Add matrix-bridge-mautrix-slack role

This commit is contained in:
Cody Wyatt Neiman 2022-11-02 18:11:32 -04:00
parent 1abba4c918
commit 784e5492d5
No known key found for this signature in database
GPG key ID: 94475C8B94E4698D
11 changed files with 695 additions and 0 deletions

View file

@ -0,0 +1,78 @@
# Setting up Mautrix Slack (optional)
**Note**: bridging to [Slack](https://slack.com/) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing.
- For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook.
The `mautrix-slack` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Slack bridges supported by the playbook, so it's the one we recommend.
The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you.
See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you.
Note that as of Oct 2022, support for multiple Matrix users using the bot is incomplete. Different users do not yet share the bridged channels. Everyone gets their own copy.
See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information.
## Prerequisites
For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html).
Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only Slack officially supported method for bridging a channel.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_mautrix_slack_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-mautrix-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_slack_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Slack` device some time in the future, as that would break the Double Puppeting feature
## Usage
1. Start a chat with `@slackbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. If you would like to login to Slack using a token, send the `login-token` command, otherwise, send the `login-password` command.
3. The bot should respond with "Successfully logged into <email> for team <workspace>"
4. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to.
5. Slack channels should automatically begin bridging if you authenticated using a token. Otherwise, you must wait to receive a message in the channel if you used password authentication.

View file

@ -2444,6 +2444,12 @@ devture_postgres_managed_databases_auto: |
'password': matrix_mautrix_discord_database_password,
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mautrix_slack_database_name,
'username': matrix_mautrix_slack_database_username,
'password': matrix_mautrix_slack_database_password,
}] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mx_puppet_slack_database_name,
'username': matrix_mx_puppet_slack_database_username,

View file

@ -0,0 +1,138 @@
---
# mautrix-slack is a Matrix <-> Slack bridge
# Project source code URL: https://github.com/mautrix/slack
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_container_image_self_build: false
matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/slack.git"
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
matrix_mautrix_slack_version: latest
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_slack_docker_image_force_pull: "{{ matrix_mautrix_slack_docker_image.endswith(':latest') }}"
matrix_mautrix_slack_base_path: "{{ matrix_base_data_path }}/mautrix-slack"
matrix_mautrix_slack_config_path: "{{ matrix_mautrix_slack_base_path }}/config"
matrix_mautrix_slack_data_path: "{{ matrix_mautrix_slack_base_path }}/data"
matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path }}/docker-src"
matrix_mautrix_slack_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
matrix_mautrix_slack_command_prefix: "!slack"
matrix_mautrix_slack_bridge_permissions: |
{{
{matrix_mautrix_slack_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_slack_container_extra_arguments: []
# List of systemd services that matrix-mautrix-slack.service depends on.
matrix_mautrix_slack_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-slack.service wants
matrix_mautrix_slack_systemd_wanted_services_list: []
matrix_mautrix_slack_appservice_token: ''
matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn'
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_slack_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_slack_database_*` variables
matrix_mautrix_slack_database_engine: 'sqlite'
matrix_mautrix_slack_sqlite_database_path_local: "{{ matrix_mautrix_slack_data_path }}/mautrix-slack.db"
matrix_mautrix_slack_sqlite_database_path_in_container: "/data/mautrix-slack.db"
matrix_mautrix_slack_database_username: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_password: 'some-password'
matrix_mautrix_slack_database_hostname: 'matrix-postgres'
matrix_mautrix_slack_database_port: 5432
matrix_mautrix_slack_database_name: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable'
matrix_mautrix_slack_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_slack_database_engine]
}}"
matrix_mautrix_slack_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
'postgres': matrix_mautrix_slack_database_connection_string,
}[matrix_mautrix_slack_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_slack_login_shared_secret: ''
matrix_mautrix_slack_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_slack_homeserver_domain: matrix_mautrix_slack_login_shared_secret} if matrix_mautrix_slack_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_slack_bridge_double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain : matrix_mautrix_slack_homeserver_address }}"
# Default mautrix-slack configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_slack_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration_extension: "{{ matrix_mautrix_slack_configuration_extension_yaml | from_yaml if matrix_mautrix_slack_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration: "{{ matrix_mautrix_slack_configuration_yaml | from_yaml | combine(matrix_mautrix_slack_configuration_extension, recursive=True) }}"
matrix_mautrix_slack_registration_yaml: |
id: slack
url: {{ matrix_mautrix_slack_appservice_address }}
as_token: "{{ matrix_mautrix_slack_appservice_token }}"
hs_token: "{{ matrix_mautrix_slack_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_slack_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@slack_[0-9]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_slack_bridge_encryption_allow: false
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

View file

@ -0,0 +1,21 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-slack.service'] }}"
when: matrix_mautrix_slack_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_slack_config_path }}/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-slack-registration.yaml"]
}}
when: matrix_mautrix_slack_enabled | bool

View file

@ -0,0 +1,22 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_slack_enabled | bool"
tags:
- setup-all
- setup-mautrix-slack
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup and matrix_mautrix_slack_enabled"
tags:
- setup-all
- setup-mautrix-slack
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup and not matrix_mautrix_slack_enabled"
tags:
- setup-all
- setup-mautrix-slack

View file

@ -0,0 +1,121 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-slack role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: false
- when: "matrix_mautrix_slack_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
register: matrix_mautrix_slack_sqlite_database_path_local_stat_result
- when: "matrix_mautrix_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_slack_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-slack.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: true
- name: Ensure Mautrix Slack paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_slack_base_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_config_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_data_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_docker_src_files_path }}", when: "{{ matrix_mautrix_slack_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix Slack image is pulled
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_docker_image_force_pull }}"
when: not matrix_mautrix_slack_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure Mautrix slack repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_slack_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_slack_docker_src_files_path }}"
version: "{{ matrix_mautrix_slack_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_slack_git_pull_results
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure Mautrix slack Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_slack_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure mautrix-slack config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-slack registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-slack.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service"
mode: 0644
register: matrix_mautrix_slack_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-slack.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_slack_systemd_service_result.changed"
- name: Ensure matrix-mautrix-slack.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-slack.service"
state: restarted
when: "matrix_mautrix_slack_requires_restart | bool"

View file

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-mautrix-slack service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service"
register: matrix_mautrix_slack_service_stat
- name: Ensure matrix-mautrix-slack is stopped
ansible.builtin.service:
name: matrix-mautrix-slack
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_slack_service_stat.stat.exists"
- name: Ensure matrix-mautrix-slack.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service"
state: absent
when: "matrix_mautrix_slack_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-slack.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_slack_service_stat.stat.exists"

View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_slack_appservice_token"
- "matrix_mautrix_slack_homeserver_token"

View file

@ -0,0 +1,231 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_slack_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_slack_homeserver_domain | to_json }}
# Is the homeserver actually mautrix-asmux?
asmux: false
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_slack_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: {{ matrix_mautrix_slack_appservice_database_type|to_json }}
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_slack_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: {{ matrix_mautrix_slack_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_slack_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Bridge config
bridge:
# Localpart template of MXIDs for Slack users.
# {{ '{{.}}' }} is replaced with the internal ID of the Slack user.
username_template: "{{ 'slack_{{.}}' }}"
# Displayname template for Slack users.
# TODO: document variables
displayname_template: "{{ '{{.RealName}} (S)' }}"
bot_displayname_template: "{{ '{{.Name}} (bot)' }}"
channel_name_template: "{{ '#{{.Name}}' }}"
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain }}": {{ matrix_mautrix_slack_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_slack_bridge_login_shared_secret_map|to_json }}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_slack_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_slack_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_slack_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow|to_json }}
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_slack_bridge_permissions|to_json }}
logging:
directory: ./logs
file_name_format: ''
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: {{ matrix_mautrix_slack_logging_level | to_json }}
print_json: false
file_json: false

View file

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Slack bridge
{% for service in matrix_mautrix_slack_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_slack_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \
--workdir=/data \
{% for arg in matrix_mautrix_slack_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_slack_docker_image }} \
/usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-slack
[Install]
WantedBy=multi-user.target

View file

@ -1 +0,0 @@
playbooks/matrix.yml

1
setup.yml Executable file
View file

@ -0,0 +1 @@
playbooks/matrix.yml