Skip to content

Commit

Permalink
Adapt mautrix-twitter to bridgev2 configuration
Browse files Browse the repository at this point in the history
Fixup for 784a5aa.
  • Loading branch information
spantaleev committed Dec 17, 2024
1 parent beeb8a7 commit bf9bd1f
Show file tree
Hide file tree
Showing 6 changed files with 462 additions and 202 deletions.
20 changes: 13 additions & 7 deletions docs/configuring-playbook-bridge-mautrix-twitter.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ See the project's [documentation](https://github.com/mautrix/twitter) to learn w

## Prerequisite (optional)

If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
### Enable Appservice Double Puppet (optional)

If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.

For details about configuring Double Puppeting for this bridge, see the section below: [Set up Double Puppeting](#-set-up-double-puppeting)

Expand Down Expand Up @@ -50,14 +52,18 @@ After successfully enabling bridging, you may wish to set up [Double Puppeting](

To set it up, you have 2 ways of going about it.

#### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth

The bridge automatically performs Double Puppeting if [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service is configured and enabled on the server for this playbook.
#### Method 1: automatically, by enabling Appservice Double Puppet

Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
The bridge automatically performs Double Puppeting if [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service is configured and enabled on the server for this playbook.

Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.

#### Method 2: manually, by asking each user to provide a working access token

This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/mautrix/twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:

- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).

- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

- make sure you don't log out the `Mautrix-Slack` device some time in the future, as that would break the Double Puppeting feature
10 changes: 4 additions & 6 deletions group_vars/matrix_servers
Original file line number Diff line number Diff line change
Expand Up @@ -1835,17 +1835,15 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"

matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: |-
matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"

matrix_mautrix_twitter_double_puppet_secrets_auto: |-
{{
({
matrix_mautrix_twitter_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_twitter_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
else {}
}}

matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
Expand Down
41 changes: 32 additions & 9 deletions roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,10 @@ matrix_mautrix_twitter_homeserver_address: ""
matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'

matrix_mautrix_twitter_command_prefix: "!tw"
# A public address that external services can use to reach this appservice.
matrix_mautrix_twitter_appservice_public_address: ''

matrix_mautrix_twitter_bridge_command_prefix: "!tw"

matrix_mautrix_twitter_bridge_permissions: |
{{
Expand Down Expand Up @@ -84,7 +87,7 @@ matrix_mautrix_twitter_homeserver_token: ''

# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_mautrix_twitter_federate_rooms: true
matrix_mautrix_twitter_matrix_federate_rooms: true

# Database-related configuration fields.
#
Expand All @@ -97,23 +100,38 @@ matrix_mautrix_twitter_database_password: 'some-password'
matrix_mautrix_twitter_database_hostname: ''
matrix_mautrix_twitter_database_port: 5432
matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_sslmode: disable

matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}'
matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}?sslmode={{ matrix_mautrix_twitter_database_sslmode }}'

matrix_mautrix_twitter_appservice_database: "{{
matrix_mautrix_twitter_database_uri: "{{
{
'postgres': matrix_mautrix_twitter_database_connection_string,
}[matrix_mautrix_twitter_database_engine]
}}"

matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ matrix_mautrix_twitter_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_twitter_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_twitter_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_twitter_double_puppet_secrets: "{{ matrix_mautrix_twitter_double_puppet_secrets_auto | combine(matrix_mautrix_twitter_double_puppet_secrets_custom) }}"
matrix_mautrix_twitter_double_puppet_secrets_auto: {}
matrix_mautrix_twitter_double_puppet_secrets_custom: {}

matrix_mautrix_twitter_appservice_bot_username: twitterbot
matrix_mautrix_twitter_appservice_bot_displayname: Twitter bridge bot
matrix_mautrix_twitter_appservice_bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn

matrix_mautrix_twitter_backfill_enabled: true
# Maximum number of messages to backfill in empty rooms
matrix_mautrix_twitter_backfill_max_initial_messages: 50

# Maximum number of missed messages to backfill after bridge restarts
matrix_mautrix_twitter_backfill_max_catchup_messages: 500

# Shared secret for authentication of provisioning API requests.
# If set to "disable", the provisioning API will be disabled.
matrix_mautrix_twitter_provisioning_shared_secret: disable

# Specifies the default log level for all bridge loggers.
matrix_mautrix_twitter_logging_level: WARNING
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_twitter_logging_level: 'warn'

# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
Expand Down Expand Up @@ -162,10 +180,15 @@ matrix_mautrix_twitter_registration_yaml: |
sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true

matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"

# Enable End-to-bridge encryption
matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_twitter_bridge_encryption_require: false
matrix_mautrix_twitter_bridge_encryption_appservice: false
matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
# This pickle key value is compatible with the old mautrix-twitter bridge (before bridgev2).
matrix_mautrix_twitter_bridge_encryption_pickle_key: mautrix.bridge.e2ee
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,10 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_twitter_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_twitter_appservice_database', 'new': 'matrix_mautrix_twitter_database_uri'}
- {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map', 'new': 'matrix_mautrix_twitter_double_puppet_secrets'}
- {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map_auto', 'new': 'matrix_mautrix_twitter_double_puppet_secrets_auto'}
- {'old': 'matrix_mautrix_twitter_bridge_login_shared_secret_map_custom', 'new': 'matrix_mautrix_twitter_double_puppet_secrets_custom'}
- {'old': 'matrix_mautrix_twitter_federate_rooms', 'new': 'matrix_mautrix_twitter_matrix_federate_rooms'}
- {'old': 'matrix_mautrix_twitter_command_prefix', 'new': 'matrix_mautrix_twitter_bridge_command_prefix'}

Check failure on line 31 in roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml

View workflow job for this annotation

GitHub Actions / ansible-lint

yaml[empty-lines]

Too many blank lines (1 > 0)

Check failure on line 31 in roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml

View workflow job for this annotation

GitHub Actions / yamllint

too many blank lines
Loading

0 comments on commit bf9bd1f

Please sign in to comment.