Skip to content

Latest commit

 

History

History
113 lines (81 loc) · 5.16 KB

configuring-playbook-bridge-mautrix-signal.md

File metadata and controls

113 lines (81 loc) · 5.16 KB

Setting up Mautrix Signal (optional)

The playbook can install and configure mautrix-signal for you.

See the project's documentation to learn what it does and why it might be useful to you.

Note/Prerequisite: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're using an external Postgres server, you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (matrix_mautrix_signal_database_*).

Use the following playbook configuration:

matrix_mautrix_signal_enabled: true

There are some additional things you may wish to configure about the bridge before you continue.

The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your vars.yml file:

matrix_mautrix_signal_relaybot_enabled: true

If you want to activate the relay bot in a room, use !signal set-relay. Use !signal unset-relay to deactivate. By default, any user on your homeserver will be able to use the bridge. If you enable the relay bot functionality, it will relay every user's messages in a portal room - no matter which homeserver they're from.

Different levels of permission can be granted to users:

  • relay - Allowed to be relayed through the bridge, no access to commands;
  • user - Use the bridge with puppeting;
  • admin - Use and administer the bridge.

The permissions are following the sequence: nothing < relay < user < admin.

The default permissions are set as follows:

permissions:
  '*': relay
  YOUR_DOMAIN: user

If you want to augment the preset permissions, you might want to set the additional permissions with the following settings in your vars.yml file:

matrix_mautrix_signal_configuration_extension_yaml: |
  bridge:
    permissions:
      '@YOUR_USERNAME:YOUR_DOMAIN': admin

This will add the admin permission to the specific user, while keepting the default permissions.

In case you want to replace the default permissions settings completely, populate the following item within your vars.yml file:

matrix_mautrix_signal_bridge_permissions: |
  '@ADMIN:YOUR_DOMAIN': admin
  '@USER:YOUR_DOMAIN' : user

You may wish to look at roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 to find more information on the permissions settings and other options you would like to configure.

Set up Double Puppeting

If you'd like to use Double Puppeting (hint: you most likely do), you have 2 ways of going about it.

Method 1: automatically, by enabling Shared Secret Auth

The bridge will automatically perform Double Puppeting if you enable Shared Secret Auth for this playbook.

This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.

Method 2: manually, by asking each user to provide a working access token

Note: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see Usage).

When using this method, each user that wishes to enable Double Puppeting needs to follow the following steps:

  • retrieve a Matrix access token for yourself. Refer to the documentation on how to do that.

  • send the access token to the bot. Example: login-matrix MATRIX_ACCESS_TOKEN_HERE

  • make sure you don't log out the Mautrix-Signal device some time in the future, as that would break the Double Puppeting feature

Enable End-to-End-Encryption

To enable the Bridge to work in encrypted rooms add this to your vars.yml file:

matrix_mautrix_signal_configuration_extension_yaml: |
  bridge:
    encryption:
	  allow: true
      default: true

As seen in the mentioned upstream-documentation:

  • allow: true the bridge won't enable encryption on its own, but will work in encrypted rooms
  • default: true the bridge will automatically enable encryption in new portals.

Note:

  • Upstream-documentation mentions to make sure using postgres if enabling the bridge in encrypted rooms.
  • Careful when setting matrix_mautrix_signal_configuration_extension_yaml:: If you already used this item before for setting permissions add the part:
    encryption:
	  allow: true
      default: true

below the permission-part.

Usage

You then need to start a chat with @signalbot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix. domain).

If you want to invite Signal-contacts to an existing Matrix-Room.

  • invite @signalbot:<matrix-domain> into the room (refer to [Enable End-to-End-Encryption](#Enable End-to-End-Encryption))
  • type !signal create, which will create the Signal-Group
  • invite the contacts you want