mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 07:53:19 +00:00
Merge master into staging-next
This commit is contained in:
commit
61655037aa
@ -145,26 +145,26 @@ As an example, we will take the case of display managers. There is a
|
||||
central display manager module for generic display manager options and a
|
||||
module file per display manager backend (sddm, gdm \...).
|
||||
|
||||
There are two approach to this module structure:
|
||||
There are two approaches we could take with this module structure:
|
||||
|
||||
- Managing the display managers independently by adding an enable
|
||||
- Configuring the display managers independently by adding an enable
|
||||
option to every display manager module backend. (NixOS)
|
||||
|
||||
- Managing the display managers in the central module by adding an
|
||||
option to select which display manager backend to use.
|
||||
- Configuring the display managers in the central module by adding
|
||||
an option to select which display manager backend to use.
|
||||
|
||||
Both approaches have problems.
|
||||
|
||||
Making backends independent can quickly become hard to manage. For
|
||||
display managers, there can be only one enabled at a time, but the type
|
||||
system can not enforce this restriction as there is no relation between
|
||||
each backend `enable` option. As a result, this restriction has to be
|
||||
done explicitely by adding assertions in each display manager backend
|
||||
module.
|
||||
display managers, there can only be one enabled at a time, but the
|
||||
type system cannot enforce this restriction as there is no relation
|
||||
between each backend's `enable` option. As a result, this restriction
|
||||
has to be done explicitly by adding assertions in each display manager
|
||||
backend module.
|
||||
|
||||
On the other hand, managing the display managers backends in the central
|
||||
module will require to change the central module option every time a new
|
||||
backend is added or removed.
|
||||
On the other hand, managing the display manager backends in the
|
||||
central module will require changing the central module option every
|
||||
time a new backend is added or removed.
|
||||
|
||||
By using extensible option types, it is possible to create a placeholder
|
||||
option in the central module
|
||||
@ -175,7 +175,7 @@ and to extend it in each backend module
|
||||
|
||||
As a result, `displayManager.enable` option values can be added without
|
||||
changing the main service module file and the type system automatically
|
||||
enforce that there can only be a single display manager enabled.
|
||||
enforces that there can only be a single display manager enabled.
|
||||
|
||||
::: {#ex-option-declaration-eot-service .example}
|
||||
::: {.title}
|
||||
|
@ -16,9 +16,9 @@ merging is handled.
|
||||
|
||||
`types.path`
|
||||
|
||||
: A filesystem path, defined as anything that when coerced to a string
|
||||
starts with a slash. Even if derivations can be considered as path,
|
||||
the more specific `types.package` should be preferred.
|
||||
: A filesystem path is anything that starts with a slash when
|
||||
coerced to a string. Even if derivations can be considered as
|
||||
paths, the more specific `types.package` should be preferred.
|
||||
|
||||
`types.package`
|
||||
|
||||
|
@ -215,21 +215,22 @@ lib.mkOption {
|
||||
manager backend (sddm, gdm ...).
|
||||
</para>
|
||||
<para>
|
||||
There are two approach to this module structure:
|
||||
There are two approaches we could take with this module
|
||||
structure:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Managing the display managers independently by adding an
|
||||
enable option to every display manager module backend.
|
||||
(NixOS)
|
||||
Configuring the display managers independently by adding
|
||||
an enable option to every display manager module
|
||||
backend. (NixOS)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Managing the display managers in the central module by
|
||||
adding an option to select which display manager backend
|
||||
to use.
|
||||
Configuring the display managers in the central module
|
||||
by adding an option to select which display manager
|
||||
backend to use.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
@ -238,16 +239,16 @@ lib.mkOption {
|
||||
</para>
|
||||
<para>
|
||||
Making backends independent can quickly become hard to
|
||||
manage. For display managers, there can be only one enabled
|
||||
at a time, but the type system can not enforce this
|
||||
restriction as there is no relation between each backend
|
||||
manage. For display managers, there can only be one enabled
|
||||
at a time, but the type system cannot enforce this
|
||||
restriction as there is no relation between each backend’s
|
||||
<literal>enable</literal> option. As a result, this
|
||||
restriction has to be done explicitely by adding assertions
|
||||
restriction has to be done explicitly by adding assertions
|
||||
in each display manager backend module.
|
||||
</para>
|
||||
<para>
|
||||
On the other hand, managing the display managers backends in
|
||||
the central module will require to change the central module
|
||||
On the other hand, managing the display manager backends in
|
||||
the central module will require changing the central module
|
||||
option every time a new backend is added or removed.
|
||||
</para>
|
||||
<para>
|
||||
@ -268,7 +269,7 @@ lib.mkOption {
|
||||
<para>
|
||||
As a result, <literal>displayManager.enable</literal> option
|
||||
values can be added without changing the main service module
|
||||
file and the type system automatically enforce that there
|
||||
file and the type system automatically enforces that there
|
||||
can only be a single display manager enabled.
|
||||
</para>
|
||||
<anchor xml:id="ex-option-declaration-eot-service" />
|
||||
|
@ -30,10 +30,10 @@
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A filesystem path, defined as anything that when coerced to
|
||||
a string starts with a slash. Even if derivations can be
|
||||
considered as path, the more specific
|
||||
<literal>types.package</literal> should be preferred.
|
||||
A filesystem path is anything that starts with a slash when
|
||||
coerced to a string. Even if derivations can be considered
|
||||
as paths, the more specific <literal>types.package</literal>
|
||||
should be preferred.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -388,6 +388,116 @@
|
||||
its reliance on python2.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>matrix-synapse</literal> service
|
||||
(<literal>services.matrix-synapse</literal>) has been
|
||||
converted to use the <literal>settings</literal> option
|
||||
defined in RFC42. This means that options that are part of
|
||||
your <literal>homeserver.yaml</literal> configuration, and
|
||||
that were specified at the top-level of the module
|
||||
(<literal>services.matrix-synapse</literal>) now need to be
|
||||
moved into
|
||||
<literal>services.matrix-synapse.settings</literal>. And while
|
||||
not all options you may use are defined in there, they are
|
||||
still supported, because you can set arbitrary values in this
|
||||
freeform type.
|
||||
</para>
|
||||
<para>
|
||||
An example to make the required migration clearer:
|
||||
</para>
|
||||
<para>
|
||||
Before:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
After:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||
# possible values.
|
||||
settings = {
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = [
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
};
|
||||
|
||||
extraConfigFiles = [
|
||||
/run/keys/matrix-synapse/secrets.yaml
|
||||
];
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The secrets in your original config should be migrated into a
|
||||
YAML file that is included via
|
||||
<literal>extraConfigFiles</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Additionally a few option defaults have been synced up with
|
||||
upstream default values, for example the
|
||||
<literal>max_upload_size</literal> grew from
|
||||
<literal>10M</literal> to <literal>50M</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The MoinMoin wiki engine
|
||||
@ -1185,6 +1295,14 @@
|
||||
<literal>tmux</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The polkit service, available at
|
||||
<literal>security.polkit.enable</literal>, is now disabled by
|
||||
default. It will automatically be enabled through services and
|
||||
desktop environments as needed.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -128,6 +128,95 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
|
||||
|
||||
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
|
||||
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
|
||||
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
|
||||
may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
|
||||
|
||||
An example to make the required migration clearer:
|
||||
|
||||
Before:
|
||||
```nix
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
After:
|
||||
```nix
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||
# possible values.
|
||||
settings = {
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = [
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
};
|
||||
|
||||
extraConfigFiles = [
|
||||
/run/keys/matrix-synapse/secrets.yaml
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
|
||||
|
||||
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
|
||||
|
||||
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
|
||||
|
||||
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
||||
@ -380,4 +469,6 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.
|
||||
|
||||
- The polkit service, available at `security.polkit.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -455,6 +455,7 @@
|
||||
./services/hardware/vdr.nix
|
||||
./services/hardware/xow.nix
|
||||
./services/home-automation/home-assistant.nix
|
||||
./services/home-automation/zigbee2mqtt.nix
|
||||
./services/logging/SystemdJournal2Gelf.nix
|
||||
./services/logging/awstats.nix
|
||||
./services/logging/filebeat.nix
|
||||
@ -499,6 +500,7 @@
|
||||
./services/mail/roundcube.nix
|
||||
./services/mail/sympa.nix
|
||||
./services/mail/nullmailer.nix
|
||||
./services/matrix/matrix-synapse.nix
|
||||
./services/matrix/mjolnir.nix
|
||||
./services/matrix/pantalaimon.nix
|
||||
./services/misc/ananicy.nix
|
||||
@ -565,7 +567,6 @@
|
||||
./services/misc/matrix-appservice-discord.nix
|
||||
./services/misc/matrix-appservice-irc.nix
|
||||
./services/misc/matrix-conduit.nix
|
||||
./services/misc/matrix-synapse.nix
|
||||
./services/misc/mautrix-facebook.nix
|
||||
./services/misc/mautrix-telegram.nix
|
||||
./services/misc/mbpfan.nix
|
||||
@ -626,7 +627,6 @@
|
||||
./services/misc/weechat.nix
|
||||
./services/misc/xmr-stak.nix
|
||||
./services/misc/xmrig.nix
|
||||
./services/misc/zigbee2mqtt.nix
|
||||
./services/misc/zoneminder.nix
|
||||
./services/misc/zookeeper.nix
|
||||
./services/monitoring/alerta.nix
|
||||
|
@ -134,6 +134,7 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
security.polkit.enable = true;
|
||||
security.pam.services.swaylock = {};
|
||||
hardware.opengl.enable = mkDefault true;
|
||||
fonts.enableDefaultFonts = mkDefault true;
|
||||
|
@ -12,11 +12,7 @@ in
|
||||
|
||||
options = {
|
||||
|
||||
security.polkit.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable PolKit.";
|
||||
};
|
||||
security.polkit.enable = mkEnableOption "polkit";
|
||||
|
||||
security.polkit.extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
|
@ -30,6 +30,8 @@ in {
|
||||
|
||||
environment.systemPackages = [ pkgs.flatpak ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.dbus.packages = [ pkgs.flatpak ];
|
||||
|
||||
systemd.packages = [ pkgs.flatpak ];
|
||||
|
@ -32,6 +32,8 @@ with lib;
|
||||
|
||||
environment.systemPackages = [ pkgs.udisks2 ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.dbus.packages = [ pkgs.udisks2 ];
|
||||
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];
|
||||
|
773
nixos/modules/services/matrix/matrix-synapse.nix
Normal file
773
nixos/modules/services/matrix/matrix-synapse.nix
Normal file
@ -0,0 +1,773 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse;
|
||||
format = pkgs.formats.yaml {};
|
||||
|
||||
# remove null values from the final configuration
|
||||
finalSettings = lib.filterAttrsRecursive (_: v: v != null) cfg.settings;
|
||||
configFile = format.generate "homeserver.yaml" finalSettings;
|
||||
logConfigFile = format.generate "log_config.yaml" cfg.logConfig;
|
||||
|
||||
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||
extraLibs = cfg.plugins;
|
||||
};
|
||||
|
||||
usePostgresql = cfg.settings.database.name == "psycopg2";
|
||||
hasLocalPostgresDB = let args = cfg.settings.database.args; in
|
||||
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
|
||||
|
||||
registerNewMatrixUser =
|
||||
let
|
||||
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
|
||||
listener =
|
||||
lib.findFirst (
|
||||
listener: lib.any (
|
||||
resource: lib.any (
|
||||
name: name == "client"
|
||||
) resource.names
|
||||
) listener.resources
|
||||
) (lib.last cfg.settings.listeners) cfg.settings.listeners;
|
||||
# FIXME: Handle cases with missing client listener properly,
|
||||
# don't rely on lib.last, this will not work.
|
||||
|
||||
# add a tail, so that without any bind_addresses we still have a useable address
|
||||
bindAddress = head (listener.bind_addresses ++ [ "127.0.0.1" ]);
|
||||
listenerProtocol = if listener.tls
|
||||
then "https"
|
||||
else "http";
|
||||
in
|
||||
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
|
||||
exec ${cfg.package}/bin/register_new_matrix_user \
|
||||
$@ \
|
||||
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
|
||||
"${listenerProtocol}://${
|
||||
if (isIpv6 bindAddress) then
|
||||
"[${bindAddress}]"
|
||||
else
|
||||
"${bindAddress}"
|
||||
}:${builtins.toString listener.port}/"
|
||||
'';
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
|
||||
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
|
||||
as the behavior is now obsolete.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
|
||||
Database configuration must be done manually. An exemplary setup is demonstrated in
|
||||
<nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
|
||||
You may add additional event types via
|
||||
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
|
||||
disable the default events via
|
||||
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
|
||||
'')
|
||||
|
||||
# options that don't exist in synapse anymore
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_host" ] "Use listener settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_port" ] "Use listener settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "expire_access_tokens" ] "" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "no_tls" ] "It is no longer supported by synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_dh_param_path" ] "It was removed from synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "unsecure_port" ] "Use settings.listeners instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "user_creation_max_duration" ] "It is no longer supported by synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." )
|
||||
|
||||
# options that were moved into rfc42 style settigns
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_Files instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_type" ] "Use settings.database.name instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_user" ] "Use settings.database.args.user instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "dynamic_thumbnails" ] "Use settings.dynamic_thumbnails instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_metrics" ] "Use settings.enable_metrics instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration" ] "Use settings.enable_registration instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "extraConfig" ] "Use settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "listeners" ] "Use settings.listeners instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "logConfig" ] "Use settings.log_config instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_image_pixels" ] "Use settings.max_image_pixels instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_upload_size" ] "Use settings.max_upload_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "presence" "enabled" ] "Use settings.presence.enabled instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "public_baseurl" ] "Use settings.public_baseurl instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "report_stats" ] "Use settings.report_stats instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "server_name" ] "Use settings.server_name instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "servers" ] "Use settings.trusted_key_servers instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_certificate_path" ] "Use settings.tls_certificate_path instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_private_key_path" ] "Use settings.tls_private_key_path instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_shared_secret" ] "Use settings.turn_shared_secret instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_uris" ] "Use settings.turn_uris instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_user_lifetime" ] "Use settings.turn_user_lifetime instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_enabled" ] "Use settings.url_preview_enabled instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_blacklist" ] "Use settings.url_preview_ip_range_blacklist instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_whitelist" ] "Use settings.url_preview_ip_range_whitelist instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_url_blacklist" ] "Use settings.url_preview_url_blacklist instead" )
|
||||
|
||||
# options that are too specific to mention them explicitly in settings
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "email" ] "Use settings.account_threepid_delegates.email instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "msisdn" ] "Use settings.account_threepid_delegates.msisdn instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "allow_guest_access" ] "Use settings.allow_guest_access instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bcrypt_rounds" ] "Use settings.bcrypt_rounds instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration_captcha" ] "Use settings.enable_registration_captcha instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "event_cache_size" ] "Use settings.event_cache_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_concurrent" ] "Use settings.rc_federation.concurrent instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_reject_limit" ] "Use settings.rc_federation.reject_limit instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_delay" ] "Use settings.rc_federation.sleep_delay instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_limit" ] "Use settings.rc_federation.sleep_limit instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_window_size" ] "Use settings.rc_federation.window_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "key_refresh_interval" ] "Use settings.key_refresh_interval instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_burst_count" ] "Use settings.rc_messages.burst_count instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_per_second" ] "Use settings.rc_messages.per_second instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_private_key" ] "Use settings.recaptcha_private_key instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_public_key" ] "Use settings.recaptcha_public_key instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "redaction_retention_period" ] "Use settings.redaction_retention_period instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "additional_event_types" ] "Use settings.room_prejoin_state.additional_event_types instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "disable_default_event_types" ] "Use settings.room_prejoin-state.disable_default_event_types instead" )
|
||||
|
||||
# Options that should be passed via extraConfigFiles, so they are not persisted into the nix store
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "macaroon_secret_key" ] "Pass this value via extraConfigFiles instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "registration_shared_secret" ] "Pass this value via extraConfigFiles instead" )
|
||||
|
||||
];
|
||||
|
||||
options = {
|
||||
services.matrix-synapse = {
|
||||
enable = mkEnableOption "matrix.org synapse";
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.str;
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the configuration file on the target system. Useful to configure e.g. workers
|
||||
that also need this.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-synapse;
|
||||
defaultText = literalExpression "pkgs.matrix-synapse";
|
||||
description = ''
|
||||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
example = literalExpression ''
|
||||
with config.services.matrix-synapse.package.plugins; [
|
||||
matrix-synapse-ldap3
|
||||
matrix-synapse-pam
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
List of additional Matrix plugins to make available.
|
||||
'';
|
||||
};
|
||||
|
||||
withJemalloc = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/matrix-synapse";
|
||||
description = ''
|
||||
The directory where matrix-synapse stores its stateful data such as
|
||||
certificates, media and uploads.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
default = {};
|
||||
description = ''
|
||||
The primary synapse configuration. See the
|
||||
<link xlink:href="https://github.com/matrix-org/synapse/blob/v${cfg.package.version}/docs/sample_config.yaml">sample configuration</link>
|
||||
for possible values.
|
||||
|
||||
Secrets should be passed in by using the <literal>extraConfigFiles</literal> option.
|
||||
'';
|
||||
type = with types; submodule {
|
||||
freeformType = format.type;
|
||||
options = {
|
||||
# This is a reduced set of popular options and defaults
|
||||
# Do not add every available option here, they can be specified
|
||||
# by the user at their own discretion. This is a freeform type!
|
||||
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
default = config.networking.hostName;
|
||||
defaultText = literalExpression "config.networking.hostName";
|
||||
description = ''
|
||||
The domain name of the server, with optional explicit port.
|
||||
This is used by remote servers to look up the server address.
|
||||
This is also the last part of your UserID.
|
||||
|
||||
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
|
||||
'';
|
||||
};
|
||||
|
||||
enable_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable registration for new users.
|
||||
'';
|
||||
};
|
||||
|
||||
registration_shared_secret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
If set, allows registration by anyone who also has the shared
|
||||
secret, even if registration is otherwise disabled.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
macaroon_secret_key = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Secret key for authentication tokens. If none is specified,
|
||||
the registration_shared_secret is used, if one is given; otherwise,
|
||||
a secret key is derived from the signing key.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
enable_metrics = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable collection and rendering of performance metrics
|
||||
'';
|
||||
};
|
||||
|
||||
report_stats = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether or not to report anonymized homeserver usage statistics.
|
||||
'';
|
||||
};
|
||||
|
||||
signing_key_path = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.dataDir}/homeserver.signing.key";
|
||||
description = ''
|
||||
Path to the signing key to sign messages with.
|
||||
'';
|
||||
};
|
||||
|
||||
pid_file = mkOption {
|
||||
type = types.path;
|
||||
default = "/run/matrix-synapse.pid";
|
||||
readOnly = true;
|
||||
description = ''
|
||||
The file to store the PID in.
|
||||
'';
|
||||
};
|
||||
|
||||
log_config = mkOption {
|
||||
type = types.path;
|
||||
default = ./matrix-synapse-log_config.yaml;
|
||||
description = ''
|
||||
The file that holds the logging configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
media_store_path = mkOption {
|
||||
type = types.path;
|
||||
default = if lib.versionAtLeast config.system.stateVersion "22.05"
|
||||
then "${cfg.dataDir}/media_store"
|
||||
else "${cfg.dataDir}/media";
|
||||
description = ''
|
||||
Directory where uploaded images and attachments are stored.
|
||||
'';
|
||||
};
|
||||
|
||||
public_baseurl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "https://example.com:8448/";
|
||||
description = ''
|
||||
The public-facing base URL for the client API (not including _matrix/...)
|
||||
'';
|
||||
};
|
||||
|
||||
tls_certificate_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/acme/example.com/fullchain.pem";
|
||||
description = ''
|
||||
PEM encoded X509 certificate for TLS.
|
||||
You can replace the self-signed certificate that synapse
|
||||
autogenerates on launch with your own SSL certificate + key pair
|
||||
if you like. Any required intermediary certificates can be
|
||||
appended after the primary certificate in hierarchical order.
|
||||
'';
|
||||
};
|
||||
|
||||
tls_private_key_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/acme/example.com/key.pem";
|
||||
description = ''
|
||||
PEM encoded private key for TLS. Specify null if synapse is not
|
||||
speaking TLS directly.
|
||||
'';
|
||||
};
|
||||
|
||||
presence.enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Whether to enable presence tracking.
|
||||
|
||||
Presence tracking allows users to see the state (e.g online/offline)
|
||||
of other local and remote users.
|
||||
'';
|
||||
};
|
||||
|
||||
listeners = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
example = 8448;
|
||||
description = ''
|
||||
The port to listen for HTTP(S) requests on.
|
||||
'';
|
||||
};
|
||||
|
||||
bind_addresses = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"::1"
|
||||
"127.0.0.1"
|
||||
];
|
||||
example = literalExpression ''
|
||||
[
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
]
|
||||
'';
|
||||
description = ''
|
||||
IP addresses to bind the listener to.
|
||||
'';
|
||||
};
|
||||
|
||||
type = mkOption {
|
||||
type = types.enum [
|
||||
"http"
|
||||
"manhole"
|
||||
"metrics"
|
||||
"replication"
|
||||
];
|
||||
default = "http";
|
||||
example = "metrics";
|
||||
description = ''
|
||||
The type of the listener, usually http.
|
||||
'';
|
||||
};
|
||||
|
||||
tls = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Whether to enable TLS on the listener socket.
|
||||
'';
|
||||
};
|
||||
|
||||
x_forwarded = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Use the X-Forwarded-For (XFF) header as the client IP and not the
|
||||
actual client IP.
|
||||
'';
|
||||
};
|
||||
|
||||
resources = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
names = mkOption {
|
||||
type = types.listOf (types.enum [
|
||||
"client"
|
||||
"consent"
|
||||
"federation"
|
||||
"keys"
|
||||
"media"
|
||||
"metrics"
|
||||
"openid"
|
||||
"replication"
|
||||
"static"
|
||||
]);
|
||||
description = ''
|
||||
List of resources to host on this listener.
|
||||
'';
|
||||
example = [
|
||||
"client"
|
||||
];
|
||||
};
|
||||
compress = mkOption {
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Should synapse compress HTTP responses to clients that support it?
|
||||
This should be disabled if running synapse behind a load balancer
|
||||
that can do automatic compression.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
List of HTTP resources to serve on this listener.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ {
|
||||
port = 8008;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
description = ''
|
||||
List of ports that Synapse should listen on, their purpose and their configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
database.name = mkOption {
|
||||
type = types.enum [
|
||||
"sqlite3"
|
||||
"psycopg2"
|
||||
];
|
||||
default = if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3";
|
||||
defaultText = literalExpression ''
|
||||
if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3"
|
||||
'';
|
||||
description = ''
|
||||
The database engine name. Can be sqlite3 or psycopg2.
|
||||
'';
|
||||
};
|
||||
|
||||
database.args.database = mkOption {
|
||||
type = types.str;
|
||||
default = {
|
||||
sqlite3 = "${cfg.dataDir}/homeserver.db";
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.${cfg.settings.database.name};
|
||||
defaultText = literalExpression ''
|
||||
{
|
||||
sqlite3 = "''${${options.services.matrix-synapse.dataDir}}/homeserver.db";
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.''${${options.services.matrix-synapse.settings}.database.name};
|
||||
'';
|
||||
description = ''
|
||||
Name of the database when using the psycopg2 backend,
|
||||
path to the database location when using sqlite3.
|
||||
'';
|
||||
};
|
||||
|
||||
database.args.user = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = {
|
||||
sqlite3 = null;
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.${cfg.settings.database.name};
|
||||
description = ''
|
||||
Username to connect with psycopg2, set to null
|
||||
when using sqlite3.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Is the preview URL API enabled? If enabled, you *must* specify an
|
||||
explicit url_preview_ip_range_blacklist of IPs that the spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_ip_range_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"10.0.0.0/8"
|
||||
"100.64.0.0/10"
|
||||
"127.0.0.0/8"
|
||||
"169.254.0.0/16"
|
||||
"172.16.0.0/12"
|
||||
"192.0.0.0/24"
|
||||
"192.0.2.0/24"
|
||||
"192.168.0.0/16"
|
||||
"192.88.99.0/24"
|
||||
"198.18.0.0/15"
|
||||
"198.51.100.0/24"
|
||||
"2001:db8::/32"
|
||||
"203.0.113.0/24"
|
||||
"224.0.0.0/4"
|
||||
"::1/128"
|
||||
"fc00::/7"
|
||||
"fe80::/10"
|
||||
"fec0::/10"
|
||||
"ff00::/8"
|
||||
];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is denied
|
||||
from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_ip_range_whitelist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is allowed
|
||||
to access even if they are specified in url_preview_ip_range_blacklist.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_url_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Optional list of URL matches that the URL preview spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
max_upload_size = mkOption {
|
||||
type = types.str;
|
||||
default = "50M";
|
||||
example = "100M";
|
||||
description = ''
|
||||
The largest allowed upload size in bytes
|
||||
'';
|
||||
};
|
||||
|
||||
max_image_pixels = mkOption {
|
||||
type = types.str;
|
||||
default = "32M";
|
||||
example = "64M";
|
||||
description = ''
|
||||
Maximum number of pixels that will be thumbnailed
|
||||
'';
|
||||
};
|
||||
|
||||
dynamic_thumbnails = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to generate new thumbnails on the fly to precisely match
|
||||
the resolution requested by the client. If true then whenever
|
||||
a new resolution is requested by the client the server will
|
||||
generate a new thumbnail. If false the server will pick a thumbnail
|
||||
from a precalculated list.
|
||||
'';
|
||||
};
|
||||
|
||||
turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [
|
||||
"turn:turn.example.com:3487?transport=udp"
|
||||
"turn:turn.example.com:3487?transport=tcp"
|
||||
"turns:turn.example.com:5349?transport=udp"
|
||||
"turns:turn.example.com:5349?transport=tcp"
|
||||
];
|
||||
description = ''
|
||||
The public URIs of the TURN server to give to clients
|
||||
'';
|
||||
};
|
||||
turn_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = literalExpression ''
|
||||
config.services.coturn.static-auth-secret
|
||||
'';
|
||||
description = ''
|
||||
The shared secret used to compute passwords for the TURN server.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
trusted_key_servers = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "matrix.org";
|
||||
description = ''
|
||||
Hostname of the trusted server.
|
||||
'';
|
||||
};
|
||||
|
||||
verify_keys = mkOption {
|
||||
type = types.nullOr (types.attrsOf types.str);
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
{
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Attribute set from key id to base64 encoded public key.
|
||||
|
||||
If specified synapse will check that the response is signed
|
||||
by at least one of the given keys.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ {
|
||||
server_name = "matrix.org";
|
||||
verify_keys = {
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
};
|
||||
} ];
|
||||
description = ''
|
||||
The trusted servers to download signing keys from.
|
||||
'';
|
||||
};
|
||||
|
||||
app_service_config_files = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
A list of application service config file to use
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
extraConfigFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra config files to include.
|
||||
|
||||
The configuration files will be included based on the command line
|
||||
argument --config-path. This allows to configure secrets without
|
||||
having to go through the Nix store, e.g. based on deployment keys if
|
||||
NixOps is in use.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
|
||||
message = ''
|
||||
Cannot deploy matrix-synapse with a configuration for a local postgresql database
|
||||
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
|
||||
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
|
||||
further reference).
|
||||
|
||||
If you
|
||||
- try to deploy a fresh synapse, you need to configure the database yourself. An example
|
||||
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
|
||||
to your configuration.
|
||||
|
||||
For further information about this update, please read the release-notes of 20.03 carefully.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.matrix-synapse.configFile = configFile;
|
||||
|
||||
users.users.matrix-synapse = {
|
||||
group = "matrix-synapse";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
uid = config.ids.uids.matrix-synapse;
|
||||
};
|
||||
|
||||
users.groups.matrix-synapse = {
|
||||
gid = config.ids.gids.matrix-synapse;
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse = {
|
||||
description = "Synapse Matrix homeserver";
|
||||
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
--config-path ${configFile} \
|
||||
--keys-directory ${cfg.dataDir} \
|
||||
--generate-keys
|
||||
'';
|
||||
environment = {
|
||||
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||
} // optionalAttrs (cfg.withJemalloc) {
|
||||
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "matrix-synapse";
|
||||
Group = "matrix-synapse";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
|
||||
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
|
||||
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
|
||||
'')) ];
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
||||
--keys-directory ${cfg.dataDir}
|
||||
'';
|
||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||
Restart = "on-failure";
|
||||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ registerNewMatrixUser ];
|
||||
};
|
||||
|
||||
meta = {
|
||||
buildDocsInSandbox = false;
|
||||
doc = ./matrix-synapse.xml;
|
||||
maintainers = teams.matrix.members;
|
||||
};
|
||||
|
||||
}
|
@ -115,20 +115,21 @@ in {
|
||||
};
|
||||
services.matrix-synapse = {
|
||||
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.server_name">server_name</link> = config.networking.domain;
|
||||
<link linkend="opt-services.matrix-synapse.listeners">listeners</link> = [
|
||||
<link linkend="opt-services.matrix-synapse.settings.server_name">server_name</link> = config.networking.domain;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners">listeners</link> = [
|
||||
{
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.port">port</link> = 8008;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.bind_address">bind_address</link> = "::1";
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.type">type</link> = "http";
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.tls">tls</link> = false;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.x_forwarded">x_forwarded</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources">resources</link> = [
|
||||
{
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources._.names">names</link> = [ "client" "federation" ];
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources._.compress">compress</link> = false;
|
||||
}
|
||||
];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.port">port</link> = 8008;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.bind_addresses">bind_address</link> = [ "::1" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.type">type</link> = "http";
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.tls">tls</link> = false;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.x_forwarded">x_forwarded</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources">resources</link> = [ {
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "client" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = true;
|
||||
} {
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "federation" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = false;
|
||||
} ];
|
||||
}
|
||||
];
|
||||
};
|
||||
@ -151,11 +152,11 @@ in {
|
||||
|
||||
<para>
|
||||
If you want to run a server with public registration by anybody, you can
|
||||
then enable <literal><link linkend="opt-services.matrix-synapse.enable_registration">services.matrix-synapse.enable_registration</link> =
|
||||
then enable <literal><link linkend="opt-services.matrix-synapse.settings.enable_registration">services.matrix-synapse.enable_registration</link> =
|
||||
true;</literal>. Otherwise, or you can generate a registration secret with
|
||||
<command>pwgen -s 64 1</command> and set it with
|
||||
<option><link linkend="opt-services.matrix-synapse.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>. To
|
||||
create a new user or admin, run the following after you have set the secret
|
||||
<option><link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>.
|
||||
To create a new user or admin, run the following after you have set the secret
|
||||
and have rebuilt NixOS:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nix run nixpkgs.matrix-synapse
|
||||
@ -170,7 +171,7 @@ Success!
|
||||
<literal>@your-username:example.org</literal>. Note that the registration
|
||||
secret ends up in the nix store and therefore is world-readable by any user
|
||||
on your machine, so it makes sense to only temporarily activate the
|
||||
<link linkend="opt-services.matrix-synapse.registration_shared_secret">registration_shared_secret</link>
|
||||
<link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">registration_shared_secret</link>
|
||||
option until a better solution for NixOS is in place.
|
||||
</para>
|
||||
</section>
|
@ -1,844 +0,0 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse;
|
||||
opt = options.services.matrix-synapse;
|
||||
pg = config.services.postgresql;
|
||||
usePostgresql = cfg.database_type == "psycopg2";
|
||||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
||||
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
|
||||
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
|
||||
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||
extraLibs = cfg.plugins;
|
||||
};
|
||||
configFile = pkgs.writeText "homeserver.yaml" ''
|
||||
${optionalString (cfg.tls_certificate_path != null) ''
|
||||
tls_certificate_path: "${cfg.tls_certificate_path}"
|
||||
''}
|
||||
${optionalString (cfg.tls_private_key_path != null) ''
|
||||
tls_private_key_path: "${cfg.tls_private_key_path}"
|
||||
''}
|
||||
${optionalString (cfg.tls_dh_params_path != null) ''
|
||||
tls_dh_params_path: "${cfg.tls_dh_params_path}"
|
||||
''}
|
||||
no_tls: ${boolToString cfg.no_tls}
|
||||
${optionalString (cfg.bind_port != null) ''
|
||||
bind_port: ${toString cfg.bind_port}
|
||||
''}
|
||||
${optionalString (cfg.unsecure_port != null) ''
|
||||
unsecure_port: ${toString cfg.unsecure_port}
|
||||
''}
|
||||
${optionalString (cfg.bind_host != null) ''
|
||||
bind_host: "${cfg.bind_host}"
|
||||
''}
|
||||
server_name: "${cfg.server_name}"
|
||||
pid_file: "/run/matrix-synapse.pid"
|
||||
${optionalString (cfg.public_baseurl != null) ''
|
||||
public_baseurl: "${cfg.public_baseurl}"
|
||||
''}
|
||||
listeners: [${concatStringsSep "," (map mkListener cfg.listeners)}]
|
||||
database: {
|
||||
name: "${cfg.database_type}",
|
||||
args: {
|
||||
${concatStringsSep ",\n " (
|
||||
mapAttrsToList (n: v: "\"${n}\": ${builtins.toJSON v}") cfg.database_args
|
||||
)}
|
||||
}
|
||||
}
|
||||
event_cache_size: "${cfg.event_cache_size}"
|
||||
verbose: ${cfg.verbose}
|
||||
log_config: "${logConfigFile}"
|
||||
rc_messages_per_second: ${cfg.rc_messages_per_second}
|
||||
rc_message_burst_count: ${cfg.rc_message_burst_count}
|
||||
federation_rc_window_size: ${cfg.federation_rc_window_size}
|
||||
federation_rc_sleep_limit: ${cfg.federation_rc_sleep_limit}
|
||||
federation_rc_sleep_delay: ${cfg.federation_rc_sleep_delay}
|
||||
federation_rc_reject_limit: ${cfg.federation_rc_reject_limit}
|
||||
federation_rc_concurrent: ${cfg.federation_rc_concurrent}
|
||||
media_store_path: "${cfg.dataDir}/media"
|
||||
uploads_path: "${cfg.dataDir}/uploads"
|
||||
max_upload_size: "${cfg.max_upload_size}"
|
||||
max_image_pixels: "${cfg.max_image_pixels}"
|
||||
dynamic_thumbnails: ${boolToString cfg.dynamic_thumbnails}
|
||||
url_preview_enabled: ${boolToString cfg.url_preview_enabled}
|
||||
${optionalString (cfg.url_preview_enabled == true) ''
|
||||
url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist}
|
||||
url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist}
|
||||
url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist}
|
||||
''}
|
||||
recaptcha_private_key: "${cfg.recaptcha_private_key}"
|
||||
recaptcha_public_key: "${cfg.recaptcha_public_key}"
|
||||
enable_registration_captcha: ${boolToString cfg.enable_registration_captcha}
|
||||
turn_uris: ${builtins.toJSON cfg.turn_uris}
|
||||
turn_shared_secret: "${cfg.turn_shared_secret}"
|
||||
enable_registration: ${boolToString cfg.enable_registration}
|
||||
${optionalString (cfg.registration_shared_secret != null) ''
|
||||
registration_shared_secret: "${cfg.registration_shared_secret}"
|
||||
''}
|
||||
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
|
||||
turn_user_lifetime: "${cfg.turn_user_lifetime}"
|
||||
user_creation_max_duration: ${cfg.user_creation_max_duration}
|
||||
bcrypt_rounds: ${cfg.bcrypt_rounds}
|
||||
allow_guest_access: ${boolToString cfg.allow_guest_access}
|
||||
|
||||
account_threepid_delegates:
|
||||
${optionalString (cfg.account_threepid_delegates.email != null) "email: ${cfg.account_threepid_delegates.email}"}
|
||||
${optionalString (cfg.account_threepid_delegates.msisdn != null) "msisdn: ${cfg.account_threepid_delegates.msisdn}"}
|
||||
|
||||
room_prejoin_state:
|
||||
disable_default_event_types: ${boolToString cfg.room_prejoin_state.disable_default_event_types}
|
||||
additional_event_types: ${builtins.toJSON cfg.room_prejoin_state.additional_event_types}
|
||||
${optionalString (cfg.macaroon_secret_key != null) ''
|
||||
macaroon_secret_key: "${cfg.macaroon_secret_key}"
|
||||
''}
|
||||
expire_access_token: ${boolToString cfg.expire_access_token}
|
||||
enable_metrics: ${boolToString cfg.enable_metrics}
|
||||
report_stats: ${boolToString cfg.report_stats}
|
||||
signing_key_path: "${cfg.dataDir}/homeserver.signing.key"
|
||||
key_refresh_interval: "${cfg.key_refresh_interval}"
|
||||
perspectives:
|
||||
servers: {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"verify_keys": {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"key": "${v}"
|
||||
}'') v)}
|
||||
}
|
||||
'') cfg.servers)}
|
||||
}
|
||||
}
|
||||
redaction_retention_period: ${toString cfg.redaction_retention_period}
|
||||
app_service_config_files: ${builtins.toJSON cfg.app_service_config_files}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
hasLocalPostgresDB = let args = cfg.database_args; in
|
||||
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
|
||||
|
||||
registerNewMatrixUser =
|
||||
let
|
||||
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
|
||||
listener =
|
||||
lib.findFirst (
|
||||
listener: lib.any (
|
||||
resource: lib.any (
|
||||
name: name == "client"
|
||||
) resource.names
|
||||
) listener.resources
|
||||
) (lib.last cfg.listeners) cfg.listeners;
|
||||
in
|
||||
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
|
||||
exec ${cfg.package}/bin/register_new_matrix_user \
|
||||
$@ \
|
||||
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
|
||||
"${listener.type}://${
|
||||
if (isIpv6 listener.bind_address) then
|
||||
"[${listener.bind_address}]"
|
||||
else
|
||||
"${listener.bind_address}"
|
||||
}:${builtins.toString listener.port}/"
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
services.matrix-synapse = {
|
||||
enable = mkEnableOption "matrix.org synapse";
|
||||
configFile = mkOption {
|
||||
type = types.str;
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the configuration file on the target system. Useful to configure e.g. workers
|
||||
that also need this.
|
||||
'';
|
||||
};
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-synapse;
|
||||
defaultText = literalExpression "pkgs.matrix-synapse";
|
||||
description = ''
|
||||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
example = literalExpression ''
|
||||
with config.services.matrix-synapse.package.plugins; [
|
||||
matrix-synapse-ldap3
|
||||
matrix-synapse-pam
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
List of additional Matrix plugins to make available.
|
||||
'';
|
||||
};
|
||||
withJemalloc = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
|
||||
'';
|
||||
};
|
||||
no_tls = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Don't bind to the https port
|
||||
'';
|
||||
};
|
||||
bind_port = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
example = 8448;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
The port to listen for HTTPS requests on.
|
||||
For when matrix traffic is sent directly to synapse.
|
||||
'';
|
||||
};
|
||||
unsecure_port = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
example = 8008;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
The port to listen for HTTP requests on.
|
||||
For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||
'';
|
||||
};
|
||||
bind_host = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
Local interface to listen on.
|
||||
The empty string will cause synapse to listen on all interfaces.
|
||||
'';
|
||||
};
|
||||
tls_certificate_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
|
||||
description = ''
|
||||
PEM encoded X509 certificate for TLS.
|
||||
You can replace the self-signed certificate that synapse
|
||||
autogenerates on launch with your own SSL certificate + key pair
|
||||
if you like. Any required intermediary certificates can be
|
||||
appended after the primary certificate in hierarchical order.
|
||||
'';
|
||||
};
|
||||
tls_private_key_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.key";
|
||||
description = ''
|
||||
PEM encoded private key for TLS. Specify null if synapse is not
|
||||
speaking TLS directly.
|
||||
'';
|
||||
};
|
||||
tls_dh_params_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
|
||||
description = ''
|
||||
PEM dh parameters for ephemeral keys
|
||||
'';
|
||||
};
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
default = config.networking.hostName;
|
||||
defaultText = literalExpression "config.networking.hostName";
|
||||
description = ''
|
||||
The domain name of the server, with optional explicit port.
|
||||
This is used by remote servers to look up the server address.
|
||||
This is also the last part of your UserID.
|
||||
|
||||
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
|
||||
'';
|
||||
};
|
||||
public_baseurl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "https://example.com:8448/";
|
||||
description = ''
|
||||
The public-facing base URL for the client API (not including _matrix/...)
|
||||
'';
|
||||
};
|
||||
listeners = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
example = 8448;
|
||||
description = ''
|
||||
The port to listen for HTTP(S) requests on.
|
||||
'';
|
||||
};
|
||||
bind_address = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "203.0.113.42";
|
||||
description = ''
|
||||
Local interface to listen on.
|
||||
The empty string will cause synapse to listen on all interfaces.
|
||||
'';
|
||||
};
|
||||
type = mkOption {
|
||||
type = types.str;
|
||||
default = "http";
|
||||
description = ''
|
||||
Type of listener.
|
||||
'';
|
||||
};
|
||||
tls = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to listen for HTTPS connections rather than HTTP.
|
||||
'';
|
||||
};
|
||||
x_forwarded = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Use the X-Forwarded-For (XFF) header as the client IP and not the
|
||||
actual client IP.
|
||||
'';
|
||||
};
|
||||
resources = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
names = mkOption {
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
List of resources to host on this listener.
|
||||
'';
|
||||
example = ["client" "federation"];
|
||||
};
|
||||
compress = mkOption {
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Should synapse compress HTTP responses to clients that support it?
|
||||
This should be disabled if running synapse behind a load balancer
|
||||
that can do automatic compression.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
List of HTTP resources to serve on this listener.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [{
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [
|
||||
{ names = ["client"]; compress = true; }
|
||||
{ names = ["federation"]; compress = false; }
|
||||
];
|
||||
}];
|
||||
description = ''
|
||||
List of ports that Synapse should listen on, their purpose and their configuration.
|
||||
'';
|
||||
};
|
||||
verbose = mkOption {
|
||||
type = types.str;
|
||||
default = "0";
|
||||
description = "Logging verbosity level.";
|
||||
};
|
||||
rc_messages_per_second = mkOption {
|
||||
type = types.str;
|
||||
default = "0.2";
|
||||
description = "Number of messages a client can send per second";
|
||||
};
|
||||
rc_message_burst_count = mkOption {
|
||||
type = types.str;
|
||||
default = "10.0";
|
||||
description = "Number of message a client can send before being throttled";
|
||||
};
|
||||
federation_rc_window_size = mkOption {
|
||||
type = types.str;
|
||||
default = "1000";
|
||||
description = "The federation window size in milliseconds";
|
||||
};
|
||||
federation_rc_sleep_limit = mkOption {
|
||||
type = types.str;
|
||||
default = "10";
|
||||
description = ''
|
||||
The number of federation requests from a single server in a window
|
||||
before the server will delay processing the request.
|
||||
'';
|
||||
};
|
||||
federation_rc_sleep_delay = mkOption {
|
||||
type = types.str;
|
||||
default = "500";
|
||||
description = ''
|
||||
The duration in milliseconds to delay processing events from
|
||||
remote servers by if they go over the sleep limit.
|
||||
'';
|
||||
};
|
||||
federation_rc_reject_limit = mkOption {
|
||||
type = types.str;
|
||||
default = "50";
|
||||
description = ''
|
||||
The maximum number of concurrent federation requests allowed
|
||||
from a single server
|
||||
'';
|
||||
};
|
||||
federation_rc_concurrent = mkOption {
|
||||
type = types.str;
|
||||
default = "3";
|
||||
description = "The number of federation requests to concurrently process from a single server";
|
||||
};
|
||||
database_type = mkOption {
|
||||
type = types.enum [ "sqlite3" "psycopg2" ];
|
||||
default = if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3";
|
||||
defaultText = literalExpression ''
|
||||
if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3"
|
||||
'';
|
||||
description = ''
|
||||
The database engine name. Can be sqlite or psycopg2.
|
||||
'';
|
||||
};
|
||||
database_name = mkOption {
|
||||
type = types.str;
|
||||
default = "matrix-synapse";
|
||||
description = "Database name.";
|
||||
};
|
||||
database_user = mkOption {
|
||||
type = types.str;
|
||||
default = "matrix-synapse";
|
||||
description = "Database user name.";
|
||||
};
|
||||
database_args = mkOption {
|
||||
type = types.attrs;
|
||||
default = {
|
||||
sqlite3 = { database = "${cfg.dataDir}/homeserver.db"; };
|
||||
psycopg2 = {
|
||||
user = cfg.database_user;
|
||||
database = cfg.database_name;
|
||||
};
|
||||
}.${cfg.database_type};
|
||||
defaultText = literalDocBook ''
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>using sqlite3</term>
|
||||
<listitem>
|
||||
<programlisting>
|
||||
{ database = "''${config.${opt.dataDir}}/homeserver.db"; }
|
||||
</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>using psycopg2</term>
|
||||
<listitem>
|
||||
<programlisting>
|
||||
psycopg2 = {
|
||||
user = config.${opt.database_user};
|
||||
database = config.${opt.database_name};
|
||||
}
|
||||
</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
'';
|
||||
description = ''
|
||||
Arguments to pass to the engine.
|
||||
'';
|
||||
};
|
||||
event_cache_size = mkOption {
|
||||
type = types.str;
|
||||
default = "10K";
|
||||
description = "Number of events to cache in memory.";
|
||||
};
|
||||
url_preview_enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Is the preview URL API enabled? If enabled, you *must* specify an
|
||||
explicit url_preview_ip_range_blacklist of IPs that the spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
url_preview_ip_range_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"127.0.0.0/8"
|
||||
"10.0.0.0/8"
|
||||
"172.16.0.0/12"
|
||||
"192.168.0.0/16"
|
||||
"100.64.0.0/10"
|
||||
"169.254.0.0/16"
|
||||
"::1/128"
|
||||
"fe80::/64"
|
||||
"fc00::/7"
|
||||
];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is denied
|
||||
from accessing.
|
||||
'';
|
||||
};
|
||||
url_preview_ip_range_whitelist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is allowed
|
||||
to access even if they are specified in
|
||||
url_preview_ip_range_blacklist.
|
||||
'';
|
||||
};
|
||||
url_preview_url_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Optional list of URL matches that the URL preview spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
recaptcha_private_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA private key.
|
||||
'';
|
||||
};
|
||||
recaptcha_public_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA public key.
|
||||
'';
|
||||
};
|
||||
enable_registration_captcha = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enables ReCaptcha checks when registering, preventing signup
|
||||
unless a captcha is answered. Requires a valid ReCaptcha
|
||||
public/private key.
|
||||
'';
|
||||
};
|
||||
turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
The public URIs of the TURN server to give to clients
|
||||
'';
|
||||
};
|
||||
turn_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
The shared secret used to compute passwords for the TURN server
|
||||
'';
|
||||
};
|
||||
turn_user_lifetime = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = "How long generated TURN credentials last";
|
||||
};
|
||||
enable_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable registration for new users.
|
||||
'';
|
||||
};
|
||||
registration_shared_secret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
If set, allows registration by anyone who also has the shared
|
||||
secret, even if registration is otherwise disabled.
|
||||
'';
|
||||
};
|
||||
enable_metrics = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable collection and rendering of performance metrics
|
||||
'';
|
||||
};
|
||||
report_stats = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "";
|
||||
};
|
||||
servers = mkOption {
|
||||
type = types.attrsOf (types.attrsOf types.str);
|
||||
default = {
|
||||
"matrix.org" = {
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
The trusted servers to download signing keys from.
|
||||
'';
|
||||
};
|
||||
max_upload_size = mkOption {
|
||||
type = types.str;
|
||||
default = "10M";
|
||||
description = "The largest allowed upload size in bytes";
|
||||
};
|
||||
max_image_pixels = mkOption {
|
||||
type = types.str;
|
||||
default = "32M";
|
||||
description = "Maximum number of pixels that will be thumbnailed";
|
||||
};
|
||||
dynamic_thumbnails = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to generate new thumbnails on the fly to precisely match
|
||||
the resolution requested by the client. If true then whenever
|
||||
a new resolution is requested by the client the server will
|
||||
generate a new thumbnail. If false the server will pick a thumbnail
|
||||
from a precalculated list.
|
||||
'';
|
||||
};
|
||||
user_creation_max_duration = mkOption {
|
||||
type = types.str;
|
||||
default = "1209600000";
|
||||
description = ''
|
||||
Sets the expiry for the short term user creation in
|
||||
milliseconds. The default value is two weeks.
|
||||
'';
|
||||
};
|
||||
bcrypt_rounds = mkOption {
|
||||
type = types.str;
|
||||
default = "12";
|
||||
description = ''
|
||||
Set the number of bcrypt rounds used to generate password hash.
|
||||
Larger numbers increase the work factor needed to generate the hash.
|
||||
'';
|
||||
};
|
||||
allow_guest_access = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allows users to register as guests without a password/email/etc, and
|
||||
participate in rooms hosted on this server which have been made
|
||||
accessible to anonymous users.
|
||||
'';
|
||||
};
|
||||
account_threepid_delegates.email = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Delegate email sending to https://example.org
|
||||
'';
|
||||
};
|
||||
account_threepid_delegates.msisdn = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Delegate SMS sending to this local process (https://localhost:8090)
|
||||
'';
|
||||
};
|
||||
room_prejoin_state.additional_event_types = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
Additional events to share with users who received an invite.
|
||||
'';
|
||||
};
|
||||
room_prejoin_state.disable_default_event_types = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to disable the default state-event types for users invited to a room.
|
||||
These are:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>m.room.join_rules</para></listitem>
|
||||
<listitem><para>m.room.canonical_alias</para></listitem>
|
||||
<listitem><para>m.room.avatar</para></listitem>
|
||||
<listitem><para>m.room.encryption</para></listitem>
|
||||
<listitem><para>m.room.name</para></listitem>
|
||||
<listitem><para>m.room.create</para></listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
macaroon_secret_key = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Secret key for authentication tokens
|
||||
'';
|
||||
};
|
||||
expire_access_token = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable access token expiration.
|
||||
'';
|
||||
};
|
||||
key_refresh_interval = mkOption {
|
||||
type = types.str;
|
||||
default = "1d";
|
||||
description = ''
|
||||
How long key response published by this server is valid for.
|
||||
Used to set the valid_until_ts in /key/v2 APIs.
|
||||
Determines how quickly servers will query to check which keys
|
||||
are still valid.
|
||||
'';
|
||||
};
|
||||
app_service_config_files = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
A list of application service config file to use
|
||||
'';
|
||||
};
|
||||
redaction_retention_period = mkOption {
|
||||
type = types.int;
|
||||
default = 7;
|
||||
description = ''
|
||||
How long to keep redacted events in unredacted form in the database.
|
||||
'';
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra config options for matrix-synapse.
|
||||
'';
|
||||
};
|
||||
extraConfigFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra config files to include.
|
||||
|
||||
The configuration files will be included based on the command line
|
||||
argument --config-path. This allows to configure secrets without
|
||||
having to go through the Nix store, e.g. based on deployment keys if
|
||||
NixOPS is in use.
|
||||
'';
|
||||
};
|
||||
logConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = readFile ./matrix-synapse-log_config.yaml;
|
||||
description = ''
|
||||
A yaml python logging config file
|
||||
'';
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/matrix-synapse";
|
||||
description = ''
|
||||
The directory where matrix-synapse stores its stateful data such as
|
||||
certificates, media and uploads.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
|
||||
message = ''
|
||||
Cannot deploy matrix-synapse with a configuration for a local postgresql database
|
||||
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
|
||||
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
|
||||
further reference).
|
||||
|
||||
If you
|
||||
- try to deploy a fresh synapse, you need to configure the database yourself. An example
|
||||
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
|
||||
to your configuration.
|
||||
|
||||
For further information about this update, please read the release-notes of 20.03 carefully.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.matrix-synapse.configFile = "${configFile}";
|
||||
|
||||
users.users.matrix-synapse = {
|
||||
group = "matrix-synapse";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
uid = config.ids.uids.matrix-synapse;
|
||||
};
|
||||
|
||||
users.groups.matrix-synapse = {
|
||||
gid = config.ids.gids.matrix-synapse;
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse = {
|
||||
description = "Synapse Matrix homeserver";
|
||||
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
--config-path ${configFile} \
|
||||
--keys-directory ${cfg.dataDir} \
|
||||
--generate-keys
|
||||
'';
|
||||
environment = {
|
||||
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||
} // optionalAttrs (cfg.withJemalloc) {
|
||||
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "matrix-synapse";
|
||||
Group = "matrix-synapse";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
|
||||
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
|
||||
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
|
||||
'')) ];
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
||||
--keys-directory ${cfg.dataDir}
|
||||
'';
|
||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||
Restart = "on-failure";
|
||||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ registerNewMatrixUser ];
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
|
||||
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
|
||||
as the behavior is now obsolete.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
|
||||
Database configuration must be done manually. An exemplary setup is demonstrated in
|
||||
<nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
|
||||
You may add additional event types via
|
||||
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
|
||||
disable the default events via
|
||||
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
|
||||
'')
|
||||
];
|
||||
|
||||
meta.doc = ./matrix-synapse.xml;
|
||||
meta.maintainers = teams.matrix.members;
|
||||
|
||||
}
|
@ -556,6 +556,7 @@ in {
|
||||
|
||||
boot.kernelModules = [ "ctr" ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
security.polkit.extraConfig = polkitConf;
|
||||
|
||||
services.dbus.packages = cfg.packages
|
||||
|
@ -81,6 +81,8 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
security.pam.services.cage.text = ''
|
||||
auth required pam_unix.so nullok
|
||||
account required pam_unix.so
|
||||
|
@ -267,6 +267,8 @@ in
|
||||
# Enable the accounts daemon to find lightdm's dbus interface
|
||||
environment.systemPackages = [ lightdm ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
security.pam.services.lightdm.text = ''
|
||||
auth substack login
|
||||
account include login
|
||||
|
@ -620,9 +620,6 @@ in
|
||||
in optional (driver != null) ({ inherit name; modules = []; driverName = name; display = true; } // driver));
|
||||
|
||||
assertions = [
|
||||
{ assertion = config.security.polkit.enable;
|
||||
message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
|
||||
}
|
||||
(let primaryHeads = filter (x: x.primary) cfg.xrandrHeads; in {
|
||||
assertion = length primaryHeads < 2;
|
||||
message = "Only one head is allowed to be primary in "
|
||||
|
@ -1,6 +1,6 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
let
|
||||
homeserverUrl = "http://homeserver:8448";
|
||||
homeserverUrl = "http://homeserver:8008";
|
||||
in
|
||||
{
|
||||
name = "matrix-appservice-irc";
|
||||
@ -14,28 +14,32 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
specialisation.running.configuration = {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
app_service_config_files = [ "/registration.yml" ];
|
||||
settings = {
|
||||
database.name = "sqlite3";
|
||||
app_service_config_files = [ "/registration.yml" ];
|
||||
|
||||
enable_registration = true;
|
||||
enable_registration = true;
|
||||
|
||||
listeners = [
|
||||
# The default but tls=false
|
||||
{
|
||||
"bind_address" = "";
|
||||
"port" = 8448;
|
||||
"resources" = [
|
||||
{ "compress" = true; "names" = [ "client" ]; }
|
||||
{ "compress" = false; "names" = [ "federation" ]; }
|
||||
listeners = [ {
|
||||
# The default but tls=false
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
"tls" = false;
|
||||
"type" = "http";
|
||||
"x_forwarded" = false;
|
||||
}
|
||||
];
|
||||
port = 8008;
|
||||
resources = [ {
|
||||
"compress" = true;
|
||||
"names" = [ "client" ];
|
||||
} {
|
||||
"compress" = false;
|
||||
"names" = [ "federation" ];
|
||||
} ];
|
||||
tls = false;
|
||||
type = "http";
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8448 ];
|
||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||
};
|
||||
};
|
||||
|
||||
@ -209,7 +213,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
)
|
||||
|
||||
homeserver.wait_for_unit("matrix-synapse.service")
|
||||
homeserver.wait_for_open_port(8448)
|
||||
homeserver.wait_for_open_port(8008)
|
||||
|
||||
with subtest("ensure messages can be exchanged"):
|
||||
client.succeed("do_test ${homeserverUrl} >&2")
|
||||
|
@ -33,6 +33,29 @@ import ./make-test-python.nix ({ pkgs, ... } : let
|
||||
testUser = "alice";
|
||||
testPassword = "alicealice";
|
||||
testEmail = "alice@example.com";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_addresses = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [ {
|
||||
names = [
|
||||
"client"
|
||||
];
|
||||
compress = true;
|
||||
} {
|
||||
names = [
|
||||
"federation"
|
||||
];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
in {
|
||||
|
||||
name = "matrix-synapse";
|
||||
@ -48,22 +71,24 @@ in {
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "psycopg2";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
database_args = {
|
||||
password = "synapse";
|
||||
settings = {
|
||||
inherit listeners;
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args.password = "synapse";
|
||||
};
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
registration_shared_secret = registrationSharedSecret;
|
||||
public_baseurl = "https://example.com";
|
||||
email = {
|
||||
smtp_host = mailerDomain;
|
||||
smtp_port = 25;
|
||||
require_transport_security = true;
|
||||
notif_from = "matrix <matrix@${mailerDomain}>";
|
||||
app_name = "Matrix";
|
||||
};
|
||||
};
|
||||
registration_shared_secret = registrationSharedSecret;
|
||||
public_baseurl = "https://example.com";
|
||||
extraConfig = ''
|
||||
email:
|
||||
smtp_host: "${mailerDomain}"
|
||||
smtp_port: 25
|
||||
require_transport_security: true
|
||||
notif_from: "matrix <matrix@${mailerDomain}>"
|
||||
app_name: "Matrix"
|
||||
'';
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
@ -165,9 +190,12 @@ in {
|
||||
serversqlite = args: {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
settings = {
|
||||
inherit listeners;
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -38,26 +38,31 @@ import ../make-test-python.nix (
|
||||
homeserver = { pkgs, ... }: {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
enable_registration = true;
|
||||
registration_shared_secret = "supersecret-registration";
|
||||
settings = {
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
enable_registration = true;
|
||||
registration_shared_secret = "supersecret-registration";
|
||||
|
||||
listeners = [
|
||||
# The default but tls=false
|
||||
{
|
||||
"bind_address" = "";
|
||||
"port" = 8448;
|
||||
"resources" = [
|
||||
{ "compress" = true; "names" = [ "client" "webclient" ]; }
|
||||
{ "compress" = false; "names" = [ "federation" ]; }
|
||||
listeners = [ {
|
||||
# The default but tls=false
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
"tls" = false;
|
||||
"type" = "http";
|
||||
"x_forwarded" = false;
|
||||
}
|
||||
];
|
||||
port = 8448;
|
||||
resources = [ {
|
||||
compress = true;
|
||||
names = [ "client" ];
|
||||
} {
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
} ];
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = false;
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8448 ];
|
||||
|
@ -47,9 +47,32 @@ import ../make-test-python.nix (
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
settings = {
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_addresses = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [ {
|
||||
names = [
|
||||
"client"
|
||||
];
|
||||
compress = true;
|
||||
} {
|
||||
names = [
|
||||
"federation"
|
||||
];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
# Automatically login on tty1 as a normal user:
|
||||
imports = [ ./common/user-account.nix ];
|
||||
services.getty.autologinUser = "alice";
|
||||
security.polkit.enable = true;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ tinywl foot wayland-utils ];
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "erigon";
|
||||
version = "2022.02.03";
|
||||
version = "2022.02.04";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ledgerwatch";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-M8rCLkKoCx+5Eg53HfK6Ui4UrYsujGd7G8ckONclhTM=";
|
||||
sha256 = "sha256-86a1VtVyTRKpY41fAHskUfPZpXUutpyvxlRLhkiHTZ0=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-loYo1nAR1lARsfoY5Q+k/tgVBxNxcr++zwUjLN3TRLA=";
|
||||
vendorSha256 = "sha256-P3jdK+ubBHusTL4eWlA/TDJIrbuV17tL8Cv6c3ubjlc=";
|
||||
proxyVendor = true;
|
||||
|
||||
# Build errors in mdbx when format hardening is enabled:
|
||||
|
@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "exodus";
|
||||
version = "22.2.11";
|
||||
version = "22.2.25";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
||||
sha256 = "sha256-/K5dB5Qfaiv68YWTQ4j5QnqSo+TXPkWcQ+PlJpzDoe8=";
|
||||
sha256 = "sha256-YbApI9rIk1653Hp3hsXJrxBMpaGn6Wv3WhZiQWAfPQM=";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
@ -14,11 +14,11 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "mkgmap";
|
||||
version = "4895";
|
||||
version = "4896";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.mkgmap.org.uk/download/mkgmap-r${version}-src.tar.gz";
|
||||
sha256 = "jGSDH90ze0hHa9nAaeEkj1sfADEk7EatGrePM3+/SDk=";
|
||||
sha256 = "1tPKZASmU0xfQgNZJYzhtvm0f7ynrWk/RWCFZ1kseKs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -15,12 +15,6 @@ stdenvNoCC.mkDerivation rec {
|
||||
substituteInPlace src/oil --replace \
|
||||
"LIBDIR=/usr/local/lib/oil" "LIBDIR=${placeholder "out"}/lib"
|
||||
|
||||
substituteInPlace Makefile --replace \
|
||||
"LIBDIR ?= /usr/local/lib/oil" "LIBDIR ?= ${placeholder "out"}/lib" \
|
||||
|
||||
substituteInPlace Makefile --replace \
|
||||
"BINDIR ?= /usr/local/bin" "BINDIR ?= ${placeholder "out"}/bin"
|
||||
|
||||
substituteInPlace src/json-to-line.jq --replace \
|
||||
"/usr/bin/env -S jq" "${jq}/bin/jq"
|
||||
|
||||
@ -28,6 +22,11 @@ stdenvNoCC.mkDerivation rec {
|
||||
"/usr/bin/env -S awk" "${gawk}/bin/awk"
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"BINDIR=${placeholder "out"}/bin"
|
||||
"LIBDIR=${placeholder "out"}/lib"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postFixup = ''
|
@ -1,23 +1,21 @@
|
||||
{ lib, buildGoPackage, fetchgit }:
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
buildGoModule rec {
|
||||
pname = "wego";
|
||||
version = "unstable-2019-02-11";
|
||||
rev = "994e4f141759a1070d7b0c8fbe5fad2cc7ee7d45";
|
||||
version = "2.1";
|
||||
|
||||
goPackagePath = "github.com/schachmat/wego";
|
||||
|
||||
src = fetchgit {
|
||||
inherit rev;
|
||||
url = "https://github.com/schachmat/wego";
|
||||
sha256 = "1affzwi5rbp4zkirhmby8bvlhsafw7a4rs27caqwyj8g3jhczmhy";
|
||||
src = fetchFromGitHub {
|
||||
owner = "schachmat";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-lMcrFwYtlnivNjSbzyiAEAVX6ME87yB/Em8Cxb1LUS4=";
|
||||
};
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
vendorSha256 = "sha256-kv8c0TZdxCIfmkgCLDiNyoGqQZEKUlrNLEbjlG9rSPs=";
|
||||
|
||||
meta = {
|
||||
license = lib.licenses.isc;
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/schachmat/wego";
|
||||
description = "Weather app for the terminal";
|
||||
license = licenses.isc;
|
||||
};
|
||||
}
|
||||
|
48
pkgs/applications/misc/wego/deps.nix
generated
48
pkgs/applications/misc/wego/deps.nix
generated
@ -1,48 +0,0 @@
|
||||
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
|
||||
[
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-colorable";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-colorable";
|
||||
rev = "98ec13f34aabf44cc914c65a1cfb7b9bc815aef1";
|
||||
sha256 = "1yxcz08kminqr1221zxpibnbzfcgs3fafin0z9zqb3gqvf74jywz";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-isatty";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-isatty";
|
||||
rev = "31745d66dd679ac0ac4f8d3ecff168fce6170c6a";
|
||||
sha256 = "0h671sv7hfprja495kavazkalkx7xzaqksjh13brcnwq67ijrali";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-runewidth";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-runewidth";
|
||||
rev = "18c3d09a134a52720932bbaa92c798a0ab111004";
|
||||
sha256 = "1snr8mk63vz2h44knq26dm81p83887v7kb09iywqmx0nqzngih66";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/schachmat/ingo";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/schachmat/ingo";
|
||||
rev = "a4bdc0729a3fda62cc4069b6e490fc657fd54e33";
|
||||
sha256 = "1gw0kddy7jh3467imsqni86cf9yq7k6vpfc0ywkbwj0zsjsdgd49";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "golang.org/x/sys";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://go.googlesource.com/sys";
|
||||
rev = "b016eb3dc98ea7f69ed55e8216b87187067ae621";
|
||||
sha256 = "1k0qr26046d228gi6ngkfxp4m1rjgxk4jj75h0kh1cpyp91n5rja";
|
||||
};
|
||||
}
|
||||
]
|
@ -39,5 +39,6 @@ buildPythonPackage rec {
|
||||
homepage = "https://openpaper.work/";
|
||||
license = lib.licenses.gpl3Plus;
|
||||
maintainers = with lib.maintainers; [ aszlig symphorien ];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -49,5 +49,6 @@ buildPythonPackage rec {
|
||||
homepage = "https://openpaper.work/";
|
||||
license = lib.licenses.gpl3Plus;
|
||||
maintainers = with lib.maintainers; [ aszlig symphorien ];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -16,6 +16,7 @@
|
||||
, texlive
|
||||
, imagemagick
|
||||
, perlPackages
|
||||
, writeScript
|
||||
}:
|
||||
|
||||
let
|
||||
@ -27,12 +28,19 @@ let
|
||||
imagemagick
|
||||
perlPackages.Po4a
|
||||
];
|
||||
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
|
||||
in
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
|
||||
inherit src version;
|
||||
pname = "paperwork";
|
||||
|
||||
sample_docs = sample_documents // {
|
||||
# a trick for the update script
|
||||
name = "sample_documents";
|
||||
src = sample_documents;
|
||||
};
|
||||
|
||||
sourceRoot = "source/paperwork-gtk";
|
||||
|
||||
# Patch out a few paths that assume that we're using the FHS:
|
||||
@ -69,7 +77,7 @@ python3Packages.buildPythonApplication rec {
|
||||
|
||||
export XDG_DATA_DIRS=$XDG_DATA_DIRS:${gnome.adwaita-icon-theme}/share
|
||||
# build the user manual
|
||||
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_documents} make data
|
||||
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_docs} make data
|
||||
for i in src/paperwork_gtk/model/help/out/*.pdf; do
|
||||
install -Dt $site/model/help/out $i
|
||||
done
|
||||
@ -122,12 +130,20 @@ python3Packages.buildPythonApplication rec {
|
||||
openpaperwork-core
|
||||
pypillowfight
|
||||
pyxdg
|
||||
python-dateutil
|
||||
setuptools
|
||||
];
|
||||
|
||||
disallowedRequisites = documentation_deps;
|
||||
|
||||
passthru.updateScript = writeScript "update.sh" ''
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl common-updater-scripts
|
||||
version=$(list-git-tags https://gitlab.gnome.org/World/OpenPaperwork/paperwork.git | sed 's/^v//' | sort -V | tail -n1)
|
||||
update-source-version paperwork "$version" --file=pkgs/applications/office/paperwork/src.nix
|
||||
docs_version="$(curl https://gitlab.gnome.org/World/OpenPaperwork/paperwork/-/raw/$version/paperwork-gtk/src/paperwork_gtk/model/help/screenshot.sh | grep TEST_DOCS_TAG= | cut -d'"' -f2)"
|
||||
update-source-version paperwork.sample_docs "$docs_version" --file=pkgs/applications/office/paperwork/src.nix --version-key=rev
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A personal document manager for scanned documents";
|
||||
homepage = "https://openpaper.work/";
|
||||
|
@ -1,13 +1,13 @@
|
||||
{fetchFromGitLab}:
|
||||
rec {
|
||||
version = "2.1.0";
|
||||
version = "2.1.1";
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
repo = "paperwork";
|
||||
group = "World";
|
||||
owner = "OpenPaperwork";
|
||||
rev = version;
|
||||
sha256 = "0d1cw6k1giqs8ji8h3h97ckb134s8pszgip0nac5hmw0mvqq84xa";
|
||||
sha256 = "2M2eMP54F3RRDMBuAZ1gBiBoMmTRJaHTUwtTjj4ZU+4=";
|
||||
};
|
||||
sample_documents = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "urh";
|
||||
version = "2.9.2";
|
||||
version = "2.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jopohl";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0ibcr2ypnyl2aq324sbmmr18ksxszg81yrhybawx46ba9vym6j99";
|
||||
sha256 = "sha256-TrvyPcpSMACrbKPVOjxHsVsC28LmruiVO/CyCPh0KZ8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ qt5.wrapQtAppsHook ];
|
||||
|
@ -4,14 +4,14 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "xterm";
|
||||
version = "370";
|
||||
version = "371";
|
||||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
|
||||
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
|
||||
];
|
||||
sha256 = "ljxdhAoPD0wHf/KEWG6LH4Pz+YPcpvdPSzYZdbU4jII=";
|
||||
sha256 = "MviIJ3sZ4o68CjESv/AAYHwHvtBnnKoL7rs2+crUhPU=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
@ -9,16 +9,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "lucky-commit";
|
||||
version = "2.1.0";
|
||||
version = "2.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "not-an-aardvark";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0vs668i1yglfcqs94jhwdk90v0lja2w5kr5gakz082wykilms0zg";
|
||||
sha256 = "sha256-FnH9rDy6opu0WJnCgAFvxJXWKyD2v5eGPNmbC1cvzko=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-MvopLKhovwXaEmRgXnAzJeuhPgqnMjt0EtKUGSWFpaY=";
|
||||
cargoSha256 = "sha256-iEYkOPAcWIwK7mthovrGFHfp/NsQ4ycqiTZvkHnYWzA=";
|
||||
|
||||
buildInputs = lib.optional withOpenCL (if stdenv.isDarwin then OpenCL else ocl-icd);
|
||||
|
||||
|
@ -2,28 +2,45 @@
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "spdx-license-list-data";
|
||||
version = "3.15";
|
||||
version = "3.16";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "spdx";
|
||||
repo = "license-list-data";
|
||||
rev = "v${version}";
|
||||
sha256 = "0r88j00shmhayfq8avswaxsaj1my1vq540rg0srma29862vrjpfk";
|
||||
hash = "sha256-FPN9EIwXtz0b1tUZ/AOWK2zj2nfd5+POGmRC52mSzcA=";
|
||||
};
|
||||
|
||||
# List of file formats to package.
|
||||
_types = [ "html" "json" "jsonld" "rdfa" "rdfnt" "rdfturtle" "rdfxml" "template" "text" ];
|
||||
|
||||
outputs = [ "out" ] ++ _types;
|
||||
|
||||
dontPatch = true;
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
install -vDt $out/json json/licenses.json
|
||||
mkdir -pv $out
|
||||
for t in $_types
|
||||
do
|
||||
_outpath=''${!t}
|
||||
mkdir -pv $_outpath
|
||||
cp -ar $t $_outpath && echo "$t format installed"
|
||||
done
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
dontFixup = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Various data formats for the SPDX License List";
|
||||
homepage = "https://github.com/spdx/license-list-data";
|
||||
license = licenses.cc0;
|
||||
maintainers = with maintainers; [ oxzi ];
|
||||
maintainers = with maintainers; [ oxzi c0bw3b ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
@ -9,54 +9,32 @@
|
||||
let
|
||||
python = python3.override {
|
||||
packageOverrides = self: super: {
|
||||
aiofiles = super.aiofiles.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.8.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "Tinche";
|
||||
repo = "aiofiles";
|
||||
rev = "v${version}";
|
||||
sha256 = "0mr9pzji4vqyf2yzh8yxz5q7fm8mgmkimx1xh49wh625m72pxcap";
|
||||
};
|
||||
});
|
||||
|
||||
asgiref = super.asgiref.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "3.4.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "django";
|
||||
repo = "asgiref";
|
||||
rev = version;
|
||||
sha256 = "0440321alpqb1cdsmfzmiiy8rpq0ic0wvraalzk39cgrl7mghw39";
|
||||
};
|
||||
});
|
||||
|
||||
click = super.click.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "8.0.3";
|
||||
src = fetchFromGitHub {
|
||||
owner = "pallets";
|
||||
repo = "click";
|
||||
rev = version;
|
||||
sha256 = "0pxvxgfhqjgsjbgfnilqjki1l24r0rdfd98cl77i71yqdd2f497g";
|
||||
semantic-version = super.semantic-version.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "2.9.0";
|
||||
src = fetchPypi {
|
||||
pname = "semantic_version";
|
||||
version = version;
|
||||
sha256 = "1chjd8019wnwb5mnd4x4jw9f8nhzg0xnapsdznk0fpiyamrlixdb";
|
||||
};
|
||||
});
|
||||
|
||||
starlette = super.starlette.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.17.0";
|
||||
version = "0.18.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "starlette";
|
||||
rev = version;
|
||||
sha256 = "1g76qpvqzivmwll5ir4bf45jx5kilnkadvy6b7qjisvr402i3qmw";
|
||||
sha256 = "1dpj33cggjjvpd3qdf6hv04z5ckcn9f5dfn98p5a8hx262kgsr9p";
|
||||
};
|
||||
disabledTestPaths = [];
|
||||
});
|
||||
|
||||
uvicorn = super.uvicorn.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.16.0";
|
||||
version = "0.17.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "uvicorn";
|
||||
rev = version;
|
||||
sha256 = "14jih6j4q2qp5c9rgl798i5p51b4y6zkkj434q2l1naw0csphk4s";
|
||||
sha256 = "142x8skb1yfys6gndfaay2r240j56dkr006p49pw4y9i0v85kynp";
|
||||
};
|
||||
});
|
||||
};
|
||||
@ -80,6 +58,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
pyserial
|
||||
requests
|
||||
semantic-version
|
||||
spdx-license-list-data.json
|
||||
starlette
|
||||
tabulate
|
||||
uvicorn
|
||||
@ -171,7 +150,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
|
||||
postPatch = ''
|
||||
substitute platformio/package/manifest/schema.py platformio/package/manifest/schema.py \
|
||||
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data}'
|
||||
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data.json}'
|
||||
|
||||
substituteInPlace setup.py \
|
||||
--replace "zeroconf==0.37.*" "zeroconf"
|
||||
@ -180,7 +159,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
meta = with lib; {
|
||||
broken = stdenv.isAarch64;
|
||||
description = "An open source ecosystem for IoT development";
|
||||
homepage = "http://platformio.org";
|
||||
homepage = "https://platformio.org";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ mog makefu ];
|
||||
};
|
||||
|
@ -4,14 +4,14 @@
|
||||
let
|
||||
callPackage = newScope self;
|
||||
|
||||
version = "5.2.4";
|
||||
version = "5.2.5";
|
||||
|
||||
# pypi tarballs don't contain tests - https://github.com/platformio/platformio-core/issues/1964
|
||||
src = fetchFromGitHub {
|
||||
owner = "platformio";
|
||||
repo = "platformio-core";
|
||||
rev = "v${version}";
|
||||
sha256 = "1dhyxrdxrca669qm6alxxn2jmvcwlpqrx9kfwh4iqy9za5717ag9";
|
||||
sha256 = "1x1jqprwzpb09ca953rqbh2jvizh7bz8yj30krphb6007bnjilwy";
|
||||
};
|
||||
|
||||
self = {
|
||||
|
@ -2,7 +2,7 @@ diff --git a/platformio/proc.py b/platformio/proc.py
|
||||
index 80e50201..15cee5a5 100644
|
||||
--- a/platformio/proc.py
|
||||
+++ b/platformio/proc.py
|
||||
@@ -167,7 +167,7 @@ def copy_pythonpath_to_osenv():
|
||||
@@ -181,7 +181,7 @@ def copy_pythonpath_to_osenv():
|
||||
conditions.append(isdir(join(p, "click")) or isdir(join(p, "platformio")))
|
||||
if all(conditions):
|
||||
_PYTHONPATH.append(p)
|
||||
|
@ -6,7 +6,7 @@ index 416dccfd..896c3649 100644
|
||||
@staticmethod
|
||||
@memoized(expire="1h")
|
||||
def load_spdx_licenses():
|
||||
- version = "3.15"
|
||||
- version = "3.16"
|
||||
- spdx_data_url = (
|
||||
- "https://raw.githubusercontent.com/spdx/license-list-data/"
|
||||
- "v%s/json/licenses.json" % version
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
buildGraalvmNativeImage rec {
|
||||
pname = "babashka";
|
||||
version = "0.7.6";
|
||||
version = "0.7.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/babashka/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar";
|
||||
sha256 = "sha256-bRuf9qUBgb+1Sr2US67NZZrrb2MycSvNbekLLSpvZss=";
|
||||
sha256 = "sha256-4aYYm2gCtfp+OiY6ouaTn4giHbX6JyULBHMpDnGMpbs=";
|
||||
};
|
||||
|
||||
executable = "bb";
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "suitesparse-graphblas";
|
||||
version = "6.2.1";
|
||||
version = "6.2.2";
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
||||
owner = "DrTimothyAldenDavis";
|
||||
repo = "GraphBLAS";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-YgQdhXxXcvhQ10hCGrGM49jjY4jyzqH9ea+gltdh+Uc=";
|
||||
sha256 = "sha256-uSPE7uFiG4xbsAeo/UmOP5Ns+3yZ7kKL2bNxzd8mzP8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -3,11 +3,11 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "mathlibtools";
|
||||
version = "1.1.0";
|
||||
version = "1.1.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "789f070f35424e89e4f2e2c007382250133cc48877627e37c5c463bcf4a1b58a";
|
||||
sha256 = "sha256-0iW7SWIxb+Ek4T26hru5EgBgXfqRh6zOR73GAgLFNyE=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "openai";
|
||||
version = "0.14.0";
|
||||
version = "0.15.0";
|
||||
|
||||
disabled = pythonOlder "3.7.1";
|
||||
|
||||
@ -26,7 +26,7 @@ buildPythonPackage rec {
|
||||
owner = "openai";
|
||||
repo = "openai-python";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-AFfbMeYxdZaIABhf4XpszhLvFuMJebhl07sv9kuiknA=";
|
||||
sha256 = "sha256-HOMBVrAz3cP8r4w8CKXKy6epxf00myYJiKv1PQ1iqhQ=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pmd";
|
||||
version = "6.42.0";
|
||||
version = "6.43.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/pmd/pmd-bin-${version}.zip";
|
||||
sha256 = "sha256-rVqHMhiuFLVTz/J9TGnA/42m9GaGORsf+CrUUqsdUfs=";
|
||||
sha256 = "sha256-+eJCN890vm4WBcMZ2VCGOS8WUyIckL+DfQVNaUSovGE=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper ];
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "ent-go";
|
||||
version = "0.10.0";
|
||||
version = "0.10.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ent";
|
||||
repo = "ent";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-TG08GRo1gNxC5iHt/Md5WVWaEQ1m2mUDGqpuxw8Pavg=";
|
||||
sha256 = "sha256-MvfbQKGVYWbZkqc3X3BqsB+z2KMkr0gMOquL02qHwUY=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-n5dS78SSBAEgE4/9jMZZhbOQZ3IGi9n3ErA0ioP9Tsg=";
|
||||
vendorSha256 = "sha256-BF2eD/jOtY1XhZ0hB7f3/frKQYwS9PbuGxum5SSnjzA=";
|
||||
|
||||
subPackages = [ "cmd/ent" ];
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ lib, stdenv, fetchFromGitHub, cmake, flex, bison }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "minizinc";
|
||||
version = "2.6.0";
|
||||
version = "2.6.1";
|
||||
|
||||
nativeBuildInputs = [ cmake flex bison ];
|
||||
|
||||
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
|
||||
owner = "MiniZinc";
|
||||
repo = "libminizinc";
|
||||
rev = version;
|
||||
sha256 = "sha256-eeviSmbXSZdW27IGZ2EZjV9eKn6aW1wxzhiRC/LaOX4=";
|
||||
sha256 = "sha256-JCR2wvtMNyHBIIqrH5eBc0CIOVyo8mnPUZXtwjJt3sw=";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dddvb";
|
||||
version = "0.9.33-404-ge9ccab3";
|
||||
version = "0.9.38-pre.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "DigitalDevices";
|
||||
|
@ -1,16 +1,16 @@
|
||||
{ lib, stdenv, fetchFromGitHub, autoconf, automake, pkg-config, dovecot, libtool, xapian, icu64 }:
|
||||
{ lib, stdenv, fetchFromGitHub, autoconf, automake, sqlite, pkg-config, dovecot, libtool, xapian, icu64 }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dovecot-fts-xapian";
|
||||
version = "1.5.2";
|
||||
version = "1.5.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "grosjo";
|
||||
repo = "fts-xapian";
|
||||
rev = version;
|
||||
sha256 = "1ap4jb43gvy7caa8lg2hg811q0n5c2gqbmcjl4126wz44hb7waa1";
|
||||
sha256 = "sha256-3vrcaBsarJNECwfzUOrUnjD555E2dgbFiiEJR5bN3qM=";
|
||||
};
|
||||
|
||||
buildInputs = [ dovecot xapian icu64 ];
|
||||
buildInputs = [ dovecot xapian icu64 sqlite ];
|
||||
|
||||
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
|
||||
|
||||
|
@ -4,13 +4,13 @@ let
|
||||
pythonEnv = python3.withPackages(ps: with ps; [ cheetah3 ]);
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "sickgear";
|
||||
version = "0.25.26";
|
||||
version = "0.25.28";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "SickGear";
|
||||
repo = "SickGear";
|
||||
rev = "release_${version}";
|
||||
sha256 = "153zd0yq39vmh00ydw42yw8dx18cy3as36xml228hq244cxypkwp";
|
||||
sha256 = "16d0yvsp9yp67q1clhjs77syd13bmfgbadxcc1x8yfrfvdy6v39l";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
@ -3,14 +3,14 @@ let
|
||||
package = (import ./node.nix { inherit pkgs; inherit (stdenv.hostPlatform) system; }).package;
|
||||
in
|
||||
package.override rec {
|
||||
version = "1.23.0";
|
||||
version = "1.24.0";
|
||||
reconstructLock = true;
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "Koenkk";
|
||||
repo = "zigbee2mqtt";
|
||||
rev = version;
|
||||
sha256 = "0mf6ya5pw5gh0ld0j5dlsicx3ndhfrm3q683faqcm4ks7c5kjhax";
|
||||
sha256 = "epQXexhTT6xuB50eudRRzTZHGv0vX+hgMUZcm36red4=";
|
||||
};
|
||||
|
||||
passthru.tests.zigbee2mqtt = nixosTests.zigbee2mqtt;
|
||||
|
2357
pkgs/servers/zigbee2mqtt/node-packages.nix
generated
2357
pkgs/servers/zigbee2mqtt/node-packages.nix
generated
File diff suppressed because it is too large
Load Diff
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "stripe-cli";
|
||||
version = "1.7.13";
|
||||
version = "1.8.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "stripe";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-XYhOBEpHVAJ/PHovMylme56le33IUM5C9HEZAm/gG3I=";
|
||||
sha256 = "sha256-5Dvmlzhu7xqJAcAdyjPJ/iMooK7N+Qv8J93uEySYb/s=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-OP39ZuWBz/lutuYGbYLVEtjIirXq89QTdltq2v0NWRE=";
|
||||
vendorSha256 = "sha256-KgoSJcVUtE4ryJLtQXNCdl51sgO94vyb682OdL5CYw8=";
|
||||
|
||||
subPackages = [
|
||||
"cmd/stripe"
|
||||
|
@ -6,12 +6,12 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "calamares";
|
||||
version = "3.2.44.3";
|
||||
version = "3.2.51";
|
||||
|
||||
# release including submodule
|
||||
src = fetchurl {
|
||||
url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "sha256-p3ctULrzXPt9dNs8Ckb7cqdOBpp4qOmEwu0dEVq8lEw=";
|
||||
sha256 = "sha256-MOs+VoqzHYRSXbOO8voj+3jvtYQnWyYAcTelS594LXA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake extra-cmake-modules ];
|
||||
|
@ -15,14 +15,14 @@ let
|
||||
in
|
||||
with python.pkgs; buildPythonApplication rec {
|
||||
pname = "esphome";
|
||||
version = "2022.2.5";
|
||||
version = "2022.2.6";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-ZHxPiQEqFmW9tYv5SaHutOuBh7gsmN4Ux4+sMAJRIk4=";
|
||||
sha256 = "sha256-AoSFtEg7GpUBdIrFCYlOMBRc2nBBtiFEkxoZnKC/xyQ=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
@ -10,13 +10,13 @@ assert upnpSupport -> miniupnpc != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "i2pd";
|
||||
version = "2.40.0";
|
||||
version = "2.41.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "PurpleI2P";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-Cld5TP2YoLzm73q7uP/pwqEeUsT5uMPAUx9HABOVeZA=";
|
||||
sha256 = "sha256-fQqbZYb0brGmGf7Yc/2Zd5BZ+YOkGYC3o9uhShYdAE4=";
|
||||
};
|
||||
|
||||
buildInputs = with lib; [ boost zlib openssl ]
|
||||
|
@ -14,11 +14,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "kea";
|
||||
version = "2.0.1"; # only even minor versions are stable
|
||||
version = "2.0.2"; # only even minor versions are stable
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://ftp.isc.org/isc/${pname}/${version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "sha256-9Qu5qVTjFDFrQDOhddyAdJa7nBdUEQvZKiHBZanoTFc=";
|
||||
sha256 = "sha256-jSghO9yOK7hwo4OzCsHlPVTh66Q9L4blFRsItmqmzzI=";
|
||||
};
|
||||
|
||||
patches = [ ./dont-create-var.patch ];
|
||||
|
@ -1,14 +1,14 @@
|
||||
{ lib, stdenv, fetchFromGitHub, perl, gettext, pkg-config, libidn2, libiconv }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "5.5.11";
|
||||
version = "5.5.12";
|
||||
pname = "whois";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rfc1036";
|
||||
repo = "whois";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-+fNld+stSniuQV2zx+Qd4s2ZSwNLmnve/tXg36MC2nM=";
|
||||
sha256 = "sha256-UJy71VKEKPYfRXZB2lJiy6Ua6BkGW9Uz0zXciZC4oJE=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ perl gettext pkg-config ];
|
||||
|
@ -5,16 +5,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "nuclei";
|
||||
version = "2.6.2";
|
||||
version = "2.6.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "projectdiscovery";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-tu7jj2rRREXH9jsQBWXncjCD6MXCddB99mr6h9ng8GA=";
|
||||
sha256 = "sha256-4jByNyO0EvJ2ppdg21+7YfeB9arjBZALrOm5MJlkZsg=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-ezUknVPlIbiy6PmpOgkUQU4kfH2Ic8Wn64zwoyqJMl0=";
|
||||
vendorSha256 = "sha256-717+jJiyqmctR9Yb/XnnKd1N+31K2+xO1XClGMKlL+k=";
|
||||
|
||||
modRoot = "./v2";
|
||||
subPackages = [
|
||||
|
@ -3637,7 +3637,7 @@ with pkgs;
|
||||
|
||||
odafileconverter = libsForQt5.callPackage ../applications/graphics/odafileconverter {};
|
||||
|
||||
oil-buku = callPackage ../applications/misc/oil { };
|
||||
oil-buku = callPackage ../applications/misc/oil-buku { };
|
||||
|
||||
ossutil = callPackage ../tools/admin/ossutil {};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user