diff --git a/charts/mautrix-whatsapp/Chart.yaml b/charts/mautrix-whatsapp/Chart.yaml new file mode 100644 index 0000000..f7879bc --- /dev/null +++ b/charts/mautrix-whatsapp/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: mautrix-whatsapp +version: 0.0.1 +description: Chart for Matrix Whatsapp Bridge +keywords: + - matrix + - mautrix-whatsapp + - bridge + - whatsapp +sources: + - https://github.com/mautrix/whatsapp +maintainers: + - name: alexlebens +icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4 +appVersion: v0.10.6 diff --git a/charts/mautrix-whatsapp/templates/_helpers.tpl b/charts/mautrix-whatsapp/templates/_helpers.tpl new file mode 100644 index 0000000..4009586 --- /dev/null +++ b/charts/mautrix-whatsapp/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* +Helper for secret name +*/}} +{{- define "mautrix-whatsapp.secretName" -}} +{{- if .Values.mautrixWhatsapp.existingSecret }} +{{- printf "%s" .Values.mautrixWhatsapp.existingSecret -}} +{{- else }} +{{- printf "mautrix-whatsapp-config-secret" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Helper for registration secret name +*/}} +{{- define "mautrix-whatsapp.registrationSecretName" -}} +{{- if .Values.mautrixWhatsapp.existingRegistrationSecret }} +{{- printf "%s" .Values.mautrixWhatsapp.existingRegistrationSecret -}} +{{- else }} +{{- printf "mautrix-whatsapp-registration-secret" }} +{{- end }} +{{- end }} + +{{/* +Generate registration.yaml if not from existing secret +*/}} +{{- define "mautrix-whatsapp.registration-yaml" -}} +id: {{ .Values.mautrixWhatsapp.config.appservice.id | quote }} +as_token: {{ .Values.mautrixWhatsapp.config.appservice.as_token | quote }} +hs_token: {{ .Values.mautrixWhatsapp.config.appservice.hs_token | quote }} +namespaces: + users: + - regex: {{ printf "^@whatsappbot:%s$" (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }} + exclusive: true + - regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.mautrixWhatsapp.config.bridge.username_template .)) (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }} + exclusive: true +url: {{ .Values.mautrixWhatsapp.config.appservice.address | quote }} +sender_localpart: {{ .Values.mautrixWhatsapp.registration.sender_localpart | quote }} +rate_limited: {{ .Values.mautrixWhatsapp.registration.rate_limited }} +de.sorunome.msc2409.push_ephemeral: true +push_ephemeral: true +{{- end -}} diff --git a/charts/mautrix-whatsapp/templates/deployment.yaml b/charts/mautrix-whatsapp/templates/deployment.yaml new file mode 100644 index 0000000..fd7f633 --- /dev/null +++ b/charts/mautrix-whatsapp/templates/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mautrix-whatsapp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.deployment.replicas }} + strategy: + type: {{ .Values.deployment.strategy }} + selector: + matchLabels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: mautrix-whatsapp + automountServiceAccountToken: true + containers: + - name: mautrix-whatsapp + image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" + imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }} + command: ["--no-update"] + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + {{- range $k,$v := .Values.deployment.env }} + - name: {{ $k }} + value: {{ $v | quote }} + {{- end }} + {{- with .Values.deployment.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: /_matrix/mau/live + port: http + failureThreshold: {{ .Values.deployment.probes.liveness.failureThreshold }} + periodSeconds: {{ .Values.deployment.probes.liveness.periodSeconds }} + readinessProbe: + httpGet: + path: /_matrix/mau/ready + port: http + failureThreshold: {{ .Values.deployment.probes.readiness.failureThreshold }} + periodSeconds: {{ .Values.deployment.probes.readiness.periodSeconds }} + resources: + {{- toYaml .Values.deployment.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /data/config.yaml + subPath: config.yaml + readOnly: true + - name: registration + mountPath: /data/registration.yaml + subPath: registration.yaml + readOnly: true + - name: data + mountPath: /data + volumes: + - name: config + secret: + secretName: {{ template "mautrix-whatsapp.secretName" . }} + - name: registration + secret: + secretName: {{ template "mautrix-whatsapp.registrationSecretName" . }} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default "mautrix-whatsapp-data" }} + {{- else }} + emptyDir: {} + {{- end }} + {{- with .Values.deployment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/mautrix-whatsapp/templates/ingress.yaml b/charts/mautrix-whatsapp/templates/ingress.yaml new file mode 100644 index 0000000..f01ffc0 --- /dev/null +++ b/charts/mautrix-whatsapp/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mautrix-whatsapp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.className }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Release.Name }}-secret-tls + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mautrix-whatsapp + port: + name: http +{{- end }} diff --git a/charts/mautrix-whatsapp/templates/persistent-volume-claim.yaml b/charts/mautrix-whatsapp/templates/persistent-volume-claim.yaml new file mode 100644 index 0000000..589a52b --- /dev/null +++ b/charts/mautrix-whatsapp/templates/persistent-volume-claim.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mautrix-whatsapp-data + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if not .Values.persistence.storageClass }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/mautrix-whatsapp/templates/secret.yaml b/charts/mautrix-whatsapp/templates/secret.yaml new file mode 100644 index 0000000..51d367e --- /dev/null +++ b/charts/mautrix-whatsapp/templates/secret.yaml @@ -0,0 +1,33 @@ +{{- if not .Values.mautrixWhatsapp.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: mautrix-whatsapp-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp-config + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + config.yaml: | +{{ toYaml .Values.mautrixWhatsapp.config | indent 4 }} +{{- end }} + +--- +{{- if not .Values.mautrixWhatsapp.existingRegistrationSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: mautrix-whatsapp-registration-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp-registration + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + registration.yaml: {{ include "mautrix-whatsapp.registration-yaml" . | b64enc | quote }} +{{- end }} diff --git a/charts/mautrix-whatsapp/templates/service-account.yaml b/charts/mautrix-whatsapp/templates/service-account.yaml new file mode 100644 index 0000000..dae7048 --- /dev/null +++ b/charts/mautrix-whatsapp/templates/service-account.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mautrix-whatsapp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/mautrix-whatsapp/templates/service.yaml b/charts/mautrix-whatsapp/templates/service.yaml new file mode 100644 index 0000000..28b243d --- /dev/null +++ b/charts/mautrix-whatsapp/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: mautrix-whatsapp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + clusterIP: {{ .Values.service.clusterIP | quote }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/mautrix-whatsapp/values.yaml b/charts/mautrix-whatsapp/values.yaml new file mode 100644 index 0000000..f5f3fe6 --- /dev/null +++ b/charts/mautrix-whatsapp/values.yaml @@ -0,0 +1,534 @@ +deployment: + replicas: 1 + strategy: Recreate + image: + repository: dock.mau.dev/mautrix/whatsapp + tag: v0.10.6 + imagePullPolicy: IfNotPresent + env: {} + envFrom: [] + resources: + limits: + memory: 128Mi + cpu: 200m + requests: + memory: 64Mi + cpu: 50m + probes: + liveness: + failureThreshold: 5 + periodSeconds: 10 + readiness: + failureThreshold: 5 + periodSeconds: 10 + nodeSelector: {} + tolerations: [] + affinity: {} +serviceAccount: + create: true + annotations: {} +service: + type: ClusterIP + clusterIP: None + port: 29334 + externalTrafficPolicy: "" + publishNotReadyAddresses: true +ingress: + enabled: false + className: "" + annotations: {} + host: "" +persistence: + enabled: false + existingClaim: "" + storageClass: "" + accessMode: ReadWriteOnce + size: 500Mi + + +# Reference the following for examples +# https://github.com/mautrix/whatsapp/blob/main/example-config.yaml +mautrixWhatsapp: + + # config.yml contents + existingSecret: "" + config: + # Homeserver details. + homeserver: + # The address that this appservice can use to connect to the homeserver. + address: https://matrix.example.com + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: example.com + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + + # Application service host/registration related details. + # Changing these values requires regeneration of the registration. + appservice: + # The address that the homeserver can use to connect to this appservice. + address: http://localhost:29318 + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29318 + + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: postgres://user:password@host/database?sslmode=disable + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: whatsapp + # Appservice bot details. + bot: + # Username of the appservice bot. + username: whatsappbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: WhatsApp bridge bot + avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "This value is generated when generating the registration" + hs_token: "This value is generated when generating the registration" + + # Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. + analytics: + # Hostname of the tracking server. The path is hardcoded to /v1/track + host: api.segment.io + # API key to send with tracking requests. Tracking is disabled if this is null. + token: null + # Optional user ID for tracking events. If null, defaults to using Matrix user ID. + user_id: null + + # Prometheus config. + metrics: + # Enable prometheus metrics? + enabled: false + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8001 + + # Config for things that are directly sent to WhatsApp. + whatsapp: + # Device name that's shown in the "WhatsApp Web" section in the mobile app. + os_name: Mautrix-WhatsApp bridge + # Browser name that determines the logo shown in the mobile app. + # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon. + # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 + browser_name: unknown + + # Bridge config + bridge: + # Localpart template of MXIDs for WhatsApp users. + # {{.}} is replaced with the phone number of the WhatsApp user. + username_template: whatsapp_{{.}} + # Displayname template for WhatsApp users. + # {{.PushName}} - nickname set by the WhatsApp user + # {{.BusinessName}} - validated WhatsApp business name + # {{.Phone}} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{.FullName}} - full name from contact list + # {{.FirstName}} - first name from contact list + displayname_template: "{{or .BusinessName .PushName .JID}} (WA)" + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. + personal_filtering_spaces: false + # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should incoming calls send a message to the Matrix room? + call_start_notices: true + # Should another user's cryptographic identity changing send a message to Matrix? + identity_change_notices: false + portal_message_buffer: 128 + # Settings for handling history sync payloads. + history_sync: + # Enable backfilling history sync payloads from WhatsApp? + backfill: true + # The maximum number of initial conversations that should be synced. + # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat. + max_initial_conversations: -1 + # Maximum number of messages to backfill in each conversation. + # Set to -1 to disable limit. + message_count: 50 + # Should the bridge request a full sync from the phone when logging in? + # This bumps the size of history syncs from 3 months to 1 year. + request_full_sync: false + # Configuration parameters that are sent to the phone along with the request full sync flag. + # By default (when the values are null or 0), the config isn't sent at all. + full_sync_config: + # Number of days of history to request. + # The limit seems to be around 3 years, but using higher values doesn't break. + days_limit: null + # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob. + size_mb_limit: null + # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob. + storage_quota_mb: null + # If this value is greater than 0, then if the conversation's last message was more than + # this number of hours ago, then the conversation will automatically be marked it as read. + # Conversations that have a last message that is less than this number of hours ago will + # have their unread status synced from WhatsApp. + unread_hours_threshold: 0 + + ############################################################################### + # The settings below are only applicable for backfilling using batch sending, # + # which is no longer supported in Synapse. # + ############################################################################### + + # Settings for media requests. If the media expired, then it will not be on the WA servers. + # Media can always be requested by reacting with the ♻️ (recycle) emoji. + # These settings determine if the media requests should be done automatically during or after backfill. + media_requests: + # Should expired media be automatically requested from the server as part of the backfill process? + auto_request_media: true + # Whether to request the media immediately after the media message is backfilled ("immediate") + # or at a specific time of the day ("local_time"). + request_method: immediate + # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)? + request_local_time: 120 + # Settings for immediate backfills. These backfills should generally be small and their main purpose is + # to populate each of the initial chats (as configured by max_initial_conversations) with a few messages + # so that you can continue conversations without losing context. + immediate: + # The number of concurrent backfill workers to create for immediate backfills. + # Note that using more than one worker could cause the room list to jump around + # since there are no guarantees about the order in which the backfills will complete. + worker_count: 1 + # The maximum number of events to backfill initially. + max_events: 10 + # Settings for deferred backfills. The purpose of these backfills are to fill in the rest of + # the chat history that was not covered by the immediate backfills. + # These backfills generally should happen at a slower pace so as not to overload the homeserver. + # Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages). + # The fields are as follows: + # - start_days_ago: the number of days ago to start backfilling from. + # To indicate the start of time, use -1. For example, for a week ago, use 7. + # - max_batch_events: the number of events to send per batch. + # - batch_delay: the number of seconds to wait before backfilling each batch. + deferred: + # Last Week + - start_days_ago: 7 + max_batch_events: 20 + batch_delay: 5 + # Last Month + - start_days_ago: 30 + max_batch_events: 50 + batch_delay: 10 + # Last 3 months + - start_days_ago: 90 + max_batch_events: 100 + batch_delay: 10 + # The start of time + - start_days_ago: -1 + max_batch_events: 500 + batch_delay: 10 + + # Should puppet avatars be fetched from the server even if an avatar is already set? + user_avatar_sync: true + # Should Matrix users leaving groups be bridged to WhatsApp? + bridge_matrix_leave: true + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Should the bridge use MSC2867 to bridge manual "mark as unread"s from + # WhatsApp and set the unread status on initial backfill? + # This will only work on clients that support the m.marked_unread or + # com.famedly.marked_unread room account data. + sync_manual_marked_unread: true + # When double puppeting is enabled, users can use `!wa toggle` to change whether + # presence is bridged. This setting sets the default value. + # Existing users won't be affected when these are changed. + default_bridge_presence: true + # Send the presence as "available" to whatsapp when users start typing on a portal. + # This works as a workaround for homeservers that do not support presence, and allows + # users to see when the whatsapp user on the other side is typing during a conversation. + send_presence_on_typing: false + # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp) + # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)? + # + # By default, the bridge acts like WhatsApp web, which only sends active delivery + # receipts when it's in the foreground. + force_active_delivery_receipts: false + # Servers to always allow double puppeting from + double_puppet_server_map: + example.com: https://example.com + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: + example.com: foobar + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Should group members be synced in parallel? This makes member sync faster + parallel_member_sync: false + # Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # When using double puppeting, should archived chats be moved to a specific tag in Matrix? + # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix. + # This can be set to a tag (e.g. m.lowpriority), or null to disable. + archive_tag: null + # Same as above, but for pinned chats. The favorite tag is called m.favourite + pinned_tag: null + # Should mute status and tags only be bridged when the portal room is created? + tag_only_on_create: true + # Should WhatsApp status messages be bridged into a Matrix room? + # Disabling this won't affect already created status broadcast rooms. + enable_status_broadcast: true + # Should sending WhatsApp status messages be allowed? + # This can cause issues if the user has lots of contacts, so it's disabled by default. + disable_status_broadcast_send: true + # Should the status broadcast room be muted and moved into low priority by default? + # This is only applied when creating the room, the user can unmute it later. + mute_status_broadcast: true + # Tag to apply to the status broadcast room. + status_broadcast_tag: m.lowpriority + # Should the bridge use thumbnails from WhatsApp? + # They're disabled by default due to very low resolution. + whatsapp_thumbnail: false + # Allow invite permission for user. User can invite any bots to room with whatsapp + # users (private chat and groups) + allow_user_invite: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Should the bridge stop if the WhatsApp server says another user connected with the same session? + # This is only safe on single-user bridges. + crash_on_stream_replaced: false + # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, + # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` + # key in the event content even if this is disabled. + url_previews: false + # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. + # This is currently not supported in most clients. + caption_in_message: false + # Send galleries as a single event? This is not an MSC (yet). + beeper_galleries: false + # Should polls be sent using MSC3381 event types? + extev_polls: false + # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this. + cross_room_replies: false + # Disable generating reply fallbacks? Some extremely bad clients still rely on them, + # but they're being phased out and will be completely removed in the future. + disable_reply_fallbacks: false + # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a WhatsApp bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # Should users mentions be in the event wire content to enable the server to send push notifications? + plaintext_mentions: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + # Enable debug API at /debug with provisioning authentication. + debug_endpoints: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a WhatsApp account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "*": relay + "example.com": user + "@admin:example.com": admin + + # Settings for relay mode + relay: + # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # Should only admins be allowed to set themselves as relay users? + admin_only: true + # The formats to use when sending messages to WhatsApp via the relaybot. + message_formats: + m.text: "{{ .Sender.Displayname }}: {{ .Message }}" + m.notice: "{{ .Sender.Displayname }}: {{ .Message }}" + m.emote: "* {{ .Sender.Displayname }} {{ .Message }}" + m.file: "{{ .Sender.Displayname }} sent a file" + m.image: "{{ .Sender.Displayname }} sent an image" + m.audio: "{{ .Sender.Displayname }} sent an audio file" + m.video: "{{ .Sender.Displayname }} sent a video" + m.location: "{{ .Sender.Displayname }} sent a location" + + # Logging config. See https://github.com/tulir/zeroconfig for details. + logging: + min_level: debug + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: ./logs/mautrix-whatsapp.log + max_size: 100 + max_backups: 10 + compress: true + + # registration.yml contents + existingRegistrationSecret: "" + registration: + rate_limited: false + sender_localpart: whatsappbridgebot