The package has been updated to 0.4 which will result in an auto-migration of the config. This updates our config to match the new expected format. Assertions have been added to warn users that they need to migrate their configuration.
With mautrix-signal v0.7.0 the bridge is built upon the bridgev2
architecture. With this, the configuration file was slightly rearranged.
Options like login_shared_secret_map and double_puppet_server_map were
dropped.
Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
Closes#285688
This is misleading because `initialScript` will only be executed at the
*very first* run of postgresql. I.e. when deploying synapse to a server
with an existing postgresql, this won't work.
We don't have a good way of automatically provisioning databases
_declaratively_, so for now just explain what needs to be done here and
leave it to the user how to include this into their deployment.
enabledInstances is an attrset: the previous logic would always pass and
result in, for example, a `mautrix-meta` and a
`mautrix-meta-registration` group being shipped to every nixos machine
whether mautrix was enabled or not.
this patch enables the creation of a runtime directory with the default
mode 0755 in /run/matrix-sliding-sync to offer a simple option for
SYNCV3_BINDADDR when using unix sockets.
this patch takes the path of all unix socket listeners and appends their
respective parent directories to the ReadWritePaths allow list for the
matrix-synapse systemd service.
previously configuring a unix socket in a directory not writable by
synapse would fail.
Exposes two options, `path` and `mode`, to configure the location and
permissions on the socket file.
The `mode` needs to be specified as string in octal and will be converted
into a decimal integer, so it correctly passes through the YAML parser
and arrives at the `os.chmod` call in the Twisted codebase. What a fun
detour.
Adds an assertion, that either `path` or `bind_addresses` and `port` are
configured on every listener.
Migrates the default replication listener of the main instance to a UNIX
domain socket, because it is more efficient.
Introduces the `enableRegistrationScript` option, to gracefully disable
the user registration script, when the client listener listens on a UNIX
domain socket, which is something the script does not support.