.gitea/workflows/container.yaml

@@ -1,12 +0,0 @@
-name: Build Multiarch Container Image
-on: [push]
-jobs:
-  call-reusable-workflow:
-    uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main
-    with:
-      repository: ${{ gitea.repository }}
-      ref_name: ${{ gitea.ref_name }}
-      sha: ${{ gitea.sha }}
-      registry_url: ${{ secrets.REGISTRY_URL }}
-      registry_user: ${{ secrets.REGISTRY_USER }}
-      registry_pw: ${{ secrets.REGISTRY_PW }}

.woodpecker.yml

@@ -0,0 +1,11 @@
+pipeline:
+  publish-docker-image:
+    image: plugins/kaniko
+    settings:
+      repo: docker.io/thallian/matrix-appservice-telegram
+      tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre}
+      dockerfile: Dockerfile
+      username:
+        from_secret: DOCKER_USER
+      password:
+        from_secret: DOCKER_PW

Dockerfile

@@ -1,4 +1,6 @@
-FROM docker.io/alpine:3.20 as builder
+FROM docker.io/alpine:3.17 as builder
+
+ENV VERSION=24b33845707689b735292464f5d6235737a7df21
 
 RUN apk --no-cache add \
 	sed \
@@ -12,9 +14,11 @@ RUN apk --no-cache add \
 	cargo \
   py3-pip \
 	py3-wheel \
+	py3-brotli \
 	py3-olm \
 	py3-qrcode \
 	py3-pillow \
+	py3-phonenumbers \
 	py3-unpaddedbase64 \
 	py3-pycryptodome \
 	py3-pyaes \
@@ -26,22 +30,23 @@ RUN apk --no-cache add \
 	py3-numpy \
 	py3-future \
 	py3-asn1 \
+	py3-ruamel.yaml \
 	py3-magic \
 	py3-commonmark \
+	py3-aiohttp \
 	py3-yarl \
-	py3-mako
+	py3-mako \
-
+	py3-setuptools
-ENV VERSION=f6cb26f7f53089488e085b45add5303fa283dc3e
 
 RUN git clone https://github.com/mautrix/telegram.git
 WORKDIR /telegram
 RUN git checkout "$VERSION"
 RUN pip3 install --prefix=/install --upgrade -r requirements.txt
 RUN pip3 install --prefix=/install --upgrade -r optional-requirements.txt
-RUN cp -r mautrix_telegram /install/lib/python3.12/site-packages/
+RUN cp -r mautrix_telegram /install/lib/python3.10/site-packages/
 
 
-FROM docker.io/thallian/confd-env:3.20-3.1.6.2
+FROM docker.io/thallian/confd-env:3.17
 
 ENV FFMPEG_BINARY=/usr/bin/ffmpeg
 
@@ -79,7 +84,7 @@ RUN apk --no-cache add \
 	py3-mako \
 	py3-setuptools
 
-ENV PYTHONPATH=/usr/lib/python3.12/site-packages:/py-pkgs/lib/python3.12/site-packages/
+ENV PYTHONPATH=/usr/lib/python3.10/site-packages:/py-pkgs/lib/python3.10/site-packages/
 
 WORKDIR /var/lib/matrix-bridge
 
@@ -91,3 +96,4 @@ RUN chown -R matrix-bridge:matrix-bridge /var/lib/matrix-bridge
 ENV HOME /var/lib/matrix-bridge
 
 EXPOSE 8080
+

rootfs/etc/confd/templates/config.yaml.tmpl

@@ -1,3 +1,4 @@
+# Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
     address: {{ getenv "SERVER_URL" }}
@@ -31,7 +32,7 @@ appservice:
     tls_key: false
 
     # The hostname and port where this appservice should listen.
-    hostname: 0.0.0.0
+    hostname: [::]
     port: 29317
     # The maximum body size of appservice API requests (from the homeserver) in mebibytes
     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
@@ -39,7 +40,7 @@ appservice:
 
     # The full URI to the database. SQLite and Postgres are supported.
     # Format examples:
-    #   SQLite:   sqlite:filename.db
+    #   SQLite:   sqlite:///filename.db
     #   Postgres: postgres://username:password@hostname/dbname
     database: {{ getenv "DATABASE_DATASOURCE"}}
     # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
@@ -61,7 +62,7 @@ appservice:
         prefix: /public
         # The base URL where the public-facing endpoints are available. The prefix is not added
         # implicitly.
-        external: https://example.com/public
+        external: {{ getenv "SERVER_URL_PUBLIC" }}
 
     # Provisioning API part of the web server for automated portal creation and fetching information.
     # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
@@ -77,7 +78,7 @@ appservice:
     # The unique ID of this appservice.
     id: telegram
     # Username of the appservice bot.
-    bot_username: telegram_bot
+    bot_username: telegrambot
     # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
     # to leave display name/avatar as-is.
     bot_displayname: Telegram bridge bot
@@ -144,9 +145,6 @@ bridge:
     # as there's no way to determine whether an avatar is removed or just hidden from some users. If
     # you're on a single-user instance, this should be safe to enable.
     allow_avatar_remove: false
-    # Should contact names and profile pictures be allowed?
-    # This is only safe to enable on single-user instances.
-    allow_contact_info: false
 
     # Maximum number of members to sync per portal when starting up. Other members will be
     # synced when they send messages. The maximum is 10000, after which the Telegram server
@@ -221,11 +219,6 @@ bridge:
     image_as_file_size: 10
     # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
     image_as_file_pixels: 16777216
-    # Maximum size of Telegram documents before linking to Telegrm instead of bridge
-    # to Matrix media.
-    document_as_link_size:
-        channel:
-        bot:
     # Enable experimental parallel file transfer, which makes uploads/downloads much faster by
     # streaming from/to Matrix and using many connections for Telegram.
     # Note that generating HQ thumbnails for videos is not possible with streamed transfers.
@@ -272,33 +265,12 @@ bridge:
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         default: true
         # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
-        appservice: false
+        appservice: true
         # Require encryption, drop any unencrypted messages.
         require: false
         # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
         # You must use a client that supports requesting keys from other users to use this feature.
         allow_key_sharing: true
-        # Options for deleting megolm sessions from the bridge.
-        delete_keys:
-            # Beeper-specific: delete outbound sessions when hungryserv confirms
-            # that the user has uploaded the key to key backup.
-            delete_outbound_on_ack: false
-            # Don't store outbound sessions in the inbound table.
-            dont_store_outbound: false
-            # Ratchet megolm sessions forward after decrypting messages.
-            ratchet_on_decrypt: false
-            # Delete fully used keys (index >= max_messages) after decrypting messages.
-            delete_fully_used_on_decrypt: false
-            # Delete previous megolm sessions from same device when receiving a new one.
-            delete_prev_on_new_session: false
-            # Delete megolm sessions received from a device when the device is deleted.
-            delete_on_device_delete: false
-            # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
-            periodically_delete_expired: false
-            # Delete inbound megolm sessions that don't have the received_at field used for
-            # automatic ratcheting and expired session deletion. This is meant as a migration
-            # to delete old keys prior to the bridge update.
-            delete_outdated_inbound: false
         # What level of device verification should be required from users?
         #
         # Valid levels:
@@ -334,27 +306,14 @@ bridge:
             # default.
             messages: 100
 
-            # Disable rotating keys when a user's devices change?
+    # Whether or not to explicitly set the avatar and room name for private
-            # You should not enable this option unless you understand all the implications.
+    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
-            disable_device_change_key_rotation: false
+    private_chat_portal_meta: false
-
-    # Whether to explicitly set the avatar and room name for private chat portal rooms.
-    # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
-    # If set to `always`, all DM rooms will have explicit names and avatars set.
-    # If set to `never`, DM rooms will never have names and avatars set.
-    private_chat_portal_meta: default
-    # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
-    # but they're being phased out and will be completely removed in the future.
-    disable_reply_fallbacks: false
-    # Should cross-chat replies from Telegram be bridged? Most servers and clients don't support this.
-    cross_room_replies: false
     # Whether or not the bridge should send a read receipt from the bridge bot when a message has
     # been sent to Telegram.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
     delivery_error_reports: false
-    # Should errors in incoming message handling send a message to the Matrix room?
-    incoming_bridge_error_reports: false
     # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
     message_status_events: false
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
@@ -383,6 +342,20 @@ bridge:
     backfill:
         # Allow backfilling at all?
         enable: true
+        # Use MSC2716 for backfilling?
+        #
+        # This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
+        # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
+        msc2716: false
+        # Use double puppets for backfilling?
+        #
+        # If using MSC2716, the double puppets must be in the appservice's user ID namespace
+        # (because the bridge can't use the double puppet access token with batch sending).
+        #
+        # Even without MSC2716, bridging old messages with correct timestamps requires the double
+        # puppets to be in an appservice namespace, or the server to be modified to allow
+        # overriding timestamps anyway.
+        double_puppet_backfill: false
         # Whether or not to enable backfilling in normal groups.
         # Normal groups have numerous technical problems in Telegram, and backfilling normal groups
         # will likely cause problems if there are multiple Matrix users in the group.
@@ -392,26 +365,17 @@ bridge:
         # Set to -1 to let any chat be unread.
         unread_hours_threshold: 720
 
-        # Forward backfilling limits.
+        # Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
         #
         # Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
-        forward_limits:
+        # MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
+        forward:
             # Number of messages to backfill immediately after creating a portal.
-            initial:
+            initial_limit: 10
-                user: 50
-                normal_group: 100
-                supergroup: 10
-                channel: 10
             # Number of messages to backfill when syncing chats.
-            sync:
+            sync_limit: 100
-                user: 100
-                normal_group: 100
-                supergroup: 100
-                channel: 100
-        # Timeout for forward backfills in seconds. If you have a high limit, you'll have to increase this too.
-        forward_timeout: 900
 
-        # Settings for incremental backfill of history. These only apply to Beeper, as upstream abandoned MSC2716.
+        # Settings for incremental backfill of history. These only apply when using MSC2716.
         incremental:
             # Maximum number of messages to backfill per batch.
             messages_per_batch: 100
@@ -489,6 +453,7 @@ bridge:
     # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
     # `filter-mode` management commands.
     #
+    # Filters do not affect direct chats.
     # An empty blacklist will essentially disable the filter.
     filter:
         # Filter mode to use. Either "blacklist" or "whitelist".
@@ -497,11 +462,6 @@ bridge:
         mode: blacklist
         # The list of group/channel IDs to filter.
         list: []
-        # How to handle direct chats:
-        # If users is "null", direct chats will follow the previous settings.
-        # If users is "true", direct chats will always be bridged.
-        # If users is "false", direct chats will never be bridged.
-        users: true
 
     # The prefix for commands. Only required in non-management rooms.
     command_prefix: "!tg"
@@ -601,8 +561,6 @@ telegram:
         # is not recommended, since some requests can always trigger a call fail (such as searching
         # for messages).
         request_retries: 5
-        # Use IPv6 for Telethon connection
-        use_ipv6: false
 
     # Device info sent to Telegram.
     device_info: