From fe4b6936d41f7f6fa106efc010119442cf8631a7 Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L de Mello" <contact@guz.one>
Date: Tue, 31 Mar 2026 16:18:08 -0300
Subject: [PATCH] feat(capytal,chat): instagram matrix bridge

---
 capytal/chat.nix | 137 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 133 insertions(+), 4 deletions(-)

diff --git a/capytal/chat.nix b/capytal/chat.nix
index b9d5f10..3c5decc 100644
--- a/capytal/chat.nix
+++ b/capytal/chat.nix
@@ -58,7 +58,7 @@
         };
         id = "discord";
         bot = {
-          username = "discordbot";
+          username = "discord";
           displayname = "Discord bridge bot";
           avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
         };
@@ -71,16 +71,121 @@
           "${continuwuity.server_name}" = "user";
           "${continuwuity.well_known.support_mxid}" = "admin";
         };
+        backfill = {
+          forward_limits.initial.dm = 50;
+          forward_limits.initial.channel = 50;
+          forward_limits.initial.thread = 50;
+
+          forward_limits.missed.dm = -1;
+          forward_limits.missed.channel = 1000;
+          forward_limits.missed.thread = 1000;
+        };
+        start_private_channel_create_limit = 10;
+        double_puppet_server_map = {
+          ${continuwuity.server_name} = continuwuity.server_name;
+        };
+        login_shared_secret_map = {
+          ${continuwuity.server_name} = "$MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET";
+        };
+        # direct_media = {
+        #   enable = false;
+        #   server_name = "discord-matrix.capytal.cc";
+        # };
+        encryption = {
+          allow = true;
+          default = true;
+
+          allow_key_sharing = true;
+
+          delete_keys = {
+            # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security
+            delete_outbound_on_ack = false;
+            dont_store_outbound = true;
+            ratchet_on_decrypt = true;
+            delete_fully_used_on_decrypt = true;
+            delete_prev_on_new_session = true;
+            delete_on_device_delete = true;
+            periodically_delete_expired = true;
+            delete_outdated_inbound = true;
+          };
+        };
       };
     };
+    environmentFile = config.sops.secrets."mautrix_discord/env_file".path;
   };
 
-  services.mautrix-whatsapp = let
-    # cfg = config.services.mautrix-whatsapp;
+  services.mautrix-meta.instances."default" = let
     continuwuity = config.services.matrix-continuwuity.settings.global;
   in {
     enable = true;
     settings = {
+      network = {
+        max_initial_conversations = 10;
+        mode = "instagram";
+      };
+      homeserver = {
+        address = "http://localhost:${toString
+          (builtins.elemAt continuwuity.port 0)}";
+        domain = continuwuity.server_name;
+      };
+      appservice = rec {
+        address = "http://localhost:${toString port}";
+        hostname = "0.0.0.0";
+        port = 9404;
+
+        as_token = "$MAUTRIX_META_APPSERVICE_AS_TOKEN";
+        hs_token = "$MAUTRIX_META_APPSERVICE_HS_TOKEN";
+
+        id = "meta";
+        bot = {
+          username = "meta";
+          displayname = "Meta bridge bot";
+        };
+      };
+      bridge = {
+        permissions = {
+          "*" = "relay";
+          "${continuwuity.server_name}" = "user";
+          "${continuwuity.well_known.support_mxid}" = "admin";
+        };
+      };
+      backfill.enabled = true;
+      database = {
+        type = "sqlite3-fk-wal";
+        uri = "file:/var/lib/${config.services.mautrix-meta.instances."default".dataDir}/mautrix-meta.db?_txlock=immediate";
+      };
+      encryption = {
+        allow = true;
+        default = true;
+
+        allow_key_sharing = true;
+
+        pickle_key = "$ENCRYPTION_PICKLE_KEY";
+
+        delete_keys = {
+          # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security
+          delete_outbound_on_ack = false;
+          dont_store_outbound = true;
+          ratchet_on_decrypt = true;
+          delete_fully_used_on_decrypt = true;
+          delete_prev_on_new_session = true;
+          delete_on_device_delete = true;
+          periodically_delete_expired = true;
+          delete_outdated_inbound = true;
+        };
+      };
+    };
+    environmentFile = config.sops.secrets."mautrix_meta/env_file".path;
+  };
+
+  services.mautrix-whatsapp = let
+    continuwuity = config.services.matrix-continuwuity.settings.global;
+  in {
+    enable = true;
+    settings = {
+      network = {
+        max_initial_conversations = 10;
+      };
       homeserver = {
         address = "http://localhost:${toString
           (builtins.elemAt continuwuity.port 0)}";
@@ -93,7 +198,7 @@
 
         id = "whatsapp";
         bot = {
-          username = "whatsappbot";
+          username = "whatsapp";
           displayname = "WhatsApp bridge bot";
         };
       };
@@ -105,11 +210,35 @@
         };
       };
 
+      backfill.enabled = true;
+
       database = {
         type = "sqlite3-fk-wal";
         uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate";
       };
+
+      encryption = {
+        allow = true;
+        default = true;
+
+        allow_key_sharing = true;
+
+        pickle_key = "$ENCRYPTION_PICKLE_KEY";
+
+        delete_keys = {
+          # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security
+          delete_outbound_on_ack = false;
+          dont_store_outbound = true;
+          ratchet_on_decrypt = true;
+          delete_fully_used_on_decrypt = true;
+          delete_prev_on_new_session = true;
+          delete_on_device_delete = true;
+          periodically_delete_expired = true;
+          delete_outdated_inbound = true;
+        };
+      };
     };
+    environmentFile = config.sops.secrets."mautrix_whatsapp/env_file".path;
   };
 
   services.caddy.virtualHosts = {