Skip to content

Commit

Permalink
Systemd service to validate WhatsApp backups
Browse files Browse the repository at this point in the history 
thanks! KnugiHK/WhatsApp-Chat-Exporter#130
  • Loading branch information
@ritiek
ritiek committed Mar 1, 2025
1 parent 2c04a75 commit 08e3007
Show file tree
Hide file tree
Showing 5 changed files with 173 additions and 28 deletions.
29 changes: 14 additions & 15 deletions machines/mishy/home/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
nix.conf: ENC[AES256_GCM,data:vY3gCPB9+1Odvd4o3vSD5yIXNOfVC4JjrByPZOxd61CEC+iqawERuI34xC9Dhsp/5Oxu3nTKnEyN/Q43Ma+ZY8WLrww=,iv:/MS427L66PSLuHBOTTGAVgdXh7SAaEtmeAPWJ/SqyAM=,tag:wRNG8zn41gmdF4kBYp0POg==,type:str]
nix.conf: ENC[AES256_GCM,data:0LxNfy/bFVdVZbhGZEL92eDnyBb3XupHQI9V77puHz/3WxFP0EDwCZfrageBinAVXJH+Eg7rTNW7To5zqcjr9BKczXE=,iv:/MS427L66PSLuHBOTTGAVgdXh7SAaEtmeAPWJ/SqyAM=,tag:U5RJ2SROKS1A4btuyMlLjg==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -8,26 +8,25 @@ sops:
- recipient: age1ev6fc54zqnsw3fp6c3ue6uzakkk88a2x6ywn9ngelvus4dde29espr2y7a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTktjQUtyY09rMlUxL2tm
RHpCNGRJTW1kakwweXBIZys3VXREZGc3bWpJCmt0aTF2KzhLdXZ0QnFMd2M2M2lp
VzdtZlJxVTJJcUtRT0VyVG5vN3NUbWMKLS0tIE1haTFDendENTdsYjFRZm5wck9l
cC9PYUdsaVhMd2FjV1pZdzZ4Wlk0cTQK2zLdnGlt/5p8k3E8kkT+lH4V3GRwjPB/
Sa5ByQlm2TaZD2nCw20D8eYczC9NklGliP/YXpVEDTNOK06/1icavw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTExIUVd0YzR6TjlrZ2lJ
WnNYYWRlRWJGSVR0QVpQWjhGTGhlV0Z3WVhnCjU4b0FQV1FjOVV6YnFxb2xSZTRI
Rjg1RXh2TUVtUm8rNjdjeXdJVUxzdjgKLS0tIENFUkhFSGo3YWNLVVVpUHFSUC90
Sm9yTFo1RDFWYzk5WmNodTh2dG5hLzQKKAt5rxDa9LYJcc66TMi0QYYa7Gb1/63b
2nww3l8DNu1j5EHB4CE5etUt2N2SWHCdgTdyyeS5t8QFm/Abiv51sg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-22T04:07:39Z"
mac: ENC[AES256_GCM,data:JKJpk1TNT2+xQxbq5w7ajFY9ByciRlq3bLJ1uvWCRRn0MY9QGHUriaPdAfnV3nkd6Jg2gtHQi/5SbFrwo4Zepa+8mhI2q5E39ABuDv5daFx63YN5IDOYE8gVQaX7r8JiskOYdWyLl43gx9u+62dKN6q3jMTdkLWC1YADpgCch40=,iv:HVXbdw8p7MdRLXpVt9pPLfvPF6zgC5tbfFBLBan0KqM=,tag:oeRwqS/RrO53SMmiQ+Ug0w==,type:str]
lastmodified: "2025-03-01T09:59:37Z"
mac: ENC[AES256_GCM,data:3XMkb8iwN1RU4V89LqoiOowGfy9U2dfJWbXQ7aeoGqMcN1MyHp2BkAAipIdj/OH+P3h52hrh2qjbPskLjjvCw49tL1zBu3gIqnR++GLvd9h4Gw5t+gaJ8eulUR+Tiq94rNFnF3GnPLbEiecaoxqGpCSdRrQj44KrCQ/S+HZCQxE=,iv:UeDSSoaH7hFT4D40Yiwu4rNQgL93KRcKsaScNBYznUE=,tag:+JidEnnEPft3BrWEAzHniQ==,type:str]
pgp:
- created_at: "2024-10-30T19:14:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DVVlTbrcXgz8SAQdAVCjOo+GL/hxwW4ocLK/V6tLBF/pECkGqngXKo16IbgQw
pmdF7Ow3v1ry2HjHZRd4h59umXJ1YwHQtEfpaxDbkZfZics4THzwzQce7qgdx/3p
1GYBCQIQJvvOyDasSeHmGR+i5Wa+Coq/+scNaBEYE2w1CYrymVkO3XK1Zw3RMQS4
mKPcx1PhLZKYjuUVzVLmB5Z46QG2x70nzugOZlJ0YWmec7A9Wxe0+/GBMpAboByx
egWkeIQmfVI=
=WYfS
hF4DVVlTbrcXgz8SAQdA83vU7DjnzNguHRnPKEsGIgzvTEfmABMDll5Ui06GPjAw
SZVFhPmD4oqNp6e2Z2p2gIEO+LBF3E4FEr2VHAomQbUCjeoiUGdsoqLtu2vcXK91
0l4BunKnlqWCsW1ebzcp6r5XkZzD4lqZPxnCOeXWiDbH9Fi0/YCDwVbMVoL62TfN
l4bHazzzZRL9/xhY3LS/4iM3v+pYMcIPiIEE3Xgq4zDzYWDpIgCStqTzcJD8hYWB
=p0ee
-----END PGP MESSAGE-----
fp: 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
unencrypted_suffix: _unencrypted
version: 3.9.3
version: 3.9.4
16 changes: 6 additions & 10 deletions machines/pilab/home/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ in
imports = [
./services/spotdl.nix
./services/paperless-ngx.nix
./services/whatsapp-backup-verify.nix
./../../../scripts/home/immich-env.nix
./../../../modules/home/sops.nix
./../../../modules/home/nix.nix
# ./../../../modules/home/gnupg.nix
Expand All @@ -56,8 +58,6 @@ in
./../../../modules/home/neovim
./../../../modules/home/zellij.nix
./../../../modules/home/btop.nix
./../../../scripts/home/immich-env.nix
./../../../scripts/home/paperless-ngx-push.nix
];
home = {
stateVersion = "24.11";
Expand Down Expand Up @@ -87,14 +87,7 @@ in
bore-cli
immich-cli
restic

(discordchatexporter-cli.overrideAttrs (oldAttrs: {
meta = oldAttrs.meta // {
# XXX: Overriding until maybe https://github.com/NixOS/nixpkgs/pull/360371
# gets merged.
platforms = [ "aarch64-linux" ];
};
}))
discordchatexporter-cli

homelab-mount

Expand Down Expand Up @@ -134,6 +127,8 @@ in
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user stop spotdl-sync.timer
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user stop paperless-ngx-sync.service
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user stop paperless-ngx-sync.timer
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user stop whatsapp-backup-verify.service
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user stop whatsapp-backup-verify.timer
# systemctl stop spotdl-sync.timer
tailscale serve --https=9445 off
Expand Down Expand Up @@ -168,6 +163,7 @@ in
# systemctl start docker-kopia.service
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user start spotdl-sync.timer
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user start paperless-ngx-sync.timer
machinectl shell ${config.home.username}@ ${pkgs.systemd}/bin/systemctl --user start whatsapp-backup-verify.timer
# systemctl start spotdl-sync.timer
tailscale serve --bg --https=9445 127.0.0.1:9446
Expand Down
8 changes: 5 additions & 3 deletions machines/pilab/home/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ nix.conf: ENC[AES256_GCM,data:qh6irtm6ahytJ5rGKaWwxffXW9co3J9p2nBNfQyGC+q9jMEeOs
immich-cli.env: ENC[AES256_GCM,data:dn9TUyqmifpqHLv3cVxLl+6KanorVqwcZkRgcqk7ckvy6AyRH5zxqMI45viiq/mGuARyJfgA7qq5CRJqiiTa3qfNnsXrIoHt1kP/yNWYL2vlO1VW2shX/br/E8ei+9fhzDkOARTDnH4=,iv:sbZEsq8s4pB4FvaUOd7X38J4trpXczG5PCGS8t2ba3A=,tag:cjPXznkGGVoVR6DZDA2DvA==,type:str]
paperless-ngx-push.env: ENC[AES256_GCM,data:yzQWggIKTSt+UoC8Du8wa/MRzw7V8df0PqvyZ+9BY4CT0tQR3Tg9qWe8Wozh08aZMxVHuGbrYxcutQDd/YOwPlXVERotcDmfMcx8cFi7Kdj6M2OU+2zeZ2II1/D/QyzpzXrQlZJaH/zfbVpMQaEEBQ==,iv:/Pbt0pWBnXmuruQEvgR9y7XTQqqtNjMBH7KAkjpPJkI=,tag:I9Tkml/iAf0Q/44HsezzZA==,type:str]
uptime-kuma.env: ENC[AES256_GCM,data:s7oayyfmLWjMWemtE3b1H07ekECKkG4iVMe6mEdrpPFpBd0dYXhuUReyTBKPm0k=,iv:W6T5Ls1s9V553PmzfCkan2Fmwf6JeQ6iKX+VXn1wGWI=,tag:T9njGn8TJ/ouiEM+UlmSVQ==,type:str]
path-to-whatsapp-db.txt: ENC[AES256_GCM,data:uhr36g1J3tUE/DoipEr+K33XJ1K68GyXz19Vt9eDPDHpnfpysJ2FU0nGhrHNfsEiCVPHA8DGXIUFG9oue5AcmAfnKuCQ6lrx6EVno5ZOj/VO/YGWOOqLRZs1Ct0=,iv:qNd2TMbcF4X9q4BCOmRA28rlc9bpES2YlWf0QB2WKyk=,tag:8ZXJdxRLKC/HRe8uQXlUPw==,type:str]
whatsapp.key: ENC[AES256_GCM,data:+7nnPbG9gk+WwlEHZH+4ZictLxiXziXRTCUFOgVRTP//r6pLcWRjOjcDZj2ofL7X0uJ5Rz3ffrdta7pmSgTRTA==,iv:e8Szd1A8PFrFuAHxDedxxQ2VtJkUuxWBD8/0wmXURGM=,tag:jQAkQcsC8hnQfUBnfMLyvQ==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -17,8 +19,8 @@ sops:
WUJLQjJGSitRV3BNNVBNSnBvSlUzUzAKWc06pw1r/DBmWgWl4zDrICuYs8g6dQeA
TieAGJhtG8BiM/LQk39HTWC905Pmmj3iNqaTwle5NNgEdAk2SxewNA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-03T19:04:01Z"
mac: ENC[AES256_GCM,data:QzimUAGw2buQfsPrKj3D9mcd6J74xiwzS5odJ91mtk0/CopiX3EF3OL53dPRRC7Xvyde8KzTERJXf1XV5bMs5A0oida4cglQHaaZypHvTEzJ1X9HIjKtiKzgqnlKFMokZSukP2s/k3q6vAhZN+1JJxz/fwUV6+e2Tbh61ZBzirs=,iv:9rcuuj3CoDMJDKSRYjy4z/Hev7sHfYI25p60YK2I3iU=,tag:90cqEqAhPCh79YIdBjQqaw==,type:str]
lastmodified: "2025-03-01T16:39:44Z"
mac: ENC[AES256_GCM,data:Ai1vSl+Z2wwZASM+s2BmY5DrcPFdsAYZGcJhWJC9Pqh7WY4myCULLpY03eoJ99Z89kYUvGfeMAp0j0zRtQEjtMMOqk7EYuWSskVDcIOk4szdqQp701T7LX+NDyZQ8WbbDN1QgniXj2LR/BqBpkzpDK99Dx3Fuw/ky2sCydGI6UA=,iv:0Ss9nKKhpglsh4ZrY9N7VYL3T92bnmDmFRbFBV3fDGA=,tag:DUMsyLS8V2vmNb98jxxVRg==,type:str]
pgp:
- created_at: "2024-11-01T14:18:45Z"
enc: |-
Expand All @@ -33,4 +35,4 @@ sops:
-----END PGP MESSAGE-----
fp: 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
unencrypted_suffix: _unencrypted
version: 3.9.3
version: 3.9.4
3 changes: 3 additions & 0 deletions machines/pilab/home/services/paperless-ngx.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,9 @@ let
'');
in
{
imports = [
./../../../../scripts/home/paperless-ngx-push.nix
];
sops.secrets."uptime-kuma.env" = {};

home.packages = with pkgs; [
Expand Down
145 changes: 145 additions & 0 deletions machines/pilab/home/services/whatsapp-backup-verify.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
{ config, pkgs, lib, inputs, ... }:

let
whatsapp-chat-exporter-dev = (pkgs.python3Packages.buildPythonPackage {
# $ whatsapp-chat-exporter \
# --android \
# --key $(cat key.txt) \
# --backup msgstore.db.crypt15 \
# --include "0000000000" \
# --output /tmp
pname = "whatsapp-chat-exporter";
version = "dev";
format = "pyproject";

src = pkgs.fetchFromGitHub {
owner = "KnugiHK";
repo = "WhatsApp-Chat-Exporter";
rev = "9f321384ece48e262d325b80b1fb1669cf90dae3"; # branch: dev (1st March, 2025)
sha256 = "sha256-kAa8D53Zz1Vd77zZ7hVwj6lgtj+VhtLUtIVur2gWdI8=";
};

nativeBuildInputs = with pkgs.python3Packages; [
setuptools
pip
wheel
];

propagatedBuildInputs = with pkgs.python3Packages; [
jinja2
bleach
pycryptodome
javaobj-py3
vobject
];
});

whatsapp-backup-verify = (pkgs.writers.writePython3Bin "whatsapp-backup-verify" {
libraries = with pkgs; [ whatsapp-chat-exporter-dev ]; } ''
from Whatsapp_Chat_Exporter.android_crypt import decrypt_backup
from Whatsapp_Chat_Exporter.utility import Crypt
import sys
import argparse
parser = argparse.ArgumentParser(
"whatsapp-backup-verify",
description=(
"Check if a WhatsApp's db.crypt15 is tied to a given "
"32-bit hex key"
)
)
parser.add_argument(
"path_to_encrypted_db",
)
parser.add_argument(
"path_to_hex_key",
nargs="?",
default="${config.sops.secrets."whatsapp.key".path}",
)
args = parser.parse_args()
print(args.path_to_encrypted_db)
with open(args.path_to_encrypted_db, "rb") as fin:
database = fin.read()
with open(args.path_to_hex_key, "r") as fin:
key = fin.read()
key = bytes.fromhex(key.replace(" ", ""))
return_code = decrypt_backup(
database=database,
key=key,
crypt=Crypt.CRYPT15,
dry_run=True,
)
sys.exit(return_code)
'');

whatsapp-backup-verify-latest-snapshot = (pkgs.writeShellScriptBin "whatsapp-backup-verify-latest-snapshot" ''
${whatsapp-backup-verify}/bin/whatsapp-backup-verify \
$(${pkgs.coreutils}/bin/cat ${config.sops.secrets."path-to-whatsapp-db.txt".path})
'');

ping-uptime-kuma = (pkgs.writeShellScriptBin "ping-uptime-kuma@whatsapp-backup-verify-latest-snapshot" ''
if [ "$EXIT_STATUS" -eq 0 ]; then
STATUS=up
else
STATUS=down
fi
# TODO: Shouldn't have to hardcode the path here. But I couldn't get the following
# to work:
# source $\{osConfig.sops.secrets."uptime-kuma.env".path}
source ~/.config/sops-nix/secrets/uptime-kuma.env
${pkgs.curl}/bin/curl -s "$UPTIME_KUMA_INSTANCE_URL/api/push/a0DWjFa9sb?status=$STATUS&msg=$SERVICE_RESULT&ping="
if [ $? -eq 0 ]; then
${pkgs.coreutils}/bin/echo "ping-uptime-kuma succeeded."
else
${pkgs.coreutils}/bin/echo "ping-uptime-kuma failed."
exit $?
fi
'');
in
{
sops.secrets."whatsapp.key" = {};
sops.secrets."path-to-whatsapp-db.txt" = {};
sops.secrets."uptime-kuma.env" = {};

home.packages = with pkgs; [
whatsapp-chat-exporter-dev
whatsapp-backup-verify
whatsapp-backup-verify-latest-snapshot
];

systemd.user.services.whatsapp-backup-verify-latest-snapshot = {
Unit = {
Description = "Check if a WhatsApp's db.crypt15 is tied to a given 32-bit hex key";
RequiresMountsFor = [
"/media/HOMELAB_MEDIA"
];
};
Service = {
Type = "oneshot";
WorkingDirectory = "/media/HOMELAB_MEDIA";
ExecStart = "${whatsapp-backup-verify-latest-snapshot}/bin/whatsapp-backup-verify-latest-snapshot";
ExecStopPost = "${ping-uptime-kuma}/bin/ping-uptime-kuma@whatsapp-backup-verify-latest-snapshot";
};
};

systemd.user.timers.whatsapp-backup-verify-latest-snapshot = {
Unit = {
Description = "Periodically check if a WhatsApp's db.crypt15 is tied to a given 32-bit hex key";
};
Timer = {
OnBootSec = "5m";
OnUnitActiveSec = "6h";
Unit = "whatsapp-backup-verify-latest-snapshot.service";
};
};
}

0 comments on commit 08e3007

Please sign in to comment.