diff --git a/README.md b/README.md index 76d36e7..e23d0e8 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,15 @@ -# A Matrix-Signal puppeting bridge for YunoHost +# A Matrix-Telegram puppeting bridge for YunoHost -[![Integration level](https://dash.yunohost.org/integration/mautrix_signal.svg)](https://dash.yunohost.org/appci/app/mautrix_signal) ![](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/mautrix_signal.maintain.svg) -[![Install Mautrix-Signal with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mautrix_signal) +[![Integration level](https://dash.yunohost.org/integration/mautrix_telegram.svg)](https://dash.yunohost.org/appci/app/mautrix_telegram) ![](https://ci-apps.yunohost.org/ci/badges/mautrix_telegram.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/mautrix_telegram.maintain.svg) +[![Install Mautrix-Telegram with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mautrix_telegram) *[Lire ce readme en français.](./README_fr.md)* -> *This package allows you to install Mautrix-Signal quickly and simply on a YunoHost server. +> *This package allows you to install Mautrix-Telegram quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Signal user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Signal room, so only someone with a Signal account can participate to Signal group conversations. The ["Mautrix-Signal"](https://docs.mau.fi/bridges/python/signal/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. +A puppeting bridge between Matrix and Telegram packaged as a YunoHost service. Messages, notifications (and sometimes media) are bridged between a Telegram user and a Matrix user. Currently the Matrix user can NOT invite other Matrix user in a bridged Telegram room, so only someone with a Telegram account can participate to Telegram group conversations. The ["Mautrix-Telegram"](https://docs.mau.fi/bridges/python/telegram/index.html) bridge consists in a Synapse App Service and relies on postgresql (mysql also possible). Therefore, [Synapse for YunoHost](https://github.com/YunoHost-Apps/synapse_ynh) should be installed beforehand. **Shipped version:** 0.1.0 @@ -19,52 +19,51 @@ A puppeting bridge between Matrix and Signal packaged as a YunoHost service. Mes ## List of known public services -* Ask on one of the following rooms: #mautrix_yunohost:matrix.fdn.fr or #signal:maunium.net +* Ask on one of the following rooms: #mautrix_yunohost:matrix.fdn.fr or #telegram:maunium.net ## Bridging usage -** Note that several Signal and Matrix users can be bridged, each Signal account has its own bot administration room. If they are in a same Signal group, only one matrix room will be created. ** +** Note that several Telegram and Matrix users can be bridged, each Telegram account has its own bot administration room. If they are in a same Telegram group, only one matrix room will be created. ** -### Bridge a Signal user and a Matrix user +### Bridge a Telegram user and a Matrix user * First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) -* Then, invite the bot (default @signalbot:yoursynapse.domain) in this new Mautrix-Signal bot administration room. +* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) -* Send ``!sg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/signal/authentication.html) +* Send ``!tg help`` to the bot in the created room to know how to control the bot. +See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) -#### Linking the Bridge as a secondary device -* Type ``!sg link`` -* Open Signal App of your primary device -* Open Settings => Linked Devices => Capture the QR code with the camera -* By defaults, only conversations with very recent messages will be bridged +#### Logging into Telegram account +* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) +* follow setup instructions from bot +* By defaults, only conversations with very recent messages and groups will be suggested to be bridged * Accept invitations to the bridged chat rooms -#### Registering the Bridge as a primary device -* Type ``!sg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!sg register +33612345678`` +#### Registering the Bridge as a primary device (untested) +* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` * Answer in the bot room with the verification code that you reveived in SMS. -* Set a profile name with ``!sg set-profile-name `` +* Set a profile name with ``!tg set-profile-name `` ### Double puppeting * Log in with ``login-matrix `` -* After logging in, the default Matrix puppet of your Signal account should leave rooms and your account should join all rooms the puppet was in automatically. +* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. -### Relaybot: Bridge a group for several Matrix and several Signal users to chat together +### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together Not yet available ## Configuration of the bridge -The bridge is [roughly configured at installation](https://github.com/YunoHost-Apps/mautrix_signal_ynh/blob/master/conf/config.yaml), e.g. allowed admin and user of the bot. Finer configuration can be done by modifying the +The bridge is [roughly configured at installation](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml), e.g. allowed admin and user of the bot. Finer configuration can be done by modifying the following configuration file with SSH: -```/opt/yunohost/mautrix_signal/config.yaml``` -and then restarting the mautrix_signal service. +```/opt/yunohost/mautrix_telegram/config.yaml``` +and then restarting the mautrix_telegram service. ## Documentation - * Official "Mautrix-Signal" documentation: https://docs.mau.fi/bridges/python/signal/index.html + * Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr - * Matrix room (upstream app): #signal:maunium.net + * Matrix room (upstream app): #telegram:maunium.net In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with ``| sed -r 's/[0-9]{10,}/📞/g' `` - * "Mautrix-Signal" bridge is based on the [signal daemon](https://gitlab.com/signald/signald) project. + * "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. * YunoHost documentation: If more specific documentation is needed, feel free to contribute. ## YunoHost specific features @@ -72,40 +71,47 @@ In case you need to upload your logs somewhere, be aware that they contain your #### Multi-user support * Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. -* The Signal bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). -* Several Signal and Matrix users can be bridged with one bridge, each user has its own bot administration room. -* If several bot users are in a same Signal group, only one Matrix room will be created by the bridge. +* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). +* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. +* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. * See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support #### Multi-instance support -* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Signal accounts. +* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. * Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. #### Supported architectures -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/mautrix_signal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/mautrix_signal/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/mautrix_signal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/mautrix_signal/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/mautrix_telegram%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/mautrix_telegram/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/mautrix_telegram%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/mautrix_telegram/) -## Limitations -* It looks like media are not bridged. -* Signal chats are not grouped in a Matrix community (as opposed to the Mautrix-WhatsApp or Mautrix-Facebook bridges) +## Troubleshooting + +* Check the spelling of the bot name! +* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert +``` +[Service] +ExecStartPre=/bin/sleep 90 +``` +such that it is ensured that synapse is running before the bridge tries to connect. +(If it worked after installation but broke after a restart this probably is it.) ## Additional information * Other info you would like to add about this app. **More info on the documentation page:** -https://docs.mau.fi/bridges/python/signal/index.html +https://docs.mau.fi/bridges/python/telegram/index.html ## Links - * Report a bug: https://github.com/YunoHost-Apps/mautrix_signal_ynh/issues + * Report a bug: https://github.com/YunoHost-Apps/mautrix_telegram_ynh/issues * App website: https://github.com/YunoHost-Apps/mautrix-whatsapp_ynh - * Upstream app documentation: https://docs.mau.fi/bridges/python/signal/index.html - * Upstream app repository: https://github.com/tulir/mautrix-signal - * Up-Upstream repository: https://gitlab.com/signald/signald + * Upstream app documentation: https://docs.mau.fi/bridges/python/telegram/index.html + * Upstream app repository: https://github.com/tulir/mautrix-telegram + * Up-Upstream repository: https://gitlab.com/telegramd/telegramd * YunoHost website: https://yunohost.org/ --- @@ -113,13 +119,13 @@ https://docs.mau.fi/bridges/python/signal/index.html ## Developer info **Only if you want to use a testing branch for coding, instead of merging directly into master.** -Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/tree/testing). To try the testing branch, please proceed like that. ``` -sudo yunohost app install https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing --debug +sudo yunohost app install https://github.com/YunoHost-Apps/mautrix_telegram_ynh/tree/testing --debug or -sudo yunohost app upgrade mautrix_signal -u https://github.com/YunoHost-Apps/mautrix_signal_ynh/tree/testing --debug +sudo yunohost app upgrade mautrix_telegram -u https://github.com/YunoHost-Apps/mautrix_telegram_ynh/tree/testing --debug ``` To test communication between the App Service and Matrix-Synapse on a VM (e.g. with domain name: synapse.vm), you must install a certificate: diff --git a/conf/app.src b/conf/app.src index 53c3402..f68466a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ -SOURCE_URL=https://github.com/tulir/mautrix-signal/archive/v0.1.0.tar.gz -SOURCE_SUM=950249a464c636ad6134f43da7a19d5fe14175782ec02754479ded1330897ff7 +SOURCE_URL=https://github.com/tulir/mautrix-telegram/archive/v0.9.0.tar.gz +SOURCE_SUM=e0fb30bf448f1bec6f27f73662c1dcddd36986367dcbe4f34509b23af67142a9 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=mautrix-signal.tar.gz +SOURCE_FILENAME=mautrix-telegram.tar.gz SOURCE_EXTRACT=false diff --git a/conf/config.yaml b/conf/config.yaml index 60c3832..37556f1 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -25,13 +25,37 @@ appservice: # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s max_body_size: 1 - # The full URI to the database. Only Postgres is currently supported. + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname database: postgres://__MAUTRIX_BRIDGE_USER__:__MAUTRIX_BRIDGE_DB_PWD__@localhost:5432/__MAUTRIX_BRIDGE_DB_NAME__ - # Additional arguments for asyncpg.create_pool() - # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool - database_opts: - min_size: 5 - max_size: 10 + # Optional extra arguments for SQLAlchemy's create_engine + database_opts: {} + + # Public part of web server for out-of-Matrix interaction with the bridge. + # Used for things like login if the user wants to make sure the 2FA password isn't stored in + # the HS database. + public: + # Whether or not the public-facing endpoints should be enabled. + enabled: false + # The prefix to use in the public-facing endpoints. + prefix: /public + # The base URL where the public-facing endpoints are available. The prefix is not added + # implicitly. + external: https://example.com/public + + # Provisioning API part of the web server for automated portal creation and fetching information. + # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). + provisioning: + # Whether or not the provisioning API should be enabled. + enabled: false + # The prefix to use in the provisioning API endpoints. + prefix: /_matrix/provision/v1 + # The shared secret to authorize users of the API. + # Set to "generate" to generate and save a new token. + shared_secret: generate # The unique ID of this appservice. id: __BOTNAME__ @@ -39,14 +63,14 @@ appservice: bot_username: __BOTNAME__ # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. - bot_displayname: Signal bridge bot - bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp + bot_displayname: Telegram bridge bot + bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX # Community ID for bridged users (changes registration file) and rooms. # Must be created manually. # - # Example: "+signal:example.com". Set to false to disable. - community_id: +sg:__SERVER_NAME__ + # Example: "+telegram:example.com". Set to false to disable. + community_id: +telegram:__SERVER_NAME__ # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). @@ -62,58 +86,104 @@ metrics: enabled: false listen_port: 8000 -signal: - # Path to signald unix socket - socket_path: /var/run/signald/signald.sock - # Directory for temp files when sending files to Signal. This should be an - # absolute path that signald can read. For attachments in the other direction, - # make sure signald is configured to use an absolute path as the data directory. - outgoing_attachment_dir: /tmp - # Directory where signald stores avatars for groups. - avatar_dir: ~/.config/signald/avatars - # Directory where signald stores auth data. Used to delete data when logging out. - data_dir: ~/.config/signald/data - # Whether or not message attachments should be removed from disk after they're bridged. - remove_file_after_handling: true +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/mautrix-telegram.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 # Bridge config bridge: - # Localpart template of MXIDs for Signal users. - # {userid} is replaced with an identifier for the Signal user. - username_template: "sg_{userid}" - # Displayname template for Signal users. - # {displayname} is replaced with the displayname of the Signal user, which is the first - # available variable in displayname_preference. The variables in displayname_preference - # can also be used here directly. - displayname_template: "{displayname} (SG)" - # Whether or not contact list displaynames should be used. - # Possible values: disallow, allow, prefer - # - # Multi-user instances are recommended to disallow contact list names, as otherwise there can - # be conflicts between names from different users' contact lists. - contact_list_names: disallow - # Available variables: full_name, first_name, last_name, phone, uuid - displayname_preference: - - full_name - - phone + # Localpart template of MXIDs for Telegram users. + # {userid} is replaced with the user ID of the Telegram user. + username_template: "telegram_{userid}" + # Localpart template of room aliases for Telegram portal rooms. + # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) + alias_template: "telegram_{groupname}" + # Displayname template for Telegram users. + # {displayname} is replaced with the display name of the Telegram user. + displayname_template: "{displayname} (Telegram)" - # Whether or not to create portals for all groups on login/connect. - autocreate_group_portal: true - # Whether or not to create portals for all contacts on login/connect. - autocreate_contact_portal: false - # Whether or not to use /sync to get read receipts and typing notifications + # Set the preferred order of user identifiers which to use in the Matrix puppet display name. + # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user + # ID is used. + # + # If the bridge is working properly, a phone number or an username should always be known, but + # the other one can very well be empty. + # + # Valid keys: + # "full name" (First and/or last name) + # "full name reversed" (Last and/or first name) + # "first name" + # "last name" + # "username" + # "phone number" + displayname_preference: + - full name + - username + - phone number + # Maximum length of displayname + displayname_max_length: 100 + # Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default + # as there's no way to determine whether an avatar is removed or just hidden from some users. If + # you're on a single-user instance, this should be safe to enable. + allow_avatar_remove: false + + # Maximum number of members to sync per portal when starting up. Other members will be + # synced when they send messages. The maximum is 10000, after which the Telegram server + # will not send any more members. + # -1 means no limit (which means it's limited to 10000 by the server) + max_initial_member_sync: 100 + # Whether or not to sync the member list in channels. + # If no channel admins have logged into the bridge, the bridge won't be able to sync the member + # list regardless of this setting. + sync_channel_members: true + # Whether or not to skip deleted members when syncing members. + skip_deleted_members: true + # Whether or not to automatically synchronize contacts and chats of Matrix users logged into + # their Telegram account at startup. + startup_sync: true + # Number of most recently active dialogs to check when syncing chats. + # Set to 0 to remove limit. + sync_update_limit: 0 + # Number of most recently active dialogs to create portals for when syncing chats. + # Set to 0 to remove limit. + sync_create_limit: 30 + # Whether or not to sync and create portals for direct chats at startup. + sync_direct_chats: false + # The maximum number of simultaneous Telegram deletions to handle. + # A large number of simultaneous redactions could put strain on your homeserver. + max_telegram_delete: 10 + # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) + # at startup and when creating a bridge. + sync_matrix_state: true + # Allow logging in within Matrix. If false, users can only log in using login-qr or the + # out-of-Matrix login website (see appservice.public config section) + allow_matrix_login: true + # Whether or not to bridge plaintext highlights. + # Only enable this if your displayname_template has some static part that the bridge can use to + # reliably identify what is a plaintext highlight. + plaintext_highlights: false + # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. + public_portals: true + # Whether or not to use /sync to get presence, read receipts and typing notifications # when double puppeting is enabled sync_with_custom_puppets: true # Whether or not to update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. sync_direct_chat_list: false - # Allow using double puppeting from any server with a valid client .well-known file. - double_puppet_allow_discovery: false - # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. + # Servers to always allow double puppeting from double_puppet_server_map: example.com: https://example.com - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, custom puppets will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` @@ -121,18 +191,61 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - example.com: foo + example.com: foobar + # Set to false to disable link previews in messages sent to Telegram. + telegram_link_preview: true + # Whether or not the !tg join command should do a HTTP request + # to resolve redirects in invite links. + invite_link_resolve: false + # Use inline images instead of a separate message for the caption. + # N.B. Inline images are not supported on all clients (e.g. Element iOS/Android). + inline_images: false + # Maximum size of image in megabytes before sending to Telegram as a document. + image_as_file_size: 10 + # Maximum size of Telegram documents in megabytes to bridge. + max_document_size: 100 + # Enable experimental parallel file transfer, which makes uploads/downloads much faster by + # streaming from/to Matrix and using many connections for Telegram. + # Note that generating HQ thumbnails for videos is not possible with streamed transfers. + parallel_file_transfer: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true - # End-to-bridge encryption support options. You must install the e2be optional dependency for - # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption + # Settings for converting animated stickers. + animated_sticker: + # Format to which animated stickers should be converted. + # disable - No conversion, send as-is (gzipped lottie) + # png - converts to non-animated png (fastest), + # gif - converts to animated gif, but loses transparency + # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support + target: gif + # Arguments for converter. All converters take width and height. + # GIF converter takes background as a hex color. + args: + width: 256 + height: 256 + background: "020202" # only for gif + fps: 30 # only for webm + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: __ENCRYPTION__ + allow: false # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Database for the encryption data. Currently only supports Postgres and an in-memory + # store that's persisted as a pickle. + # If set to `default`, will use the appservice postgres database + # or a pickle file if the appservice database is sqlite. + # + # Format examples: + # Pickle: pickle:///filename.pickle + # Postgres: postgres://username:password@hostname/dbname + database: default # Options for automatic key sharing. key_sharing: # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. @@ -149,43 +262,231 @@ bridge: # chat portal rooms. This will be implicitly enabled if encryption.default is true. private_chat_portal_meta: false # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Signal. This let's you check manually whether the bridge is receiving your - # messages. - # Note that this is not related to Signal delivery receipts. + # been sent to Telegram. delivery_receipts: false - # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) + # Whether or not delivery errors should be reported as messages in the Matrix room. delivery_error_reports: false # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, # except if the config file is not writable. resend_bridge_info: false + # Settings for backfilling messages from Telegram. + backfill: + # Whether or not the Telegram ghosts of logged in Matrix users should be + # invited to private chats when backfilling history from Telegram. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill without using a takeout. + # The first time a takeout is used, the user has to manually approve it from a different + # device. If initial_limit or missed_limit are higher than this value, the bridge will ask + # the user to accept the takeout after logging in before syncing any chats. + takeout_limit: 100 + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal, or -1 to disable the limit. + # + # N.B. Initial backfill will only start after member sync. Make sure your + # max_initial_member_sync is set to a low enough value so it doesn't take forever. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while the bridge was + # disconnected. Note that this only works for logged in users and only if the chat isn't + # older than sync_update_limit + # Set to 0 to disable backfilling missed messages. + missed_limit: 50 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + # Whether or not to enable backfilling in normal groups. + # Normal groups have numerous technical problems in Telegram, and backfilling normal groups + # will likely cause problems if there are multiple Matrix users in the group. + normal_groups: false - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: false - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate + # Overrides for base power levels. + initial_power_level_overrides: + user: {} + group: {} + + # Whether to bridge Telegram bot messages as m.notices or m.texts. + bot_messages_as_notices: true + bridge_notices: + # Whether or not Matrix bot messages (type m.notice) should be bridged. + default: false + # List of user IDs for whom the previous flag is flipped. + # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but + # notices from users listed here will be bridged. + exceptions: + - "@importantbot:example.com" + + # Some config options related to Telegram message deduplication. + # The default values are usually fine, but some debug messages/warnings might recommend you + # change these. + deduplication: + # Whether or not to check the database if the message about to be sent is a duplicate. + pre_db_check: false + # The number of latest events to keep when checking for duplicates. + # You might need to increase this on high-traffic bridge instances. + cache_queue_length: 20 + + # The formats to use when sending messages to Telegram via the relay bot. + # Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: "$sender_displayname: $message" + m.notice: "$sender_displayname: $message" + m.emote: "* $sender_displayname $message" + m.file: "$sender_displayname sent a file: $message" + m.image: "$sender_displayname sent an image: $message" + m.audio: "$sender_displayname sent an audio file: $message" + m.video: "$sender_displayname sent a video: $message" + m.location: "$sender_displayname sent a location: $message" + # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated + # users are sent to telegram. All fields in message_formats are supported. Additionally, the + # Telegram user info is available in the following variables: + # $displayname - Telegram displayname + # $username - Telegram username (may not exist) + # $mention - Telegram @username or displayname mention (depending on which exists) + emote_format: "* $mention $formatted_body" + + # The formats to use when sending state events to Telegram via the relay bot. + # + # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. + # In name_change events, `$prev_displayname` is the previous displayname. + # + # Set format to an empty string to disable the messages for that event. + state_event_formats: + join: "$displayname joined the room." + leave: "$displayname left the room." + name_change: "$prev_displayname changed their name to $displayname" + + # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and + # `filter-mode` management commands. + # + # Filters do not affect direct chats. + # An empty blacklist will essentially disable the filter. + filter: + # Filter mode to use. Either "blacklist" or "whitelist". + # If the mode is "blacklist", the listed chats will never be bridged. + # If the mode is "whitelist", only the listed chats can be bridged. + mode: blacklist + # The list of group/channel IDs to filter. + list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "!sg" + command_prefix: "!tg" # Permissions for using the bridge. # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. + # relaybot - Only use the bridge via the relaybot, no access to commands. + # user - Relaybot level + access to commands to create bridges. + # puppeting - User level + logging in with a Telegram account. + # full - Full access to use the bridge, i.e. previous levels + Matrix login. + # admin - Full access to use the bridge and some extra administration commands. # Permitted keys: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user permissions: - "__BOTUSERS__": "user" + "*": "relaybot" + "__BOTUSERS__": "puppeting" "__BOTADMIN__": "admin" + # Options related to the message relay Telegram bot. + relaybot: + private_chat: + # List of users to invite to the portal when someone starts a private chat with the bot. + # If empty, private chats with the bot won't create a portal. + invite: [] + # Whether or not to bridge state change messages in relaybot private chats. + state_changes: true + # When private_chat_invite is empty, this message is sent to users /starting the + # relaybot. Telegram's "markdown" is supported. + message: This is a Matrix bridge relaybot and does not support direct chats + # List of users to invite to all group chat portals created by the bridge. + group_chat_invite: [] + # Whether or not the relaybot should not bridge events in unbridged group chats. + # If false, portals will be created when the relaybot receives messages, just like normal + # users. This behavior is usually not desirable, as it interferes with manually bridging + # the chat to another room. + ignore_unbridged_group_chat: true + # Whether or not to allow creating portals from Telegram. + authless_portals: true + # Whether or not to allow Telegram group admins to use the bot commands. + whitelist_group_admins: true + # Whether or not to ignore incoming events sent by the relay bot. + ignore_own_incoming_events: true + # List of usernames/user IDs who are also allowed to use the bot commands. + whitelist: [] + +# Telegram config +telegram: + # Get your own API keys at https://my.telegram.org/apps + api_id: __TELEGRAM_API_ID__ + api_hash: __TELEGRAM_API_HASH__ + # (Optional) Create your own bot at https://t.me/BotFather + bot_token: __TELEGRAM_BOT_TOKEN__ + + # Telethon connection options. + connection: + # The timeout in seconds to be used when connecting. + timeout: 120 + # How many times the reconnection should retry, either on the initial connection or when + # Telegram disconnects us. May be set to a negative or null value for infinite retries, but + # this is not recommended, since the program can get stuck in an infinite loop. + retries: 5 + # The delay in seconds to sleep between automatic reconnections. + retry_delay: 1 + # The threshold below which the library should automatically sleep on flood wait errors + # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold + # is 20s, the library will sleep automatically. If the error was for 21s, it would raise + # the error instead. Values larger than a day (86400) will be changed to a day. + flood_sleep_threshold: 60 + # How many times a request should be retried. Request are retried when Telegram is having + # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when + # there's a migrate error. May take a negative or null value for infinite retries, but this + # is not recommended, since some requests can always trigger a call fail (such as searching + # for messages). + request_retries: 5 + + # Device info sent to Telegram. + device_info: + # "auto" = OS name+version. + device_model: auto + # "auto" = Telethon version. + system_version: auto + # "auto" = mautrix-telegram version. + app_version: auto + lang_code: en + system_lang_code: en + + # Custom server to connect to. + server: + # Set to true to use these server settings. If false, will automatically + # use production server assigned by Telegram. Set to false in production. + enabled: false + # The DC ID to connect to. + dc: 2 + # The IP to connect to. + ip: 149.154.167.40 + # The port to connect to. 443 may not work, 80 is better and both are equally secure. + port: 80 + + # Telethon proxy configuration. + # You must install PySocks from pip for proxies to work. + proxy: + # Allowed types: disabled, socks4, socks5, http, mtproxy + type: disabled + # Proxy IP address and port. + address: 127.0.0.1 + port: 1080 + # Whether or not to perform DNS resolving remotely. Only for socks/http proxies. + rdns: true + # Proxy authentication (optional). Put MTProxy secret in password field. + username: "" + password: "" # Python logging configuration. # @@ -195,7 +496,7 @@ logging: version: 1 formatters: colored: - (): mautrix_signal.util.ColorFormatter + (): mautrix_telegram.util.ColorFormatter format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" normal: format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" @@ -212,8 +513,10 @@ logging: loggers: mau: level: DEBUG + telethon: + level: INFO aiohttp: level: INFO root: level: DEBUG - handlers: [file, console] \ No newline at end of file + handlers: [file, console] diff --git a/conf/systemd.service b/conf/systemd.service index 994d859..c1efe50 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Matrix Signal Bridge +Description=Matrix Telegram Bridge After=matrix-synapse.service [Service] @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/bin/python3 -m mautrix_signal +ExecStart=__FINALPATH__/bin/python3 -m mautrix_telegram [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index e5aa764..ccbc168 100644 --- a/manifest.json +++ b/manifest.json @@ -1,18 +1,18 @@ { - "name": "Matrix-Signal bridge", - "id": "mautrix_signal", + "name": "Matrix-Telegram bridge", + "id": "mautrix_telegram", "packaging_format": 1, "description": { - "en": "A Signal puppeting bridge for Matrix/Synapse.", - "fr": "Passerelle Signal pour Matrix/Synapse." + "en": "A Telegram puppeting bridge for Matrix/Synapse.", + "fr": "Passerelle Telegram pour Matrix/Synapse." }, - "version": "0.1.0~ynh1", - "url": "https://github.com/tulir/mautrix-signal", + "version": "0.1.1~ynh1", + "url": "https://github.com/tulir/mautrix-telegram", "license": "AGPL-3.0-or-later", "maintainer": { "name": "Gredin67", - "email": "mautrix_signal_ynh@sans-nuage.fr", - "url": "https://github.com/YunoHost-Apps/mautrix_signal_ynh" + "email": "mautrix_telegram_ynh@sans-nuage.fr", + "url": "https://github.com/YunoHost-Apps/mautrix_telegram_ynh" }, "requirements": { "yunohost": ">= 4.0" @@ -27,8 +27,8 @@ "name": "synapsenumber", "type": "string", "ask": { - "en": "Choose the local synapse instance number to communicate with mautrix_signal", - "fr": "Choisissez le numĂ©ro de l'instance synapse qui doit communiquer avec mautrix_signal" + "en": "Choose the local synapse instance number to communicate with mautrix_telegram", + "fr": "Choisissez le numĂ©ro de l'instance synapse qui doit communiquer avec mautrix_telegram" }, "example": "2 (for instance synapse__2)", "help": { @@ -41,15 +41,15 @@ "name": "botname", "type": "string", "ask": { - "en": "Choose a local synapse user name for the Signal bot", - "fr": "Choisissez un nom d'utilisateur synapse local pour le robot Signal" + "en": "Choose a local synapse user name for the Telegram bot", + "fr": "Choisissez un nom d'utilisateur synapse local pour le robot Telegram" }, - "example": "signalbot", + "example": "telegrambot", "help": { - "en": "A system user will be created. Invite @signalbot:localsynapse.servername from an authorized Matrix account to start bridging. Give the matrix server_name, not the full domain/url.", - "fr": "Un utilisateur systĂšme sera crĂ©Ă©. Inviter @signalbot:localsynapse.servername depuis un compte Matrix autorisĂ© pour dĂ©marrer une passerelle. Donner le nom du serveur matrix, pas le domaine/url complet." + "en": "A system user will be created. Invite @telegrambot:localsynapse.servername from an authorized Matrix account to start bridging. Give the matrix server_name, not the full domain/url.", + "fr": "Un utilisateur systĂšme sera crĂ©Ă©. Inviter @telegrambot:localsynapse.servername depuis un compte Matrix autorisĂ© pour dĂ©marrer une passerelle. Donner le nom du serveur matrix, pas le domaine/url complet." }, - "default": "signalbot" + "default": "telegrambot" }, { "name": "encryption", @@ -68,22 +68,22 @@ "name": "botadmin", "type": "string", "ask": { - "en": "Choose the Matrix account administrator of the Signal bot", - "fr": "Choisissez le compte Matrix administrateur du robot Signal" + "en": "Choose the Matrix account administrator of the Telegram bot; admin permission", + "fr": "Choisissez le compte Matrix administrateur du robot Telegram" }, "example": "@johndoe:localsynapse.servername or @johndoe:matrix.org", "help": { - "en": "The Signal bot administrator does not need to be a local synapse account.", - "fr": "Le compte administrateur du robot Signal peut ne pas ĂȘtre un compte local synapse." + "en": "The Telegram bot administrator does not need to be a local synapse account.", + "fr": "Le compte administrateur du robot Telegram peut ne pas ĂȘtre un compte local synapse." }, - "default": "Your main Matrix account" + "default": "" }, { "name": "botusers", "type": "string", "ask": { - "en": "Choose Matrix user(s) authorized to bridge with the Signal bot", - "fr": "Choisissez le/les compte(s) Matrix autorisĂ©s Ă  utiliser le robot Signal" + "en": "Choose Matrix user(s) authorized to bridge with the Telegram bot; puppeting permission", + "fr": "Choisissez le/les compte(s) Matrix autorisĂ©s Ă  utiliser le robot Telegram" }, "example": "local or @johndoe:server.name or server.name or *", "default": "local", @@ -91,6 +91,48 @@ "en": "All local synapse users (local), a remote or local user (@johndoe:server.name), a remote server (matrix.org), or all remote/local servers (*) can be authorized. Give the matrix server_name, not the full domain/url.", "fr": "On peut autoriser tous les comptes synapse locaux (local), un compte local ou distant (@johndoe:server.name), un serveur distant (matrix.org), ou tous les serveurs remote/local (*). Donner le nom du serveur matrix, pas le domaine/url complet." } + }, + { + "name": "apiid", + "type": "string", + "ask": { + "en": "Telegram API keys (https://my.telegram.org/apps): ID", + "fr": "TODO" + }, + "example": "12345", + "default": "", + "help": { + "en": "Get your own API keys at https://my.telegram.org/apps", + "fr": "TODO" + } + }, + { + "name": "apihash", + "type": "string", + "ask": { + "en": "Telegram API keys (https://my.telegram.org/apps): Hash", + "fr": "TODO" + }, + "example": "tjyd5yge35lbodk1xwzw2jstp90k55qz", + "default": "", + "help": { + "en": "Get your own API keys at https://my.telegram.org/apps", + "fr": "TODO" + } + }, + { + "name": "bottoken", + "type": "string", + "ask": { + "en": "Telegram bot token (optional)", + "fr": "TODO" + }, + "example": "disabled", + "default": "disabled", + "help": { + "en": "Create your own telegram bot.", + "fr": "TODO" + } } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 8cdfdaa..de3e43f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,8 @@ #================================================= # dependencies used by the app -pkg_dependencies="postgresql python3" +# HACK zlib1g-dev libjpeg-dev (libwebp-dev optional but necessary for stickers) are necessary to compile / install pillow +pkg_dependencies="postgresql python3 zlib1g-dev libjpeg-dev libwebp-dev" #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index 6ea8892..f35b565 100755 --- a/scripts/backup +++ b/scripts/backup @@ -49,25 +49,6 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" -#================================================= -# BACKUP THE NGINX CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= @@ -86,19 +67,17 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" # BACKUP VARIOUS FILES #================================================= -ynh_backup --src_path="/etc/cron.d/$app" - -ynh_backup --src_path="/etc/$app/" +# ynh_backup --src_path="/etc/$app/" #================================================= -# BACKUP THE MYSQL DATABASE +# BACKUP THE PostrgeSQL DATABASE #================================================= -ynh_print_info --message="Backing up the MySQL database..." +ynh_print_info --message="Backing up the PostgreSQL database..." ### (However, things like MySQL dumps *do* take some time to run, though the ### copy of the generated dump to the archive still happens later) -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_psql_dump_db --database="$db_name" > db.sql #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 83644ae..1c90ed8 100755 --- a/scripts/install +++ b/scripts/install @@ -30,10 +30,15 @@ encryption=$YNH_APP_ARG_ENCRYPTION botadmin=$YNH_APP_ARG_BOTADMIN botusers=$YNH_APP_ARG_BOTUSERS +# TODO new settings specific to telegram +apiid=$YNH_APP_ARG_APIID +apihash=$YNH_APP_ARG_APIHASH +bottoken=$YNH_APP_ARG_BOTTOKEN + app=$YNH_APP_INSTANCE_NAME final_path=/opt/yunohost/$app -# ToDo check (in manifest?) if the selected synapse instance is not already connected to a mautrix_bridge bridge +# TODO check (in manifest?) if the selected synapse instance is not already connected to a mautrix_bridge bridge if [ $synapsenumber -eq "1" ] then synapse_instance="synapse" @@ -74,7 +79,7 @@ test ! -e "$final_path" || ynh_die --message="This path already contains a folde ynh_script_progression --message="Configuring firewall..." --weight=1 # Find a free port for communication between your local synapse instance (home server) and its app service mautrix_bridge. -port=$(ynh_find_port --port=8449) +port=$(ynh_find_port --port=29317) #================================================= # STORE SETTINGS FROM MANIFEST @@ -88,9 +93,13 @@ ynh_app_setting_set --app=$app --key=botname --value=$botname ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance ynh_app_setting_set --app=$app --key=app_service_registration_path --value=$app_service_registration_path ynh_app_setting_set --app=$app --key=encryption --value=$encryption -ynh_app_setting_set --app=$app --key=mautrix_bridge_db_name --value=$mautrix_bridge_db_name -ynh_app_setting_set --app=$app --key=botadmin --value=$botadmin +ynh_app_setting_set --app=$app --key=mautrix_bridge_db_name --value=$mautrix_bridge_db_name ynh_app_setting_set --app=$app --key=botadmin --value=$botadmin ynh_app_setting_set --app=$app --key=botusers --value=$botusers + +ynh_app_setting_set --app=$app --key=apiid --value=$apiid +ynh_app_setting_set --app=$app --key=apihash --value=$apihash +ynh_app_setting_set --app=$app --key=bottoken --value=$bottoken + ynh_app_setting_set --app=$app --key=mautrix_version --value=$upstream_version ynh_app_setting_set --app=$app --key=final_path --value=$final_path @@ -109,8 +118,6 @@ ynh_script_progression --message="Installing dependencies..." --weight=97 ynh_install_app_dependencies $pkg_dependencies -ynh_install_extra_app_dependencies --repo="https://updates.signald.org unstable main" --package="libunixsocket-java signaldctl signald" --key="https://updates.signald.org/apt-signing-key.asc" - #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -204,6 +211,10 @@ ynh_replace_string --match_string=__LOG_FILENAME__ --replace_string="/var/log/$a # Options: debug, info, warn, error, fatal ynh_replace_string --match_string=__LOG_LEVEL__ --replace_string="error" --target_file="$mautrix_config_path" +ynh_replace_string --match_string=__TELEGRAM_API_ID__ --replace_string=$apiid --target_file="$mautrix_config_path" +ynh_replace_string --match_string=__TELEGRAM_API_HASH__ --replace_string=$apihash --target_file="$mautrix_config_path" +ynh_replace_string --match_string=__TELEGRAM_BOT_TOKEN__ --replace_string=$bottoken --target_file="$mautrix_config_path" + #================================================= # INSTALL MAUTRIX-BRIDGE PYTHON MODULE @@ -212,10 +223,17 @@ ynh_replace_string --match_string=__LOG_LEVEL__ --replace_string="error" --targe mkdir -p /var/log/$app # Configure Mautrix-Bridge python3 -m venv $final_path -#$final_path/bin/pip3 install --upgrade setuptools wheel -$final_path/bin/pip3 install $final_path/src/mautrix-signal.tar.gz[metrics,formattednumbers,qrlink] +$final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" +$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,webp_convert,qr_login] # metrics # -r optional-requirements.txt -$final_path/bin/python3 -m mautrix_signal -g -c $mautrix_config_path -r $app_service_registration_path/$app.yaml +$final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" +# initialize the database +# HACK alembic won't find its script dir using a relative path unless when started from $final_path +# therefore we replace the script_location +ynh_replace_string --match_string="script_location = alembic" \ + --replace_string="script_location = $final_path/alembic" \ + --target_file="$final_path/alembic.ini" +$final_path/bin/alembic -c "$final_path/alembic.ini" -x config="$mautrix_config_path" upgrade head /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh \ || ynh_die "Synapse can't restart with the appservice configuration" @@ -264,7 +282,7 @@ chown $mautrix_bridge_user:root -R /var/log/$app #================================================= #yunohost service add $app --log "/var/log/$app/log.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added -yunohost service add $app --description "$app daemon for bridging Signal and Matrix messages" --log "/var/log/$app/$app.log" +yunohost service add $app --description "$app daemon for bridging Telegram and Matrix messages" --log "/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/restore b/scripts/restore index c334a77..d88233b 100755 --- a/scripts/restore +++ b/scripts/restore @@ -75,21 +75,6 @@ ynh_system_user_create --username=$app # Restore permissions on app files chown -R root: $final_path -#================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 - -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # SPECIFIC RESTORATION #================================================= @@ -100,14 +85,15 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight= # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies +# TODO #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 +# ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql +# db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +# ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +# ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= # RESTORE SYSTEMD @@ -135,9 +121,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap # RESTORE VARIOUS FILES #================================================= -ynh_restore_file --origin_path="/etc/cron.d/$app" - -ynh_restore_file --origin_path="/etc/$app/" +# ynh_restore_file --origin_path="/etc/$app/" #================================================= # RESTORE THE LOGROTATE CONFIGURATION @@ -148,12 +132,6 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 - -ynh_systemd_action --service_name=php$phpversion-fpm --action=reload -ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index 6e61d9f..fbd6aab 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,14 +94,6 @@ then ynh_setup_source --dest_dir="$final_path" fi -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -131,6 +123,12 @@ ynh_add_fpm_config # ... #================================================= +if [ "$upgrade_type" == "UPGRADE_APP" ] +then +$final_path/bin/pip3 install --upgrade setuptools wheel # HACK fixes "error: invalid command 'bdist_wheel'" +$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[postgres,speedups,webp_convert,qr_login] +fi +# #================================================= # SETUP SYSTEMD #================================================= @@ -145,12 +143,71 @@ ynh_add_systemd_config ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" -ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" +server_name=$(ynh_app_setting_get --app=$app --key=server_name) +port=$(ynh_app_setting_get --app=$app --key=port) +mautrix_bridge_user=$(ynh_app_setting_get --app=$app --key=mautrix_bridge_user) +mautrix_bridge_db_pwd=$(ynh_app_setting_get --app=$app --key=mautrix_bridge_db_pwd) +mautrix_bridge_db_name=$(ynh_app_setting_get --app=$app --key=mautrix_bridge_db_name) +botname=$(ynh_app_setting_get --app=$app --key=botname) +botusers=$(ynh_app_setting_get --app=$app --key=botusers) +botadmin=$(ynh_app_setting_get --app=$app --key=botadmin) +apiid=$(ynh_app_setting_get --app=$app --key=apiid) +apihash=$(ynh_app_setting_get --app=$app --key=apihash) +bottoken=$(ynh_app_setting_get --app=$app --key=bottoken) + +# mautrix_config_path="$final_path/config.yaml" +# cp ../conf/config.yaml "$mautrix_config_path" +# ynh_replace_string --match_string=__DOMAIN__ --replace_string="https://$domain" --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__VERIFY_SERVER_SSL_CERTIFICATES__ --replace_string=true --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__MATRIX_SERVER_SUPPORTS_ASMUX__ --replace_string=false --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__MAUTRIX_BRIDGE_USER__ --replace_string=$mautrix_bridge_user --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__MAUTRIX_BRIDGE_DB_PWD__ --replace_string=$mautrix_bridge_db_pwd --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__MAUTRIX_BRIDGE_DB_NAME__ --replace_string=$mautrix_bridge_db_name --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__BOTNAME__ --replace_string=$botname --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__ENCRYPTION__ --replace_string=$encryption --target_file="$mautrix_config_path" +# if [ "$botusers" = "local" ] +# then +# ynh_replace_string --match_string=__BOTUSERS__ --replace_string=$server_name --target_file="$mautrix_config_path" +# else +# ynh_replace_string --match_string=__BOTUSERS__ --replace_string=$botusers --target_file="$mautrix_config_path" +# fi +# ynh_replace_string --match_string=__BOTADMIN__ --replace_string=$botadmin --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__LOG_FILENAME__ --replace_string="/var/log/$app/$app.log" --target_file="$mautrix_config_path" +# # Options: debug, info, warn, error, fatal +# ynh_replace_string --match_string=__LOG_LEVEL__ --replace_string="error" --target_file="$mautrix_config_path" + +# ynh_replace_string --match_string=__TELEGRAM_API_ID__ --replace_string=$apiid --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__TELEGRAM_API_HASH__ --replace_string=$apihash --target_file="$mautrix_config_path" +# ynh_replace_string --match_string=__TELEGRAM_BOT_TOKEN__ --replace_string=$bottoken --target_file="$mautrix_config_path" + +# ynh_backup_if_checksum_is_different --file="$mautrix_config_path" + +# ynh_replace_string --match_string="script_location = alembic" \ +# --replace_string="script_location = $final_path/alembic" \ +# --target_file="$final_path/alembic.ini" +# ynh_backup_if_checksum_is_different --file="$final_path/alembic.ini" + +# upgrade the python stuff +$final_path/bin/python3 -m mautrix_telegram -g -c "$mautrix_config_path" -r "$app_service_registration_path/$app.yaml" + +# update the registration file +synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance) +app_service_registration_path="/etc/matrix-$synapse_instance/app-service" +$final_path/bin/alembic -c "$final_path/alembic.ini" -x config="$mautrix_config_path" upgrade head + +# upgrade the database +ynh_backup_if_checksum_is_different --file="$app_service_registration_path/$app.yaml" + # Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/CONFIG_FILE" +ynh_store_file_checksum --file="$mautrix_config_path" +ynh_store_file_checksum --file="$final_path/alembic.ini" + + #================================================= # GENERIC FINALIZATION @@ -184,31 +241,12 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= -# UPGRADE FAIL2BAN +# RELOAD synapse #================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 +ynh_script_progression --message="Reloading synapse server..." --time --weight=1 -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh \ + || ynh_die "Synapse can't restart with the appservice configuration" #================================================= # END OF SCRIPT