coop-cloud/matrix-synapse
4
0
Fork 1
Code Issues 4 Pull Requests Releases Wiki Activity
Files
008ec1126bba059b3ea8ff902d5c31406e7b9547
matrix-synapse/signal_bridge.yaml.tmpl
decentral1se 245e81e4bb fix: make bridge logging ERROR only 
Decryption happens on the bridges (between systems) so in order to stop
plaintext logging of chat messages, we default to ERROR. If people need
more, they can submit changes for customisation.
2023-01-08 01:11:58 +01:00

325 lines
17 KiB
Cheetah
Raw Blame History

# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ env "HOMESERVER_URL" }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ env "HOMESERVER_DOMAIN" }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: {{ env "VERIFY_SSL" }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Maximum number of simultaneous HTTP connections to the homeserver.
connection_limit: 100
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://signalbridge:29328
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29328
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# However, SQLite support is extremely experimental and should not be used.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://signalbridge:{{ secret "signal_db_password" }}@signaldb/signalbridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# The unique ID of this appservice.
id: signal
# Username of the appservice bot.
bot_username: signalbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ secret "signal_as_token" }}"
hs_token: "{{ secret "signal_hs_token" }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
# Directory for temp files when sending files to Signal. This should be an
# absolute path that signald can read. For attachments in the other direction,
# make sure signald is configured to use an absolute path as the data directory.
outgoing_attachment_dir: /signald/attachments
# Directory where signald stores avatars for groups.
avatar_dir: /signald/avatars
# Directory where signald stores auth data. Used to delete data when logging out.
data_dir: /signald/data
# Whether or not unknown signald accounts should be deleted when the bridge is started.
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Whether or not to enable disappearing messages in groups. If enabled, then the expiration
# time of the messages will be determined by the first users to read the message, rather
# than individually. If the bridge has a single user, this can be turned on safely.
enable_disappearing_messages_in_groups: false
# Bridge config
bridge:
# Localpart template of MXIDs for Signal users.
# {userid} is replaced with an identifier for the Signal user.
username_template: "signal_{userid}"
# Displayname template for Signal users.
# {displayname} is replaced with the displayname of the Signal user, which is the first
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
displayname_template: "{displayname} (Signal)"
# Whether or not contact list displaynames should be used.
# Possible values: disallow, allow, prefer
#
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
# be conflicts between names from different users' contact lists.
contact_list_names: disallow
# Available variables: full_name, first_name, last_name, phone, uuid
displayname_preference:
- full_name
- phone
# Whether or not to create portals for all groups on login/connect.
autocreate_group_portal: true
# Whether or not to create portals for all contacts on login/connect.
autocreate_contact_portal: false
# Whether or not to make portals of Signal groups in which joining via invite link does
# not need to be approved by an administrator publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{ env "HOMESERVER_DOMAIN" }}: {{ env "HOMESERVER_URL" }}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ env "HOMESERVER_DOMAIN" }}: {{ secret "shared_secret_auth" }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ env "SIGNAL_ENABLE_ENCRYPTION" }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Signal. This let's you check manually whether the bridge is receiving your
# messages.
# Note that this is not related to Signal delivery receipts.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Should leaving the room on Matrix make the user leave on Signal?
bridge_matrix_leave: true
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# Segment API key to enable analytics tracking for web server
# endpoints. Set to null to disable.
# Currently the only events are login start, QR code scan, and login
# success/failure.
segment_key: null
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!signal"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `link` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: "{{ env "SIGNAL_BRIDGE_PERMISSIONS" }}"
relay:
# Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Signal via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
m.file: '$sender_displayname sent a file'
m.image: '$sender_displayname sent an image'
m.audio: '$sender_displayname sent an audio file'
m.video: '$sender_displayname sent a video'
m.location: '$sender_displayname sent a location'
# Specify a dedicated relay account. Must be a regular matrix account logged into this bridge
# and double puppeting working to auto-accept invites. When this user is invited to a room
# it will automatically be set as the relay user. May be overridden with `set-relay` or `unset-relay`
relaybot: '@relaybot:example.com'
# Format for generting URLs from location messages for sending to Signal
# Google Maps: 'https://www.google.com/maps/place/{lat},{long}'
# OpenStreepMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}'
location_format: 'https://www.google.com/maps/place/{lat},{long}'
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_signal.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: ERROR
aiohttp:
level: ERROR
root:
level: ERROR
handlers: [console]
Reference in New Issue View Git Blame Copy Permalink