feat: enable double puppet for signal

2025-12-10 15:19:05 +01:00 · 2025-12-10 15:19:05 +01:00 · 3932fd5c77
commit 3932fd5c77
parent 3be3235467
4 changed files with 32 additions and 0 deletions
--- a/hosts/hitsugibune/matrix.nix
+++ b/hosts/hitsugibune/matrix.nix
@ -38,6 +38,12 @@ in {
    owner = "mautrix-signal";
    group = "mautrix-signal";
  };
+  age.secrets.mautrix-signal-puppeting = {
+    file = ../../secrets/mautrix-signal-puppeting.yaml.age; # your encrypted YAML
+    owner = "mautrix-signal";
+    group = "mautrix-signal";
+    mode = "0640";
+  };

  age.secrets.mautrix-whatsapp = {
    file = ../../secrets/mautrix-whatsapp.age;
@ -204,6 +210,9 @@ in {
        ];
      }
    ];
+    settings.app_service_config_files = [
+      "/var/lib/mautrix-signal/double-puppeting.yaml"
+    ];

    extraConfigFiles = [config.age.secrets.matrix.path];
    settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"];
@ -253,6 +262,9 @@ in {

      double_puppet = {
        allow_discovery = false;
+        secrets = {
+          "sprechtl.me" = "as_token:$DOUBLE_PUPPET_SECRET";
+        };
      };

      provisioning = {
@ -261,6 +273,25 @@ in {
    };
  };

+  # Ensure directory
+  systemd.tmpfiles.settings."10-mautrix-signal" = {
+    "/var/lib/mautrix-signal".d = {
+      user = "mautrix-signal";
+      group = "mautrix-signal";
+      mode = "0750";
+    };
+  };
+
+  # Insert file for double puppeting
+  systemd.tmpfiles.settings."20-mautrix-signal-puppeting-yaml" = {
+    "/var/lib/mautrix-signal/double-puppeting.yaml".L = {
+      argument = config.age.secrets.mautrix-signal-puppeting.path;
+      user = "mautrix-signal";
+      group = "mautrix-signal";
+      mode = "0640";
+    };
+  };
+
  services.mautrix-whatsapp = {
    enable = true;
    environmentFile = config.age.secrets.mautrix-whatsapp.path;