mirror of
https://github.com/matrix-org/matrix-hookshot.git
synced 2025-03-10 21:19:13 +00:00
c962f17a91
* Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
185 lines
4.8 KiB
YAML
185 lines
4.8 KiB
YAML
# This is an example configuration file
|
|
|
|
bridge:
|
|
# Basic homeserver configuration
|
|
#
|
|
domain: example.com
|
|
url: http://localhost:8008
|
|
mediaUrl: http://example.com
|
|
port: 9993
|
|
bindAddress: 127.0.0.1
|
|
github:
|
|
# (Optional) Configure this to enable GitHub support
|
|
#
|
|
auth:
|
|
# Authentication for the GitHub App.
|
|
#
|
|
id: 123
|
|
privateKeyFile: github-key.pem
|
|
webhook:
|
|
# Webhook settings for the GitHub app.
|
|
#
|
|
secret: secrettoken
|
|
oauth:
|
|
# (Optional) Settings for allowing users to sign in via OAuth.
|
|
#
|
|
client_id: foo
|
|
client_secret: bar
|
|
redirect_uri: https://example.com/bridge_oauth/
|
|
defaultOptions:
|
|
# (Optional) Default options for GitHub connections.
|
|
#
|
|
showIssueRoomLink: false
|
|
hotlinkIssues:
|
|
prefix: "#"
|
|
userIdPrefix:
|
|
# (Optional) Prefix used when creating ghost users for GitHub accounts.
|
|
#
|
|
_github_
|
|
gitlab:
|
|
# (Optional) Configure this to enable GitLab support
|
|
#
|
|
instances:
|
|
gitlab.com:
|
|
url: https://gitlab.com
|
|
webhook:
|
|
secret: secrettoken
|
|
publicUrl: https://example.com/hookshot/
|
|
userIdPrefix:
|
|
# (Optional) Prefix used when creating ghost users for GitLab accounts.
|
|
#
|
|
_gitlab_
|
|
figma:
|
|
# (Optional) Configure this to enable Figma support
|
|
#
|
|
publicUrl: https://example.com/hookshot/
|
|
instances:
|
|
your-instance:
|
|
teamId: your-team-id
|
|
accessToken: your-personal-access-token
|
|
passcode: your-webhook-passcode
|
|
jira:
|
|
# (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
|
|
#
|
|
webhook:
|
|
# Webhook settings for JIRA
|
|
#
|
|
secret: secrettoken
|
|
oauth:
|
|
# (Optional) OAuth settings for connecting users to JIRA. See documentation for more information
|
|
#
|
|
client_id: foo
|
|
client_secret: bar
|
|
redirect_uri: https://example.com/bridge_oauth/
|
|
generic:
|
|
# (Optional) Support for generic webhook events.
|
|
#'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
|
|
#
|
|
#
|
|
enabled: false
|
|
enableHttpGet: false
|
|
urlPrefix: https://example.com/webhook/
|
|
userIdPrefix: _webhooks_
|
|
allowJsTransformationFunctions: false
|
|
waitForComplete: false
|
|
feeds:
|
|
# (Optional) Configure this to enable RSS/Atom feed support
|
|
#
|
|
enabled: false
|
|
pollIntervalSeconds: 600
|
|
pollTimeoutSeconds: 30
|
|
provisioning:
|
|
# (Optional) Provisioning API for integration managers
|
|
#
|
|
secret: "!secretToken"
|
|
passFile:
|
|
# A passkey used to encrypt tokens stored inside the bridge.
|
|
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
|
|
#
|
|
passkey.pem
|
|
bot:
|
|
# (Optional) Define profile information for the bot user
|
|
#
|
|
displayname: GitHub Bot
|
|
avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
|
|
metrics:
|
|
# (Optional) Prometheus metrics support
|
|
#
|
|
enabled: true
|
|
queue:
|
|
# (Optional) Message queue / cache configuration options for large scale deployments.
|
|
# For encryption to work, must be set to monolithic mode and have a host & port specified.
|
|
#
|
|
monolithic: true
|
|
port: 6379
|
|
host: localhost
|
|
encryption:
|
|
# (Optional) Configuration for encryption support in the bridge.
|
|
# If omitted, encryption support will be disabled.
|
|
#
|
|
storagePath: ./data/encryption
|
|
logging:
|
|
# (Optional) Logging settings. You can have a severity debug,info,warn,error
|
|
#
|
|
level: info
|
|
colorize: true
|
|
json: false
|
|
timestampFormat: HH:mm:ss:SSS
|
|
widgets:
|
|
# (Optional) EXPERIMENTAL support for complimentary widgets
|
|
#
|
|
addToAdminRooms: false
|
|
disallowedIpRanges:
|
|
- 127.0.0.0/8
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 100.64.0.0/10
|
|
- 192.0.0.0/24
|
|
- 169.254.0.0/16
|
|
- 192.88.99.0/24
|
|
- 198.18.0.0/15
|
|
- 192.0.2.0/24
|
|
- 198.51.100.0/24
|
|
- 203.0.113.0/24
|
|
- 224.0.0.0/4
|
|
- ::1/128
|
|
- fe80::/10
|
|
- fc00::/7
|
|
- 2001:db8::/32
|
|
- ff00::/8
|
|
- fec0::/10
|
|
roomSetupWidget:
|
|
addOnInvite: false
|
|
publicUrl: http://example.com/widgetapi/v1/static/
|
|
branding:
|
|
widgetTitle: Hookshot Configuration
|
|
permissions:
|
|
# (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
|
|
#
|
|
- actor: example.com
|
|
services:
|
|
- service: "*"
|
|
level: admin
|
|
listeners:
|
|
# (Optional) HTTP Listener configuration.
|
|
# Bind resource endpoints to ports and addresses.
|
|
# 'port' must be specified. Each listener must listen on a unique port.
|
|
# 'bindAddress' will default to '127.0.0.1' if not specified, which may not be suited to Docker environments.
|
|
# 'resources' may be any of webhooks, widgets, metrics, provisioning
|
|
#
|
|
- port: 9000
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- webhooks
|
|
- port: 9001
|
|
bindAddress: 127.0.0.1
|
|
resources:
|
|
- metrics
|
|
- provisioning
|
|
- port: 9002
|
|
bindAddress: 0.0.0.0
|
|
resources:
|
|
- widgets
|
|
|