cd /tmp/ apt install wget ca-certificates git libolm3 libolm-dev build-essential wget https://go.dev/dl/go1.17.3.linux-amd64.tar.gz rm -rf /usr/local/go && tar -C /usr/local -xzf go1.17.3.linux-amd64.tar.gz export PATH=$PATH:/usr/local/go/bin git clone https://github.com/mautrix/whatsapp.git cd whatsapp/ ./build.sh useradd mautrix-whatsapp -r -s /bin/false -m -d /usr/lib/mautrix-whatsapp cp mautrix-whatsapp /usr/lib/mautrix-whatsapp/ mkdir /etc/mautrix-whatsapp/ mv ~/config.yaml /etc/mautrix-whatsapp/ nano /etc/systemd/system/mautrix-whatsapp.service systemctl start mautrix-whatsapp systemctl enable mautrix-whatsapp [Unit] Description=mautrix-whatsapp bridge [Service] Type=exec User=mautrix-whatsapp WorkingDirectory=/usr/lib/mautrix-whatsapp ExecStart=/usr/lib/mautrix-whatsapp/mautrix-whatsapp -c /etc/mautrix-whatsapp/config.yaml Restart=on-failure RestartSec=30s # Optional hardening to improve security ReadWritePaths=/usr/lib/mautrix-whatsapp /etc/mautrix-whatsapp NoNewPrivileges=yes MemoryDenyWriteExecute=true PrivateDevices=yes PrivateTmp=yes ProtectHome=yes ProtectSystem=strict ProtectControlGroups=true RestrictSUIDSGID=true RestrictRealtime=true LockPersonality=true ProtectKernelLogs=true ProtectKernelTunables=true ProtectHostname=true ProtectKernelModules=true PrivateUsers=true ProtectClock=true SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service [Install] WantedBy=multi-user.target