Merge pull request #10 from h7x4/additional-nixpkgs-2511-stuff

Additional fixes for 25.11
tests/nginx-pipeline: move to checks, fix nix flake show
2026-04-23 23:26:10 +02:00 · 2025-12-08 18:16:53 +01:00 · 2025-12-09 01:39:12 +09:00 · 2025-12-09 01:38:41 +09:00 · 2025-12-09 01:34:24 +09:00 · 2025-12-09 01:33:07 +09:00
10 changed files with 39 additions and 164 deletions
@@ -2,6 +2,17 @@

 This is a best effort document descibing neccecary changes you might have to do when updating

+## 0.8.0
+
+`saml2` is no longer enabled, as it depends on vulnerable dependencies and isnt really built in nixpks anymore.
+
+If you need to authenticate with saml, you should deploy some sort of saml to openid bridge, instead.
+
+## 0.6.1
+
+enableSlidingSync, and setting matrix-synapse.sliding-sync.environmentFile (or any other sliding-sync setting)
+is no longer needed for a sliding-sync setup. Upgrading will force relogins for all users.
+
 ## 0.5.0

 * The module has been renamed from `synapse` to `default`
@@ -1,3 +1,5 @@
+For support and requests feel free to join [#nixos-matrix-modules:dodsorf.as](https://matrix.to/#/#nixos-matrix-modules:dodsorf.as), [uri](matrix:r/nixos-matrix-modules:dodsorf.as)
+
 With matrix.YOURDOMAIN pointing at the server:

 ```
@@ -36,19 +38,3 @@ With matrix.YOURDOMAIN pointing at the server:
 ```

 is ~enough to get a functional matrix-server running with some workers
-
-## Sliding Sync (Element X)
-
-Just add the following to your config and point `slidingsync.YOURDOMAIN` at the server
-
-```
-services.matrix-synapse-next = {
-  enableSlidingSync = true;
-};
-
-services.matrix-synapse.sliding-sync.environmentFile = "/some/file/containing/SYNCV3_SECRET=<some secret>";
-
-```
-
-If using [well-known delagation](https://matrix-org.github.io/synapse/v1.37/delegate.html) make sure `YOURDOMAIN/.well-known/matrix/client` matches
-what's in `matrix.YOURDOMAIN/.well-known/matrix/client`
@@ -2,16 +2,16 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1706098335,
-        "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
+        "lastModified": 1764983851,
+        "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
+        "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.11",
+        "ref": "nixos-25.11",
        "type": "indirect"
      }
    },
@@ -2,7 +2,7 @@
  description = "NixOS modules for matrix related services";

  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.11";
+    nixpkgs.url = "nixpkgs/nixos-25.11";
  };

  outputs = { self, nixpkgs }: {
@@ -12,7 +12,7 @@

    lib = import ./lib.nix { lib = nixpkgs.lib; };

-    packages = let
+    checks = let
      forAllSystems = f:
        nixpkgs.lib.genAttrs [
          "x86_64-linux"
@@ -20,11 +20,13 @@
          "x86_64-darwin"
          "aarch64-darwin"
        ] (system: f nixpkgs.legacyPackages.${system});
-    in forAllSystems (pkgs: {
+    in forAllSystems (pkgs: let
      tests = import ./tests {
        inherit nixpkgs pkgs;
        matrix-lib = self.lib;
      };
+    in {
+      inherit (tests) nginx-pipeline-eval;
    });
  };
 }
@@ -1,8 +1,14 @@
-{ ... }:
+{ lib, ... }:

 {
  imports = [
    ./synapse-module
-    ./sliding-sync
+
+    # TODO: Remove after 25.05
+    (lib.mkRemovedOptionModule [ "services" "matrix-synapse" "sliding-sync" ] ''
+      `services.matrix-synapse.sliding-sync` is no longer necessary to use sliding-sync with synapse.
+      As synapse now includes this in itself, if you have a manually managed `.well-known/matrix/client` file
+      remove the proxy url from it.
+    '')
  ];
 }
@@ -1,117 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.services.matrix-synapse.sliding-sync;
-in
-{
-  disabledModules = [ "services/matrix/matrix-sliding-sync.nix" ];
-
-  options.services.matrix-synapse.sliding-sync = {
-    enable = lib.mkEnableOption (lib.mdDoc "sliding sync");
-
-    package = lib.mkOption {
-      type = lib.types.package;
-      default = pkgs.matrix-sliding-sync;
-      description = "What package to use for the sliding-sync proxy.";
-    };
-
-    enableNginx = lib.mkEnableOption (lib.mdDoc "autogenerated nginx config");
-    publicBaseUrl = lib.mkOption {
-      type = lib.types.str;
-      description = "The domain where clients connect, only has an effect with enableNginx";
-      example = "slidingsync.matrix.org";
-    };
-
-    settings = lib.mkOption {
-      type = lib.types.submodule {
-        freeformType = with lib.types; attrsOf str;
-        options = {
-          SYNCV3_SERVER = lib.mkOption {
-            type = lib.types.str;
-            description = lib.mdDoc ''
-              The destination homeserver to talk to not including `/_matrix/` e.g `https://matrix.example.org`.
-            '';
-          };
-
-          SYNCV3_DB = lib.mkOption {
-            type = lib.types.str;
-            default = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
-            description = lib.mdDoc ''
-              The postgres connection string.
-              Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>.
-            '';
-          };
-
-          SYNCV3_BINDADDR = lib.mkOption {
-            type = lib.types.str;
-            default = "127.0.0.1:8009";
-            example = "[::]:8008";
-            description = lib.mdDoc "The interface and port to listen on.";
-          };
-
-          SYNCV3_LOG_LEVEL = lib.mkOption {
-            type = lib.types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
-            default = "info";
-            description = lib.mdDoc "The level of verbosity for messages logged.";
-          };
-        };
-      };
-      default = { };
-      description = ''
-        Freeform environment variables passed to the sliding sync proxy.
-        Refer to <https://github.com/matrix-org/sliding-sync#setup> for all supported values.
-      '';
-    };
-
-    createDatabase = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = lib.mdDoc ''
-        Whether to enable and configure `services.postgres` to ensure that the database user `matrix-sliding-sync`
-        and the database `matrix-sliding-sync` exist.
-      '';
-    };
-
-    environmentFile = lib.mkOption {
-      type = lib.types.str;
-      description = lib.mdDoc ''
-        Environment file as defined in {manpage}`systemd.exec(5)`.
-
-        This must contain the {env}`SYNCV3_SECRET` variable which should
-        be generated with {command}`openssl rand -hex 32`.
-      '';
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.postgresql = lib.optionalAttrs cfg.createDatabase {
-      enable = true;
-      ensureDatabases = [ "matrix-sliding-sync" ];
-      ensureUsers = [ rec {
-        name = "matrix-sliding-sync";
-        ensureDBOwnership = true;
-      } ];
-    };
-
-    systemd.services.matrix-sliding-sync = {
-      after = lib.optional cfg.createDatabase "postgresql.service";
-      wantedBy = [ "multi-user.target" ];
-      environment = cfg.settings;
-      serviceConfig = {
-        DynamicUser = true;
-        EnvironmentFile = cfg.environmentFile;
-        ExecStart = lib.getExe cfg.package;
-        StateDirectory = "matrix-sliding-sync";
-        WorkingDirectory = "%S/matrix-sliding-sync";
-      };
-    };
-
-    services.nginx.virtualHosts.${cfg.publicBaseUrl} = lib.mkIf cfg.enableNginx {
-      enableACME = lib.mkDefault true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = lib.replaceStrings [ "0.0.0.0" "::" ] [ "127.0.0.1" "::1" ] "http://${cfg.settings.SYNCV3_BINDADDR}";
-      };
-    };
-  };
-}
@@ -19,7 +19,6 @@ let
    inherit (cfg) plugins;
    extras = [
      "postgres"
-      "saml2"
      "oidc"
      "systemd"
      "url-preview"
@@ -27,7 +26,6 @@ let
      "jwt"
      "redis"
      "cache-memory"
-      "user-search"
    ];
  };

@@ -395,6 +393,9 @@ in
        message = "Some listeners are missing either a socket path or a bind_address + port to listen on";
      }) cfg.settings.listeners);

+    warnings = [ ] ++ lib.optional cfg.enableSlidingSync
+      "the option services.matrix-synapse-next.enableSlidingSync no longer has any effect (and is enabled by default)";
+
    users.users.matrix-synapse = {
      group = "matrix-synapse";
      home = cfg.dataDir;
@@ -426,7 +427,7 @@ in
        wantedBy = [ "matrix-synapse.target" ];

        preStart = let
-          flags = lib.cli.toGNUCommandLineShell {} {
+          flags = lib.cli.toCommandLineShellGNU {} {
            config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
            keys-directory = cfg.dataDir;
            generate-keys = true;
@@ -442,29 +443,15 @@ in
          StateDirectory = "matrix-synapse";
          RuntimeDirectory = "matrix-synapse";
          ExecStart = let
-            flags = lib.cli.toGNUCommandLineShell {} {
+            flags = lib.cli.toCommandLineShellGNU {} {
              config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
              keys-directory = cfg.dataDir;
            };
          in "${wrapped}/bin/synapse_homeserver ${flags}";
-          ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
+          ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
          Restart = "on-failure";
        };
      };
    };
-
-    services.matrix-synapse-next.settings.extra_well_known_client_content."org.matrix.msc3575.proxy" = mkIf cfg.enableSlidingSync {
-      url = "https://${config.services.matrix-synapse.sliding-sync.publicBaseUrl}";
-    };
-    services.matrix-synapse.sliding-sync = mkIf cfg.enableSlidingSync {
-      enable = true;
-      enableNginx = lib.mkDefault cfg.enableNginx;
-      publicBaseUrl = lib.mkDefault "slidingsync.${cfg.settings.server_name}";
-
-      settings = {
-        SYNCV3_SERVER = lib.mkDefault "https://${cfg.public_baseurl}";
-        SYNCV3_PROM = lib.mkIf cfg.settings.enable_metrics (lib.mkDefault "127.0.0.1:9001");
-      };
-    };
  };
 }
@@ -389,7 +389,7 @@ in {
            done
          '';
          ExecStart = let
-            flags = lib.cli.toGNUCommandLineShell {} {
+            flags = lib.cli.toCommandLineShellGNU {} {
              config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
              keys-directory = cfg.dataDir;
            };
@@ -1,4 +1,4 @@
 { nixpkgs, pkgs, matrix-lib, ... }:
 {
-  nginx-pipeline = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
+  nginx-pipeline-eval = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
 }
@@ -5,7 +5,7 @@ let
    modules = [
      ../../module.nix
      {
-        system.stateVersion = "23.11";
+        system.stateVersion = "25.11";
        boot.isContainer = true;
        services.matrix-synapse-next = {
          enable = true;
Author	SHA1	Message	Date
danio	82959f612f	Merge pull request #10 from h7x4/additional-nixpkgs-2511-stuff Additional fixes for 25.11	2025-12-08 18:16:53 +01:00
oysteikt	51665e27e2	tests/nginx-pipeline: move to `checks`, fix `nix flake show`	2025-12-09 01:39:12 +09:00
oysteikt	700aa1b8a6	flake.nix: bump nixpkgs target from 23.11 -> 25.11	2025-12-09 01:38:41 +09:00
oysteikt	a82c7e2d94	treewide: `toGNUCommandLineShell` -> `toCommandLineShellGNU`	2025-12-09 01:34:24 +09:00
oysteikt	8493e635fa	synapse-module: source `kill` from coreutils	2025-12-09 01:33:07 +09:00
danio	25b9f31ef1	Update MIGRATIONS.MD for version 0.8.0 changes Added migration notes for version 0.8.0 regarding saml2 deprecation and its alternatives.	2025-12-04 11:28:15 +01:00
danio	19c690bb4f	Remove 'saml2' from extras as it is broken	2025-12-01 01:10:31 +01:00
danio	099db715d1	synapse: Remove removed extra feature	2025-07-22 22:35:55 +02:00
danio	da9dc0479f	sliding-sync: remove	2025-01-02 23:34:05 +01:00
danio	ff787d410c	Add documentation for new sliding-sync setup and upgrade info	2024-09-27 06:21:37 +02:00
danio	f8843835e2	sliding-sync: deprecate	2024-09-27 06:09:23 +02:00
danio	f4e20d0360	Update README.MD	2024-08-29 10:32:38 +02:00