diff --git a/.env.sample b/.env.sample index c41c271..cff6f69 100644 --- a/.env.sample +++ b/.env.sample @@ -77,3 +77,5 @@ ENCRYPTED_BY_DEFAULT=all #SECRET_TELEGRAM_DB_PASSWORD_VERSION=v1 #SECRET_TELEGRAM_API_HASH_VERSION=v1 #SECRET_TELEGRAM_BOT_TOKEN_VERSION=v1 +#SECRET_TELEGRAM_AS_TOKEN_VERSION=v1 +#SECRET_TELEGRAM_HS_TOKEN_VERSION=v1 diff --git a/README.md b/README.md index 4f2b594..b784794 100644 --- a/README.md +++ b/README.md @@ -82,5 +82,18 @@ This could be implemented in this recipe but we haven't merged it in yet. Change ### Telegram bridging +> WIP + +Setting it up is a bit of a chicken/egg & chasing cats moment. Here is a rough guide: + +- `abra app secret generate -a ` (generates invalid secret values) +- `abra app deploy ` +- `abra app run matrix.fva.wtf telegram-bridge cat /data/registration.yaml` (get your app service secrets) +- `abra app undeploy ` +- `abra app secret insert telegram_as_token v1 ` +- `abra app secret insert telegram_hs_token v1 ` +- `abra app deploy ` +- ??? api/hash/token ??? + - [`docs.mau.fi`](https://docs.mau.fi/bridges/python/setup/docker.html?bridge=telegram) - [`example-config.yaml`](https://mau.dev/mautrix/telegram/-/blob/master/mautrix_telegram/example-config.yaml) diff --git a/compose.telegram.yml b/compose.telegram.yml index c8fb8a2..468878d 100644 --- a/compose.telegram.yml +++ b/compose.telegram.yml @@ -2,8 +2,17 @@ version: "3.8" services: - telegram-bridge: + app: + environment: + - TELEGRAM_APP_SERVICE_ENABLED=1 + - TELEGRAM_APP_SERVICE_CONFIG=/telegram-data/registration.yaml + volumes: + - telegram-data:/telegram-data + + telegram_bridge: image: dock.mau.dev/mautrix/telegram:1f5b91cbec7866663d8dd8f4c9a62115e2905552-amd64 + depends_on: + - telegram_db configs: - source: telegram_bridge_yaml target: /data/config.yaml @@ -18,12 +27,16 @@ services: - TELEGRAM_APP_ID secrets: - telegram_api_hash + - telegram_as_token - telegram_bot_token - telegram_db_password + - telegram_hs_token volumes: - telegram-data:/data + networks: + - internal - telegram-db: + telegram_db: image: postgres:13-alpine secrets: - telegram_db_password @@ -44,7 +57,7 @@ services: configs: telegram_bridge_yaml: name: ${STACK_NAME}_telegram_bridge_yaml_${TELEGRAM_BRIDGE_YAML_VERSION} - file: telegram-bridge.yaml.tmpl + file: telegram_bridge.yaml.tmpl template_driver: golang volumes: @@ -61,3 +74,9 @@ secrets: telegram_bot_token: external: true name: ${STACK_NAME}_telegram_bot_token_${SECRET_TELEGRAM_BOT_TOKEN_VERSION} + telegram_as_token: + external: true + name: ${STACK_NAME}_telegram_as_token_${SECRET_TELEGRAM_AS_TOKEN_VERSION} + telegram_hs_token: + external: true + name: ${STACK_NAME}_telegram_hs_token_${SECRET_TELEGRAM_HS_TOKEN_VERSION} diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index e0ab17f..0578de0 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -1442,9 +1442,10 @@ room_prejoin_state: # A list of application service config files to use # -#app_service_config_files: -# - app_service_1.yaml -# - app_service_2.yaml +{{ if eq (env "TELEGRAM_APP_SERVICE_ENABLED") "1" }} +app_service_config_files: + - "{{ env "TELEGRAM_APP_SERVICE_CONFIG" }}" +{{ end }} # Uncomment to enable tracking of application service IP addresses. Implicitly # enables MAU tracking for application service users. @@ -1885,7 +1886,7 @@ saml2_config: oidc_providers: {{ if eq (env "KEYCLOAK_ENABLED") "1" }} - - idp_id: {{ env "KEYCLOAK_ID" }} + - idp_id: {{ env "KEYCLOAK_ID" }} idp_name: {{ env "KEYCLOAK_NAME" }} issuer: "{{ env "KEYCLOAK_URL" }}" client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}" diff --git a/telegram-bridge.yaml.tmpl b/telegram_bridge.yaml.tmpl similarity index 99% rename from telegram-bridge.yaml.tmpl rename to telegram_bridge.yaml.tmpl index fb25f33..48ae637 100644 --- a/telegram-bridge.yaml.tmpl +++ b/telegram_bridge.yaml.tmpl @@ -24,7 +24,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: http://telegram-bridge:29317 + address: http://telegram_bridge:29317 # When using https:// the TLS certificate and key files for the address. tls_cert: false tls_key: false @@ -40,7 +40,7 @@ appservice: # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgres://username:password@hostname/dbname - database: postgres://telegrambridge:{{ secret "telegram_db_password" }}@telagram-db/telegrambridge + database: postgres://telegrambridge:{{ secret "telegram_db_password" }}@telegram_db/telegrambridge # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect @@ -87,8 +87,8 @@ appservice: ephemeral_events: false # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "This value is generated when generating the registration" - hs_token: "This value is generated when generating the registration" + as_token: "{{ secret "telegram_as_token" }}" + hs_token: "{{ secret "telegram_hs_token" }}" # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: @@ -527,7 +527,7 @@ logging: file: class: logging.handlers.RotatingFileHandler formatter: normal - filename: ./mautrix-telegram.log + filename: /data/mautrix-telegram.log maxBytes: 10485760 backupCount: 10 console: