From 9a0ad049ad27d41e13a43282a196b657371fe280 Mon Sep 17 00:00:00 2001
From: s-prechtl <stefan@tague.at>
Date: Wed, 16 Jul 2025 21:13:25 +0200
Subject: [PATCH] feat: double puppeting

---
 hosts/hitsugibune/matrix.nix |  31 ++++++++++++++++++++++++++-----
 secrets/mautrix-signal.age   | Bin 0 -> 844 bytes
 secrets/secrets.nix          |   1 +
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 secrets/mautrix-signal.age

diff --git a/hosts/hitsugibune/matrix.nix b/hosts/hitsugibune/matrix.nix
index 982bc8b..b719913 100644
--- a/hosts/hitsugibune/matrix.nix
+++ b/hosts/hitsugibune/matrix.nix
@@ -17,6 +17,12 @@ in {
     group = "matrix-synapse";
   };
 
+  age.secrets.mautrix-signal = {
+    file = ../../secrets/mautrix-signal.age;
+    owner = "mautrix-signal";
+    group = "mautrix-signal";
+  };
+
   age.secrets.coturn = {
     file = ../../secrets/coturn.age;
     owner = "turnserver";
@@ -185,6 +191,7 @@ in {
   ];
   services.mautrix-signal = {
     enable = true;
+    environmentFile = config.age.secrets.mautrix-signal.path;
     settings = {
       homeserver = {
         address = "http://localhost:8008";
@@ -211,11 +218,25 @@ in {
         type = "sqlite3-fk-wal";
       };
 
-      # encryption = {
-      #   allow = true;
-      #   default = true;
-      #   pickle_key = "$ENCRYPTION_PICKLE_KEY";
-      # };
+      encryption = {
+        allow = true;
+        default = true;
+        required = false;
+      };
+
+      double_puppet = {
+        allow_discovery = false;
+        servers = {
+          "sprechtl.me" = "https://matrix.sprechtl.me"; # Your homeserver
+        };
+        secrets = {
+          "sprechtl.me" = "$DOUBLE_PUPPET_SECRET_SERVER"; # Use the AS token from your registration file
+        };
+
+      network = {
+            # INFO: If I ever decide to run this for multiple people this option isnt safe -> change to false
+            use_contact_avatars = true;
+      };
     };
   };
 }
diff --git a/secrets/mautrix-signal.age b/secrets/mautrix-signal.age
new file mode 100644
index 0000000000000000000000000000000000000000..fbb826508b712ffbacb7982fbd98d5e5b33f4186
GIT binary patch
literal 844
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP5AezMN>|9QDk}92
z3-`$Ja1AdmOO6cmb8$8bO7tkI^s91ncFy%HsEP{kxA69<Naym6D$n;x3eNS)w=^!y
zvdHxe@V3Y=32=1EGRv)SaxTv(vUKyZD2)s%vVhrERGg^blkR5h8pu`VROI2~<8KjG
z<YN%wS(sE*<{pshl$xB8=98T58JJ~I9u=Mvk(v>lQIek(9FnaaYT;Fo?i-lpZBSC^
zn-|0tteqTI5M1J4W$x#pUl?8(6qQ>N?&RU)>J#9fs2>?+;O3Q9QRE$x=j)glQfL|(
zT4-Tx;v4E0=p5yi<(wA9RaR*bV&Pa4<(gQPAK{#v9-f$5rC$;08<CTgW#I1WVxe7D
z7@C~vm8~C<7hY138xbB55K`uz6A_Z_SfE|v$>kOqRj8dBkP+nR736K|?pT&?o)?<s
zksa<477<crnw95SQkWH-TAGz+UYhJz5l|i&Qex_#W|3x4teqQ>n#7e-VOj2JP+{N}
zR#IXZ<*IF(oNk!plAah|9B%4vQR(kuR9<eFpPH2AXk6@?VUq6eVd_}wr(Kj291yB+
zS(?P<YU-2h>FBKO>1-Ajr0?gF>S7k`6p?CHWMZCF7;K!L<C&jR>|7d=ULNQil2=(=
zR27nz<635H;uaER>Qh$8Wfq>DYhYv)7?qW891@Zdl4f97WLRoc8Bq~b9OYw{R~T4i
z<`wFkVv*&Zq@U^L5$cp@7L=FlUX<k>k!qUi%T=CY;2Kd-tnC(Q;iR8oU}99@6kb-4
zUy)T&VObVlTBdChVdk0To*0^#U*#U+la=CclAN2KV_vSGmR6we;mO6NtE;O}>Km1j
zmQh;ZRA^dgSy|{^>}XV3lu{C8=9gEQ5fxNf<xyH}<YSs?nQXxIS<G79_|#O%xK)w6
zXL6jr{#M6pV;_@_(&xkJr#=?%b~$2y%)RWR_vUpE7`k7Wy_NVSxNpVPjui~7esT63
zht<_Sadc()xGFE6do_IV8Mc(8noT>-s@?pys;uuuoL13Vp^mv1i_Dy_S(K+gbq%x+
Tm?F@>q;{uXiW%Q=n=caq7ThX!

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e6839b0..c26c18b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,5 +7,6 @@ in {
   "onlyoffice.age".publicKeys = [hitsugibune key];
   "speedtest-tracker.age".publicKeys = [saberofxebec key];
   "matrix.age".publicKeys = [hitsugibune key];
+  "mautrix-signal.age".publicKeys = [hitsugibune key];
   "coturn.age".publicKeys = [hitsugibune key];
 }