commit 4fe23c3d102f24a46438f7801ec9487c78091d24
parent 54a18c978d7723dadbd0158bf7ba410efb0f867b
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 00:18:21 +0100
parent 54a18c978d7723dadbd0158bf7ba410efb0f867b
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 00:18:21 +0100
configurations/nixos/services/mautrix-whatsapp: update config, enable double-puppeting
4 files changed, 78 insertions(+), 36 deletions(-)
M
|
81
++++++++++++++++++++++++++++++++++++++++++++-----------------------------------
diff --git a/configurations/nixos/services/matrix-synapse.nix b/configurations/nixos/services/matrix-synapse.nix @@ -10,6 +10,10 @@ file = secrets."${config.networking.hostName}".matrixSynapse.registrationSharedSecret; owner = "matrix-synapse"; }; + "mautrixAppServiceRegistration.yaml" = { + file = secrets."${config.networking.hostName}".matrixSynapse.mautrixAppServiceRegistration; + owner = "matrix-synapse"; + }; }; restic-backups.matrix-synapse = { @@ -43,6 +47,7 @@ public_baseurl = "https://matrix.ctu.cx/"; max_upload_size = "100M"; dynamic_thumbnails = true; + app_service_config_files = [ config.age.secrets."mautrixAppServiceRegistration.yaml".path ]; enable_registration = false; enable_registration_without_verification = false; registration_shared_secret_file = config.age.secrets.matrixRegistrationSharedSecret.path;
diff --git a/configurations/nixos/services/mautrix-whatsapp.nix b/configurations/nixos/services/mautrix-whatsapp.nix @@ -1,64 +1,73 @@ -{ config, pkgs, ... }: +{ secrets, config, pkgs, lib, ... }: { + age.secrets.mautrixWhatsAppEnv.file = secrets."${config.networking.hostName}".matrixSynapse.mautrixWhatsAppEnv; + users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ]; nixpkgs.overlays = [ (final: prev: { mautrix-whatsapp = prev.mautrix-whatsapp.override { withGoolm = true; }; })]; - services = { - mautrix-whatsapp.enable = true; - mautrix-whatsapp.settings = { + + # disable PreStart script, because it seems to break double-puppeting setings currently + # note: this disables the usage of the specified settings in nix! + systemd.services.mautrix-whatsapp.serviceConfig.ExecStartPre = lib.mkForce ""; + + services.mautrix-whatsapp = { + enable = true; + environmentFile = config.age.secrets.mautrixWhatsAppEnv.path; + settings = { + network.displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)"; + network.os_name = "Mautrix-WhatsApp bridge (ctu.cx)"; + network.identity_change_notices = true; + network.url_previews = true; + network.history_sync = { + request_full_sync = true; + full_sync_config.days_limit = 365; + full_sync_config.size_mb_limit = 1024; + full_sync_config.storage_quota_mb = 1024; + }; + homeserver.address = "https://matrix.ctu.cx"; homeserver.domain = "ctu.cx"; - metrics.enabled = true; + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; + + backfill.enabled = true; + backfill.max_initial_messages = 100; - whatsapp.os_name = "Mautrix-WhatsApp bridge (ctu.cx)"; + double_puppet.secrets."ctu.cx" = "as_token:$MAUTRIX_WHATSAPP_BRIDGE_DP_LOGIN_SHARED_SECRET"; appservice = { - address = "http://localhost:29318"; hostname = "[::1]"; - port = 29318; - - id = "whatsapp"; - - database.type = "sqlite3-fk-wal"; - database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; + port = 29318; + id = "whatsapp"; }; bridge = { - command_prefix = "!wa"; - displayname_template = "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)"; - username_template = "whatsapp_{{.}}"; - - delivery_receipts = true; - message_status_events = true; - message_error_notices = true; - call_start_notices = true; - identity_change_notices = true; - user_avatar_sync = true; personal_filtering_spaces = true; - encryption.allow = true; - - permissions = { - "ctu.cx" = "user"; - }; - - history_sync = { - backfill = true; - message_count = 250; - request_full_sync = true; - }; + permissions."ctu.cx" = "admin"; - relay = { + cleanup_on_logout = { enabled = true; + manual = { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + }; + bad_credentials = { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + }; }; }; - }; };
diff --git a/secrets/hector/matrixSynapse/mautrixAppServiceRegistration.age b/secrets/hector/matrixSynapse/mautrixAppServiceRegistration.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWGREYXR6OGludzRZU1Qr +TE45NThEWUp4OHpSVVhCWVk2Vk5kWjJwTngwCkFrRmxFTElxNlY5L0ZWWm9ncURL +T3dIc1BIblIrWExEQkhha29PVVc1cEkKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIC9E +aFNkdUVlbkEyWmJoRktTWXpMN2JsQnB6RjJtYUdZR3hmNmpvUVc3Z28KRUdpUFR6 +OEhJdVQrZnRnWVhCajRKOEY4cFNTc1BDblRYZ0tUUld5bVA1dwotPiBwWUx+dkAt +Z3JlYXNlICkKUVNONVVEbmxBTmZiK3MzUlZYcnhUbzNKdyt6OUo0MkRCQ1AzRVpY +WUJzVU01MVF3K1Vza29saElONUdPUGhCbAp2dXhBWWcKLS0tIGhVd2tCMElMUjNT +RFJYeUp1aW9vUmRzUHc2dEtMY0lxemdUYmxLZEtHL2sKtLjj8C7vsyCtX0nfcwRc +caZGctwVibbzAwcuIqYC9TNfZCJjEz9vKK8yJ7bZAburWapfMJAbxLpv+Gwyyk9l +r1z+rSnl59PhJtYxzNk37w9lWDSZ6yMwPpZGaeugyequU1PoVRtLoDjaix7DwV0A +m5M1VcdTH5rvzJm3xIbMydMrAMI2YMEXj6tg5obCot7lVmzxDKB7X8S1NR45zdwp +Z3/xD/41+AT83uvtifp++dmgxsIE3sqxKUMH41pvBekwhrGxtlw7+Z8t5UIYLpqx +W/EU+luDSKaWqAvtVw9ANRCO/5Ae5euxuOfbztFKg1jmJ1cWCP7rerPfRzHhB4+l +06W5EMBXICWdUwdTq3e0 +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/matrixSynapse/mautrixWhatsAppEnv.age b/secrets/hector/matrixSynapse/mautrixWhatsAppEnv.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMU5oeGVHakMyQ1dxSkh3 +anRpdTk0eENYN2xtOVI1azVFcDVKQzlTclNnCnVyd3hkVVM2TkVVdHo2b0p5S2Zz +K2lDUUpLZi9ITTZoUGZvc0xiQXc0TEEKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIDl3 +OEd0azBTNkJWSks1ZXdLcjFsMkJxVi83d2FKOXRpTEdyTURtN2JZSDQKd1E0VDc2 +Q2lmcE5qL29TemVIT2pGSmIvV0ZPTFdUN0JScko0ZFU2TFptbwotPiBxUS1ncmVh +c2UgYk02LGYgXDpeY0BcIEYyfCBSMDxANWZ9CnBjM09Jek5SRklDUTFzemVlUmht +U0VLTTZSNAotLS0gTGhvVXcxU2dZeFFpYm9VcTQ1SG5CL2JZejY2eVFPQXl0TnFQ +eHk0TWUvSQqKUTaRxw/OE+xqBzHS1TYY8PNkjqbFVUiLTrX1xlwcAK1WBiYHgpsz +poBsv61cBH94yMhUSi/C+bUMWfrnt+XKWnbeuZh9mYTKDm+jrPWZGpLFEigIgkkq +mLZezWp7wWGOwx8WgVqpgDSJTnNyqYC2 +-----END AGE ENCRYPTED FILE-----