1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-12 08:43:55 +02:00
matrix-docker-ansible-deploy/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2

266 lines
14 KiB
Plaintext
Raw Normal View History

Add support for WeChat bridging This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241) by Tobias Diez (https://github.com/tobiasdiez). I've refactored some parts, made it more configurable, polished it up, and it's integrated into the playbook now. Both the WeChat bridge and WeChat agent appear to be working. The WeChat bridge joins rooms and responds as expected. That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092 This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2 Squashed commit of the following: commit fdd37f02472a0b83d61b4fac80650442f90e7629 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 21:05:53 2024 +0300 Add documentation for WeChat bridge commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:59:42 2024 +0300 Rename directory for matrix_wechat_agent_container_src_files_path commit da200df82bbc9153d307095dd90e4769c400ea1e Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:58:26 2024 +0300 Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key commit 4022cb1355828ac16af7d9228cb1066962bb35f5 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:54:56 2024 +0300 Refactor install.yml for WeChat a bit (using blocks, etc.) commit d07a39b4c4f6b93d04204e13e384086d5a242d52 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:52:35 2024 +0300 Rename WeChat Agent configuration file This makes it more clear that it belongs to the agent. Otherwise, `config.yaml` and `configure.yaml` make you wonder. commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:49:06 2024 +0300 Move WeChat agent configuration to a template commit a4047d94d8877b4095712dfc76ac3082a1edca28 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:47:17 2024 +0300 Mount WeChat config as readonly and instruct bridge to not update it commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:46:33 2024 +0300 Sync WeChat config with upstream Brings up-to-date with: https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml commit a46f5b9cbc8bf16042685a18c77d25a606bc8232 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:48:17 2024 +0300 Rename some files commit 3877679040cffc4ca6cccfa21a7335f8f796f06e Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:47:10 2024 +0300 Update WeChat logging config This brings it up-to-date with what mautrix-go uses. Otherwise, on startup we see: > Migrating legacy log config .. and it gets migrated to what we've done here. commit e3e95ab234651867c7a975a08455549b31db4172 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:43:37 2024 +0300 Make sure matrix-wechat-agent runs as 1000:1000 It needs to write stuff to `/home/user/.vnc`. `/home/user` is owned by `user:group` (`1000:1000`), so it cannot run any other way. Previously, if the `matrix` user was uid=1000 by chance, it would work, but that's pure luck. commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:57:09 2024 +0300 Pin wechat and wechat-agent versions commit 40d40009f19ebceed4126146cbb510a2c95af671 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:53:58 2024 +0300 docker_image -> container_image for WeChat bridge commit cc33aff592541913070d13288d17b04ed6243176 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:00:25 2024 +0300 docker_src -> container_src in WeChat bridge commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 17:54:24 2024 +0300 matrix_go_wechat_ -> matrix_wechat_ The bridge is written in Go, but does not include Go anywhere in its name. As such, it's mostly useless to use `matrix_go_wechat` as the prefix. commit d6662a69d1916d215d5184320c36d2ef73afd3e9 Author: Tobias Diez <code@tobiasdiez.de> Date: Mon Mar 25 10:55:16 2024 +0800 Add wechat bridge
2024-06-03 20:06:19 +02:00
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_wechat_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_wechat_homeserver_domain | to_json }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket: false
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_wechat_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_wechat_database_connection_string | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: wechat
# Appservice bot details.
bot:
# Username of the appservice bot.
username: {{ matrix_wechat_appservice_bot_username | to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WeChat bridge bot
avatar: mxc://matrix.org/rddVQBTjOOmNkNLXWfYJNfPW
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_wechat_appservice_token | to_json }}
hs_token: {{ matrix_wechat_homeserver_token | to_json }}
# Bridge config
bridge:
# Localpart template of MXIDs for WeChat users.
# {% raw %}{{.}}{% endraw %} is replaced with the uin of the WeChat user.
username_template: {% raw %}_wechat_{{.}}{% endraw %}
# Displayname template for WeChat users.
displayname_template: "{% raw %}{{if .Name}}{{.Name}}{{else}}{{.Uin}}{{end}} (WeChat){% endraw %}"
# WeChat listen address (for agent connection)
listen_address: "0.0.0.0:20002"
listen_secret: {{ matrix_wechat_bridge_listen_secret | to_json }}
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
2024-06-03 22:24:06 +02:00
personal_filtering_spaces: true
Add support for WeChat bridging This is based on the PR (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241) by Tobias Diez (https://github.com/tobiasdiez). I've refactored some parts, made it more configurable, polished it up, and it's integrated into the playbook now. Both the WeChat bridge and WeChat agent appear to be working. The WeChat bridge joins rooms and responds as expected. That said, end-to-end testing (actually bridging to a WeChat account) has not been done yet. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/701 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3092 This is sponsored https://etke.cc/ work related to https://gitlab.com/etke.cc/ansible/-/issues/2 Squashed commit of the following: commit fdd37f02472a0b83d61b4fac80650442f90e7629 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 21:05:53 2024 +0300 Add documentation for WeChat bridge commit 8426fc8b95bb160ea7f9659bd45bc59cf1326614 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:59:42 2024 +0300 Rename directory for matrix_wechat_agent_container_src_files_path commit da200df82bbc9153d307095dd90e4769c400ea1e Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:58:26 2024 +0300 Make WeChat listen_secret configurable and auto-configured via matrix_homeserver_generic_secret_key commit 4022cb1355828ac16af7d9228cb1066962bb35f5 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:54:56 2024 +0300 Refactor install.yml for WeChat a bit (using blocks, etc.) commit d07a39b4c4f6b93d04204e13e384086d5a242d52 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:52:35 2024 +0300 Rename WeChat Agent configuration file This makes it more clear that it belongs to the agent. Otherwise, `config.yaml` and `configure.yaml` make you wonder. commit ccca72f8d1e602f7c42f4bd552193afa153c9b9d Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:49:06 2024 +0300 Move WeChat agent configuration to a template commit a4047d94d8877b4095712dfc76ac3082a1edca28 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:47:17 2024 +0300 Mount WeChat config as readonly and instruct bridge to not update it commit bc0e89f345bf14bbdbfd574bb60d93918c2ac053 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 20:46:33 2024 +0300 Sync WeChat config with upstream Brings up-to-date with: https://github.com/duo/matrix-wechat/commits/0.2.4/example-config.yaml commit a46f5b9cbc8bf16042685a18c77d25a606bc8232 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:48:17 2024 +0300 Rename some files commit 3877679040cffc4ca6cccfa21a7335f8f796f06e Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:47:10 2024 +0300 Update WeChat logging config This brings it up-to-date with what mautrix-go uses. Otherwise, on startup we see: > Migrating legacy log config .. and it gets migrated to what we've done here. commit e3e95ab234651867c7a975a08455549b31db4172 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 19:43:37 2024 +0300 Make sure matrix-wechat-agent runs as 1000:1000 It needs to write stuff to `/home/user/.vnc`. `/home/user` is owned by `user:group` (`1000:1000`), so it cannot run any other way. Previously, if the `matrix` user was uid=1000 by chance, it would work, but that's pure luck. commit 4d5748ae9b84c81d6b48b0a41b790339d9ac4724 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:57:09 2024 +0300 Pin wechat and wechat-agent versions commit 40d40009f19ebceed4126146cbb510a2c95af671 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:53:58 2024 +0300 docker_image -> container_image for WeChat bridge commit cc33aff592541913070d13288d17b04ed6243176 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 18:00:25 2024 +0300 docker_src -> container_src in WeChat bridge commit 42e6ae9a6483c8ca6d53b8052058d41d90d93797 Author: Slavi Pantaleev <slavi@devture.com> Date: Mon Jun 3 17:54:24 2024 +0300 matrix_go_wechat_ -> matrix_wechat_ The bridge is written in Go, but does not include Go anywhere in its name. As such, it's mostly useless to use `matrix_go_wechat` as the prefix. commit d6662a69d1916d215d5184320c36d2ef73afd3e9 Author: Tobias Diez <code@tobiasdiez.de> Date: Mon Mar 25 10:55:16 2024 +0800 Add wechat bridge
2024-06-03 20:06:19 +02:00
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
portal_message_buffer: 128
# Enable redaction
allow_redaction: false
# Should puppet avatars be fetched from the server even if an avatar is already set?
user_avatar_sync: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# When double puppeting is enabled, users can use `!wa toggle` to change whether
# presence is bridged. These settings set the default values.
# Existing users won't be affected when these are changed.
default_bridge_presence: false
# Send the presence as "available" to WeChat when users start typing on a portal.
# This works as a workaround for homeservers that do not support presence, and allows
# users to see when the WeChat user on the other side is typing during a conversation.
send_presence_on_typing: false
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_wechat_homeserver_domain }}": {{ matrix_wechat_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_wechat_login_shared_secret_map | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Should group members be synced in parallel? This makes member sync faster
parallel_member_sync: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# Allow invite permission for user. User can invite any bots to room with WeChat
# users (private chat and groups)
allow_user_invite: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: null
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 120s
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_wechat_command_prefix | to_json }}
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a WeChat bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_wechat_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_wechat_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Should users mentions be in the event wire content to enable the server to send push notifications?
plaintext_mentions: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WeChat to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WeChat account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_wechat_permissions | to_json }}
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_wechat_log_level }}
writers:
- type: stdout
format: pretty-colored