batch sending).
# This only affects double puppets on the local server, double puppets on other servers will never be used.
double_puppet_backfill: false
# The maximum number of conversations that should be synced.
# Other conversations will be backfilled on demand when the start PM
# provisioning endpoint is used or when a message comes in from that
# chat.
# If set to -1, all conversations will by synced.
max_conversations: 20
# The minimum amount of time to wait between syncing each thread. This
# helps avoid situations where you sync too quickly.
min_sync_thread_delay: 5
# If this value is greater than 0, then if the conversation's last
# message was more than this number of hours ago, then the conversation
# will automatically be marked it as read.
# Conversations that have a last message that is less than this number
# of hours ago will have their unread status synced from Instagram.
unread_hours_threshold: 0
# Settings for how quickly to backoff when rate-limits are encountered
# while backfilling.
backoff:
# How many seconds to wait after getting rate limited during a
# thread list fetch.
thread_list: 300
# How many seconds to wait after getting rate limited during a
# message history fetch.
message_history: 300
# Settings for backfills.
#
# During initial/incremental sync, the entirety of the thread that is
# available will be backfilled. For example, on initial sync, about 20
# messages are included for each thread in the thread list returned by
# the server. After that, incremental backfills will be run for each of
# the portals in a round-robin fashion until all portals have been
# backfilled as configured below.
incremental:
# The maximum number of pages to backfill per batch.
max_pages: 10
# The maximum number of total pages to backfill per portal.
# If set to -1, infinite pages will be synced.
max_total_pages: -1
# The number of seconds to wait between backfilling each page.
page_delay: 5
# The number of seconds to wait after backfilling the batch of
# messages.
post_batch_delay: 20
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Instagram stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
interval: -1
# Whether or not the bridge should backfill chats when reconnecting.
resync: true
# Should even disconnected users be reconnected?
always: false
# URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable).
get_proxy_api_url: null
# Whether to use proxy for downloading media from Instagram.
use_proxy_for_media: true
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Instagram.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Whether or not unimportant bridge notices should be sent to the user.
# (e.g. connected, disconnected but will retry)
unimportant_bridge_notices: true
# Disable bridge notices entirely
disable_bridge_notices: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should Matrix typing notices be sent to Instagram? Typing notifications
# from Instagram will still be bridged.
bridge_matrix_typing: true
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!ig"
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_admin_name}}:{{matrix_server_name}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Instagram via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
#
# Note that Instagram doesn't support captions for images, so images won't include any indication of being relayed.
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_instagram.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: normal
filename: ./mautrix-instagram.log
maxBytes: 10485760
backupCount: 10
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
mauigpapi:
level: DEBUG
aiohttp:
level: INFO
paho.mqtt:
level: INFO
root:
level: DEBUG
handlers: [file, console]

4
roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
View File

@ -141,7 +141,7 @@ bridge:
federate_rooms: true
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{matrix_server_name}}
{{matrix_server_name}}: https://{{synapse_domain}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -150,7 +150,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: foobar
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.

4
roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
View File

@ -118,7 +118,7 @@ bridge:
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{matrix_server_name}}
{{matrix_server_name}}: https://{{synapse_domain}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -127,7 +127,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: foobar
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.

4
roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
View File

@ -198,7 +198,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{matrix_server_name}}
{{matrix_server_name}}: https://{{synapse_domain}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -209,7 +209,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: foobar
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request

4
roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
View File

@ -236,7 +236,7 @@ bridge:
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{matrix_server_name}}
{{matrix_server_name}}: https://{{synapse_domain}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -245,7 +245,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: foobar
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.

17
roles/docker-matrix-compose/templates/nginx.conf.j2
View File

@ -10,20 +10,5 @@ server {
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
location ~ ^(/_matrix|/_synapse/client) {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://127.0.0.1:{{http_port}};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}
{% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
}

2
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -18,7 +18,7 @@ database:
cp_min: 5
cp_max: 10
log_config: "/data/{{domain_matrix_synapse}}.log.config"
media_store_path: /data/media_store
media_store_path: "/data/media_store"
registration_shared_secret: "{{matrix_registration_shared_secret}}"
report_stats: true
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"

7
roles/docker-matrix-compose/vars/main.yml
View File

@ -24,4 +24,9 @@ bridges:
- database_password: "{{ mautrix_slack_bridge_database_password }}"
database_username: "mautrix_slack_bridge"
database_name: "mautrix_slack_bridge"
bridge_name: "slack"
bridge_name: "slack"
- database_password: "{{ mautrix_facebook_bridge_database_password }}"
database_username: "mautrix_facebook_bridge"
database_name: "mautrix_facebook_bridge"
bridge_name: "facebook"

2
roles/docker-openproject/vars/main.yml
View File

@ -2,7 +2,7 @@ docker_compose_project_name: "openproject"
repository_directory: "{{ path_docker_compose_instances }}{{docker_compose_project_name}}/"
docker_compose_instance_directory: "{{repository_directory}}compose/"
docker_compose_file_path: "{{docker_compose_instance_directory}}docker-compose.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker/compose/backup.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker-compose.yml.backup"
database_password: "{{openproject_database_password}}"
repository_address: "https://github.com/opf/openproject-deploy"
database_type: "postgres"