-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add generic template for megabridges
- Loading branch information
Showing
3 changed files
with
275 additions
and
221 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,251 @@ | ||
# Config options that affect the central bridge module. | ||
bridge: | ||
{{ if .CommandPrefix -}} | ||
# The prefix for commands. Only required in non-management rooms. | ||
command_prefix: '{{ .CommandPrefix }}' | ||
{{ end -}} | ||
# Should the bridge create a space for each login containing the rooms that account is in? | ||
personal_filtering_spaces: true | ||
|
||
# Settings for relay mode | ||
relay: | ||
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any | ||
# authenticated user into a relaybot for that chat. | ||
enabled: false | ||
# Should only admins be allowed to set themselves as relay users? | ||
admin_only: true | ||
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. | ||
default_relays: [] | ||
|
||
# Permissions for using the bridge. | ||
# Permitted values: | ||
# relay - Talk through the relaybot (if enabled), no access otherwise | ||
# commands - Access to use commands in the bridge, but not login. | ||
# user - Access to use the bridge with puppeting. | ||
# admin - Full access, user level with some additional administration tools. | ||
# Permitted keys: | ||
# * - All Matrix users | ||
# domain - All users on that homeserver | ||
# mxid - Specific user | ||
permissions: | ||
"{{ .UserID }}": admin | ||
|
||
# Config for the bridge's database. | ||
database: | ||
# The database type. "sqlite3-fk-wal" and "postgres" are supported. | ||
type: sqlite3-fk-wal | ||
# The database URI. | ||
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended. | ||
# https://github.com/mattn/go-sqlite3#connection-string | ||
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable | ||
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql | ||
uri: file:{{.DatabasePrefix}}{{or .DatabaseFileName .BridgeName}}.db?_txlock=immediate | ||
# Maximum number of connections. | ||
max_open_conns: 5 | ||
max_idle_conns: 2 | ||
# Maximum connection idle time and lifetime before they're closed. Disabled if null. | ||
# Parsed with https://pkg.go.dev/time#ParseDuration | ||
max_conn_idle_time: null | ||
max_conn_lifetime: null | ||
|
||
# Homeserver details. | ||
homeserver: | ||
# The address that this appservice can use to connect to the homeserver. | ||
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine, | ||
# but https also works if they run on different machines. | ||
address: {{ .HungryAddress }} | ||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc). | ||
domain: beeper.local | ||
|
||
# What software is the homeserver running? | ||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. | ||
software: hungry | ||
# The URL to push real-time bridge status to. | ||
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. | ||
# The bridge will use the appservice as_token to authorize requests. | ||
status_endpoint: null | ||
# Endpoint for reporting per-message status. | ||
# If set, the bridge will make POST requests to this URL when processing a message from Matrix. | ||
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable | ||
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported. | ||
# The bridge will use the appservice as_token to authorize requests. | ||
message_send_checkpoint_endpoint: null | ||
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||
async_media: true | ||
|
||
# Should the bridge use a websocket for connecting to the homeserver? | ||
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||
# mautrix-asmux (deprecated), and hungryserv (proprietary). | ||
websocket: {{ .Websocket }} | ||
# How often should the websocket be pinged? Pinging will be disabled if this is zero. | ||
ping_interval_seconds: 180 | ||
|
||
# Application service host/registration related details. | ||
# Changing these values requires regeneration of the registration. | ||
appservice: | ||
# The address that the homeserver can use to connect to this appservice. | ||
address: irrelevant | ||
|
||
# The hostname and port where this appservice should listen. | ||
# For Docker, you generally have to change the hostname to 0.0.0.0. | ||
hostname: 0.0.0.0 | ||
port: 4000 | ||
|
||
# The unique ID of this appservice. | ||
id: {{ .AppserviceID }} | ||
# Appservice bot details. | ||
bot: | ||
# Username of the appservice bot. | ||
username: {{ .BridgeName }}bot | ||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||
# to leave display name/avatar as-is. | ||
{{ if .BridgeTypeName -}} | ||
displayname: {{ .BridgeTypeName }} bridge bot | ||
{{- end }} | ||
{{ if .BridgeTypeIcon -}} | ||
avatar: {{ .BridgeTypeIcon }} | ||
{{- end }} | ||
|
||
# Whether to receive ephemeral events via appservice transactions. | ||
ephemeral_events: true | ||
# Should incoming events be handled asynchronously? | ||
# This may be necessary for large public instances with lots of messages going through. | ||
# However, messages will not be guaranteed to be bridged in the same order they were sent in. | ||
async_transactions: false | ||
|
||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||
as_token: {{ .ASToken }} | ||
hs_token: {{ .HSToken }} | ||
|
||
# Localpart template of MXIDs for remote users. | ||
username_template: {{ .BridgeName }}_{{ "{{.}}" }} | ||
|
||
# Config options that affect the Matrix connector of the bridge. | ||
matrix: | ||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event. | ||
message_status_events: true | ||
# Whether the bridge should send a read receipt after successfully bridging a message. | ||
delivery_receipts: false | ||
# Whether the bridge should send error notices via m.notice events when a message fails to bridge. | ||
message_error_notices: false | ||
sync_direct_chat_list: false | ||
# Whether created rooms should have federation enabled. If false, created portal rooms | ||
# will never be federated. Changing this option requires recreating rooms. | ||
federate_rooms: false | ||
|
||
# Settings for provisioning API | ||
provisioning: | ||
# Prefix for the provisioning API paths. | ||
prefix: /_matrix/provision | ||
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated, | ||
# or if set to "disable", the provisioning API will be disabled. | ||
shared_secret: {{ .ProvisioningSecret }} | ||
# Whether to allow provisioning API requests to be authed using Matrix access tokens. | ||
# This follows the same rules as double puppeting to determine which server to contact to check the token, | ||
# which means that by default, it only works for users on the same server as the bridge. | ||
allow_matrix_auth: true | ||
# Enable debug API at /debug with provisioning authentication. | ||
debug_endpoints: true | ||
|
||
# Settings for enabling double puppeting | ||
double_puppet: | ||
# Servers to always allow double puppeting from. | ||
# This is only for other servers and should NOT contain the server the bridge is on. | ||
servers: | ||
{{ .BeeperDomain }}: {{ .HungryAddress }} | ||
# Whether to allow client API URL discovery for other servers. When using this option, | ||
# users on other servers can use double puppeting even if their server URLs aren't | ||
# explicitly added to the servers map above. | ||
allow_discovery: false | ||
# Shared secrets for automatic double puppeting. | ||
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. | ||
secrets: | ||
{{ .BeeperDomain }}: "as_token:{{ .ASToken }}" | ||
|
||
# End-to-bridge encryption support options. | ||
# | ||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. | ||
encryption: | ||
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms. | ||
allow: true | ||
# Whether to force-enable encryption in all bridged rooms. | ||
default: true | ||
# Whether to require all messages to be encrypted and drop any unencrypted messages. | ||
require: true | ||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. | ||
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used. | ||
appservice: true | ||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||
# You must use a client that supports requesting keys from other users to use this feature. | ||
allow_key_sharing: true | ||
# Pickle key for encrypting encryption keys in the bridge database. | ||
# If set to generate, a random key will be generated. | ||
pickle_key: bbctl | ||
# Options for deleting megolm sessions from the bridge. | ||
delete_keys: | ||
# Beeper-specific: delete outbound sessions when hungryserv confirms | ||
# that the user has uploaded the key to key backup. | ||
delete_outbound_on_ack: true | ||
# Don't store outbound sessions in the inbound table. | ||
dont_store_outbound: false | ||
# Ratchet megolm sessions forward after decrypting messages. | ||
ratchet_on_decrypt: true | ||
# Delete fully used keys (index >= max_messages) after decrypting messages. | ||
delete_fully_used_on_decrypt: true | ||
# Delete previous megolm sessions from same device when receiving a new one. | ||
delete_prev_on_new_session: true | ||
# Delete megolm sessions received from a device when the device is deleted. | ||
delete_on_device_delete: true | ||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session. | ||
periodically_delete_expired: true | ||
# Delete inbound megolm sessions that don't have the received_at field used for | ||
# automatic ratcheting and expired session deletion. This is meant as a migration | ||
# to delete old keys prior to the bridge update. | ||
delete_outdated_inbound: false | ||
# What level of device verification should be required from users? | ||
# | ||
# Valid levels: | ||
# unverified - Send keys to all device in the room. | ||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. | ||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). | ||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. | ||
# Note that creating user signatures from the bridge bot is not currently possible. | ||
# verified - Require manual per-device verification | ||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table). | ||
verification_levels: | ||
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. | ||
receive: cross-signed-tofu | ||
# Minimum level that the bridge should accept for incoming Matrix messages. | ||
send: cross-signed-tofu | ||
# Minimum level that the bridge should require for accepting key requests. | ||
share: cross-signed-tofu | ||
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. | ||
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. | ||
rotation: | ||
# Enable custom Megolm room key rotation settings. Note that these | ||
# settings will only apply to rooms created after this option is set. | ||
enable_custom: true | ||
# The maximum number of milliseconds a session should be used | ||
# before changing it. The Matrix spec recommends 604800000 (a week) | ||
# as the default. | ||
milliseconds: 2592000000 | ||
# The maximum number of messages that should be sent with a given a | ||
# session before changing it. The Matrix spec recommends 100 as the | ||
# default. | ||
messages: 10000 | ||
# Disable rotating keys when a user's devices change? | ||
# You should not enable this option unless you understand all the implications. | ||
disable_device_change_key_rotation: true | ||
|
||
# Logging config. See https://github.com/tulir/zeroconfig for details. | ||
logging: | ||
min_level: debug | ||
writers: | ||
- type: stdout | ||
format: pretty-colored | ||
- type: file | ||
format: json | ||
filename: ./logs/bridge.log | ||
max_size: 100 | ||
max_backups: 10 | ||
compress: false |
Oops, something went wrong.