matrix: config loading now merges optional TOML with CLI/env/secret inputs

matrix/Cargo.toml

@@ -28,6 +28,7 @@ tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
 urlencoding = "2"
 axum = { version = "0.7", features = ["json"] }
+clap = { version = "4", features = ["derive"] }
 
 [dev-dependencies]
 tempfile = "3"

matrix/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM rust:1.91-bookworm AS builder
+FROM rust:1.92-bookworm AS builder
 
 WORKDIR /app
 

matrix/README.md

@@ -56,9 +56,17 @@ This is **not** a full appservice framework; it just speaks the minimal HTTP nee
 
 ## Configuration
 
-All configuration is in `Config.toml` in the project root.
+Configuration can come from a TOML file, CLI flags, environment variables, or secret files. The bridge merges inputs in this order (highest to lowest):
 
-Example:
+1. CLI flags
+2. Environment variables
+3. Secret files (`*_FILE` paths or container defaults)
+4. TOML config file
+5. Container defaults (paths + poll interval)
+
+If no TOML file is provided, required values must be supplied via CLI/env/secret inputs.
+
+Example TOML:
 
 ```toml
 [potatomesh]
@@ -86,6 +94,58 @@ state_file = "bridge_state.json"
 
 The `hs_token` is used to validate inbound appservice transactions. Keep it identical in `Config.toml` and your Matrix appservice registration file.
 
+### CLI Flags
+
+Run `potatomesh-matrix-bridge --help` for the full list. Common flags:
+
+* `--config PATH`
+* `--state-file PATH`
+* `--potatomesh-base-url URL`
+* `--potatomesh-poll-interval-secs SECS`
+* `--matrix-homeserver URL`
+* `--matrix-as-token TOKEN`
+* `--matrix-as-token-file PATH`
+* `--matrix-hs-token TOKEN`
+* `--matrix-hs-token-file PATH`
+* `--matrix-server-name NAME`
+* `--matrix-room-id ROOM`
+* `--container` / `--no-container`
+* `--secrets-dir PATH`
+
+### Environment Variables
+
+* `POTATOMESH_CONFIG`
+* `POTATOMESH_BASE_URL`
+* `POTATOMESH_POLL_INTERVAL_SECS`
+* `MATRIX_HOMESERVER`
+* `MATRIX_AS_TOKEN`
+* `MATRIX_AS_TOKEN_FILE`
+* `MATRIX_HS_TOKEN`
+* `MATRIX_HS_TOKEN_FILE`
+* `MATRIX_SERVER_NAME`
+* `MATRIX_ROOM_ID`
+* `STATE_FILE`
+* `POTATOMESH_CONTAINER`
+* `POTATOMESH_SECRETS_DIR`
+
+### Secret Files
+
+If you supply `*_FILE` values, the bridge reads the secret contents and trims whitespace. When running inside a container, the bridge also checks the default secrets directory (default: `/run/secrets`) for:
+
+* `matrix_as_token`
+* `matrix_hs_token`
+
+### Container Defaults
+
+Container detection checks `POTATOMESH_CONTAINER`, `CONTAINER`, and `/proc/1/cgroup`. When detected (or forced with `--container`), defaults shift to:
+
+* Config path: `/app/Config.toml`
+* State file: `/app/bridge_state.json`
+* Secrets dir: `/run/secrets`
+* Poll interval: 15 seconds (if not otherwise configured)
+
+Set `POTATOMESH_CONTAINER=0` or `--no-container` to opt out of container defaults.
+
 ### PotatoMesh API
 
 The bridge assumes:
@@ -186,7 +246,7 @@ Build the container from the repo root with the included `matrix/Dockerfile`:
 docker build -f matrix/Dockerfile -t potatomesh-matrix-bridge .
 ```
 
-Provide your config at `/app/Config.toml` and persist the bridge state file by mounting volumes. Minimal example:
+Provide your config at `/app/Config.toml` (or use CLI/env/secret overrides) and persist the bridge state file by mounting volumes. Minimal example:
 
 ```bash
 docker run --rm \
@@ -206,7 +266,7 @@ docker run --rm \
   potatomesh-matrix-bridge
 ```
 
-The image ships `Config.example.toml` for reference, but the bridge will exit if `/app/Config.toml` is not provided.
+The image ships `Config.example.toml` for reference. If `/app/Config.toml` is absent, set the required values via environment variables, CLI flags, or secrets instead.
 
 ---
 
@@ -244,7 +304,7 @@ Delete `bridge_state.json` if you want it to replay all currently available mess
 
 ## Development
 
-Run tests (currently mostly compile checks, no real tests yet):
+Run tests:
 
 ```bash
 cargo test

matrix/docker-entrypoint.sh

@@ -15,6 +15,13 @@
 
 set -e
 
+# Default to container-aware configuration paths unless explicitly overridden.
+: "${POTATOMESH_CONTAINER:=1}"
+: "${POTATOMESH_SECRETS_DIR:=/run/secrets}"
+
+export POTATOMESH_CONTAINER
+export POTATOMESH_SECRETS_DIR
+
 # Default state file path from Config.toml unless overridden.
 STATE_FILE="${STATE_FILE:-/app/bridge_state.json}"
 STATE_DIR="$(dirname "$STATE_FILE")"