-
Notifications
You must be signed in to change notification settings - Fork 151
/
config.sample.yaml
711 lines (656 loc) · 33.5 KB
/
config.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
# Configuration specific to AS registration. Unless other marked, all fields
# are *REQUIRED*.
# Unless otherwise specified, these keys CANNOT be hot-reloaded.
homeserver:
# The URL to the home server for client-server API calls
url: "http://localhost:8008"
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# This key CAN be hot-reloaded.
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: "localhost"
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: true
# Which port should the appservice bind to. Can be overriden by the one provided in the
# command line! Optional.
# bindPort: 8090
# Use this option to force the appservice to listen on another hostname for transactions.
# This is NOT your synapse hostname. E.g. use 127.0.0.1 to only listen locally. Optional.
# bindHostname: 0.0.0.0
# Configuration specific to the IRC service
ircService:
# All server keys can be hot-reloaded, however existing IRC connections
# will not have changes applied to them.
servers:
# The address of the server to connect to.
irc.example.com:
# A human-readable short name. This is used to label IRC status rooms
# where matrix users control their connections.
# E.g. 'ExampleNet IRC Bridge status'.
# It is also used in the Third Party Lookup API as the instance `desc`
# property, where each server is an instance.
name: "ExampleNet"
# Additional addresses to connect to, used for load balancing between IRCDs.
additionalAddresses: [ "irc2.example.com" ]
# Typically additionalAddresses would be in addition to the address key given above,
# but some configurations wish to exclusively use additional addresses while reserving
# the top key for identification purposes. Set this to true to exclusively use the
# additionalAddresses array when connecting to servers.
onlyAdditionalAddresses: false
#
# [DEPRECATED] Use `name`, above, instead.
# A human-readable description string
# description: "Example.com IRC network"
# An ID for uniquely identifying this server amongst other servers being bridged.
# networkId: "example"
# MXC URL to an icon used as the network icon whenever this network appear in
# a network list. (Like in the Element room directory, for instance.)
# icon: mxc://matrix.org/LpsSLrbANVrEIEOgEaVteItf
# The port to connect to. Optional.
port: 6697
# Whether to use SSL or not. Default: false.
ssl: true
# Whether or not IRC server is using a self-signed cert or not providing CA Chain
sslselfsign: false
# Should the connection attempt to identify via SASL (if a server or user password is given)
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
sasl: false
# Whether to allow expired certs when connecting to the IRC server.
# Usually this should be off. Default: false.
allowExpiredCerts: false
# Set additional TLS options for the connections to the IRC server.
#tlsOptions:
# A specific CA to trust instead of the default CAs. Optional.
#ca: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# Server name for the SNI (Server Name Indication) TLS extension. If the address you
# are using does not report the correct certificate name, you can override it here.
# servername: real.server.name
# ...or any options in https://nodejs.org/api/tls.html#tls_tls_connect_options_callback
#
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# password: 'pa$$w0rd'
#
# Whether or not to send connection/error notices to real Matrix users. Default: true.
sendConnectionMessages: true
quitDebounce:
# Whether parts due to net-splits are debounced for delayMs, to allow
# time for the netsplit to resolve itself. A netsplit is detected as being
# a QUIT rate higher than quitsPerSecond. Default: false.
enabled: false
# The maximum number of quits per second acceptable above which a netsplit is
# considered ongoing. Default: 5.
quitsPerSecond: 5
# The time window in which to wait before bridging a QUIT to Matrix that occurred during
# a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
# is not sent many requests to leave rooms all at once if a netsplit occurs and many
# people to not rejoin.
# If the user with the same IRC nick as the one who sent the quit rejoins a channel
# they are considered back online and the quit is not bridged, so long as the rejoin
# occurs before the randomly-jittered timeout is not reached.
# Default: 3600000, = 1h
delayMinMs: 3600000 # 1h
# Default: 7200000, = 2h
delayMaxMs: 7200000 # 2h
# A map for conversion of IRC user modes to Matrix power levels. This enables bridging
# of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
# been given multiple modes, the one that maps to the highest power level will be used.
modePowerMap:
o: 50
v: 1
botConfig:
# Enable the presence of the bot in IRC channels. The bot serves as the entity
# which maps from IRC -> Matrix. You can disable the bot entirely which
# means IRC -> Matrix chat will be shared by active "M-Nick" connections
# in the room. If there are no users in the room (or if there are users
# but their connections are not on IRC) then nothing will be bridged to
# Matrix. If you're concerned about the bot being treated as a "logger"
# entity, then you may want to disable the bot. If you want IRC->Matrix
# but don't want to have TCP connections to IRC unless a Matrix user speaks
# (because your client connection limit is low), then you may want to keep
# the bot enabled. Default: true.
# NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
# on, else there will be no users and no bot in a channel (meaning no
# messages to Matrix!) until a Matrix user speaks which makes a client
# join the target IRC channel.
# NBB: The bridge bot IRC client will still join the target IRC network so
# it can service bridge-specific queries from the IRC-side e.g. so
# real IRC clients have a way to change their Matrix display name.
# See https://github.com/matrix-org/matrix-appservice-irc/issues/55
enabled: true
# The nickname to give the AS bot.
nick: "MatrixBot"
# The username to give to the AS bot. Defaults to "matrixbot"
username: "matrixbot"
# The password to give to NickServ or IRC Server for this nick. Optional.
# password: "helloworld"
#
# Join channels even if there are no Matrix users on the other side of
# the bridge. Set to false to prevent the bot from joining channels which have no
# real matrix users in them, even if there is a mapping for the channel.
# Default: true
joinChannelsIfNoUsers: true
# Configuration for PMs / private 1:1 communications between users.
privateMessages:
# Enable the ability for PMs to be sent to/from IRC/Matrix.
# Default: true.
enabled: true
# Prevent Matrix users from sending PMs to the following IRC nicks.
# Optional. Default: [].
# exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
# Should created Matrix PM rooms be federated? If false, only users on the
# HS attached to this AS will be able to interact with this room.
# Optional. Default: true.
federate: true
# Configuration for mappings not explicitly listed in the 'mappings'
# section.
dynamicChannels:
# Enable the ability for Matrix users to join *any* channel on this IRC
# network.
# Default: false.
enabled: true
# Should the AS create a room alias for the new Matrix room? The form of
# the alias can be modified via 'aliasTemplate'. Default: true.
createAlias: true
# Should the AS publish the new Matrix room to the public room list so
# anyone can see it? Default: true.
published: true
# Publish the rooms to the homeserver directory, as oppose to the appservice
# room directory. Only used if `published` is on.
# Default: false
useHomeserverDirectory: true
# What should the join_rule be for the new Matrix room? If 'public',
# anyone can join the room. If 'invite', only users with an invite can
# join the room. Note that if an IRC channel has +k or +i set on it,
# join_rules will be set to 'invite' until these modes are removed.
# Default: "public".
joinRule: public
# Should created Matrix rooms be federated? If false, only users on the
# HS attached to this AS will be able to interact with this room.
# Default: true.
federate: true
# Force this room version when creating IRC channels. Beware if the homeserver doesn't
# support the room version then the request will fail. By default, no version is requested.
# roomVersion: "1"
# The room alias template to apply when creating new aliases. This only
# applies if createAlias is 'true'. The following variables are exposed:
# $SERVER => The IRC server address (e.g. "irc.example.com")
# $CHANNEL => The IRC channel (e.g. "#python")
# This MUST have $CHANNEL somewhere in it.
#
# In certain circumstances you might want to bridge your whole IRC network as a
# homeserver (e.g. #matrix:libera.chat). For these use cases, you can set the
# template to just be $CHANNEL. Doing so will preclude you from supporting
# other prefix characters though.
#
# Default: '#irc_$SERVER_$CHANNEL'
aliasTemplate: "#irc_$CHANNEL"
# A list of user IDs which the AS bot will send invites to in response
# to a !join. Only applies if joinRule is 'invite'. Default: []
# whitelist:
# - "@foo:example.com"
# - "@bar:example.com"
#
# Prevent the given list of channels from being mapped under any
# circumstances.
# exclude: ["#foo", "#bar"]
# excludedUsers:
# - regex: "@.*:evilcorp.com"
# kickReason: "We don't like Evilcorp"
# Configuration for controlling how Matrix and IRC membership lists are
# synced.
membershipLists:
# Enable the syncing of membership lists between IRC and Matrix. This
# can have a significant effect on performance on startup as the lists are
# synced. This must be enabled for anything else in this section to take
# effect. Default: false.
enabled: false
# Syncing membership lists at startup can result in hundreds of members to
# process all at once. This timer drip feeds membership entries at the
# specified rate. Default: 10000. (10s)
floodDelayMs: 10000
global:
ircToMatrix:
# Get a snapshot of all real IRC users on a channel (via NAMES) and
# join their virtual matrix clients to the room.
initial: false
# Make virtual matrix clients join and leave rooms as their real IRC
# counterparts join/part channels. Default: false.
incremental: false
# Should the bridge check if all Matrix users are connected to IRC and
# joined to the channel before relaying messages into the room.
#
# This is considered a safety net to avoid any leakages by the bridge to
# unconnected users, but given it ignores all IRC messages while users
# are still connecting it may be overkill.
requireMatrixJoined: false
matrixToIrc:
# Get a snapshot of all real Matrix users in the room and join all of
# them to the mapped IRC channel on startup. Default: false.
initial: false
# Make virtual IRC clients join and leave channels as their real Matrix
# counterparts join/leave rooms. Make sure your 'maxClients' value is
# high enough! Default: false.
incremental: false
# Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
rooms:
- room: "!fuasirouddJoxtwfge:localhost"
matrixToIrc:
initial: false
incremental: false
# Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
channels:
- channel: "#foo"
ircToMatrix:
initial: false
incremental: false
requireMatrixJoined: false
# Should the bridge ignore users which are not considered active on the bridge
# during startup
ignoreIdleUsersOnStartup:
enabled: true
# How many hours can a user be considered idle for before they are considered
# ignoreable
idleForHours: 720
# A regex which will exclude matching MXIDs from this check.
exclude: "foobar"
mappings:
# 1:many mappings from IRC channels to room IDs on this IRC server.
# The matrix room must already exist. Your matrix client should expose
# the room ID in a "settings" page for the room.
"#thepub":
roomIds: ["!kieouiJuedJoxtVdaG:localhost"]
# Channel key/password to use. Optional. If provided, matrix users do
# not need to know the channel key in order to join the channel.
# key: "secret"
# Configuration for virtual matrix users. The following variables are
# exposed:
# $NICK => The IRC nick
# $SERVER => The IRC server address (e.g. "irc.example.com")
matrixClients:
# The user ID template to use when creating virtual matrix users. This
# MUST start with an @ and have $NICK somewhere in it.
# Optional. Default: "@$SERVER_$NICK".
# Example: "@irc.example.com_Alice:example.com"
userTemplate: "@irc_$NICK"
# The display name to use for created matrix clients. This should have
# $NICK somewhere in it if it is specified. Can also use $SERVER to
# insert the IRC domain.
# Optional. Default: "$NICK". Example: "Alice"
displayName: "$NICK"
# Number of tries a client can attempt to join a room before the request
# is discarded. You can also use -1 to never retry or 0 to never give up.
# Optional. Default: -1
joinAttempts: -1
# Configuration for virtual IRC users. The following variables are exposed:
# $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
# $USERID => The user ID
# $DISPLAY => The display name of this user, with excluded characters
# (e.g. space) removed. If the user has no display name, this
# falls back to $LOCALPART.
ircClients:
# The template to apply to every IRC client nick. This MUST have either
# $DISPLAY or $USERID or $LOCALPART somewhere in it.
# Optional. Default: "M-$DISPLAY". Example: "M-Alice".
nickTemplate: "$DISPLAY[m]"
# True to allow virtual IRC clients to change their nick on this server
# by issuing !nick <server> <nick> commands to the IRC AS bot.
# This is completely freeform: it will NOT follow the nickTemplate.
allowNickChanges: true
# The max number of IRC clients that will connect. If the limit is
# reached, the client that spoke the longest time ago will be
# disconnected and replaced.
# Optional. Default: 30.
maxClients: 30
# IPv6 configuration.
ipv6:
# Optional. Set to true to force IPv6 for outgoing connections.
only: false
# Optional. The IPv6 prefix to use for generating unique addresses for each
# connected user. If not specified, all users will connect from the same
# (default) address. This may require additional OS-specific work to allow
# for the node process to bind to multiple different source addresses
# Linux kernels 4.3+ support sysctl net.ipv6.ip_nonlocal_bind=1
# Older kernels will need IP_FREEBIND, which requires an LD_PRELOAD with the library
# https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
# prefix: "2001:0db8:85a3::" # modify appropriately
# Optional. Define blocks of IPv6 addresses for different homeservers
# which can be used to restrict users of those homeservers to a given
# IP. These blocks should be considered immutable once set, as changing
# the startFrom value will NOT adjust existing IP addresses.
# Changing the startFrom value to a lower value may conflict with existing clients.
# Multiple homeservers may NOT share blocks.
blocks:
- homeserver: another-server.org
startFrom: '10:0000'
#
# The maximum amount of time in seconds that the client can exist
# without sending another message before being disconnected. Use 0 to
# not apply an idle timeout. This value is ignored if this IRC server is
# mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
idleTimeout: 10800
# The number of millseconds to wait between consecutive reconnections if a
# client gets disconnected. Setting to 0 will cause the scheduling to be
# disabled, i.e. it will be scheduled immediately (with jitter.
# Otherwise, the scheduling interval will be used such that one client
# reconnect for this server will be handled every reconnectIntervalMs ms using
# a FIFO queue.
# Default: 5000 (5 seconds)
reconnectIntervalMs: 5000
# The number of concurrent reconnects if a user has been disconnected unexpectedly
# (e.g. a netsplit). You should set this to a reasonably high number so that
# bridges are not waiting an eternity to reconnect all its clients if
# we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
# setting above which is for connecting on restart of the bridge. Set to 0 to
# immediately try to reconnect all users.
# Default: 50
concurrentReconnectLimit: 50
# The number of lines to allow being sent by the IRC client that has received
# a large block of text to send from matrix. If the number of lines that would
# be sent is > lineLimit, the text will instead be uploaded to matrix and the
# resulting URI is treated as a file. As such, a link will be sent to the IRC
# side instead of potentially spamming IRC and getting the IRC client kicked.
# Default: 3.
lineLimit: 3
# A list of user modes to set on every IRC client. For example, "RiG" would set
# +R, +i and +G on every IRC connection when they have successfully connected.
# User modes vary wildly depending on the IRC network you're connecting to,
# so check before setting this value. Some modes may not work as intended
# through the bridge e.g. caller ID as there is no way to /ACCEPT.
# Default: "" (no user modes)
# userModes: "R"
# The format of the realname defined for users, either mxid or reverse-mxid
realnameFormat: "mxid"
# The minimum time to wait between connection attempts if we were disconnected
# due to throttling.
# pingTimeoutMs: 600000
# The rate at which to send pings to the IRCd if the client is being quiet for a while.
# Whilst the IRCd *should* be sending pings to us to keep the connection alive, it appears
# that sometimes they don't get around to it and end up ping timing us out.
# pingRateMs: 60000
# Choose which conditions the IRC bridge should kick Matrix users for. Decisions to this from
# defaults should be taken with care as it may dishonestly repesent Matrix users on the IRC
# network, and cause your bridge to be banned.
kickOn:
# Kick a Matrix user from a bridged room if they fail to join the IRC channel.
channelJoinFailure: true
# Kick a Matrix user from ALL rooms if they are unable to get connected to IRC.
ircConnectionFailure: true
# Kick a Matrix user from ALL rooms if they choose to QUIT the IRC network.
userQuit: true
# Set information about the bridged channel in the room state, so that client's may
# present relevant UI to the user. MSC2346
bridgeInfoState:
enabled: false
initial: false
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
# This key CANNOT be hot-reloaded
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Encoding fallback - which text encoding to try if text is not UTF-8. Default: not set.
# List of supported encodings: https://www.npmjs.com/package/iconv#supported-encodings
# encodingFallback: "ISO-8859-15"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
# This key CANNOT be hot-reloaded
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: false
# Which port to listen on (omit to listen on the bindPort)
port: 7001
# Which hostname to listen on (omit to listen on 127.0.0.1), requires port to be set
host: 127.0.0.1
# When determining activeness of remote and matrix users, cut off at this number of hours.
userActivityThresholdHours: 72 # 3 days
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration options for the debug HTTP API. To access this API, you must
# append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
#
# The debug API exposes the following endpoints:
#
# GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
#
# POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
# Format: new line delimited commands as per IRC protocol.
#
# This key CANNOT be hot-reloaded
debugApi:
# True to enable the HTTP API endpoint. Default: false.
enabled: false
# The port to host the HTTP API.
port: 11100
# Configuration for the provisioning API.
# This key CANNOT be hot-reloaded
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: true
# Whether to enable hosting the setup widget page. Default: false.
widget: true
# A secure secret token for making provisioner requests. Default: the appservice hs_token.
secret: $generateMe
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# When provisioning a room, disallow rooms that match these critera
rules:
# The bridge checks the joined members of a propective room and checks to see
# if any users matching these regex sets are in the room. `exempt` users never
# match, and will be ignored. If any user matches `conflict`, the room will not
# be allowed to be bridged until the user is removed. Both sets take a regular expression.
userIds:
exempt:
# These users never conflict, even if matching
- "@doubleagent:badguys.com"
conflict:
# These users will deny a room from being bridged.
- "@.*:badguys.com"
# Number of channels allowed to be bridged
roomLimit: 50
# Endpoint prefix for provisoning requests. Default: "/_matrix/provision"
# apiPrefix: "/_matrix/provision"
# Whether to apply rate limiting to the provisioning API. Default: true.
# ratelimit: true
# Run a separate HTTP listener for provisioning requests.
http:
# The port to listen on.
port: 7700
# The host to listen on. Optional. By default this is 0.0.0.0
# host: 0.0.0.0
# When users request a token from the bridge to make provisioning
# requests, disallow any requests that resolve a Matrix server_name included in these ranges.
# This list should include any internal IPs that the bridge should never lookup.
# By default, the below list is used.
# openIdDisallowedIpRanges:
# - '127.0.0.0/8'
# - '10.0.0.0/8'
# - '172.16.0.0/12'
# - '192.168.0.0/16'
# - '100.64.0.0/10'
# - '192.0.0.0/24'
# - '169.254.0.0/16'
# - '192.88.99.0/24'
# - '198.18.0.0/15'
# - '192.0.2.0/24'
# - '198.51.100.0/24'
# - '203.0.113.0/24'
# - '224.0.0.0/4'
# - '::1/128'
# - 'fe80::/10'
# - 'fc00::/7'
# - '2001:db8::/32'
# - 'ff00::/8'
# - 'fec0::/10'
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
# This key CANNOT be hot-reloaded
passwordEncryptionKeyPath: "passkey.pem"
# Config for Matrix -> IRC bridging
# This key CANNOT be hot-reloaded
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
# format of replies sent shortly after the original message
shortReplyTemplate: "$NICK: $REPLY"
# format of replies sent a while after the original message
longReplyTemplate: "<$NICK> \"$ORIGINAL\" <- $REPLY"
# how much time needs to pass between the reply and the original message to switch to the long format
shortReplyTresholdSeconds: 300
# Ignore users mentioned in a io.element.functional_members state event when checking admin room membership
ignoreFunctionalMembersInAdminRooms: false
# Config for the media proxy, required to serve publically accessible URLs to authenticated Matrix media
mediaProxy:
# To generate a .jwk file:
# $ node src/generate-signing-key.js > signingkey.jwk
signingKeyPath: "signingkey.jwk"
# How long should the generated URLs be valid for
ttlSeconds: 3600
# The port for the media proxy to listen on
bindPort: 11111
# The publically accessible URL to the media proxy
publicUrl: "https://irc.bridge/media"
# Maximum number of montly active users, beyond which the bridge gets blocked (both ways)
# RMAUlimit: 100
# Optional.
# userActivity:
# The "grace period" before we start counting users as active
# minUserActiveDays: 1
# Time before users are considered inactive again
# inactiveAfterDays: 30
ircHandler:
# Should we attempt to match an IRC side mention (nickaname match)
# with the nickname's owner's matrixId, if we are bridging them?
# "on" - Defaults to enabled, users can choose to disable.
# "off" - Defaults to disabled, users can choose to enable.
# "force-off" - Disabled, cannot be enabled.
mapIrcMentionsToMatrix: "on" # This can be "on", "off", "force-off".
# When handling lots of mode changes, wait this long before setting a power level
# event in order to batch together changes
# powerLevelGracePeriod: 1000
# Map of permissions from user/domain/wildcard to permission level.
# This is currently used to allow/disallow use of admin commands
# from the admin room but may be expanded in the future to contain more
# options. Currently, you may either set the value to be 'admin', or leave the key
# out to imply that the user does not have special permissions.
# UserID takes precedence over domain, which takes precedence over wildcard.
# permissions:
# '*': admin
# 'matrix.org': admin
# '@fibble:matrix.org': admin
# Allow room moderators to adjust the configuration of the bridge via room state.
# See docs/room_commands.md
# Optional: Off by default
perRoomConfig:
# Should the bridge use per-room configuration state. If false, the state
# events will be ignored.
enabled: false
# The maximum number that can be set for the `lineLimit` configuration option
# lineLimitMax: 5
# Allow matrix admins to disable or require Matrix users to be connected to the
# channel before any messages can be bridged. i.e. this is the per room
# version of `membershipLists.[].ircToMatrix.requireMatrixJoined`.
#
# If this is true, configuration in the room state will take priority over
# the configuration in the config file.
# allowUnconnectedMatrixUsers: true
# Options for hooking into Matrix moderation policy lists
banLists:
# A list of rooms containing "m.policy.rule.*" events which can be used
# to identify banned users, rooms and servers.
rooms:
- "#matrix-org-coc-bl:matrix.org"
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
# This key CAN be hot-reloaded
maxHttpSockets: 1000
# Max size of an appservice transaction payload, in bytes. Defaults to 10Mb
# This key CANNOT be hot-reloaded.
maxTxnSize: 10000000
# Capture information to a sentry.io instance
# This key CANNOT be hot-reloaded.
sentry:
enabled: false
dsn: "https://<key>@sentry.io/<project>"
# Optional. A tag to specify the production environment. Not set by default
# environment: ""
# Optional. A tag to specify the server name. Not set by default
# serverName: ""
# Use an external database to store bridge state.
# This key CANNOT be hot-reloaded.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "postgres"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "postgres://username:password@host:port/databasename"
# Enable running IRC connections out of a secondary process.
# See https://matrix-org.github.io/matrix-appservice-irc/latest/connection_pooling.html for more information
# connectionPool:
# # The Redis URI to connect to
# redisUrl: redis://user:password@host:port/dbnum
# # Should the connections persist after the bridge successfully shuts down?
# persistConnectionsOnShutdown: true