mirror of
https://github.com/dali99/nixos-matrix-modules.git
synced 2026-01-18 13:38:22 +01:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 82959f612f | |||
51665e27e2
|
|||
|
700aa1b8a6
|
|||
|
a82c7e2d94
|
|||
|
8493e635fa
|
|||
| 25b9f31ef1 | |||
| 19c690bb4f | |||
| 099db715d1 | |||
| da9dc0479f | |||
| ff787d410c | |||
| f8843835e2 | |||
| f4e20d0360 |
@@ -2,6 +2,17 @@
|
||||
|
||||
This is a best effort document descibing neccecary changes you might have to do when updating
|
||||
|
||||
## 0.8.0
|
||||
|
||||
`saml2` is no longer enabled, as it depends on vulnerable dependencies and isnt really built in nixpks anymore.
|
||||
|
||||
If you need to authenticate with saml, you should deploy some sort of saml to openid bridge, instead.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
enableSlidingSync, and setting matrix-synapse.sliding-sync.environmentFile (or any other sliding-sync setting)
|
||||
is no longer needed for a sliding-sync setup. Upgrading will force relogins for all users.
|
||||
|
||||
## 0.5.0
|
||||
|
||||
* The module has been renamed from `synapse` to `default`
|
||||
|
||||
18
README.MD
18
README.MD
@@ -1,3 +1,5 @@
|
||||
For support and requests feel free to join [#nixos-matrix-modules:dodsorf.as](https://matrix.to/#/#nixos-matrix-modules:dodsorf.as), [uri](matrix:r/nixos-matrix-modules:dodsorf.as)
|
||||
|
||||
With matrix.YOURDOMAIN pointing at the server:
|
||||
|
||||
```
|
||||
@@ -36,19 +38,3 @@ With matrix.YOURDOMAIN pointing at the server:
|
||||
```
|
||||
|
||||
is ~enough to get a functional matrix-server running with some workers
|
||||
|
||||
## Sliding Sync (Element X)
|
||||
|
||||
Just add the following to your config and point `slidingsync.YOURDOMAIN` at the server
|
||||
|
||||
```
|
||||
services.matrix-synapse-next = {
|
||||
enableSlidingSync = true;
|
||||
};
|
||||
|
||||
services.matrix-synapse.sliding-sync.environmentFile = "/some/file/containing/SYNCV3_SECRET=<some secret>";
|
||||
|
||||
```
|
||||
|
||||
If using [well-known delagation](https://matrix-org.github.io/synapse/v1.37/delegate.html) make sure `YOURDOMAIN/.well-known/matrix/client` matches
|
||||
what's in `matrix.YOURDOMAIN/.well-known/matrix/client`
|
||||
|
||||
8
flake.lock
generated
8
flake.lock
generated
@@ -2,16 +2,16 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"lastModified": 1764983851,
|
||||
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.11",
|
||||
"ref": "nixos-25.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
description = "NixOS modules for matrix related services";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "nixpkgs/nixos-25.11";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs }: {
|
||||
@@ -12,7 +12,7 @@
|
||||
|
||||
lib = import ./lib.nix { lib = nixpkgs.lib; };
|
||||
|
||||
packages = let
|
||||
checks = let
|
||||
forAllSystems = f:
|
||||
nixpkgs.lib.genAttrs [
|
||||
"x86_64-linux"
|
||||
@@ -20,11 +20,13 @@
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
] (system: f nixpkgs.legacyPackages.${system});
|
||||
in forAllSystems (pkgs: {
|
||||
in forAllSystems (pkgs: let
|
||||
tests = import ./tests {
|
||||
inherit nixpkgs pkgs;
|
||||
matrix-lib = self.lib;
|
||||
};
|
||||
in {
|
||||
inherit (tests) nginx-pipeline-eval;
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
10
module.nix
10
module.nix
@@ -1,8 +1,14 @@
|
||||
{ ... }:
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./synapse-module
|
||||
./sliding-sync
|
||||
|
||||
# TODO: Remove after 25.05
|
||||
(lib.mkRemovedOptionModule [ "services" "matrix-synapse" "sliding-sync" ] ''
|
||||
`services.matrix-synapse.sliding-sync` is no longer necessary to use sliding-sync with synapse.
|
||||
As synapse now includes this in itself, if you have a manually managed `.well-known/matrix/client` file
|
||||
remove the proxy url from it.
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,117 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse.sliding-sync;
|
||||
in
|
||||
{
|
||||
disabledModules = [ "services/matrix/matrix-sliding-sync.nix" ];
|
||||
|
||||
options.services.matrix-synapse.sliding-sync = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "sliding sync");
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = pkgs.matrix-sliding-sync;
|
||||
description = "What package to use for the sliding-sync proxy.";
|
||||
};
|
||||
|
||||
enableNginx = lib.mkEnableOption (lib.mdDoc "autogenerated nginx config");
|
||||
publicBaseUrl = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The domain where clients connect, only has an effect with enableNginx";
|
||||
example = "slidingsync.matrix.org";
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = with lib.types; attrsOf str;
|
||||
options = {
|
||||
SYNCV3_SERVER = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
The destination homeserver to talk to not including `/_matrix/` e.g `https://matrix.example.org`.
|
||||
'';
|
||||
};
|
||||
|
||||
SYNCV3_DB = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
|
||||
description = lib.mdDoc ''
|
||||
The postgres connection string.
|
||||
Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>.
|
||||
'';
|
||||
};
|
||||
|
||||
SYNCV3_BINDADDR = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "127.0.0.1:8009";
|
||||
example = "[::]:8008";
|
||||
description = lib.mdDoc "The interface and port to listen on.";
|
||||
};
|
||||
|
||||
SYNCV3_LOG_LEVEL = lib.mkOption {
|
||||
type = lib.types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
|
||||
default = "info";
|
||||
description = lib.mdDoc "The level of verbosity for messages logged.";
|
||||
};
|
||||
};
|
||||
};
|
||||
default = { };
|
||||
description = ''
|
||||
Freeform environment variables passed to the sliding sync proxy.
|
||||
Refer to <https://github.com/matrix-org/sliding-sync#setup> for all supported values.
|
||||
'';
|
||||
};
|
||||
|
||||
createDatabase = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable and configure `services.postgres` to ensure that the database user `matrix-sliding-sync`
|
||||
and the database `matrix-sliding-sync` exist.
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
Environment file as defined in {manpage}`systemd.exec(5)`.
|
||||
|
||||
This must contain the {env}`SYNCV3_SECRET` variable which should
|
||||
be generated with {command}`openssl rand -hex 32`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.postgresql = lib.optionalAttrs cfg.createDatabase {
|
||||
enable = true;
|
||||
ensureDatabases = [ "matrix-sliding-sync" ];
|
||||
ensureUsers = [ rec {
|
||||
name = "matrix-sliding-sync";
|
||||
ensureDBOwnership = true;
|
||||
} ];
|
||||
};
|
||||
|
||||
systemd.services.matrix-sliding-sync = {
|
||||
after = lib.optional cfg.createDatabase "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = cfg.settings;
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
ExecStart = lib.getExe cfg.package;
|
||||
StateDirectory = "matrix-sliding-sync";
|
||||
WorkingDirectory = "%S/matrix-sliding-sync";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.publicBaseUrl} = lib.mkIf cfg.enableNginx {
|
||||
enableACME = lib.mkDefault true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = lib.replaceStrings [ "0.0.0.0" "::" ] [ "127.0.0.1" "::1" ] "http://${cfg.settings.SYNCV3_BINDADDR}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -19,7 +19,6 @@ let
|
||||
inherit (cfg) plugins;
|
||||
extras = [
|
||||
"postgres"
|
||||
"saml2"
|
||||
"oidc"
|
||||
"systemd"
|
||||
"url-preview"
|
||||
@@ -27,7 +26,6 @@ let
|
||||
"jwt"
|
||||
"redis"
|
||||
"cache-memory"
|
||||
"user-search"
|
||||
];
|
||||
};
|
||||
|
||||
@@ -395,6 +393,9 @@ in
|
||||
message = "Some listeners are missing either a socket path or a bind_address + port to listen on";
|
||||
}) cfg.settings.listeners);
|
||||
|
||||
warnings = [ ] ++ lib.optional cfg.enableSlidingSync
|
||||
"the option services.matrix-synapse-next.enableSlidingSync no longer has any effect (and is enabled by default)";
|
||||
|
||||
users.users.matrix-synapse = {
|
||||
group = "matrix-synapse";
|
||||
home = cfg.dataDir;
|
||||
@@ -426,7 +427,7 @@ in
|
||||
wantedBy = [ "matrix-synapse.target" ];
|
||||
|
||||
preStart = let
|
||||
flags = lib.cli.toGNUCommandLineShell {} {
|
||||
flags = lib.cli.toCommandLineShellGNU {} {
|
||||
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
|
||||
keys-directory = cfg.dataDir;
|
||||
generate-keys = true;
|
||||
@@ -442,29 +443,15 @@ in
|
||||
StateDirectory = "matrix-synapse";
|
||||
RuntimeDirectory = "matrix-synapse";
|
||||
ExecStart = let
|
||||
flags = lib.cli.toGNUCommandLineShell {} {
|
||||
flags = lib.cli.toCommandLineShellGNU {} {
|
||||
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
|
||||
keys-directory = cfg.dataDir;
|
||||
};
|
||||
in "${wrapped}/bin/synapse_homeserver ${flags}";
|
||||
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
|
||||
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse-next.settings.extra_well_known_client_content."org.matrix.msc3575.proxy" = mkIf cfg.enableSlidingSync {
|
||||
url = "https://${config.services.matrix-synapse.sliding-sync.publicBaseUrl}";
|
||||
};
|
||||
services.matrix-synapse.sliding-sync = mkIf cfg.enableSlidingSync {
|
||||
enable = true;
|
||||
enableNginx = lib.mkDefault cfg.enableNginx;
|
||||
publicBaseUrl = lib.mkDefault "slidingsync.${cfg.settings.server_name}";
|
||||
|
||||
settings = {
|
||||
SYNCV3_SERVER = lib.mkDefault "https://${cfg.public_baseurl}";
|
||||
SYNCV3_PROM = lib.mkIf cfg.settings.enable_metrics (lib.mkDefault "127.0.0.1:9001");
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -389,7 +389,7 @@ in {
|
||||
done
|
||||
'';
|
||||
ExecStart = let
|
||||
flags = lib.cli.toGNUCommandLineShell {} {
|
||||
flags = lib.cli.toCommandLineShellGNU {} {
|
||||
config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
|
||||
keys-directory = cfg.dataDir;
|
||||
};
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ nixpkgs, pkgs, matrix-lib, ... }:
|
||||
{
|
||||
nginx-pipeline = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
|
||||
nginx-pipeline-eval = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ let
|
||||
modules = [
|
||||
../../module.nix
|
||||
{
|
||||
system.stateVersion = "23.11";
|
||||
system.stateVersion = "25.11";
|
||||
boot.isContainer = true;
|
||||
services.matrix-synapse-next = {
|
||||
enable = true;
|
||||
|
||||
Reference in New Issue
Block a user