add /var/lib/mautrix-whatsapp as working directory

it is also used for all files except the log file use the recommended service file from https://docs.mau.fi/bridges/go/whatsapp/setup/systemd.html
author: Lorenz Steinert 2021-05-24 17:08:00 +0200
committer: Lorenz Steinert 2021-05-24 17:08:00 +0200
commit: 30cfab8f241a62ab5073ecc94628cd6ec1d3f3e0 (patch)
tree: 8f535c7a55339ffb2c4d2f7fdce1dcebd2d0b3ed
parent: aee48a5916f31e0847a8e1135b5b8c4379e0a0af (diff)
download: aur-30cfab8f241a62ab5073ecc94628cd6ec1d3f3e0.tar.gz
5 files changed, 35 insertions, 10 deletions
diff --git a/.SRCINFO b/.SRCINFO
index cc3cf8246cb6..22924846288f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = mautrix-whatsapp
 	pkgdesc = A Matrix-WhatsApp puppeting bridge
 	pkgver = 0.1.6
-	pkgrel = 2
+	pkgrel = 3
 	url = https://github.com/tulir/mautrix-whatsapp
 	arch = any
 	license = AGPL
@@ -16,9 +16,9 @@ pkgbase = mautrix-whatsapp
 	source = mautrix-whatsapp.service
 	source = log-path.diff
 	sha256sums = 0d95fefffecde04facb3d9e90f36b313bb7e7e951c930758bcabd70aa77f9d13
-	sha256sums = 4b7c57d474305138504f3cc651efb33b8861952dc2a8340148531cdac1eae3d9
-	sha256sums = 0f4265ae93df6bb6e791cf698aacddc6b9eae833113225a6c477e5abd1261ff5
-	sha256sums = ed3c5f0ce46e217b21dc549c583a4055287c37f6d1a225aff34fd3599e9019f3
+	sha256sums = 409e8fb3e35de1bd1ceebefa0ac275ad62ec66680117648058bcc177ddd2f9a1
+	sha256sums = 38c236650de46cf60a550afff79635f777335812531a67f4094a73186295f53c
+	sha256sums = 34e8d00c613aa1eca0c4981060342191f27c533f96bcdd202657e5898751cd72
 	sha256sums = e27eea84a3df3380e26cfa485d383b19bb8b7cc8e0fd273e79df501b504160e4
 
 pkgname = mautrix-whatsapp
diff --git a/PKGBUILD b/PKGBUILD
index ebde3be3730e..2a610f743a10 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 
 pkgname=mautrix-whatsapp
 pkgver=0.1.6
-pkgrel=2
+pkgrel=3
 pkgdesc="A Matrix-WhatsApp puppeting bridge"
 arch=('any')
 license=('AGPL')
@@ -20,9 +20,9 @@ source=("${url}/archive/v${pkgver}.tar.gz"
         log-path.diff)
 backup=("etc/${pkgname}/mautrix-whatsapp.yaml")
 sha256sums=('0d95fefffecde04facb3d9e90f36b313bb7e7e951c930758bcabd70aa77f9d13'
-            '4b7c57d474305138504f3cc651efb33b8861952dc2a8340148531cdac1eae3d9'
-            '0f4265ae93df6bb6e791cf698aacddc6b9eae833113225a6c477e5abd1261ff5'
-            'ed3c5f0ce46e217b21dc549c583a4055287c37f6d1a225aff34fd3599e9019f3'
+            '409e8fb3e35de1bd1ceebefa0ac275ad62ec66680117648058bcc177ddd2f9a1'
+            '38c236650de46cf60a550afff79635f777335812531a67f4094a73186295f53c'
+            '34e8d00c613aa1eca0c4981060342191f27c533f96bcdd202657e5898751cd72'
             'e27eea84a3df3380e26cfa485d383b19bb8b7cc8e0fd273e79df501b504160e4')
 
 build() {
diff --git a/mautrix-whatsapp.service b/mautrix-whatsapp.service
index 19897f894cf4..df8870f91b69 100644
--- a/mautrix-whatsapp.service
+++ b/mautrix-whatsapp.service
@@ -4,10 +4,34 @@ After=network-online.target
 Requires=network-online.target
 
 [Service]
-Type=simple
+Type=exec
 User=mautrix-whatsapp
 Group=mautrix-whatsapp
+WorkingDirectory=/var/lib/mautrix-whatsapp
 ExecStart=/usr/bin/mautrix-whatsapp -c /etc/mautrix-whatsapp/mautrix-whatsapp.yaml
+Restart=on-failure
+RestartSec=30s
+
+ReadWritePaths=/var/lib/mautrix-whatsapp
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+LockPersonality=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectHostname=true
+ProtectKernelModules=true
+PrivateUsers=true
+ProtectClock=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target
diff --git a/mautrix-whatsapp.tmpfiles b/mautrix-whatsapp.tmpfiles
index a9e77453a0e1..867377be6020 100644
--- a/mautrix-whatsapp.tmpfiles
+++ b/mautrix-whatsapp.tmpfiles
@@ -1,3 +1,4 @@
 # Override this file with a modified version in /etc/tmpfiles.d/
 z /etc/mautrix-whatsapp/* 0640 root mautrix-whatsapp -
 d /var/log/mautrix-whatsapp 0700 mautrix-whatsapp mautrix-whatsapp
+d /var/lib/mautrix-whatsapp 0700 mautrix-whatsapp mautrix-whatsapp
diff --git a/sysusers-mautrix-whatsapp.conf b/sysusers-mautrix-whatsapp.conf
index a167240e0ea4..3a1d061f0cb6 100644
--- a/sysusers-mautrix-whatsapp.conf
+++ b/sysusers-mautrix-whatsapp.conf
@@ -1 +1 @@
-u mautrix-whatsapp - "Mautrix Whatsapp user"
+u mautrix-whatsapp - "Mautrix Whatsapp user" /var/lib/mautrix-whatsapp
author	Lorenz Steinert	2021-05-24 17:08:00 +0200
committer	Lorenz Steinert	2021-05-24 17:08:00 +0200
commit	30cfab8f241a62ab5073ecc94628cd6ec1d3f3e0 (patch)
tree	8f535c7a55339ffb2c4d2f7fdce1dcebd2d0b3ed
parent	aee48a5916f31e0847a8e1135b5b8c4379e0a0af (diff)
download	aur-30cfab8f241a62ab5073ecc94628cd6ec1d3f3e0.tar.gz