From e932745cb865454a3c97c846a35f8ec02d73c61d Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 3 Sep 2023 22:22:19 +0200 Subject: [PATCH 1/5] nixos/mautrix-whatsapp: fix docbook description Until NixOS 23.11 is release all options must be marked as migrated from docbook to markdown. --- nixos/modules/services/matrix/mautrix-whatsapp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixos/modules/services/matrix/mautrix-whatsapp.nix index 80c85980196..b4d49f6e425 100644 --- a/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -14,7 +14,7 @@ in { imports = []; options.services.mautrix-whatsapp = { - enable = lib.mkEnableOption "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp."; + enable = lib.mkEnableOption (lib.mdDoc "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp."); settings = lib.mkOption { type = settingsFormat.type; From 9e0457115e7eb3f106b9ea60ab3ca92daed5b03f Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 3 Sep 2023 23:02:18 +0200 Subject: [PATCH 2/5] nixos/mautrix-whatsapp: use static user and group The DynamicUser mechanism does not allow share the bridge registration.yaml file with matrix-synapse in any easy way: 1. the mautrix-whatsapp group under which the service runs is not in /etc/group, so you can't add matrix-synapse to this. This makes the group read bit on the file useless as the group is effectively always empty. 2. It's not possible to use ACLs or copy the file during preStart or postStart because the commands are executed with low priviledges. By using a normal (static) user/group the secret can be shared with synapse as follows: services.matrix_synapse.settings.app_service_config_files = [ "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" ]; users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ]; --- .../modules/services/matrix/mautrix-whatsapp.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixos/modules/services/matrix/mautrix-whatsapp.nix index b4d49f6e425..4f776bf0364 100644 --- a/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -117,6 +117,16 @@ in { }; config = lib.mkIf cfg.enable { + + users.users.mautrix-whatsapp = { + isSystemUser = true; + group = "mautrix-whatsapp"; + home = dataDir; + description = "Mautrix-WhatsApp bridge user"; + }; + + users.groups.mautrix-whatsapp = {}; + services.mautrix-whatsapp.settings = { homeserver.domain = lib.mkDefault config.services.matrix-synapse.settings.server_name; }; @@ -158,10 +168,11 @@ in { ''; serviceConfig = { - DynamicUser = true; + User = "mautrix-whatsapp"; + Group = "mautrix-whatsapp"; EnvironmentFile = cfg.environmentFile; StateDirectory = baseNameOf dataDir; - WorkingDirectory = "${dataDir}"; + WorkingDirectory = dataDir; ExecStart = '' ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \ --config='${settingsFile}' \ From 035f90512492114e001f54438a47614d69da23e0 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 4 Sep 2023 00:44:57 +0200 Subject: [PATCH 3/5] nixos/mautrix-whatsapp: fix merging of default settings This implements proper merging of user-provided values and default values for the settings option. Without this, the user must provide a complete configuration file, as changing a single setting replaces the entire JSON value, rendering the default values completely useless. In fact, the bridge won't even start using the default settings. --- .../services/matrix/mautrix-whatsapp.nix | 88 +++++++++---------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixos/modules/services/matrix/mautrix-whatsapp.nix index 4f776bf0364..78d0b616d99 100644 --- a/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -11,53 +11,51 @@ settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings; settingsFormat = pkgs.formats.json {}; appservicePort = 29318; + + mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); + defaultConfig = { + appservice = { + hostname = "[::]"; + port = appservicePort; + database.type = "sqlite3"; + database.uri = "${dataDir}/mautrix-whatsapp.db"; + id = "whatsapp"; + bot.username = "whatsappbot"; + bot.displayname = "WhatsApp Bridge Bot"; + as_token = ""; + hs_token = ""; + }; + bridge = { + username_template = "whatsapp_{{.}}"; + displayname_template = "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)"; + double_puppet_server_map = {}; + login_shared_secret_map = {}; + command_prefix = "!wa"; + permissions."*" = "relay"; + relay.enabled = true; + }; + logging = { + min_level = "info"; + writers = [ + { + type = "stdout"; + format = "pretty-colored"; + } + { + type = "file"; + format = "json"; + } + ]; + }; + }; + in { - imports = []; options.services.mautrix-whatsapp = { enable = lib.mkEnableOption (lib.mdDoc "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp."); settings = lib.mkOption { type = settingsFormat.type; - default = { - appservice = { - address = "http://localhost:${toString appservicePort}"; - hostname = "[::]"; - port = appservicePort; - database = { - type = "sqlite3"; - uri = "${dataDir}/mautrix-whatsapp.db"; - }; - id = "whatsapp"; - bot = { - username = "whatsappbot"; - displayname = "WhatsApp Bridge Bot"; - }; - as_token = ""; - hs_token = ""; - }; - bridge = { - username_template = "whatsapp_{{.}}"; - displayname_template = "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)"; - double_puppet_server_map = {}; - login_shared_secret_map = {}; - command_prefix = "!wa"; - permissions."*" = "relay"; - relay.enabled = true; - }; - logging = { - min_level = "info"; - writers = [ - { - type = "stdout"; - format = "pretty-colored"; - } - { - type = "file"; - format = "json"; - } - ]; - }; - }; + default = defaultConfig; description = lib.mdDoc '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in @@ -127,9 +125,11 @@ in { users.groups.mautrix-whatsapp = {}; - services.mautrix-whatsapp.settings = { - homeserver.domain = lib.mkDefault config.services.matrix-synapse.settings.server_name; - }; + services.mautrix-whatsapp.settings = lib.mkMerge (map mkDefaults [ + defaultConfig + # Note: this is defined here to avoid the docs depending on `config` + { homeserver.domain = config.services.matrix-synapse.settings.server_name; } + ]); systemd.services.mautrix-whatsapp = { description = "Mautrix-WhatsApp Service - A WhatsApp bridge for Matrix"; From 5fc70937a127092c48645d6f5061c0be9d45c69a Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 4 Sep 2023 00:50:17 +0200 Subject: [PATCH 4/5] nixos/mautrix-whatsapp: set default homeserver address Without one the bridge won't start. Note: localhost:8448 is the default listening address of matrix-synapse. --- nixos/modules/services/matrix/mautrix-whatsapp.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixos/modules/services/matrix/mautrix-whatsapp.nix index 78d0b616d99..7e568733b7b 100644 --- a/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -14,6 +14,7 @@ mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); defaultConfig = { + homeserver.address = "http://localhost:8448"; appservice = { hostname = "[::]"; port = appservicePort; From 4fb8212162e1e90489412ab2ddabe6fcfdcce341 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 4 Sep 2023 00:51:24 +0200 Subject: [PATCH 5/5] nixos/mautrix-whatsapp: log to the journal only Logging outside the journal requires to manually clean/rotate the logs and is quite surprising behavior: it should not be the default. --- .../modules/services/matrix/mautrix-whatsapp.nix | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixos/modules/services/matrix/mautrix-whatsapp.nix index 7e568733b7b..c4dc4821349 100644 --- a/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -37,16 +37,11 @@ }; logging = { min_level = "info"; - writers = [ - { - type = "stdout"; - format = "pretty-colored"; - } - { - type = "file"; - format = "json"; - } - ]; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; }; };