diff --git a/Makefile b/Makefile index a8c83d8..4312202 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,11 @@ config.json: config.yaml .files-list $(FILES) sudo flatcar-reset \ --ignition-file $${TEMPDIR}/config.json \ --keep-machine-id \ - --keep-paths '/etc/ssh/ssh_host_.*' '/opt/caddy/' '/opt/matrixdotorg-synapse/' /var/log && \ + --keep-paths '/etc/ssh/ssh_host_.*' \ + --keep-paths '/home/core/caddy/' \ + --keep-paths '/home/core/matrixdotorg-synapse/' \ + --keep-paths '/home/core/matrixdotorg-matrix-appservice-irc' \ + --keep-paths '/var/log' && \ ssh -o ControlPath=/tmp/ssh_mux_%h_%p_%r akpella \ sudo systemctl reboot && \ ssh -o ControlPath=/tmp/ssh_mux_%h_%p_%r -O exit akpella; diff --git a/config.yaml b/config.yaml index 6556894..9ab0fac 100644 --- a/config.yaml +++ b/config.yaml @@ -18,6 +18,7 @@ storage: - path: /opt/caddy/etc/caddy - path: /opt/caddy/var/www/html - path: /opt/matrixdotorg-synapse/data + - path: /home/core/matrixdotorg-matrix-appservice-irc/data files: # hostname - path: /etc/hostname @@ -52,3 +53,6 @@ systemd: - name: docker-caddy.service enabled: true contents_local: docker-caddy.service + - name: docker-matrixdotorg-matrix-appservice-irc.service + enabled: false + contents_local: docker-matrixdotorg-matrix-appservice-irc.service diff --git a/files/docker-matrixdotorg-matrix-appservice-irc.service b/files/docker-matrixdotorg-matrix-appservice-irc.service new file mode 100644 index 0000000..6cc538b --- /dev/null +++ b/files/docker-matrixdotorg-matrix-appservice-irc.service @@ -0,0 +1,16 @@ +[Unit] +Description=This is an IRC bridge for Matrix +After=docker.service \ + docker-matrixdotorg-synapse +Requires=docker.service \ + docker-matrixdotorg-synapse + +[Service] +ExecStart=docker run \ + --name=docker-matrixdotorg-matrix-appservice-irc \ + --rm \ + --mount type=bind,src=/home/core/matrixdotorg-matrix-appservice-irc/data,dst=/data \ + matrixdotorg/matrix-appservice-irc:latest + +[Install] +WantedBy=multi-user.target diff --git a/files/matrixdotorg-matrix-appservice-irc/config.yaml b/files/matrixdotorg-matrix-appservice-irc/config.yaml new file mode 100644 index 0000000..1c0a6ae --- /dev/null +++ b/files/matrixdotorg-matrix-appservice-irc/config.yaml @@ -0,0 +1,711 @@ +# Configuration specific to AS registration. Unless other marked, all fields +# are *REQUIRED*. +# Unless otherwise specified, these keys CANNOT be hot-reloaded. +homeserver: + # The URL to the home server for client-server API calls + url: "http://localhost:8008" + + # Drop Matrix messages which are older than this number of seconds, according to + # the event's origin_server_ts. + # If the bridge is down for a while, the homeserver will attempt to send all missed + # events on reconnection. These events may be hours old, which can be confusing to + # IRC users if they are then bridged. This option allows these old messages to be + # dropped. + # CAUTION: This is a very coarse heuristic. Federated homeservers may have different + # clock times and hence produce different origin_server_ts values, which may be old + # enough to cause *all* events from the homeserver to be dropped. + # Default: 0 (don't ever drop) + # This key CAN be hot-reloaded. + # dropMatrixMessagesAfterSecs: 300 # 5 minutes + + # The 'domain' part for user IDs on this home server. Usually (but not always) + # is the "domain name" part of the HS URL. + domain: "localhost" + + # Should presence be enabled for matrix clients on this bridge. If disabled on the + # homeserver then it should also be disabled here to avoid excess traffic. + # Default: true + enablePresence: true + + # Which port should the appservice bind to. Can be overriden by the one provided in the + # command line! Optional. + # bindPort: 8090 + + # Use this option to force the appservice to listen on another hostname for transactions. + # This is NOT your synapse hostname. E.g. use 127.0.0.1 to only listen locally. Optional. + # bindHostname: 0.0.0.0 + +# Configuration specific to the IRC service +ircService: + # All server keys can be hot-reloaded, however existing IRC connections + # will not have changes applied to them. + servers: + # The address of the server to connect to. + irc.example.com: + # A human-readable short name. This is used to label IRC status rooms + # where matrix users control their connections. + # E.g. 'ExampleNet IRC Bridge status'. + # It is also used in the Third Party Lookup API as the instance `desc` + # property, where each server is an instance. + name: "ExampleNet" + # Additional addresses to connect to, used for load balancing between IRCDs. + additionalAddresses: [ "irc2.example.com" ] + # Typically additionalAddresses would be in addition to the address key given above, + # but some configurations wish to exclusively use additional addresses while reserving + # the top key for identification purposes. Set this to true to exclusively use the + # additionalAddresses array when connecting to servers. + onlyAdditionalAddresses: false + # + # [DEPRECATED] Use `name`, above, instead. + # A human-readable description string + # description: "Example.com IRC network" + + # An ID for uniquely identifying this server amongst other servers being bridged. + # networkId: "example" + + # MXC URL to an icon used as the network icon whenever this network appear in + # a network list. (Like in the Element room directory, for instance.) + # icon: mxc://matrix.org/LpsSLrbANVrEIEOgEaVteItf + + # The port to connect to. Optional. + port: 6697 + # Whether to use SSL or not. Default: false. + ssl: true + # Whether or not IRC server is using a self-signed cert or not providing CA Chain + sslselfsign: false + # Should the connection attempt to identify via SASL (if a server or user password is given) + # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. + sasl: false + # Whether to allow expired certs when connecting to the IRC server. + # Usually this should be off. Default: false. + allowExpiredCerts: false + # Set additional TLS options for the connections to the IRC server. + #tlsOptions: + # A specific CA to trust instead of the default CAs. Optional. + #ca: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + # Server name for the SNI (Server Name Indication) TLS extension. If the address you + # are using does not report the correct certificate name, you can override it here. + # servername: real.server.name + # ...or any options in https://nodejs.org/api/tls.html#tls_tls_connect_options_callback + + # + # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. + # password: 'pa$$w0rd' + # + # Whether or not to send connection/error notices to real Matrix users. Default: true. + sendConnectionMessages: true + + quitDebounce: + # Whether parts due to net-splits are debounced for delayMs, to allow + # time for the netsplit to resolve itself. A netsplit is detected as being + # a QUIT rate higher than quitsPerSecond. Default: false. + enabled: false + # The maximum number of quits per second acceptable above which a netsplit is + # considered ongoing. Default: 5. + quitsPerSecond: 5 + # The time window in which to wait before bridging a QUIT to Matrix that occurred during + # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS + # is not sent many requests to leave rooms all at once if a netsplit occurs and many + # people to not rejoin. + # If the user with the same IRC nick as the one who sent the quit rejoins a channel + # they are considered back online and the quit is not bridged, so long as the rejoin + # occurs before the randomly-jittered timeout is not reached. + # Default: 3600000, = 1h + delayMinMs: 3600000 # 1h + # Default: 7200000, = 2h + delayMaxMs: 7200000 # 2h + + # A map for conversion of IRC user modes to Matrix power levels. This enables bridging + # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has + # been given multiple modes, the one that maps to the highest power level will be used. + modePowerMap: + o: 50 + v: 1 + + botConfig: + # Enable the presence of the bot in IRC channels. The bot serves as the entity + # which maps from IRC -> Matrix. You can disable the bot entirely which + # means IRC -> Matrix chat will be shared by active "M-Nick" connections + # in the room. If there are no users in the room (or if there are users + # but their connections are not on IRC) then nothing will be bridged to + # Matrix. If you're concerned about the bot being treated as a "logger" + # entity, then you may want to disable the bot. If you want IRC->Matrix + # but don't want to have TCP connections to IRC unless a Matrix user speaks + # (because your client connection limit is low), then you may want to keep + # the bot enabled. Default: true. + # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned + # on, else there will be no users and no bot in a channel (meaning no + # messages to Matrix!) until a Matrix user speaks which makes a client + # join the target IRC channel. + # NBB: The bridge bot IRC client will still join the target IRC network so + # it can service bridge-specific queries from the IRC-side e.g. so + # real IRC clients have a way to change their Matrix display name. + # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 + enabled: true + # The nickname to give the AS bot. + nick: "MatrixBot" + # The username to give to the AS bot. Defaults to "matrixbot" + username: "matrixbot" + # The password to give to NickServ or IRC Server for this nick. Optional. + # password: "helloworld" + # + # Join channels even if there are no Matrix users on the other side of + # the bridge. Set to false to prevent the bot from joining channels which have no + # real matrix users in them, even if there is a mapping for the channel. + # Default: true + joinChannelsIfNoUsers: true + + # Configuration for PMs / private 1:1 communications between users. + privateMessages: + # Enable the ability for PMs to be sent to/from IRC/Matrix. + # Default: true. + enabled: true + # Prevent Matrix users from sending PMs to the following IRC nicks. + # Optional. Default: []. + # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED + + # Should created Matrix PM rooms be federated? If false, only users on the + # HS attached to this AS will be able to interact with this room. + # Optional. Default: true. + federate: true + + # Configuration for mappings not explicitly listed in the 'mappings' + # section. + dynamicChannels: + # Enable the ability for Matrix users to join *any* channel on this IRC + # network. + # Default: false. + enabled: true + # Should the AS create a room alias for the new Matrix room? The form of + # the alias can be modified via 'aliasTemplate'. Default: true. + createAlias: true + # Should the AS publish the new Matrix room to the public room list so + # anyone can see it? Default: true. + published: true + # Publish the rooms to the homeserver directory, as oppose to the appservice + # room directory. Only used if `published` is on. + # Default: false + useHomeserverDirectory: true + # What should the join_rule be for the new Matrix room? If 'public', + # anyone can join the room. If 'invite', only users with an invite can + # join the room. Note that if an IRC channel has +k or +i set on it, + # join_rules will be set to 'invite' until these modes are removed. + # Default: "public". + joinRule: public + # Should created Matrix rooms be federated? If false, only users on the + # HS attached to this AS will be able to interact with this room. + # Default: true. + federate: true + # Force this room version when creating IRC channels. Beware if the homeserver doesn't + # support the room version then the request will fail. By default, no version is requested. + # roomVersion: "1" + # The room alias template to apply when creating new aliases. This only + # applies if createAlias is 'true'. The following variables are exposed: + # $SERVER => The IRC server address (e.g. "irc.example.com") + # $CHANNEL => The IRC channel (e.g. "#python") + # This MUST have $CHANNEL somewhere in it. + # + # In certain circumstances you might want to bridge your whole IRC network as a + # homeserver (e.g. #matrix:libera.chat). For these use cases, you can set the + # template to just be $CHANNEL. Doing so will preclude you from supporting + # other prefix characters though. + # + # Default: '#irc_$SERVER_$CHANNEL' + aliasTemplate: "#irc_$CHANNEL" + # A list of user IDs which the AS bot will send invites to in response + # to a !join. Only applies if joinRule is 'invite'. Default: [] + # whitelist: + # - "@foo:example.com" + # - "@bar:example.com" + # + # Prevent the given list of channels from being mapped under any + # circumstances. + # exclude: ["#foo", "#bar"] + + # excludedUsers: + # - regex: "@.*:evilcorp.com" + # kickReason: "We don't like Evilcorp" + + # Configuration for controlling how Matrix and IRC membership lists are + # synced. + membershipLists: + # Enable the syncing of membership lists between IRC and Matrix. This + # can have a significant effect on performance on startup as the lists are + # synced. This must be enabled for anything else in this section to take + # effect. Default: false. + enabled: false + + # Syncing membership lists at startup can result in hundreds of members to + # process all at once. This timer drip feeds membership entries at the + # specified rate. Default: 10000. (10s) + floodDelayMs: 10000 + + global: + ircToMatrix: + # Get a snapshot of all real IRC users on a channel (via NAMES) and + # join their virtual matrix clients to the room. + initial: false + # Make virtual matrix clients join and leave rooms as their real IRC + # counterparts join/part channels. Default: false. + incremental: false + # Should the bridge check if all Matrix users are connected to IRC and + # joined to the channel before relaying messages into the room. + # + # This is considered a safety net to avoid any leakages by the bridge to + # unconnected users, but given it ignores all IRC messages while users + # are still connecting it may be overkill. + requireMatrixJoined: false + + matrixToIrc: + # Get a snapshot of all real Matrix users in the room and join all of + # them to the mapped IRC channel on startup. Default: false. + initial: false + # Make virtual IRC clients join and leave channels as their real Matrix + # counterparts join/leave rooms. Make sure your 'maxClients' value is + # high enough! Default: false. + incremental: false + + # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. + rooms: + - room: "!fuasirouddJoxtwfge:localhost" + matrixToIrc: + initial: false + incremental: false + + # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. + channels: + - channel: "#foo" + ircToMatrix: + initial: false + incremental: false + requireMatrixJoined: false + + # Should the bridge ignore users which are not considered active on the bridge + # during startup + ignoreIdleUsersOnStartup: + enabled: true + # How many hours can a user be considered idle for before they are considered + # ignoreable + idleForHours: 720 + # A regex which will exclude matching MXIDs from this check. + exclude: "foobar" + + mappings: + # 1:many mappings from IRC channels to room IDs on this IRC server. + # The matrix room must already exist. Your matrix client should expose + # the room ID in a "settings" page for the room. + "#thepub": + roomIds: ["!kieouiJuedJoxtVdaG:localhost"] + # Channel key/password to use. Optional. If provided, matrix users do + # not need to know the channel key in order to join the channel. + # key: "secret" + + # Configuration for virtual matrix users. The following variables are + # exposed: + # $NICK => The IRC nick + # $SERVER => The IRC server address (e.g. "irc.example.com") + matrixClients: + # The user ID template to use when creating virtual matrix users. This + # MUST start with an @ and have $NICK somewhere in it. + # Optional. Default: "@$SERVER_$NICK". + # Example: "@irc.example.com_Alice:example.com" + userTemplate: "@irc_$NICK" + # The display name to use for created matrix clients. This should have + # $NICK somewhere in it if it is specified. Can also use $SERVER to + # insert the IRC domain. + # Optional. Default: "$NICK". Example: "Alice" + displayName: "$NICK" + # Number of tries a client can attempt to join a room before the request + # is discarded. You can also use -1 to never retry or 0 to never give up. + # Optional. Default: -1 + joinAttempts: -1 + + # Configuration for virtual IRC users. The following variables are exposed: + # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) + # $USERID => The user ID + # $DISPLAY => The display name of this user, with excluded characters + # (e.g. space) removed. If the user has no display name, this + # falls back to $LOCALPART. + ircClients: + # The template to apply to every IRC client nick. This MUST have either + # $DISPLAY or $USERID or $LOCALPART somewhere in it. + # Optional. Default: "M-$DISPLAY". Example: "M-Alice". + nickTemplate: "$DISPLAY[m]" + # True to allow virtual IRC clients to change their nick on this server + # by issuing !nick commands to the IRC AS bot. + # This is completely freeform: it will NOT follow the nickTemplate. + allowNickChanges: true + # The max number of IRC clients that will connect. If the limit is + # reached, the client that spoke the longest time ago will be + # disconnected and replaced. + # Optional. Default: 30. + maxClients: 30 + # IPv6 configuration. + ipv6: + # Optional. Set to true to force IPv6 for outgoing connections. + only: false + # Optional. The IPv6 prefix to use for generating unique addresses for each + # connected user. If not specified, all users will connect from the same + # (default) address. This may require additional OS-specific work to allow + # for the node process to bind to multiple different source addresses + # Linux kernels 4.3+ support sysctl net.ipv6.ip_nonlocal_bind=1 + # Older kernels will need IP_FREEBIND, which requires an LD_PRELOAD with the library + # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. + # prefix: "2001:0db8:85a3::" # modify appropriately + + # Optional. Define blocks of IPv6 addresses for different homeservers + # which can be used to restrict users of those homeservers to a given + # IP. These blocks should be considered immutable once set, as changing + # the startFrom value will NOT adjust existing IP addresses. + # Changing the startFrom value to a lower value may conflict with existing clients. + # Multiple homeservers may NOT share blocks. + blocks: + - homeserver: another-server.org + startFrom: '10:0000' + # + # The maximum amount of time in seconds that the client can exist + # without sending another message before being disconnected. Use 0 to + # not apply an idle timeout. This value is ignored if this IRC server is + # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) + idleTimeout: 10800 + # The number of millseconds to wait between consecutive reconnections if a + # client gets disconnected. Setting to 0 will cause the scheduling to be + # disabled, i.e. it will be scheduled immediately (with jitter. + # Otherwise, the scheduling interval will be used such that one client + # reconnect for this server will be handled every reconnectIntervalMs ms using + # a FIFO queue. + # Default: 5000 (5 seconds) + reconnectIntervalMs: 5000 + # The number of concurrent reconnects if a user has been disconnected unexpectedly + # (e.g. a netsplit). You should set this to a reasonably high number so that + # bridges are not waiting an eternity to reconnect all its clients if + # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs + # setting above which is for connecting on restart of the bridge. Set to 0 to + # immediately try to reconnect all users. + # Default: 50 + concurrentReconnectLimit: 50 + # The number of lines to allow being sent by the IRC client that has received + # a large block of text to send from matrix. If the number of lines that would + # be sent is > lineLimit, the text will instead be uploaded to matrix and the + # resulting URI is treated as a file. As such, a link will be sent to the IRC + # side instead of potentially spamming IRC and getting the IRC client kicked. + # Default: 3. + lineLimit: 3 + # A list of user modes to set on every IRC client. For example, "RiG" would set + # +R, +i and +G on every IRC connection when they have successfully connected. + # User modes vary wildly depending on the IRC network you're connecting to, + # so check before setting this value. Some modes may not work as intended + # through the bridge e.g. caller ID as there is no way to /ACCEPT. + # Default: "" (no user modes) + # userModes: "R" + # The format of the realname defined for users, either mxid or reverse-mxid + realnameFormat: "mxid" + # The minimum time to wait between connection attempts if we were disconnected + # due to throttling. + # pingTimeoutMs: 600000 + # The rate at which to send pings to the IRCd if the client is being quiet for a while. + # Whilst the IRCd *should* be sending pings to us to keep the connection alive, it appears + # that sometimes they don't get around to it and end up ping timing us out. + # pingRateMs: 60000 + # Choose which conditions the IRC bridge should kick Matrix users for. Decisions to this from + # defaults should be taken with care as it may dishonestly repesent Matrix users on the IRC + # network, and cause your bridge to be banned. + kickOn: + # Kick a Matrix user from a bridged room if they fail to join the IRC channel. + channelJoinFailure: true + # Kick a Matrix user from ALL rooms if they are unable to get connected to IRC. + ircConnectionFailure: true + # Kick a Matrix user from ALL rooms if they choose to QUIT the IRC network. + userQuit: true + + + # Set information about the bridged channel in the room state, so that client's may + # present relevant UI to the user. MSC2346 + bridgeInfoState: + enabled: false + initial: false + # Configuration for an ident server. If you are running a public bridge it is + # advised you setup an ident server so IRC mods can ban specific matrix users + # rather than the application service itself. + # This key CANNOT be hot-reloaded + ident: + # True to listen for Ident requests and respond with the + # matrix user's user_id (converted to ASCII, respecting RFC 1413). + # Default: false. + enabled: false + # The port to listen on for incoming ident requests. + # Ports below 1024 require root to listen on, and you may not want this to + # run as root. Instead, you can get something like an Apache to yank up + # incoming requests to 113 to a high numbered port. Set the port to listen + # on instead of 113 here. + # Default: 113. + port: 1113 + # The address to listen on for incoming ident requests. + # Default: 0.0.0.0 + address: "::" + + # Encoding fallback - which text encoding to try if text is not UTF-8. Default: not set. + # List of supported encodings: https://www.npmjs.com/package/iconv#supported-encodings + # encodingFallback: "ISO-8859-15" + + # Configuration for logging. Optional. Default: console debug level logging + # only. + logging: + # Level to log on console/logfile. One of error|warn|info|debug + level: "debug" + # The file location to log to. This is relative to the project directory. + logfile: "debug.log" + # The file location to log errors to. This is relative to the project + # directory. + errfile: "errors.log" + # Whether to log to the console or not. + toConsole: true + # The max number of files to keep. Files will be overwritten eventually due + # to rotations. + maxFiles: 5 + + # Metrics will then be available via GET /metrics on the bridge listening port (-p). + # This key CANNOT be hot-reloaded + metrics: + # Whether to actually enable the metric endpoint. Default: false + enabled: false + # Which port to listen on (omit to listen on the bindPort) + port: 7001 + # Which hostname to listen on (omit to listen on 127.0.0.1), requires port to be set + host: 127.0.0.1 + # When determining activeness of remote and matrix users, cut off at this number of hours. + userActivityThresholdHours: 72 # 3 days + # When collecting remote user active times, which "buckets" should be used. Defaults are given below. + # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). + remoteUserAgeBuckets: + - "1h" + - "1d" + - "1w" + + # Configuration options for the debug HTTP API. To access this API, you must + # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests. + # + # The debug API exposes the following endpoints: + # + # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID. + # + # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection. + # Format: new line delimited commands as per IRC protocol. + # + # This key CANNOT be hot-reloaded + debugApi: + # True to enable the HTTP API endpoint. Default: false. + enabled: false + # The port to host the HTTP API. + port: 11100 + + # Configuration for the provisioning API. + # This key CANNOT be hot-reloaded + provisioning: + # True to enable the provisioning HTTP endpoint. Default: false. + enabled: true + # Whether to enable hosting the setup widget page. Default: false. + widget: true + # A secure secret token for making provisioner requests. Default: the appservice hs_token. + secret: $generateMe + + # The number of seconds to wait before giving up on getting a response from + # an IRC channel operator. If the channel operator does not respond within the + # allotted time period, the provisioning request will fail. + # Default: 300 seconds (5 mins) + requestTimeoutSeconds: 300 + # When provisioning a room, disallow rooms that match these critera + rules: + # The bridge checks the joined members of a propective room and checks to see + # if any users matching these regex sets are in the room. `exempt` users never + # match, and will be ignored. If any user matches `conflict`, the room will not + # be allowed to be bridged until the user is removed. Both sets take a regular expression. + userIds: + exempt: + # These users never conflict, even if matching + - "@doubleagent:badguys.com" + conflict: + # These users will deny a room from being bridged. + - "@.*:badguys.com" + + # Number of channels allowed to be bridged + roomLimit: 50 + + # Endpoint prefix for provisoning requests. Default: "/_matrix/provision" + # apiPrefix: "/_matrix/provision" + # Whether to apply rate limiting to the provisioning API. Default: true. + # ratelimit: true + + # Run a separate HTTP listener for provisioning requests. + http: + # The port to listen on. + port: 7700 + # The host to listen on. Optional. By default this is 0.0.0.0 + # host: 0.0.0.0 + + # When users request a token from the bridge to make provisioning + # requests, disallow any requests that resolve a Matrix server_name included in these ranges. + # This list should include any internal IPs that the bridge should never lookup. + # By default, the below list is used. + # openIdDisallowedIpRanges: + # - '127.0.0.0/8' + # - '10.0.0.0/8' + # - '172.16.0.0/12' + # - '192.168.0.0/16' + # - '100.64.0.0/10' + # - '192.0.0.0/24' + # - '169.254.0.0/16' + # - '192.88.99.0/24' + # - '198.18.0.0/15' + # - '192.0.2.0/24' + # - '198.51.100.0/24' + # - '203.0.113.0/24' + # - '224.0.0.0/4' + # - '::1/128' + # - 'fe80::/10' + # - 'fc00::/7' + # - '2001:db8::/32' + # - 'ff00::/8' + # - 'fec0::/10' + + # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot + # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in + # the database. + # + # To generate a .pem file: + # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + # + # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords + # for storage in the database. Passwords are stored by using the admin room command + # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of + # the Matrix user, this password will be sent as the server password (PASS command). + # This key CANNOT be hot-reloaded + passwordEncryptionKeyPath: "passkey.pem" + + # Config for Matrix -> IRC bridging + # This key CANNOT be hot-reloaded + matrixHandler: + # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). + eventCacheSize: 4096 + + # format of replies sent shortly after the original message + shortReplyTemplate: "$NICK: $REPLY" + # format of replies sent a while after the original message + longReplyTemplate: "<$NICK> \"$ORIGINAL\" <- $REPLY" + # how much time needs to pass between the reply and the original message to switch to the long format + shortReplyTresholdSeconds: 300 + # Ignore users mentioned in a io.element.functional_members state event when checking admin room membership + ignoreFunctionalMembersInAdminRooms: false + + # Config for the media proxy, required to serve publically accessible URLs to authenticated Matrix media + mediaProxy: + # To generate a .jwk file: + # $ node src/generate-signing-key.js > signingkey.jwk + signingKeyPath: "signingkey.jwk" + # How long should the generated URLs be valid for + ttlSeconds: 3600 + # The port for the media proxy to listen on + bindPort: 11111 + # The publically accessible URL to the media proxy + publicUrl: "https://irc.bridge/media" + + # Maximum number of montly active users, beyond which the bridge gets blocked (both ways) + # RMAUlimit: 100 + + # Optional. + # userActivity: + # The "grace period" before we start counting users as active + # minUserActiveDays: 1 + # Time before users are considered inactive again + # inactiveAfterDays: 30 + + ircHandler: + # Should we attempt to match an IRC side mention (nickaname match) + # with the nickname's owner's matrixId, if we are bridging them? + # "on" - Defaults to enabled, users can choose to disable. + # "off" - Defaults to disabled, users can choose to enable. + # "force-off" - Disabled, cannot be enabled. + mapIrcMentionsToMatrix: "on" # This can be "on", "off", "force-off". + + # When handling lots of mode changes, wait this long before setting a power level + # event in order to batch together changes + # powerLevelGracePeriod: 1000 + + # Map of permissions from user/domain/wildcard to permission level. + # This is currently used to allow/disallow use of admin commands + # from the admin room but may be expanded in the future to contain more + # options. Currently, you may either set the value to be 'admin', or leave the key + # out to imply that the user does not have special permissions. + # UserID takes precedence over domain, which takes precedence over wildcard. + # permissions: + # '*': admin + # 'matrix.org': admin + # '@fibble:matrix.org': admin + + # Allow room moderators to adjust the configuration of the bridge via room state. + # See docs/room_commands.md + # Optional: Off by default + perRoomConfig: + # Should the bridge use per-room configuration state. If false, the state + # events will be ignored. + enabled: false + # The maximum number that can be set for the `lineLimit` configuration option + # lineLimitMax: 5 + # Allow matrix admins to disable or require Matrix users to be connected to the + # channel before any messages can be bridged. i.e. this is the per room + # version of `membershipLists.[].ircToMatrix.requireMatrixJoined`. + # + # If this is true, configuration in the room state will take priority over + # the configuration in the config file. + # allowUnconnectedMatrixUsers: true + + # Options for hooking into Matrix moderation policy lists + banLists: + # A list of rooms containing "m.policy.rule.*" events which can be used + # to identify banned users, rooms and servers. + rooms: + - "#matrix-org-coc-bl:matrix.org" + +# Options here are generally only applicable to large-scale bridges and may have +# consequences greater than other options in this configuration file. +advanced: + # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited + # however for large bridges it is important to rate limit the bridge to avoid + # accidentally overloading the homeserver. Defaults to 1000, which should be + # enough for the vast majority of use cases. + # This key CAN be hot-reloaded + maxHttpSockets: 1000 + # Max size of an appservice transaction payload, in bytes. Defaults to 10Mb + # This key CANNOT be hot-reloaded. + maxTxnSize: 10000000 + +# Capture information to a sentry.io instance +# This key CANNOT be hot-reloaded. +sentry: + enabled: false + dsn: "https://@sentry.io/" + # Optional. A tag to specify the production environment. Not set by default + # environment: "" + # Optional. A tag to specify the server name. Not set by default + # serverName: "" + +# Use an external database to store bridge state. +# This key CANNOT be hot-reloaded. +database: + # database engine (must be 'postgres' or 'nedb'). Default: nedb + engine: "postgres" + # Either a PostgreSQL connection string, or a path to the NeDB storage directory. + # For postgres, it must start with postgres:// + # For NeDB, it must start with nedb://. The path is relative to the project directory. + connectionString: "postgres://username:password@host:port/databasename" + +# Enable running IRC connections out of a secondary process. +# See https://matrix-org.github.io/matrix-appservice-irc/latest/connection_pooling.html for more information +# connectionPool: +# # The Redis URI to connect to +# redisUrl: redis://user:password@host:port/dbnum +# # Should the connections persist after the bridge successfully shuts down? +# persistConnectionsOnShutdown: true