diff --git a/modules/services/server/matrix.nix b/modules/services/server/matrix.nix
index 3d49b28..223c5e3 100644
--- a/modules/services/server/matrix.nix
+++ b/modules/services/server/matrix.nix
@@ -75,9 +75,6 @@ in {
];
}
];
- app_service_config_files = [
- config.age.secrets."services/matrix/whatsapp-registration.yml".path
- ];
};
extraConfigFiles = [
config.age.secrets."services/matrix/synapse.yml".path
@@ -88,42 +85,7 @@ in {
matrix-synapse = {
requires = [ "postgresql.service" ];
};
- mautrix-whatsapp = {
- description = "Matrix <-> WhatsApp bridge";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" "matrix-synapse.service" ];
- requires = [ "postgresql.service" "matrix-synapse.service" ];
- script = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp -n --config ${config.age.secrets."services/matrix/mautrix-whatsapp.yml".path}";
- serviceConfig = {
- User = "mautrix-whatsapp";
- Group = "mautrix-whatsapp";
- Environment = "HOME=/var/lib/mautrix-whatsapp";
- ReadWritePaths="/var/log/mautrix-whatsapp";
- NoNewPrivileges=true;
- MemoryDenyWriteExecute=true;
- PrivateDevices=true;
- PrivateTmp=true;
- ProtectHome=true;
- ProtectSystem="strict";
- ProtectControlGroups=true;
- RestrictSUIDSGID=true;
- RestrictRealtime=true;
- LockPersonality=true;
- ProtectKernelLogs=true;
- ProtectKernelTunables=true;
- ProtectHostname=true;
- ProtectKernelModules=true;
- PrivateUsers=true;
- ProtectClock=true;
- SystemCallArchitectures="native";
- SystemCallErrorNumber="EPERM";
- SystemCallFilter="@system-service";
- };
- };
};
- systemd.tmpfiles.rules = [
- "d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp"
- ];
users = {
users = {
@@ -226,11 +188,7 @@ in {
};
appservice = {
hostname = "127.0.0.1";
- provisioning.enabled = false;
id = "signal";
- public = {
- enabled = false;
- };
};
database = {
type = "postgres";
@@ -245,37 +203,69 @@ in {
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
+ backfill = {
+ enabled = true;
+ };
bridge = {
- sync_channel_members = true;
- startup_sync = true;
- public_portals = true;
- double_puppet_server_map = {
- "kabtop.de" = "https://kabtop.de";
- };
- private_chat_portal_meta = "default";
- backfill = {
- disable_notifications = true;
- };
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
- loggers = {
- mau = {
- level = "WARN";
- };
- telethon = {
- level = "WARN";
- };
+ min-level = "warn";
+ writers = {
+ format = "pretty-colored";
+ type = "stdout";
+ };
+ };
+ };
+ };
+ mautrix-whatsapp = {
+ enable = true;
+ registerToSynapse = true;
+ environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path;
+ settings = {
+ homeserver = {
+ address = "http://localhost:8008";
+ domain = "kabtop.de";
+ };
+ appservice = {
+ hostname = "127.0.0.1";
+ id = "whatsapp";
+ };
+ database = {
+ type = "postgres";
+ uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE";
+ };
+ encryption = {
+ allow = true;
+ default = true;
+ verification_levels = {
+ receive = "cross-signed-untrusted";
+ send = "cross-signed-untrusted";
};
- root = {
- handlers = [
- "console"
- ];
- level = "WARN";
+ pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY";
+ };
+ network = {
+ history_sync = {
+ request_full_sync = true;
+ };
+ };
+ backfill = {
+ enabled = true;
+ };
+ bridge = {
+ permissions = {
+ "@kabbone:kabtop.de" = "admin";
};
};
+ logging = {
+ min-level = "warn";
+ writers = {
+ format = "pretty-colored";
+ type = "stdout";
+ };
+ };
};
};
};
@@ -288,7 +278,7 @@ in {
file = ../../../secrets/services/matrix/mautrix-telegram.age;
owner = "mautrix-telegram";
};
- age.secrets."services/matrix/mautrix-whatsapp.yml" = {
+ age.secrets."services/matrix/mautrix-whatsapp.env" = {
file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp";
};
@@ -296,9 +286,4 @@ in {
file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal";
};
- age.secrets."services/matrix/whatsapp-registration.yml" = {
- file = ../../../secrets/services/matrix/whatsapp-registration.age;
- owner = "matrix-synapse";
- };
-
}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 36d51bf..1ba880c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -69,7 +69,7 @@ in
"services/matrix/synapse.age".publicKeys = servers ++ users;
"services/matrix/mautrix-telegram.age".publicKeys = servers ++ users;
"services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users;
- "services/matrix/whatsapp-registration.age".publicKeys = servers ++ users;
+ "services/matrix/mautrix-whatsapp.old.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
diff --git a/secrets/services/matrix/mautrix-whatsapp.age b/secrets/services/matrix/mautrix-whatsapp.age
index 695c1a3..8cd256f 100644
Binary files a/secrets/services/matrix/mautrix-whatsapp.age and b/secrets/services/matrix/mautrix-whatsapp.age differ
diff --git a/secrets/services/matrix/mautrix-whatsapp.old.age b/secrets/services/matrix/mautrix-whatsapp.old.age
new file mode 100644
index 0000000..695c1a3
Binary files /dev/null and b/secrets/services/matrix/mautrix-whatsapp.old.age differ