push to f6cb26f7

.gitea/workflows/container.yaml

@@ -0,0 +1,12 @@
+name: Build Multiarch Container Image
+on: [push]
+jobs:
+  call-reusable-workflow:
+    uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main
+    with:
+      repository: ${{ gitea.repository }}
+      ref_name: ${{ gitea.ref_name }}
+      sha: ${{ gitea.sha }}
+      registry_url: ${{ secrets.REGISTRY_URL }}
+      registry_user: ${{ secrets.REGISTRY_USER }}
+      registry_pw: ${{ secrets.REGISTRY_PW }}

.woodpecker.yml

@@ -1,11 +0,0 @@
-pipeline:
-  publish-docker-image:
-    image: plugins/kaniko
-    settings:
-      repo: docker.io/thallian/matrix-appservice-telegram
-      tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre}
-      dockerfile: Dockerfile
-      username:
-        from_secret: DOCKER_USER
-      password:
-        from_secret: DOCKER_PW

Containerfile

@@ -1,10 +1,8 @@
-FROM docker.io/alpine:3.17 as builder
-
-ENV VERSION=24b33845707689b735292464f5d6235737a7df21
+FROM docker.io/alpine:3.20 as builder
 
 RUN apk --no-cache add \
 	sed \
-  gcc \
+	gcc \
 	g++ \
 	git \
 	musl-dev \
@@ -12,8 +10,51 @@ RUN apk --no-cache add \
 	python3-dev \
 	rust \
 	cargo \
-  py3-pip \
+	py3-pip \
 	py3-wheel \
+	py3-olm \
+	py3-qrcode \
+	py3-pillow \
+	py3-unpaddedbase64 \
+	py3-pycryptodome \
+	py3-pyaes \
+	py3-rsa \
+	py3-cparser \
+	py3-cffi \
+	py3-decorator \
+	py3-tqdm \
+	py3-numpy \
+	py3-future \
+	py3-asn1 \
+	py3-magic \
+	py3-commonmark \
+	py3-yarl \
+	py3-mako
+
+ENV VERSION=f6cb26f7f53089488e085b45add5303fa283dc3e
+
+RUN git clone https://github.com/mautrix/telegram.git
+WORKDIR /telegram
+RUN git checkout "$VERSION"
+RUN pip3 install --prefix=/install --upgrade -r requirements.txt
+RUN pip3 install --prefix=/install --upgrade -r optional-requirements.txt
+RUN cp -r mautrix_telegram /install/lib/python3.12/site-packages/
+
+
+FROM docker.io/thallian/confd-env:3.20-3.1.6.2
+
+ENV FFMPEG_BINARY=/usr/bin/ffmpeg
+
+COPY --from=builder /install /py-pkgs
+
+RUN addgroup -g 2222 matrix-bridge
+RUN adduser -h /var/lib/matrix-bridge -u 2222 -D -G matrix-bridge matrix-bridge
+
+RUN apk --no-cache add \
+	ca-certificates \
+	ffmpeg \
+	libffi \
+	python3 \
 	py3-brotli \
 	py3-olm \
 	py3-qrcode \
@@ -38,53 +79,7 @@ RUN apk --no-cache add \
 	py3-mako \
 	py3-setuptools
 
-RUN git clone https://github.com/mautrix/telegram.git
-WORKDIR /telegram
-RUN git checkout "$VERSION"
-RUN pip3 install --prefix=/install --upgrade -r requirements.txt
-RUN pip3 install --prefix=/install --upgrade -r optional-requirements.txt
-RUN cp -r mautrix_telegram /install/lib/python3.10/site-packages/
-
-
-FROM docker.io/thallian/confd-env:3.17
-
-ENV FFMPEG_BINARY=/usr/bin/ffmpeg
-
-COPY --from=builder /install /py-pkgs
-
-RUN addgroup -g 2222 matrix-bridge
-RUN adduser -h /var/lib/matrix-bridge -u 2222 -D -G matrix-bridge matrix-bridge
-
-RUN apk --no-cache add \
-  ca-certificates \
-  ffmpeg \
-  libffi \
-	python3 \
-  py3-brotli \
-	py3-olm \
-	py3-qrcode \
-	py3-pillow \
-	py3-phonenumbers \
-	py3-unpaddedbase64 \
-	py3-pycryptodome \
-	py3-pyaes \
-	py3-rsa \
-	py3-cparser \
-	py3-cffi \
-	py3-decorator \
-	py3-tqdm \
-	py3-numpy \
-	py3-future \
-	py3-asn1 \
-	py3-ruamel.yaml \
-	py3-magic \
-	py3-commonmark \
-	py3-aiohttp \
-	py3-yarl \
-	py3-mako \
-	py3-setuptools
-
-ENV PYTHONPATH=/usr/lib/python3.10/site-packages:/py-pkgs/lib/python3.10/site-packages/
+ENV PYTHONPATH=/usr/lib/python3.12/site-packages:/py-pkgs/lib/python3.12/site-packages/
 
 WORKDIR /var/lib/matrix-bridge
 
@@ -96,4 +91,3 @@ RUN chown -R matrix-bridge:matrix-bridge /var/lib/matrix-bridge
 ENV HOME /var/lib/matrix-bridge
 
 EXPOSE 8080
-

rootfs/etc/confd/templates/config.yaml.tmpl

@@ -1,4 +1,3 @@
-# Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
     address: {{ getenv "SERVER_URL" }}
@@ -32,7 +31,7 @@ appservice:
     tls_key: false
 
     # The hostname and port where this appservice should listen.
-    hostname: [::]
+    hostname: 0.0.0.0
     port: 29317
     # The maximum body size of appservice API requests (from the homeserver) in mebibytes
     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
@@ -40,7 +39,7 @@ appservice:
 
     # The full URI to the database. SQLite and Postgres are supported.
     # Format examples:
-    #   SQLite:   sqlite:///filename.db
+    #   SQLite:   sqlite:filename.db
     #   Postgres: postgres://username:password@hostname/dbname
     database: {{ getenv "DATABASE_DATASOURCE"}}
     # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
@@ -62,7 +61,7 @@ appservice:
         prefix: /public
         # The base URL where the public-facing endpoints are available. The prefix is not added
         # implicitly.
-        external: {{ getenv "SERVER_URL_PUBLIC" }}
+        external: https://example.com/public
 
     # Provisioning API part of the web server for automated portal creation and fetching information.
     # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
@@ -78,7 +77,7 @@ appservice:
     # The unique ID of this appservice.
     id: telegram
     # Username of the appservice bot.
-    bot_username: telegrambot
+    bot_username: telegram_bot
     # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
     # to leave display name/avatar as-is.
     bot_displayname: Telegram bridge bot
@@ -145,6 +144,9 @@ bridge:
     # as there's no way to determine whether an avatar is removed or just hidden from some users. If
     # you're on a single-user instance, this should be safe to enable.
     allow_avatar_remove: false
+    # Should contact names and profile pictures be allowed?
+    # This is only safe to enable on single-user instances.
+    allow_contact_info: false
 
     # Maximum number of members to sync per portal when starting up. Other members will be
     # synced when they send messages. The maximum is 10000, after which the Telegram server
@@ -219,6 +221,11 @@ bridge:
     image_as_file_size: 10
     # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
     image_as_file_pixels: 16777216
+    # Maximum size of Telegram documents before linking to Telegrm instead of bridge
+    # to Matrix media.
+    document_as_link_size:
+        channel:
+        bot:
     # Enable experimental parallel file transfer, which makes uploads/downloads much faster by
     # streaming from/to Matrix and using many connections for Telegram.
     # Note that generating HQ thumbnails for videos is not possible with streamed transfers.
@@ -265,12 +272,33 @@ bridge:
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         default: true
         # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
-        appservice: true
+        appservice: false
         # Require encryption, drop any unencrypted messages.
         require: false
         # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
         # You must use a client that supports requesting keys from other users to use this feature.
         allow_key_sharing: true
+        # Options for deleting megolm sessions from the bridge.
+        delete_keys:
+            # Beeper-specific: delete outbound sessions when hungryserv confirms
+            # that the user has uploaded the key to key backup.
+            delete_outbound_on_ack: false
+            # Don't store outbound sessions in the inbound table.
+            dont_store_outbound: false
+            # Ratchet megolm sessions forward after decrypting messages.
+            ratchet_on_decrypt: false
+            # Delete fully used keys (index >= max_messages) after decrypting messages.
+            delete_fully_used_on_decrypt: false
+            # Delete previous megolm sessions from same device when receiving a new one.
+            delete_prev_on_new_session: false
+            # Delete megolm sessions received from a device when the device is deleted.
+            delete_on_device_delete: false
+            # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+            periodically_delete_expired: false
+            # Delete inbound megolm sessions that don't have the received_at field used for
+            # automatic ratcheting and expired session deletion. This is meant as a migration
+            # to delete old keys prior to the bridge update.
+            delete_outdated_inbound: false
         # What level of device verification should be required from users?
         #
         # Valid levels:
@@ -306,14 +334,27 @@ bridge:
             # default.
             messages: 100
 
-    # Whether or not to explicitly set the avatar and room name for private
-    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
-    private_chat_portal_meta: false
+            # Disable rotating keys when a user's devices change?
+            # You should not enable this option unless you understand all the implications.
+            disable_device_change_key_rotation: false
+
+    # Whether to explicitly set the avatar and room name for private chat portal rooms.
+    # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+    # If set to `always`, all DM rooms will have explicit names and avatars set.
+    # If set to `never`, DM rooms will never have names and avatars set.
+    private_chat_portal_meta: default
+    # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
+    # but they're being phased out and will be completely removed in the future.
+    disable_reply_fallbacks: false
+    # Should cross-chat replies from Telegram be bridged? Most servers and clients don't support this.
+    cross_room_replies: false
     # Whether or not the bridge should send a read receipt from the bridge bot when a message has
     # been sent to Telegram.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
     delivery_error_reports: false
+    # Should errors in incoming message handling send a message to the Matrix room?
+    incoming_bridge_error_reports: false
     # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
     message_status_events: false
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
@@ -342,20 +383,6 @@ bridge:
     backfill:
         # Allow backfilling at all?
         enable: true
-        # Use MSC2716 for backfilling?
-        #
-        # This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
-        # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
-        msc2716: false
-        # Use double puppets for backfilling?
-        #
-        # If using MSC2716, the double puppets must be in the appservice's user ID namespace
-        # (because the bridge can't use the double puppet access token with batch sending).
-        #
-        # Even without MSC2716, bridging old messages with correct timestamps requires the double
-        # puppets to be in an appservice namespace, or the server to be modified to allow
-        # overriding timestamps anyway.
-        double_puppet_backfill: false
         # Whether or not to enable backfilling in normal groups.
         # Normal groups have numerous technical problems in Telegram, and backfilling normal groups
         # will likely cause problems if there are multiple Matrix users in the group.
@@ -365,17 +392,26 @@ bridge:
         # Set to -1 to let any chat be unread.
         unread_hours_threshold: 720
 
-        # Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
+        # Forward backfilling limits.
         #
         # Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
-        # MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
-        forward:
+        forward_limits:
             # Number of messages to backfill immediately after creating a portal.
-            initial_limit: 10
+            initial:
+                user: 50
+                normal_group: 100
+                supergroup: 10
+                channel: 10
             # Number of messages to backfill when syncing chats.
-            sync_limit: 100
+            sync:
+                user: 100
+                normal_group: 100
+                supergroup: 100
+                channel: 100
+        # Timeout for forward backfills in seconds. If you have a high limit, you'll have to increase this too.
+        forward_timeout: 900
 
-        # Settings for incremental backfill of history. These only apply when using MSC2716.
+        # Settings for incremental backfill of history. These only apply to Beeper, as upstream abandoned MSC2716.
         incremental:
             # Maximum number of messages to backfill per batch.
             messages_per_batch: 100
@@ -453,7 +489,6 @@ bridge:
     # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
     # `filter-mode` management commands.
     #
-    # Filters do not affect direct chats.
     # An empty blacklist will essentially disable the filter.
     filter:
         # Filter mode to use. Either "blacklist" or "whitelist".
@@ -462,6 +497,11 @@ bridge:
         mode: blacklist
         # The list of group/channel IDs to filter.
         list: []
+        # How to handle direct chats:
+        # If users is "null", direct chats will follow the previous settings.
+        # If users is "true", direct chats will always be bridged.
+        # If users is "false", direct chats will never be bridged.
+        users: true
 
     # The prefix for commands. Only required in non-management rooms.
     command_prefix: "!tg"
@@ -561,6 +601,8 @@ telegram:
         # is not recommended, since some requests can always trigger a call fail (such as searching
         # for messages).
         request_retries: 5
+        # Use IPv6 for Telethon connection
+        use_ipv6: false
 
     # Device info sent to Telegram.
     device_info: