From 18dab0ab949647f7f3bd0e4b1002ef2c279294b7 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 16 Oct 2022 15:52:08 +0200
Subject: [PATCH] renge/mautrix-signal: Allow file transfer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mautrix-whatsapp places a file in /tmp/ for file transfers. However,
signald is running with PrivateTemp=true. This uses systemd’s feature
that allows a unit to share a namespace with another one and places
mautrix-signal in the same namespace as signald, so they share their
private tmp directory.
---
 machines/renge/services/matrix/mautrix-signal.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/machines/renge/services/matrix/mautrix-signal.nix b/machines/renge/services/matrix/mautrix-signal.nix
index c3f56fc..ee707ce 100644
--- a/machines/renge/services/matrix/mautrix-signal.nix
+++ b/machines/renge/services/matrix/mautrix-signal.nix
@@ -85,12 +85,17 @@ in
 
     serviceConfig = {
       DynamicUser = true;
+      PrivateTmp = true;
       SupplementaryGroups = [ "signald" ];
       StateDirectory = "mautrix-signal";
       WorkingDirectory = "/var/lib/mautrix-signal";
       ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal -c ${generatedConfig}/config.yaml";
       Restart = "on-failure";
     };
+
+    unitConfig = {
+      JoinsNamespaceOf = "signald.service";
+    };
   };
 
   services.matrix-synapse.settings.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";