oysteikt/nixos-matrix-modules
0
0
Fork 0
forked from danio/nixos-matrix-modules
Code Issues 7 Pull Requests Activity

Compare commits

base: oysteikt:0.7.0
Branches Tags
oysteikt:main oysteikt:master oysteikt:D4ndellion-patch-1 oysteikt:nixos-25.05 oysteikt:deprecate-proxy2 oysteikt:deprecate-proxy oysteikt:nixos-24.05 oysteikt:add-support-for-unix-sockets oysteikt:make-workers-use-path oysteikt:out-of-your-element oysteikt:time-to-break-our-workers oysteikt:presence-stream-writer
oysteikt:v0.8.0 oysteikt:v0.7.1 oysteikt:0.7.0 oysteikt:v0.6.1 oysteikt:v0.6.0 oysteikt:v0.5.0 oysteikt:v0.4.0 oysteikt:v0.3.0 danio:v0.8.0 danio:v0.7.1 danio:0.7.0 danio:v0.6.1 danio:v0.6.0 danio:v0.5.0 danio:v0.4.0 danio:v0.3.0
...
compare: oysteikt:main
Branches Tags
oysteikt:main oysteikt:master oysteikt:D4ndellion-patch-1 oysteikt:nixos-25.05 oysteikt:deprecate-proxy2 oysteikt:deprecate-proxy oysteikt:nixos-24.05 oysteikt:add-support-for-unix-sockets oysteikt:make-workers-use-path oysteikt:out-of-your-element oysteikt:time-to-break-our-workers oysteikt:presence-stream-writer danio:master danio:D4ndellion-patch-1 danio:nixos-25.05 danio:deprecate-proxy2 danio:deprecate-proxy danio:nixos-24.05 danio:add-support-for-unix-sockets danio:make-workers-use-path danio:out-of-your-element danio:time-to-break-our-workers danio:presence-stream-writer
oysteikt:v0.8.0 oysteikt:v0.7.1 oysteikt:0.7.0 oysteikt:v0.6.1 oysteikt:v0.6.0 oysteikt:v0.5.0 oysteikt:v0.4.0 oysteikt:v0.3.0 danio:v0.8.0 danio:v0.7.1 danio:0.7.0 danio:v0.6.1 danio:v0.6.0 danio:v0.5.0 danio:v0.4.0 danio:v0.3.0

14 Commits
0.7.0 ... main

Author SHA1 Message Date
h7x4
e1a0bd8054 nginx: add missing worker endpoints 2026-01-14 04:14:30 +09:00
h7x4
31baa00922 Restart both main process and workers on unexpected exit 2026-01-14 03:25:41 +09:00
h7x4
4c5ef718fe workers: declare worker_log_config with default 2026-01-14 03:24:14 +09:00
h7x4
543b50dcf5 Add withJemalloc setting, enable by default 2026-01-14 03:23:51 +09:00
h7x4
114ca192c1 Get rid of bash 2026-01-14 03:22:54 +09:00
h7x4
318538066f Add systemd hardening 2026-01-14 03:22:36 +09:00
Daniel Løvbrøtte Olsen
82959f612f Merge pull request #10 from h7x4/additional-nixpkgs-2511-stuff 
Additional fixes for 25.11
 2025-12-08 18:16:53 +01:00
h7x4
51665e27e2 tests/nginx-pipeline: move to checks, fix nix flake show 2025-12-09 01:39:12 +09:00
h7x4
700aa1b8a6 flake.nix: bump nixpkgs target from 23.11 -> 25.11 2025-12-09 01:38:41 +09:00
h7x4
a82c7e2d94 treewide: toGNUCommandLineShell -> toCommandLineShellGNU 2025-12-09 01:34:24 +09:00
h7x4
8493e635fa synapse-module: source kill from coreutils 2025-12-09 01:33:07 +09:00
Daniel Løvbrøtte Olsen
25b9f31ef1 Update MIGRATIONS.MD for version 0.8.0 changes 
Added migration notes for version 0.8.0 regarding saml2 deprecation and its alternatives.
 2025-12-04 11:28:15 +01:00
Daniel Løvbrøtte Olsen
19c690bb4f Remove 'saml2' from extras as it is broken 2025-12-01 01:10:31 +01:00
Daniel Løvbrøtte Olsen
099db715d1 synapse: Remove removed extra feature 2025-07-22 22:35:55 +02:00
8 changed files with 159 additions and 25 deletions
Expand all files Collapse all files

6
MIGRATIONS.MD
View File

@@ -2,6 +2,12 @@
This is a best effort document descibing neccecary changes you might have to do when updating This is a best effort document descibing neccecary changes you might have to do when updating
## 0.8.0
`saml2` is no longer enabled, as it depends on vulnerable dependencies and isnt really built in nixpks anymore.
If you need to authenticate with saml, you should deploy some sort of saml to openid bridge, instead.
## 0.6.1 ## 0.6.1
enableSlidingSync, and setting matrix-synapse.sliding-sync.environmentFile (or any other sliding-sync setting) enableSlidingSync, and setting matrix-synapse.sliding-sync.environmentFile (or any other sliding-sync setting)

8
flake.lock generated
View File

@@ -2,16 +2,16 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1706098335, "lastModified": 1764983851,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651", "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-23.11", "ref": "nixos-25.11",
"type": "indirect" "type": "indirect"
} }
}, },

8
flake.nix
View File

@@ -2,7 +2,7 @@
description = "NixOS modules for matrix related services"; description = "NixOS modules for matrix related services";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11"; nixpkgs.url = "nixpkgs/nixos-25.11";
}; };
outputs = { self, nixpkgs }: { outputs = { self, nixpkgs }: {
@@ -12,7 +12,7 @@
lib = import ./lib.nix { lib = nixpkgs.lib; }; lib = import ./lib.nix { lib = nixpkgs.lib; };
packages = let checks = let
forAllSystems = f: forAllSystems = f:
nixpkgs.lib.genAttrs [ nixpkgs.lib.genAttrs [
"x86_64-linux" "x86_64-linux"
@@ -20,11 +20,13 @@
"x86_64-darwin" "x86_64-darwin"
"aarch64-darwin" "aarch64-darwin"
] (system: f nixpkgs.legacyPackages.${system}); ] (system: f nixpkgs.legacyPackages.${system});
in forAllSystems (pkgs: { in forAllSystems (pkgs: let
tests = import ./tests { tests = import ./tests {
inherit nixpkgs pkgs; inherit nixpkgs pkgs;
matrix-lib = self.lib; matrix-lib = self.lib;
}; };
in {
inherit (tests) nginx-pipeline-eval;
}); });
}; };
} }

78
synapse-module/default.nix
View File

@@ -19,7 +19,6 @@ let
inherit (cfg) plugins; inherit (cfg) plugins;
extras = [ extras = [
"postgres" "postgres"
"saml2"
"oidc" "oidc"
"systemd" "systemd"
"url-preview" "url-preview"
@@ -27,7 +26,6 @@ let
"jwt" "jwt"
"redis" "redis"
"cache-memory" "cache-memory"
"user-search"
]; ];
}; };
@@ -72,6 +70,14 @@ in
''; '';
}; };
withJemalloc = mkOption {
type = types.bool;
default = true;
description = ''
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
'';
};
dataDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
default = "/var/lib/matrix-synapse"; default = "/var/lib/matrix-synapse";
@@ -402,7 +408,6 @@ in
group = "matrix-synapse"; group = "matrix-synapse";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse; uid = config.ids.uids.matrix-synapse;
}; };
@@ -428,30 +433,77 @@ in
partOf = [ "matrix-synapse.target" ]; partOf = [ "matrix-synapse.target" ];
wantedBy = [ "matrix-synapse.target" ]; wantedBy = [ "matrix-synapse.target" ];
preStart = let environment = lib.optionalAttrs cfg.withJemalloc {
flags = lib.cli.toGNUCommandLineShell {} { LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles; PYTHONMALLOC = "malloc";
keys-directory = cfg.dataDir; };
generate-keys = true;
};
in "${cfg.package}/bin/synapse_homeserver ${flags}";
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
User = "matrix-synapse"; User = "matrix-synapse";
Group = "matrix-synapse"; Group = "matrix-synapse";
Slice = "system-matrix-synapse.slice"; Slice = "system-matrix-synapse.slice";
Restart = "always";
RestartSec = 3;
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
StateDirectory = "matrix-synapse"; StateDirectory = "matrix-synapse";
RuntimeDirectory = "matrix-synapse"; RuntimeDirectory = "matrix-synapse";
ExecStartPre = let
flags = lib.cli.toCommandLineShellGNU {} {
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir;
generate-keys = true;
};
in "${cfg.package}/bin/synapse_homeserver ${flags}";
ExecStart = let ExecStart = let
flags = lib.cli.toGNUCommandLineShell {} { flags = lib.cli.toCommandLineShellGNU {} {
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles; config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir; keys-directory = cfg.dataDir;
}; };
in "${wrapped}/bin/synapse_homeserver ${flags}"; in "${wrapped}/bin/synapse_homeserver ${flags}";
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID"; ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
Restart = "on-failure";
CapabilityBoundingSet = [ "" ];
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [
cfg.dataDir
cfg.settings.media_store_path
]
++ (map (listener: dirOf listener.path) (
lib.filter (listener: listener.path != null) cfg.settings.listeners
));
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@resources"
"~@privileged"
];
}; };
}; };
}; };

18
synapse-module/nginx.nix
View File

@@ -24,6 +24,7 @@ in
~^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_initial_sync; ~^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_initial_sync;
# Federation requests # Federation requests
~^/_matrix/federation/v1/version$ synapse_federation;
~^/_matrix/federation/v1/event/ synapse_federation; ~^/_matrix/federation/v1/event/ synapse_federation;
~^/_matrix/federation/v1/state/ synapse_federation; ~^/_matrix/federation/v1/state/ synapse_federation;
~^/_matrix/federation/v1/state_ids/ synapse_federation; ~^/_matrix/federation/v1/state_ids/ synapse_federation;
@@ -35,6 +36,8 @@ in
~^/_matrix/federation/v1/make_leave/ synapse_federation; ~^/_matrix/federation/v1/make_leave/ synapse_federation;
~^/_matrix/federation/(v1|v2)/send_join/ synapse_federation; ~^/_matrix/federation/(v1|v2)/send_join/ synapse_federation;
~^/_matrix/federation/(v1|v2)/send_leave/ synapse_federation; ~^/_matrix/federation/(v1|v2)/send_leave/ synapse_federation;
~^/_matrix/federation/v1/make_knock/ synapse_federation;
~^/_matrix/federation/v1/send_knock/ synapse_federation;
~^/_matrix/federation/(v1|v2)/invite/ synapse_federation; ~^/_matrix/federation/(v1|v2)/invite/ synapse_federation;
~^/_matrix/federation/v1/event_auth/ synapse_federation; ~^/_matrix/federation/v1/event_auth/ synapse_federation;
~^/_matrix/federation/v1/timestamp_to_event/ synapse_federation; ~^/_matrix/federation/v1/timestamp_to_event/ synapse_federation;
@@ -56,17 +59,23 @@ in
~^/_matrix/client/v1/rooms/.*/hierarchy$ synapse_client_interaction; ~^/_matrix/client/v1/rooms/.*/hierarchy$ synapse_client_interaction;
~^/_matrix/client/(v1|unstable)/rooms/.*/relations/ synapse_client_interaction; ~^/_matrix/client/(v1|unstable)/rooms/.*/relations/ synapse_client_interaction;
~^/_matrix/client/v1/rooms/.*/threads$ synapse_client_interaction; ~^/_matrix/client/v1/rooms/.*/threads$ synapse_client_interaction;
~^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ synapse_client_interaction;
~^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_client_interaction; ~^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_client_interaction; ~^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_client_interaction; ~^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/devices$ synapse_client_interaction; ~^/_matrix/client/(r0|v3|unstable)/account/deactivate$ synapse_client_interaction;
~^/_matrix/client/(r0|v3)/delete_devices$ synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$) synapse_client_interaction;
~^/_matrix/client/versions$ synapse_client_interaction; ~^/_matrix/client/versions$ synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_client_interaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_client_interaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_client_interaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_client_interaction;
~^/_matrix/client/v1/rooms/.*/timestamp_to_event$ synapse_client_interaction; ~^/_matrix/client/v1/rooms/.*/timestamp_to_event$ synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_client_interaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) synapse_client_interaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/capabilities$ synapse_client_interaction;
~^/_matrix/client/(r0|v3|unstable)/notifications$ synapse_client_interaction;
# Encryption requests # Encryption requests
~^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_client_encryption; ~^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_client_encryption;
@@ -74,11 +83,15 @@ in
~^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_client_encryption; ~^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_client_encryption;
~^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_client_encryption; ~^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_client_encryption;
~^/_matrix/client/(r0|v3|unstable)/keys/upload/ synapse_client_encryption; ~^/_matrix/client/(r0|v3|unstable)/keys/upload/ synapse_client_encryption;
~^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$ synapse_client_encryption;
~^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$ synapse_client_encryption;
# Registration/login requests # Registration/login requests
~^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_client_login; ~^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_client_login;
~^/_matrix/client/(r0|v3|unstable)/register$ synapse_client_login; ~^/_matrix/client/(r0|v3|unstable)/register$ synapse_client_login;
~^/_matrix/client/(r0|v3|unstable)/register/available$ synapse_client_login;
~^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_client_login; ~^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_client_login;
~^/_matrix/client/(r0|v3|unstable)/password_policy$ synapse_client_login;
# Event sending requests # Event sending requests
~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_client_transaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_client_transaction;
@@ -86,6 +99,7 @@ in
~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_client_transaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_client_transaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_client_transaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_client_transaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_client_transaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_client_transaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/knock/ synapse_client_transaction;
~^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_client_transaction; ~^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_client_transaction;
# Account data requests # Account data requests

62
synapse-module/workers.nix
View File

@@ -74,6 +74,16 @@ in {
description = "Listener configuration for the worker, similar to the main synapse listener"; description = "Listener configuration for the worker, similar to the main synapse listener";
default = [ ]; default = [ ];
}; };
worker_log_config = mkOption {
type = types.path;
description = ''
A yaml python logging config file as described by
https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
'';
default = pkgs.writeText "log_config.yaml" cfg.mainLogConfig;
defaultText = "A config file generated from ${cfgText}.mainLogConfig";
};
}; };
}; };
@@ -374,14 +384,25 @@ in {
wantedBy = [ "matrix-synapse.target" ]; wantedBy = [ "matrix-synapse.target" ];
after = [ "matrix-synapse.service" ]; after = [ "matrix-synapse.service" ];
requires = [ "matrix-synapse.service" ]; requires = [ "matrix-synapse.service" ];
environment = lib.optionalAttrs cfg.withJemalloc {
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
PYTHONMALLOC = "malloc";
};
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
User = "matrix-synapse"; User = "matrix-synapse";
Group = "matrix-synapse"; Group = "matrix-synapse";
Slice = "system-matrix-synapse.slice"; Slice = "system-matrix-synapse.slice";
Restart = "always";
RestartSec = 3;
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
RuntimeDirectory = "matrix-synapse"; RuntimeDirectory = "matrix-synapse";
StateDirectory = "matrix-synapse"; StateDirectory = "matrix-synapse";
ExecStartPre = pkgs.writers.writeBash "wait-for-synapse" '' ExecStartPre = pkgs.writers.writeBash "wait-for-synapse" ''
# From https://md.darmstadt.ccc.de/synapse-at-work # From https://md.darmstadt.ccc.de/synapse-at-work
while ! systemctl is-active -q matrix-synapse.service; do while ! systemctl is-active -q matrix-synapse.service; do
@@ -389,11 +410,50 @@ in {
done done
''; '';
ExecStart = let ExecStart = let
flags = lib.cli.toGNUCommandLineShell {} { flags = lib.cli.toCommandLineShellGNU {} {
config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles; config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir; keys-directory = cfg.dataDir;
}; };
in "${wrapped}/bin/synapse_worker ${flags}"; in "${wrapped}/bin/synapse_worker ${flags}";
CapabilityBoundingSet = [ "" ];
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [
cfg.dataDir
cfg.settings.media_store_path
]
++ (map (listener: dirOf listener.path) (
lib.filter (listener: listener.path != null) cfg.settings.listeners
));
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@resources"
"~@privileged"
];
}; };
}; };
})); }));

2
tests/default.nix
View File

@@ -1,4 +1,4 @@
{ nixpkgs, pkgs, matrix-lib, ... }: { nixpkgs, pkgs, matrix-lib, ... }:
{ {
nginx-pipeline = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; }; nginx-pipeline-eval = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
} }

2
tests/nginx-pipeline/default.nix
View File

@@ -5,7 +5,7 @@ let
modules = [ modules = [
../../module.nix ../../module.nix
{ {
system.stateVersion = "23.11"; system.stateVersion = "25.11";
boot.isContainer = true; boot.isContainer = true;
services.matrix-synapse-next = { services.matrix-synapse-next = {
enable = true; enable = true;