diff --git a/bridgeconfig/bridgeconfig.go b/bridgeconfig/bridgeconfig.go index 3a749ea..c8e5a37 100644 --- a/bridgeconfig/bridgeconfig.go +++ b/bridgeconfig/bridgeconfig.go @@ -3,12 +3,20 @@ package bridgeconfig import ( "embed" "fmt" + "reflect" "strings" "text/template" "maunium.net/go/mautrix/id" ) +type BridgeV2Name struct { + DatabaseFileName string + CommandPrefix string + BridgeTypeName string + BridgeTypeIcon string +} + type Params struct { HungryAddress string BeeperDomain string @@ -28,6 +36,8 @@ type Params struct { DatabasePrefix string + BridgeV2Name + Params map[string]string } @@ -36,8 +46,16 @@ var configs embed.FS var tpl *template.Template var SupportedBridges []string -var tplFuncs = map[string]any{ +var tplFuncs = template.FuncMap{ "replace": strings.ReplaceAll, + "setfield": func(obj any, field string, value any) any { + val := reflect.ValueOf(obj) + for val.Kind() == reflect.Pointer { + val = val.Elem() + } + val.FieldByName(field).Set(reflect.ValueOf(value)) + return "" + }, } func init() { diff --git a/bridgeconfig/bridgev2.tpl.yaml b/bridgeconfig/bridgev2.tpl.yaml new file mode 100644 index 0000000..32711e0 --- /dev/null +++ b/bridgeconfig/bridgev2.tpl.yaml @@ -0,0 +1,251 @@ +# Config options that affect the central bridge module. +bridge: + {{ if .CommandPrefix -}} + # The prefix for commands. Only required in non-management rooms. + command_prefix: '{{ .CommandPrefix }}' + {{ end -}} + # Should the bridge create a space for each login containing the rooms that account is in? + personal_filtering_spaces: true + + # Settings for relay mode + relay: + # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # Should only admins be allowed to set themselves as relay users? + admin_only: true + # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. + default_relays: [] + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # commands - Access to use commands in the bridge, but not login. + # user - Access to use the bridge with puppeting. + # admin - Full access, user level with some additional administration tools. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ .UserID }}": admin + +# Config for the bridge's database. +database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: sqlite3-fk-wal + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: file:{{.DatabasePrefix}}{{or .DatabaseFileName .BridgeName}}.db?_txlock=immediate + # Maximum number of connections. + max_open_conns: 5 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine, + # but https also works if they run on different machines. + address: {{ .HungryAddress }} + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: beeper.local + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: hungry + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + # If set, the bridge will make POST requests to this URL when processing a message from Matrix. + # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable + # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported. + # The bridge will use the appservice as_token to authorize requests. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: true + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: {{ .Websocket }} + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 180 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: irrelevant + + # The hostname and port where this appservice should listen. + # For Docker, you generally have to change the hostname to 0.0.0.0. + hostname: 0.0.0.0 + port: 4000 + + # The unique ID of this appservice. + id: {{ .AppserviceID }} + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ .BridgeName }}bot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + {{ if .BridgeTypeName -}} + displayname: {{ .BridgeTypeName }} bridge bot + {{- end }} + {{ if .BridgeTypeIcon -}} + avatar: {{ .BridgeTypeIcon }} + {{- end }} + + # Whether to receive ephemeral events via appservice transactions. + ephemeral_events: true + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ .ASToken }} + hs_token: {{ .HSToken }} + + # Localpart template of MXIDs for remote users. + username_template: {{ .BridgeName }}_{{ "{{.}}" }} + +# Config options that affect the Matrix connector of the bridge. +matrix: + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: true + # Whether the bridge should send a read receipt after successfully bridging a message. + delivery_receipts: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: false + sync_direct_chat_list: false + # Whether created rooms should have federation enabled. If false, created portal rooms + # will never be federated. Changing this option requires recreating rooms. + federate_rooms: false + +# Settings for provisioning API +provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: {{ .ProvisioningSecret }} + # Whether to allow provisioning API requests to be authed using Matrix access tokens. + # This follows the same rules as double puppeting to determine which server to contact to check the token, + # which means that by default, it only works for users on the same server as the bridge. + allow_matrix_auth: true + # Enable debug API at /debug with provisioning authentication. + debug_endpoints: true + +# Settings for enabling double puppeting +double_puppet: + # Servers to always allow double puppeting from. + # This is only for other servers and should NOT contain the server the bridge is on. + servers: + {{ .BeeperDomain }}: {{ .HungryAddress }} + # Whether to allow client API URL discovery for other servers. When using this option, + # users on other servers can use double puppeting even if their server URLs aren't + # explicitly added to the servers map above. + allow_discovery: false + # Shared secrets for automatic double puppeting. + # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. + secrets: + {{ .BeeperDomain }}: "as_token:{{ .ASToken }}" + +# End-to-bridge encryption support options. +# +# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. +encryption: + # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms. + allow: true + # Whether to force-enable encryption in all bridged rooms. + default: true + # Whether to require all messages to be encrypted and drop any unencrypted messages. + require: true + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. + appservice: true + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: true + # Pickle key for encrypting encryption keys in the bridge database. + # If set to generate, a random key will be generated. + pickle_key: bbctl + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: true + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: true + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: true + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: true + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: true + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: true + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. + receive: cross-signed-tofu + # Minimum level that the bridge should accept for incoming Matrix messages. + send: cross-signed-tofu + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. + # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is set. + enable_custom: true + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 2592000000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 10000 + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: true + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: debug + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: ./logs/bridge.log + max_size: 100 + max_backups: 10 + compress: false diff --git a/bridgeconfig/signalv2.tpl.yaml b/bridgeconfig/signalv2.tpl.yaml index 00e4331..ba94a43 100644 --- a/bridgeconfig/signalv2.tpl.yaml +++ b/bridgeconfig/signalv2.tpl.yaml @@ -17,223 +17,8 @@ network: # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' location_format: 'https://www.google.com/maps/place/%[1]s,%[2]s' -# Config options that affect the central bridge module. -bridge: - # The prefix for commands. Only required in non-management rooms. - command_prefix: '!signal' - -# Config for the bridge's database. -database: - # The database type. "sqlite3-fk-wal" and "postgres" are supported. - type: sqlite3-fk-wal - # The database URI. - # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. - # https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable - # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: file:{{.DatabasePrefix}}mautrix-signal.db?_txlock=immediate - # Maximum number of connections. - max_open_conns: 5 - max_idle_conns: 2 - # Maximum connection idle time and lifetime before they're closed. Disabled if null. - # Parsed with https://pkg.go.dev/time#ParseDuration - max_conn_idle_time: null - max_conn_lifetime: null - -# Homeserver details. -homeserver: - # The address that this appservice can use to connect to the homeserver. - # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine, - # but https also works if they run on different machines. - address: {{ .HungryAddress }} - # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: beeper.local - - # What software is the homeserver running? - # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. - software: hungry - # The URL to push real-time bridge status to. - # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. - # The bridge will use the appservice as_token to authorize requests. - status_endpoint: null - # Endpoint for reporting per-message status. - # If set, the bridge will make POST requests to this URL when processing a message from Matrix. - # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable - # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported. - # The bridge will use the appservice as_token to authorize requests. - message_send_checkpoint_endpoint: null - # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: true - - # Should the bridge use a websocket for connecting to the homeserver? - # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, - # mautrix-asmux (deprecated), and hungryserv (proprietary). - websocket: {{ .Websocket }} - # How often should the websocket be pinged? Pinging will be disabled if this is zero. - ping_interval_seconds: 180 - -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: irrelevant - - # The hostname and port where this appservice should listen. - # For Docker, you generally have to change the hostname to 0.0.0.0. - hostname: 0.0.0.0 - port: 4000 - - # The unique ID of this appservice. - id: {{ .AppserviceID }} - # Appservice bot details. - bot: - # Username of the appservice bot. - username: {{ .BridgeName }}bot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: Signal v2 bridge bot - avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - - # Whether to receive ephemeral events via appservice transactions. - ephemeral_events: true - # Should incoming events be handled asynchronously? - # This may be necessary for large public instances with lots of messages going through. - # However, messages will not be guaranteed to be bridged in the same order they were sent in. - async_transactions: false - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: {{ .ASToken }} - hs_token: {{ .HSToken }} - - # Localpart template of MXIDs for remote users. - username_template: {{ .BridgeName }}_{{ "{{.}}" }} - -# Config options that affect the Matrix connector of the bridge. -matrix: - # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: true - # Whether the bridge should send a read receipt after successfully bridging a message. - delivery_receipts: false - # Whether the bridge should send error notices via m.notice events when a message fails to bridge. - message_error_notices: false - sync_direct_chat_list: false - # Whether created rooms should have federation enabled. If false, created portal rooms - # will never be federated. Changing this option requires recreating rooms. - federate_rooms: false - -# Settings for provisioning API -provisioning: - # Prefix for the provisioning API paths. - prefix: /_matrix/provision - # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, - # or if set to "disable", the provisioning API will be disabled. - shared_secret: {{ .ProvisioningSecret }} - # Whether to allow provisioning API requests to be authed using Matrix access tokens. - # This follows the same rules as double puppeting to determine which server to contact to check the token, - # which means that by default, it only works for users on the same server as the bridge. - allow_matrix_auth: true - # Enable debug API at /debug with provisioning authentication. - debug_endpoints: true - -# Settings for enabling double puppeting -double_puppet: - # Servers to always allow double puppeting from. - # This is only for other servers and should NOT contain the server the bridge is on. - servers: - {{ .BeeperDomain }}: {{ .HungryAddress }} - # Whether to allow client API URL discovery for other servers. When using this option, - # users on other servers can use double puppeting even if their server URLs aren't - # explicitly added to the servers map above. - allow_discovery: false - # Shared secrets for automatic double puppeting. - # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. - secrets: - {{ .BeeperDomain }}: "as_token:{{ .ASToken }}" - -# End-to-bridge encryption support options. -# -# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. -encryption: - # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms. - allow: true - # Whether to force-enable encryption in all bridged rooms. - default: true - # Whether to require all messages to be encrypted and drop any unencrypted messages. - require: true - # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. - # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. - appservice: true - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow_key_sharing: true - # Pickle key for encrypting encryption keys in the bridge database. - # If set to generate, a random key will be generated. - pickle_key: {{ .ASToken }} - # Options for deleting megolm sessions from the bridge. - delete_keys: - # Beeper-specific: delete outbound sessions when hungryserv confirms - # that the user has uploaded the key to key backup. - delete_outbound_on_ack: true - # Don't store outbound sessions in the inbound table. - dont_store_outbound: false - # Ratchet megolm sessions forward after decrypting messages. - ratchet_on_decrypt: true - # Delete fully used keys (index >= max_messages) after decrypting messages. - delete_fully_used_on_decrypt: true - # Delete previous megolm sessions from same device when receiving a new one. - delete_prev_on_new_session: true - # Delete megolm sessions received from a device when the device is deleted. - delete_on_device_delete: true - # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. - periodically_delete_expired: true - # Delete inbound megolm sessions that don't have the received_at field used for - # automatic ratcheting and expired session deletion. This is meant as a migration - # to delete old keys prior to the bridge update. - delete_outdated_inbound: false - # What level of device verification should be required from users? - # - # Valid levels: - # unverified - Send keys to all device in the room. - # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. - # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). - # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. - # Note that creating user signatures from the bridge bot is not currently possible. - # verified - Require manual per-device verification - # (currently only possible by modifying the `trust` column in the `crypto_device` database table). - verification_levels: - # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. - receive: cross-signed-tofu - # Minimum level that the bridge should accept for incoming Matrix messages. - send: cross-signed-tofu - # Minimum level that the bridge should require for accepting key requests. - share: cross-signed-tofu - # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. - # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. - rotation: - # Enable custom Megolm room key rotation settings. Note that these - # settings will only apply to rooms created after this option is set. - enable_custom: true - # The maximum number of milliseconds a session should be used - # before changing it. The Matrix spec recommends 604800000 (a week) - # as the default. - milliseconds: 2592000000 - # The maximum number of messages that should be sent with a given a - # session before changing it. The Matrix spec recommends 100 as the - # default. - messages: 10000 - # Disable rotating keys when a user's devices change? - # You should not enable this option unless you understand all the implications. - disable_device_change_key_rotation: true - -# Logging config. See https://github.com/tulir/zeroconfig for details. -logging: - min_level: debug - writers: - - type: stdout - format: pretty-colored - - type: file - format: json - filename: ./logs/mautrix-signal.log - max_size: 100 - max_backups: 10 - compress: false +{{ setfield . "CommandPrefix" "!signal" -}} +{{ setfield . "DatabaseFileName" "mautrix-signal" -}} +{{ setfield . "BridgeTypeName" "Signal" -}} +{{ setfield . "BridgeTypeIcon" "mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp" -}} +{{ template "bridgev2.tpl.yaml" . }}