Bridging signal to steam with matrix :: graffl.org — A blog about linux, tech and my life

Your own matrix server⌗

Matrix is a decentralized chat platform that you can host yourself, can be federated with other servers and most importantly of all, supports end-to-end encryption.

I set mine up with this absolutely great ansible playbook.
I won’t go into detail about how to do that as it’s perfectly described in the docs of that project.

Configuring the playbook for steam and signal⌗

Since we want to bridge steam and signal via our matrix server, we’ll want to install a bridge service for each.

For steam, we’ll be using mx-puppet-steam, which we can install via the above mentioned playbook just by adding the following to our vars.yml:

matrix_mx_puppet_steam_enabled: true

And for signal, we’ll be using mautrix-signal, which we can install in the playbook by adding the following to the vars.yml:

matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_relaybot_enabled: true
matrix_mautrix_signal_configuration_extension_yaml: |
  bridge:
    encryption:
      allow: true
      default: true
      key_sharing:
        allow: true

This will enable the bridge, allow it to be a relay and activate bridge-to-end encryption, the latter meaning that the messages from signal will be decrypted by the server when receiving them, and encrypted again before being sent to all matrix users.

Bridging a steam room to a signal group⌗

A word of warning⌗

Steam chats are only encrypted in transit.

That means while nobody should be able to intercept them while they’re being sent, they will probably be saved in plain text on steam’s servers.

Also, the mx-steam-bridge can’t receive encrypted messages from the signal bridge, so they will not be encrypted, except during transit (via https).

This means that once you bridge a signal group to steam, you should see it as a public room that should not contain any private information - all users should be made aware of this fact.

Let’s get bridging⌗

Once you’re aware of the security implications about what we’re about to do, let’s start!

First, set up the signal bridge by linking your signal account or registering it as the primary device as explained here.

Then it’s time to link the steam bridge to your steam account by messaging the @_steampuppet_bot:yourserver.com with link <username> <password> and following the bot’s instructions.

In order to receive an invite to the respective groups you want to bridge, send a message to the signal group you want to bridge and one to the steam group you want to bridge.
The bots will then invite you to the respective portal rooms.

Get admin privileges to the steam portal room with the adminme [steam-room-address] command, which you’ll send to the steam puppet bot.

Invite the signal bot (@signalbot:yourserver.com) to the steam portal room and give it admin rights (power level 100).

Since there’s currently no option to do the following by messaging the signal bot, the next part will require you to alter the database - so you better not screw this up.

Log into your matrix server and open up a postgresql command prompt.
If you installed via the ansible playbook, you would do this like so:

docker exec -it matrix-postgres bash
psql

Then go into the mautrix-signal database and alter the mxid of the signal room you want to bridge to be the address of the steam room you want to bridge:

\c matrix_mautrix_signal
UPDATE portal SET mxid='<steam-room-address>' WHERE mxid='<signal-room-address>';

Since the steam bot won’t be able to receive encrypted messages, you’ll have to change the room to unencrypted:

UPDATE portal SET encrypted=false WHERE mxid='<steam-room-address>';

After that we’re done with altering the database and can go back into our matrix client.

When the signal bot adds the signal users to the steam group, you’ll have to edit their power level to 0, because they get assigned power level -1 (muted) by default.

You might be able to change that behaviour by messaging the steam puppet bot with setispublic <puppetId> 1 but that might make all newly created steam portal rooms public as well.

Set the room as a relay on the signal side with !signal set-relay in the steam room.
This will lead to your signal account immitating users from the steam side inside the signal group chat - it does so by prefixing the message with the steam user’s name.

The initial signal room is now an empty shell - the signal bot will never care for it again and you might as well leave it.

Then set the steam puppet as a relay with settype <puppetId> relay (which you’ll message to the steam puppet bot).
This will lead to your steam account immitating users from the signal side inside the steam group chat - it does so by prefixing the message with the signal user’s name.

Finally restart both the signal as well as the steam bridge on the server. If you installed via the ansible playbook, you can do so with the following commands:

systemctl restart matrix-mautrix-signal.service
systemctl restart matrix-mx-puppet-steam.service

Now you should be done!
Messages from signal users will be bridged to the steam group chat and vice versa!