diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml deleted file mode 100644 index e48b3fd..0000000 --- a/.gitea/workflows/container.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: Build Multiarch Container Image -on: [push] -jobs: - call-reusable-workflow: - uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main - with: - repository: ${{ gitea.repository }} - ref_name: ${{ gitea.ref_name }} - sha: ${{ gitea.sha }} - registry_url: ${{ secrets.REGISTRY_URL }} - registry_user: ${{ secrets.REGISTRY_USER }} - registry_pw: ${{ secrets.REGISTRY_PW }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..c32004e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,20 @@ +variables: + CONTAINER_NAME: thallian/matrix-appservice-telegram + +build: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --cache=false + --context "$CI_PROJECT_DIR" + --dockerfile "$CI_PROJECT_DIR/Dockerfile" + --destination "$CONTAINER_NAME:$CI_COMMIT_SHA" + --destination "$CONTAINER_NAME:$CI_COMMIT_REF_NAME" + --destination "$CONTAINER_NAME:latest" + diff --git a/Containerfile b/Dockerfile similarity index 66% rename from Containerfile rename to Dockerfile index 1b6abae..b76bc44 100644 --- a/Containerfile +++ b/Dockerfile @@ -1,8 +1,10 @@ -FROM docker.io/alpine:3.20 as builder +FROM docker.io/alpine:3.16 as builder + +ENV VERSION=e3a067c27aa3d9dd5e82db307218cc66c8356ddd RUN apk --no-cache add \ sed \ - gcc \ + gcc \ g++ \ git \ musl-dev \ @@ -10,51 +12,8 @@ RUN apk --no-cache add \ python3-dev \ rust \ cargo \ - py3-pip \ + py3-pip \ py3-wheel \ - py3-olm \ - py3-qrcode \ - py3-pillow \ - py3-unpaddedbase64 \ - py3-pycryptodome \ - py3-pyaes \ - py3-rsa \ - py3-cparser \ - py3-cffi \ - py3-decorator \ - py3-tqdm \ - py3-numpy \ - py3-future \ - py3-asn1 \ - py3-magic \ - py3-commonmark \ - py3-yarl \ - py3-mako - -ENV VERSION=f6cb26f7f53089488e085b45add5303fa283dc3e - -RUN git clone https://github.com/mautrix/telegram.git -WORKDIR /telegram -RUN git checkout "$VERSION" -RUN pip3 install --prefix=/install --upgrade -r requirements.txt -RUN pip3 install --prefix=/install --upgrade -r optional-requirements.txt -RUN cp -r mautrix_telegram /install/lib/python3.12/site-packages/ - - -FROM docker.io/thallian/confd-env:3.20-3.1.6.2 - -ENV FFMPEG_BINARY=/usr/bin/ffmpeg - -COPY --from=builder /install /py-pkgs - -RUN addgroup -g 2222 matrix-bridge -RUN adduser -h /var/lib/matrix-bridge -u 2222 -D -G matrix-bridge matrix-bridge - -RUN apk --no-cache add \ - ca-certificates \ - ffmpeg \ - libffi \ - python3 \ py3-brotli \ py3-olm \ py3-qrcode \ @@ -79,7 +38,59 @@ RUN apk --no-cache add \ py3-mako \ py3-setuptools -ENV PYTHONPATH=/usr/lib/python3.12/site-packages:/py-pkgs/lib/python3.12/site-packages/ +#RUN git clone -b v0.25.0 --recursive https://github.com/MagicStack/asyncpg.git +#WORKDIR /asyncpg +#RUN sed -ie '1,3d' pyproject.toml +#RUN python3 setup.py install --prefix=/install +#RUN pip3 install --prefix=/install mautrix-telegram[all]==$VERSION + +RUN git clone https://github.com/mautrix/telegram.git +WORKDIR /telegram +RUN git checkout "$VERSION" +RUN pip3 install --prefix=/install --upgrade -r requirements.txt +RUN pip3 install --prefix=/install --upgrade -r optional-requirements.txt +RUN cp -r mautrix_telegram /install/lib/python3.10/site-packages/ + + +FROM docker.io/thallian/confd-env:3.16 + +ENV FFMPEG_BINARY=/usr/bin/ffmpeg + +COPY --from=builder /install /py-pkgs + +RUN addgroup -g 2222 matrix-bridge +RUN adduser -h /var/lib/matrix-bridge -u 2222 -D -G matrix-bridge matrix-bridge + +RUN apk --no-cache add \ + ca-certificates \ + ffmpeg \ + libffi \ + python3 \ + py3-brotli \ + py3-olm \ + py3-qrcode \ + py3-pillow \ + py3-phonenumbers \ + py3-unpaddedbase64 \ + py3-pycryptodome \ + py3-pyaes \ + py3-rsa \ + py3-cparser \ + py3-cffi \ + py3-decorator \ + py3-tqdm \ + py3-numpy \ + py3-future \ + py3-asn1 \ + py3-ruamel.yaml \ + py3-magic \ + py3-commonmark \ + py3-aiohttp \ + py3-yarl \ + py3-mako \ + py3-setuptools + +ENV PYTHONPATH=/usr/lib/python3.10/site-packages:/py-pkgs/lib/python3.10/site-packages/ WORKDIR /var/lib/matrix-bridge @@ -91,3 +102,4 @@ RUN chown -R matrix-bridge:matrix-bridge /var/lib/matrix-bridge ENV HOME /var/lib/matrix-bridge EXPOSE 8080 + diff --git a/README.md b/README.md index 0c7fefd..53d65cb 100644 --- a/README.md +++ b/README.md @@ -31,10 +31,5 @@ Telegram API hash (https://my.telegram.org/apps). ## ADMIN_USER Matrix id of the admin user. -## BOT_TOKEN -- default: disabled - -Token for the relay bot. - # Ports - 8080 diff --git a/rootfs/etc/confd/templates/config.yaml.tmpl b/rootfs/etc/confd/templates/config.yaml.tmpl index 9a5fec2..7a1bf1e 100644 --- a/rootfs/etc/confd/templates/config.yaml.tmpl +++ b/rootfs/etc/confd/templates/config.yaml.tmpl @@ -1,3 +1,4 @@ +# Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. address: {{ getenv "SERVER_URL" }} @@ -6,9 +7,7 @@ homeserver: # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true - # What software is the homeserver running? - # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. - software: standard + asmux: false # Number of retries for all HTTP requests if the homeserver isn't reachable. http_retry_count: 4 # The URL to push real-time bridge status to. @@ -17,9 +16,6 @@ homeserver: status_endpoint: null # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null - # Whether asynchronous uploads via MSC2246 should be enabled for media. - # Requires a media repo that supports MSC2246. - async_media: false # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -39,14 +35,13 @@ appservice: # The full URI to the database. SQLite and Postgres are supported. # Format examples: - # SQLite: sqlite:filename.db + # SQLite: sqlite:///filename.db # Postgres: postgres://username:password@hostname/dbname database: {{ getenv "DATABASE_DATASOURCE"}} # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. - # Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs). database_opts: min_size: 1 max_size: 10 @@ -61,7 +56,7 @@ appservice: prefix: /public # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://example.com/public + external: {{ getenv "SERVER_URL_PUBLIC" }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). @@ -69,7 +64,7 @@ appservice: # Whether or not the provisioning API should be enabled. enabled: true # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision + prefix: /_matrix/provision/v1 # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. shared_secret: generate @@ -77,7 +72,7 @@ appservice: # The unique ID of this appservice. id: telegram # Username of the appservice bot. - bot_username: telegram_bot + bot_username: telegrambot # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. bot_displayname: Telegram bridge bot @@ -86,7 +81,7 @@ appservice: # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. - ephemeral_events: true + ephemeral_events: false # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "{{ getenv "AS_TOKEN" }}" @@ -144,37 +139,27 @@ bridge: # as there's no way to determine whether an avatar is removed or just hidden from some users. If # you're on a single-user instance, this should be safe to enable. allow_avatar_remove: false - # Should contact names and profile pictures be allowed? - # This is only safe to enable on single-user instances. - allow_contact_info: false # Maximum number of members to sync per portal when starting up. Other members will be # synced when they send messages. The maximum is 10000, after which the Telegram server # will not send any more members. # -1 means no limit (which means it's limited to 10000 by the server) max_initial_member_sync: 100 - # Maximum number of participants in chats to bridge. Only applies when the portal is being created. - # If there are more members when trying to create a room, the room creation will be cancelled. - # -1 means no limit (which means all chats can be bridged) - max_member_count: -1 # Whether or not to sync the member list in channels. # If no channel admins have logged into the bridge, the bridge won't be able to sync the member # list regardless of this setting. - sync_channel_members: false + sync_channel_members: true # Whether or not to skip deleted members when syncing members. skip_deleted_members: true # Whether or not to automatically synchronize contacts and chats of Matrix users logged into # their Telegram account at startup. - startup_sync: false + startup_sync: true # Number of most recently active dialogs to check when syncing chats. # Set to 0 to remove limit. sync_update_limit: 0 # Number of most recently active dialogs to create portals for when syncing chats. # Set to 0 to remove limit. - sync_create_limit: 15 - # Should all chats be scheduled to be created later? - # This is best used in combination with MSC2716 infinite backfill. - sync_deferred_create_all: false + sync_create_limit: 30 # Whether or not to sync and create portals for direct chats at startup. sync_direct_chats: false # The maximum number of simultaneous Telegram deletions to handle. @@ -186,11 +171,15 @@ bridge: # Allow logging in within Matrix. If false, users can only log in using login-qr or the # out-of-Matrix login website (see appservice.public config section) allow_matrix_login: true + # Whether or not to bridge plaintext highlights. + # Only enable this if your displayname_template has some static part that the bridge can use to + # reliably identify what is a plaintext highlight. + plaintext_highlights: false # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. - public_portals: false + public_portals: true # Whether or not to use /sync to get presence, read receipts and typing notifications # when double puppeting is enabled - sync_with_custom_puppets: false + sync_with_custom_puppets: true # Whether or not to update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. @@ -214,18 +203,13 @@ bridge: # Whether or not the !tg join command should do a HTTP request # to resolve redirects in invite links. invite_link_resolve: false - # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. - # This is currently not supported in most clients. - caption_in_message: false + # Use inline images instead of a separate message for the caption. + # N.B. Inline images are not supported on all clients (e.g. Element iOS/Android). + inline_images: false # Maximum size of image in megabytes before sending to Telegram as a document. image_as_file_size: 10 - # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216. - image_as_file_pixels: 16777216 - # Maximum size of Telegram documents before linking to Telegrm instead of bridge - # to Matrix media. - document_as_link_size: - channel: - bot: + # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 1280x1280 = 1638400. + image_as_file_pixels: 1638400 # Enable experimental parallel file transfer, which makes uploads/downloads much faster by # streaming from/to Matrix and using many connections for Telegram. # Note that generating HQ thumbnails for videos is not possible with streamed transfers. @@ -234,9 +218,6 @@ bridge: # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true - # Should the bridge send all unicode reactions as custom emoji reactions to Telegram? - # By default, the bridge only uses custom emojis for unicode emojis that aren't allowed in reactions. - always_custom_emoji_reaction: false # Settings for converting animated stickers. animated_sticker: # Format to which animated stickers should be converted. @@ -244,24 +225,12 @@ bridge: # png - converts to non-animated png (fastest), # gif - converts to animated gif # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support - # webp - converts to animated webp, requires ffmpeg executable with webp codec/container support target: gif - # Should video stickers be converted to the specified format as well? - convert_from_webm: false # Arguments for converter. All converters take width and height. args: width: 256 height: 256 - fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended) - # Settings for converting animated emoji. - # Same as animated_sticker, but webm is not supported as the target - # (because inline images can only contain images, not videos). - animated_emoji: - target: webp - args: - width: 64 - height: 64 - fps: 25 + fps: 25 # only for webm and gif (2, 5, 10, 20 or 25 recommended) # End-to-bridge encryption support options. # # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. @@ -271,92 +240,28 @@ bridge: # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: true - # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. - appservice: false - # Require encryption, drop any unencrypted messages. - require: false - # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow_key_sharing: true - # Options for deleting megolm sessions from the bridge. - delete_keys: - # Beeper-specific: delete outbound sessions when hungryserv confirms - # that the user has uploaded the key to key backup. - delete_outbound_on_ack: false - # Don't store outbound sessions in the inbound table. - dont_store_outbound: false - # Ratchet megolm sessions forward after decrypting messages. - ratchet_on_decrypt: false - # Delete fully used keys (index >= max_messages) after decrypting messages. - delete_fully_used_on_decrypt: false - # Delete previous megolm sessions from same device when receiving a new one. - delete_prev_on_new_session: false - # Delete megolm sessions received from a device when the device is deleted. - delete_on_device_delete: false - # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. - periodically_delete_expired: false - # Delete inbound megolm sessions that don't have the received_at field used for - # automatic ratcheting and expired session deletion. This is meant as a migration - # to delete old keys prior to the bridge update. - delete_outdated_inbound: false - # What level of device verification should be required from users? - # - # Valid levels: - # unverified - Send keys to all device in the room. - # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. - # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). - # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. - # Note that creating user signatures from the bridge bot is not currently possible. - # verified - Require manual per-device verification - # (currently only possible by modifying the `trust` column in the `crypto_device` database table). - verification_levels: - # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix. - receive: unverified - # Minimum level that the bridge should accept for incoming Matrix messages. - send: unverified - # Minimum level that the bridge should require for accepting key requests. - share: cross-signed-tofu - # Options for Megolm room key rotation. These options allow you to - # configure the m.room.encryption event content. See: - # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for - # more information about that event. - rotation: - # Enable custom Megolm room key rotation settings. Note that these - # settings will only apply to rooms created after this option is - # set. - enable_custom: false - # The maximum number of milliseconds a session should be used - # before changing it. The Matrix spec recommends 604800000 (a week) - # as the default. - milliseconds: 604800000 - # The maximum number of messages that should be sent with a given a - # session before changing it. The Matrix spec recommends 100 as the - # default. - messages: 100 - - # Disable rotating keys when a user's devices change? - # You should not enable this option unless you understand all the implications. - disable_device_change_key_rotation: false - - # Whether to explicitly set the avatar and room name for private chat portal rooms. - # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. - # If set to `always`, all DM rooms will have explicit names and avatars set. - # If set to `never`, DM rooms will never have names and avatars set. - private_chat_portal_meta: default - # Disable generating reply fallbacks? Some extremely bad clients still rely on them, - # but they're being phased out and will be completely removed in the future. - disable_reply_fallbacks: false - # Should cross-chat replies from Telegram be bridged? Most servers and clients don't support this. - cross_room_replies: false + # Database for the encryption data. If set to `default`, will use the appservice database. + database: default + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: true + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This will be implicitly enabled if encryption.default is true. + private_chat_portal_meta: false # Whether or not the bridge should send a read receipt from the bridge bot when a message has # been sent to Telegram. delivery_receipts: false # Whether or not delivery errors should be reported as messages in the Matrix room. delivery_error_reports: false - # Should errors in incoming message handling send a message to the Matrix room? - incoming_bridge_error_reports: false - # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: false # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. @@ -374,62 +279,36 @@ bridge: bridge_matrix_leave: true # Should the user be kicked out of all portals when logging out of the bridge? kick_on_logout: true - # Should the "* user joined Telegram" notice always be marked as read automatically? - always_read_joined_telegram_notice: true - # Should the bridge auto-create a group chat on Telegram when a ghost is invited to a room? - # Requires the user to have sufficient power level and double puppeting enabled. - create_group_on_invite: true # Settings for backfilling messages from Telegram. backfill: - # Allow backfilling at all? - enable: true + # Whether or not the Telegram ghosts of logged in Matrix users should be + # invited to private chats when backfilling history from Telegram. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill without using a takeout. + # The first time a takeout is used, the user has to manually approve it from a different + # device. If initial_limit or missed_limit are higher than this value, the bridge will ask + # the user to accept the takeout after logging in before syncing any chats. + takeout_limit: 100 + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal, or -1 to disable the limit. + # + # N.B. Initial backfill will only start after member sync. Make sure your + # max_initial_member_sync is set to a low enough value so it doesn't take forever. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while the bridge was + # disconnected. Note that this only works for logged in users and only if the chat isn't + # older than sync_update_limit + # Set to 0 to disable backfilling missed messages. + missed_limit: 50 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false # Whether or not to enable backfilling in normal groups. # Normal groups have numerous technical problems in Telegram, and backfilling normal groups # will likely cause problems if there are multiple Matrix users in the group. normal_groups: false - # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Telegram. - # Set to -1 to let any chat be unread. - unread_hours_threshold: 720 - - # Forward backfilling limits. - # - # Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch. - forward_limits: - # Number of messages to backfill immediately after creating a portal. - initial: - user: 50 - normal_group: 100 - supergroup: 10 - channel: 10 - # Number of messages to backfill when syncing chats. - sync: - user: 100 - normal_group: 100 - supergroup: 100 - channel: 100 - # Timeout for forward backfills in seconds. If you have a high limit, you'll have to increase this too. - forward_timeout: 900 - - # Settings for incremental backfill of history. These only apply to Beeper, as upstream abandoned MSC2716. - incremental: - # Maximum number of messages to backfill per batch. - messages_per_batch: 100 - # The number of seconds to wait after backfilling the batch of messages. - post_batch_delay: 20 - # The maximum number of batches to backfill per portal, split by the chat type. - # If set to -1, all messages in the chat will eventually be backfilled. - max_batches: - # Direct chats - user: -1 - # Normal groups. Note that the normal_groups option above must be enabled - # for these to be backfilled. - normal_group: -1 - # Supergroups - supergroup: 10 - # Broadcast channels - channel: -1 - # Overrides for base power levels. initial_power_level_overrides: user: {} @@ -489,6 +368,7 @@ bridge: # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and # `filter-mode` management commands. # + # Filters do not affect direct chats. # An empty blacklist will essentially disable the filter. filter: # Filter mode to use. Either "blacklist" or "whitelist". @@ -497,11 +377,6 @@ bridge: mode: blacklist # The list of group/channel IDs to filter. list: [] - # How to handle direct chats: - # If users is "null", direct chats will follow the previous settings. - # If users is "true", direct chats will always be bridged. - # If users is "false", direct chats will never be bridged. - users: true # The prefix for commands. Only required in non-management rooms. command_prefix: "!tg" @@ -572,13 +447,7 @@ telegram: api_id: {{ getenv "API_ID" }} api_hash: {{ getenv "API_HASH" }} # (Optional) Create your own bot at https://t.me/BotFather - bot_token: {{ getenv "BOT_TOKEN" "disabled" }} - - # Should the bridge request missed updates from Telegram when restarting? - catch_up: true - # Should incoming updates be handled sequentially to make sure order is preserved on Matrix? - sequential_updates: true - exit_on_update_error: false + bot_token: disabled # Telethon connection options. connection: @@ -601,13 +470,11 @@ telegram: # is not recommended, since some requests can always trigger a call fail (such as searching # for messages). request_retries: 5 - # Use IPv6 for Telethon connection - use_ipv6: false # Device info sent to Telegram. device_info: # "auto" = OS name+version. - device_model: mautrix-telegram + device_model: auto # "auto" = Telethon version. system_version: auto # "auto" = mautrix-telegram version.