1 files changed, 32 insertions, 1 deletions

diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge.nix
index 04f51be..2a96e01 100644
--- a/modules/services/matrix-bridge.nix
+++ b/modules/services/matrix-bridge.nix
@@ -18,6 +18,22 @@ in
   };
 
   config = mkIf cfg.enable {
+    sops.secrets.double-puppet-as-token = { };
+    sops.secrets.double-puppet-hs-token = { };
+
+    sops.templates."double-puppet-registration.yaml".content = ''
+      id: doublepuppet
+      url:
+      as_token: ${config.sops.placeholder.double-puppet-as-token}
+      hs_token: ${config.sops.placeholder.double-puppet-hs-token}
+      sender_localpart: 55e126746dad19e50d9c4e646b6f5ac9ba21b346a24b840330cd8d8a1d65ce80
+      rate_limited: false
+      namespaces:
+        users:
+          - regex: '@.*:exotic\.sh'
+            exclusive: false
+    '';
+
     services.mautrix-telegram = {
       enable = true;
 
@@ -56,6 +72,10 @@ in
             require = true;
             allow_key_sharing = true;
           };
+          # NOTE: python bridge - managed via env variable
+          # login_shared_secret_map = {
+          #   "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN";
+          # };
           permissions = {
             "@sef:exotic.sh" = "admin";
             "exotic.sh" = "full";
@@ -112,6 +132,10 @@ in
             require = true;
             allow_key_sharing = true;
           };
+          # NOTE: python bridge - managed via env variable
+          # login_shared_secret_map = {
+          #   "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN";
+          # };
           permissions = {
             "@sef:exotic.sh" = "admin";
             "exotic.sh" = "full";
@@ -155,7 +179,9 @@ in
           };
           send_presence_on_typing = true;
           double_puppet_server_map = { };
-          login_shared_secret_map = { };
+          login_shared_secret_map = {
+            "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN";
+          };
           private_chat_portal_meta = true;
           mute_bridging = true;
           pinned_tag = "m.favourite";
@@ -213,6 +239,9 @@ in
             require = true;
             allow_key_sharing = true;
           };
+          login_shared_secret_map = {
+            "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN";
+          };
           permissions = {
             "@sef:exotic.sh" = "admin";
             "exotic.sh" = "full";
@@ -256,6 +285,7 @@ in
       "mautrix-signal:/var/lib/mautrix-signal/signal-registration.yaml"
       "mautrix-whatsapp:/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
       "mautrix-discord:/var/lib/mautrix-discord/discord-registration.yaml"
+      "double-puppet:${config.sops.templates."double-puppet-registration.yaml".path}"
     ];
 
     services.matrix-synapse.settings.app_service_config_files = [
@@ -263,6 +293,7 @@ in
       "/run/credentials/matrix-synapse.service/mautrix-signal"
       "/run/credentials/matrix-synapse.service/mautrix-whatsapp"
       "/run/credentials/matrix-synapse.service/mautrix-discord"
+      "/run/credentials/matrix-synapse.service/double-puppet"
     ];
   };
 }