[#3031] Update mautrix-signal to the go version (signalgo merged to signal)

README.md

@@ -112,6 +112,7 @@ Bridges can be used to connect your matrix installation with third-party communi
 | [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
 | [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
 | [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
+| [mautrix-signalgo](https://github.com/mautrix/signalgo) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signalgo.md) |
 | [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
 | [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
 | [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |

docs/configuring-playbook-bridge-mautrix-signalgo.md

@@ -0,0 +1,80 @@
+# Setting up Mautrix Signalgo (optional)
+
+The playbook can install and configure [mautrix-signalgo](https://github.com/mautrix/signalgo) for you.
+
+See the project's [documentation](https://docs.mau.fi/bridges/python/signalgo/index.html) to learn what it does and why it might be useful to you.
+
+**Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signalgo_database_*`).
+
+**Note**: This revamped version of the [mautrix-signal (legacy)](configuring-playbook-bridge-mautrix-signal.md) may increase the CPU usage of your homeserver.
+
+Use the following playbook configuration:
+
+```yaml
+matrix_mautrix_signalgo_enabled: true
+```
+
+There are some additional things you may wish to configure about the bridge before you continue.
+
+By default, any user on your homeserver will be able to use the bridge.
+
+Different levels of permission can be granted to users:
+
+* relay - Allowed to be relayed through the bridge, no access to commands;
+* user - Use the bridge with puppeting;
+* admin - Use and administer the bridge.
+
+The permissions are following the sequence: nothing < relay < user < admin.
+
+The default permissions are set as follows:
+```yaml
+permissions:
+  '*': relay
+  YOUR_DOMAIN: user
+```
+
+If you want to augment the preset permissions, you might want to set the additional permissions with the following settings in your `vars.yml` file:
+```yaml
+matrix_mautrix_signalgo_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:YOUR_DOMAIN': admin
+```
+
+This will add the admin permission to the specific user, while keeping the default permissions.
+
+In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file:
+```yaml
+matrix_mautrix_signalgo_bridge_permissions: |
+  '@ADMIN:YOUR_DOMAIN': admin
+  '@USER:YOUR_DOMAIN' : user
+```
+
+You may wish to look at `roles/custom/matrix-bridge-mautrix-signalgo/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+### Method 2: manually, by asking each user to provide a working access token
+
+**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
+
+When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
+
+- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
+
+- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
+
+- make sure you don't log out the `Mautrix-Signalgo` device some time in the future, as that would break the Double Puppeting feature
+
+
+## Usage
+
+You then need to start a chat with `@signalgobot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

docs/configuring-playbook.md

@@ -132,6 +132,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
 
+- [Setting up Mautrix Signalgo bridging](configuring-playbook-bridge-mautrix-signalgo.md) (optional)
+
 - [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) (optional)
 
 - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)

group_vars/matrix_servers

@@ -97,6 +97,8 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
     +
+    (['--mount type=bind,src=' + matrix_mautrix_signalgo_config_path + '/registration.yaml,dst=/matrix-mautrix-signalgo-registration.yaml,ro'] if matrix_mautrix_signalgo_enabled else [])
+    +
     (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
@@ -160,6 +162,8 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
     +
+    (['/matrix-mautrix-signalgo-registration.yaml'] if matrix_mautrix_signalgo_enabled else [])
+    +
     (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
     +
     (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
@@ -278,6 +282,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else [])
     +
+    ([{'name': 'matrix-mautrix-signalgo.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signalgo', 'mautrix-signalgo']}] if matrix_mautrix_signalgo_enabled else [])
+    +
     ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
     +
     ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
@@ -1090,6 +1096,51 @@ matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-mautrix-signalgo
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_signalgo_enabled: false
+
+matrix_mautrix_signalgo_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_mautrix_signalgo_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_mautrix_signalgo_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.as.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_signalgo_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_signalgo_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
+# - `matrix_mautrix_signalgo_metrics_enabled`
+# - `matrix_mautrix_signalgo_proxying_metrics_enabled`
+# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
+matrix_mautrix_signalgo_metrics_enabled: "{{ prometheus_enabled }}"
+
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_signalgo_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_signalgo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_signalgo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mausignalgo.db', rounds=655555) | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-signalgo
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bridge-mautrix-telegram
@@ -3129,6 +3180,12 @@ devture_postgres_managed_databases_auto: |
       'password': matrix_mautrix_signal_database_password,
     }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
     +
+    ([{
+      'name': matrix_mautrix_signalgo_database_name,
+      'username': matrix_mautrix_signalgo_database_username,
+      'password': matrix_mautrix_signalgo_database_password,
+    }] if (matrix_mautrix_signalgo_enabled and matrix_mautrix_signalgo_database_engine == 'postgres' and matrix_mautrix_signalgo_database_hostname == devture_postgres_connection_hostname) else [])
+    +
     ([{
       'name': matrix_mautrix_wsproxy_syncproxy_database_name,
       'username': matrix_mautrix_wsproxy_syncproxy_database_username,

roles/custom/matrix-bridge-mautrix-signalgo/defaults/main.yml

@@ -0,0 +1,159 @@
+---
+# mautrix-signalgo is a Matrix <-> signalgo bridge
+# Project source code URL: https://github.com/mautrix/signalgo
+
+matrix_mautrix_signalgo_enabled: true
+
+matrix_mautrix_signalgo_container_image_self_build: false
+matrix_mautrix_signalgo_container_image_self_build_repo: "https://mau.dev/mautrix/signalgo.git"
+matrix_mautrix_signalgo_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signalgo_version == 'latest' else matrix_mautrix_signalgo_version }}"
+
+# renovate: datasource=docker depName=dock.mau.dev/mautrix/signalgo
+matrix_mautrix_signalgo_version: 3953789ef00f5f521a26b4463aaee95aa8a929b9-amd64
+
+# See: https://mau.dev/mautrix/signalgo/container_registry
+matrix_mautrix_signalgo_docker_image: "{{ matrix_mautrix_signalgo_docker_image_name_prefix }}mautrix/signalgo:{{ matrix_mautrix_signalgo_version }}"
+matrix_mautrix_signalgo_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signalgo_container_image_self_build else 'dock.mau.dev/' }}"
+matrix_mautrix_signalgo_docker_image_force_pull: "{{ matrix_mautrix_signalgo_docker_image.endswith(':latest') }}"
+
+matrix_mautrix_signalgo_base_path: "{{ matrix_base_data_path }}/mautrix-signalgo"
+matrix_mautrix_signalgo_config_path: "{{ matrix_mautrix_signalgo_base_path }}/config"
+matrix_mautrix_signalgo_data_path: "{{ matrix_mautrix_signalgo_base_path }}/data"
+matrix_mautrix_signalgo_docker_src_files_path: "{{ matrix_mautrix_signalgo_base_path }}/docker-src"
+
+matrix_mautrix_signalgo_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_mautrix_signalgo_homeserver_domain: "{{ matrix_domain }}"
+matrix_mautrix_signalgo_appservice_address: "http://matrix-mautrix-signalgo:8080"
+
+matrix_mautrix_signalgo_command_prefix: "!signalgo"
+
+matrix_mautrix_signalgo_bridge_permissions: |
+  {{
+    {'*': 'relay', matrix_mautrix_signalgo_homeserver_domain: 'user'}
+    | combine({matrix_admin: 'admin'} if matrix_admin else {})
+  }}
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_signalgo_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-signalgo.service depends on.
+matrix_mautrix_signalgo_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-signalgo.service wants
+matrix_mautrix_signalgo_systemd_wanted_services_list: []
+
+matrix_mautrix_signalgo_appservice_token: ''
+matrix_mautrix_signalgo_homeserver_token: ''
+
+matrix_mautrix_signalgo_appservice_bot_username: signalgobot
+
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_signalgo_logging_level: 'warn'
+
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_signalgo_federate_rooms: true
+
+# Whether or not metrics endpoint should be enabled.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.
+matrix_mautrix_signalgo_metrics_enabled: false
+
+# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_mautrix_signalgo_metrics_proxying_enabled: false
+
+# Database-related configuration fields.
+#
+# To use SQLite, stick to these defaults.
+#
+# To use Postgres:
+# - change the engine (`matrix_mautrix_signalgo_database_engine: 'postgres'`)
+# - adjust your database credentials via the `matrix_mautrix_signalgo_database_*` variables
+matrix_mautrix_signalgo_database_engine: 'sqlite'
+
+matrix_mautrix_signalgo_sqlite_database_path_local: "{{ matrix_mautrix_signalgo_data_path }}/mautrix-signalgo.db"
+matrix_mautrix_signalgo_sqlite_database_path_in_container: "/data/mautrix-signalgo.db"
+
+matrix_mautrix_signalgo_database_username: 'matrix_mautrix_signalgo'
+matrix_mautrix_signalgo_database_password: 'some-password'
+matrix_mautrix_signalgo_database_hostname: ''
+matrix_mautrix_signalgo_database_port: 5432
+matrix_mautrix_signalgo_database_name: 'matrix_mautrix_signalgo'
+matrix_mautrix_signalgo_database_sslmode: disable
+
+matrix_mautrix_signalgo_database_connection_string: 'postgresql://{{ matrix_mautrix_signalgo_database_username }}:{{ matrix_mautrix_signalgo_database_password }}@{{ matrix_mautrix_signalgo_database_hostname }}:{{ matrix_mautrix_signalgo_database_port }}/{{ matrix_mautrix_signalgo_database_name }}?sslmode={{ matrix_mautrix_signalgo_database_sslmode }}'
+
+matrix_mautrix_signalgo_appservice_database_type: "{{
+	{
+		'sqlite': 'sqlite3',
+		'postgres':'postgres',
+	}[matrix_mautrix_signalgo_database_engine]
+}}"
+
+matrix_mautrix_signalgo_appservice_database_uri: "{{
+	{
+		'sqlite': matrix_mautrix_signalgo_sqlite_database_path_in_container,
+		'postgres': matrix_mautrix_signalgo_database_connection_string,
+	}[matrix_mautrix_signalgo_database_engine]
+}}"
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mautrix_signalgo_login_shared_secret: ''
+matrix_mautrix_signalgo_bridge_login_shared_secret_map:
+  "{{ {matrix_mautrix_signalgo_homeserver_domain: matrix_mautrix_signalgo_login_shared_secret} if matrix_mautrix_signalgo_login_shared_secret else {} }}"
+
+# Servers to always allow double puppeting from
+matrix_mautrix_signalgo_bridge_double_puppet_server_map:
+  "{{ matrix_mautrix_signalgo_homeserver_domain :  matrix_mautrix_signalgo_homeserver_address }}"
+
+# Default mautrix-signalgo configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mautrix_signalgo_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mautrix_signalgo_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mautrix_signalgo_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mautrix_signalgo_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mautrix_signalgo_configuration_yaml`.
+
+matrix_mautrix_signalgo_configuration_extension: "{{ matrix_mautrix_signalgo_configuration_extension_yaml | from_yaml if matrix_mautrix_signalgo_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signalgo_configuration_yaml`.
+matrix_mautrix_signalgo_configuration: "{{ matrix_mautrix_signalgo_configuration_yaml | from_yaml | combine(matrix_mautrix_signalgo_configuration_extension, recursive=True) }}"
+
+matrix_mautrix_signalgo_registration_yaml: |
+  id: signalgo
+  url: {{ matrix_mautrix_signalgo_appservice_address }}
+  as_token: "{{ matrix_mautrix_signalgo_appservice_token }}"
+  hs_token: "{{ matrix_mautrix_signalgo_homeserver_token }}"
+  # See https://github.com/mautrix/signal/issues/43
+  sender_localpart: _bot_{{ matrix_mautrix_signalgo_appservice_bot_username }}
+  rate_limited: false
+  namespaces:
+      users:
+      - regex: '^@signalgo_[0-9]+:{{ matrix_mautrix_signalgo_homeserver_domain | regex_escape }}$'
+        exclusive: true
+      - exclusive: true
+        regex: '^@{{ matrix_mautrix_signalgo_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signalgo_homeserver_domain | regex_escape }}$'
+  de.sorunome.msc2409.push_ephemeral: true
+
+matrix_mautrix_signalgo_registration: "{{ matrix_mautrix_signalgo_registration_yaml | from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_signalgo_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
+matrix_mautrix_signalgo_bridge_encryption_default: "{{ matrix_mautrix_signalgo_bridge_encryption_allow }}"
+matrix_mautrix_signalgo_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signalgo_bridge_encryption_allow }}"
+
+# On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
+# Setting this to false fixed the issue.
+matrix_mautrix_signalgo_bridge_restricted_rooms: true