commit aab2bd233c16321b0af2242cb957f7c3f0af9c58 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2411.section.md

···

       171
       171
        
         Processes also now run as a dynamically allocated user by default instead of

     

       172
       172
        
         root.

     

       173
       173
        
       

     

       174
       174
       +
       - The `mautrix-signal` module was adapted to incorporate the configuration rearrangement that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work.

     

       175
       175
       +
         In case you want to update your configuration make sure to check the NixOS manual.

     

       176
       176
       +
       

     

       174
       177
        
       - The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.

     

       175
       178
        
       

     

       176
       179
        
       - `singularity-tools` have the `storeDir` argument removed from its override interface and use `builtins.storeDir` instead.

+32

nixos/modules/services/matrix/mautrix-signal.md

···

       1
       1
       +
       # Mautrix-Signal {#module-services-mautrix-signal}

     

       2
       2
       +
       

     

       3
       3
       +
       [Mautrix-Signal](https://github.com/mautrix/signal) is a Matrix-Signal puppeting bridge.

     

       4
       4
       +
       

     

       5
       5
       +
       ## Configuration {#module-services-mautrix-signal-configuration}

     

       6
       6
       +
       

     

       7
       7
       +
       1. Set [](#opt-services.mautrix-signal.enable) to `true`. The service will use

     

       8
       8
       +
          SQLite by default.

     

       9
       9
       +
       2. To create your configuration check the default configuration for

     

       10
       10
       +
          [](#opt-services.mautrix-signal.settings). To obtain the complete default

     

       11
       11
       +
          configuration, run

     

       12
       12
       +
          `nix-shell -p mautrix-signal --run "mautrix-signal -c default.yaml -e"`.

     

       13
       13
       +
       

     

       14
       14
       +
       ::: {.warning}

     

       15
       15
       +
       Mautrix-Signal allows for some options like `encryption.pickle_key`,

     

       16
       16
       +
       `provisioning.shared_secret`, allow the value `generate` to be set.

     

       17
       17
       +
       Since the configuration file is regenerated on every start of the

     

       18
       18
       +
       service, the generated values would be discarded and might break your

     

       19
       19
       +
       installation. Instead, set those values via

     

       20
       20
       +
       [](#opt-services.mautrix-signal.environmentFile).

     

       21
       21
       +
       :::

     

       22
       22
       +
       

     

       23
       23
       +
       ## Migrating from an older configuration {#module-services-mautrix-signal-migrate-configuration}

     

       24
       24
       +
       

     

       25
       25
       +
       With Mautrix-Signal v0.7.0 the configuration has been rearranged. Mautrix-Signal

     

       26
       26
       +
       performs an automatic configuration migration so your pre-0.7.0 configuration

     

       27
       27
       +
       should just continue to work.

     

       28
       28
       +
       

     

       29
       29
       +
       In case you want to update your NixOS configuration, compare the migrated configuration

     

       30
       30
       +
       at `/var/lib/mautrix-signal/config.yaml` with the default configuration

     

       31
       31
       +
       (`nix-shell -p mautrix-signal --run "mautrix-signal -c example.yaml -e"`) and

     

       32
       32
       +
       update your module configuration accordingly.

+59 -37

nixos/modules/services/matrix/mautrix-signal.nix

···

       17
       17
        
         optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);

     

       18
       18
        
         mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);

     

       19
       19
        
         defaultConfig = {

     

       20
       20
       +
           network = {

     

       21
       21
       +
             displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";

     

       22
       22
       +
           };

     

       23
       23
       +
           bridge = {

     

       24
       24
       +
             command_prefix = "!signal";

     

       25
       25
       +
             relay.enabled = true;

     

       26
       26
       +
             permissions."*" = "relay";

     

       27
       27
       +
           };

     

       28
       28
       +
           database = {

     

       29
       29
       +
             type = "sqlite3";

     

       30
       30
       +
             uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate";

     

       31
       31
       +
           };

     

       20
       32
        
           homeserver.address = "http://localhost:8448";

     

       21
       33
        
           appservice = {

     

       22
       34
        
             hostname = "[::]";

     

       23
       35
        
             port = appservicePort;

     

       24
       24
       -
             database.type = "sqlite3";

     

       25
       25
       -
             database.uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate";

     

       26
       36
        
             id = "signal";

     

       27
       37
        
             bot = {

     

       28
       38
        
               username = "signalbot";

     
···

       30
       40
        
             };

     

       31
       41
        
             as_token = "";

     

       32
       42
        
             hs_token = "";

     

       33
       33
       -
           };

     

       34
       34
       -
           bridge = {

     

       35
       43
        
             username_template = "signal_{{.}}";

     

       36
       36
       -
             displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";

     

       37
       37
       -
             double_puppet_server_map = { };

     

       38
       38
       -
             login_shared_secret_map = { };

     

       39
       39
       -
             command_prefix = "!signal";

     

       40
       40
       -
             permissions."*" = "relay";

     

       41
       41
       -
             relay.enabled = true;

     

       42
       44
        
           };

     

       45
       45
       +
           double_puppet = {

     

       46
       46
       +
             servers = { };

     

       47
       47
       +
             secrets = { };

     

       48
       48
       +
           };

     

       49
       49
       +
           # By default, the following keys/secrets are set to `generate`. This would break when the service

     

       50
       50
       +
           # is restarted, since the previously generated configuration will be overwritten everytime.

     

       51
       51
       +
           # If encryption is enabled, it's recommended to set those keys via `environmentFile`.

     

       52
       52
       +
           encryption.pickle_key = "";

     

       53
       53
       +
           provisioning.shared_secret = "";

     

       54
       54
       +
           public_media.signing_key = "";

     

       55
       55
       +
           direct_media.server_key = "";

     

       43
       56
        
           logging = {

     

       44
       57
        
             min_level = "info";

     

       45
       58
        
             writers = lib.singleton {

     
···

       61
       74
        
             default = defaultConfig;

     

       62
       75
        
             description = ''

     

       63
       76
        
               {file}`config.yaml` configuration as a Nix attribute set.

     

       64
       64
       -
               Configuration options should match those described in

     

       65
       65
       -
               [example-config.yaml](https://github.com/mautrix/signal/blob/master/example-config.yaml).

     

       77
       77
       +
               Configuration options should match those described in the example configuration.

     

       78
       78
       +
               Get an example configuration by executing `mautrix-signal -c example.yaml --generate-example-config`

     

       66
       79
        
               Secret tokens should be specified using {option}`environmentFile`

     

       67
       80
        
               instead of this world-readable attribute set.

     

       68
       81
        
             '';

     

       69
       82
        
             example = {

     

       70
       70
       -
               appservice = {

     

       71
       71
       -
                 database = {

     

       72
       72
       -
                   type = "postgres";

     

       73
       73
       -
                   uri = "postgresql:///mautrix_signal?host=/run/postgresql";

     

       74
       74
       -
                 };

     

       75
       75
       -
                 id = "signal";

     

       76
       76
       -
                 ephemeral_events = false;

     

       77
       77
       -
               };

     

       78
       83
        
               bridge = {

     

       79
       79
       -
                 history_sync = {

     

       80
       80
       -
                   request_full_sync = true;

     

       81
       81
       -
                 };

     

       82
       84
        
                 private_chat_portal_meta = true;

     

       83
       83
       -
                 mute_bridging = true;

     

       84
       84
       -
                 encryption = {

     

       85
       85
       -
                   allow = true;

     

       86
       86
       -
                   default = true;

     

       87
       87
       -
                   require = true;

     

       88
       88
       -
                 };

     

       89
       89
       -
                 provisioning = {

     

       90
       90
       -
                   shared_secret = "disable";

     

       91
       91
       -
                 };

     

       85
       85
       +
                 mute_only_on_create = false;

     

       92
       86
        
                 permissions = {

     

       93
       87
        
                   "example.com" = "user";

     

       94
       88
        
                 };

     

       95
       89
        
               };

     

       90
       90
       +
               database = {

     

       91
       91
       +
                 type = "postgres";

     

       92
       92
       +
                 uri = "postgresql:///mautrix_signal?host=/run/postgresql";

     

       93
       93
       +
               };

     

       94
       94
       +
               homeserver = {

     

       95
       95
       +
                 address = "http://[::1]:8008";

     

       96
       96
       +
                 domain = "my-domain.tld";

     

       97
       97
       +
               };

     

       98
       98
       +
               appservice = {

     

       99
       99
       +
                 id = "signal";

     

       100
       100
       +
                 ephemeral_events = false;

     

       101
       101
       +
               };

     

       102
       102
       +
               matrix.message_status_events = true;

     

       103
       103
       +
               provisioning = {

     

       104
       104
       +
                 shared_secret = "disable";

     

       105
       105
       +
               };

     

       106
       106
       +
               backfill.enabled = true;

     

       107
       107
       +
               encryption = {

     

       108
       108
       +
                 allow = true;

     

       109
       109
       +
                 default = true;

     

       110
       110
       +
                 require = true;

     

       111
       111
       +
                 pickle_key = "$ENCRYPTION_PICKLE_KEY";

     

       112
       112
       +
               };

     

       96
       113
        
             };

     

       97
       114
        
           };

     

       98
       115
        
       

     
···

       103
       120
        
               File containing environment variables to be passed to the mautrix-signal service.

     

       104
       121
        
               If an environment variable `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET` is set,

     

       105
       122
        
               then its value will be used in the configuration file for the option

     

       106
       106
       -
               `login_shared_secret_map` without leaking it to the store, using the configured

     

       123
       123
       +
               `double_puppet.secrets` without leaking it to the store, using the configured

     

       107
       124
        
               `homeserver.domain` as key.

     

       108
       108
       -
               See [here](https://github.com/mautrix/signal/blob/main/example-config.yaml)

     

       109
       109
       -
               for the documentation of `login_shared_secret_map`.

     

       110
       125
        
             '';

     

       111
       126
        
           };

     

       112
       127
        
       

     
···

       206
       221
        
               ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token

     

       207
       222
        
                 | .[0].appservice.hs_token = .[1].hs_token

     

       208
       223
        
                 | .[0]

     

       209
       209
       -
                 | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \

     

       224
       224
       +
                 | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \

     

       210
       225
        
                 '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'

     

       211
       226
        
               mv '${settingsFile}.tmp' '${settingsFile}'

     

       212
       227
        
               umask $old_umask

     
···

       250
       265
        
             restartTriggers = [ settingsFileUnsubstituted ];

     

       251
       266
        
           };

     

       252
       267
        
         };

     

       253
       253
       -
         meta.maintainers = with lib.maintainers; [ niklaskorz ];

     

       268
       268
       +
         meta = {

     

       269
       269
       +
           buildDocsInSandbox = false;

     

       270
       270
       +
           doc = ./mautrix-signal.md;

     

       271
       271
       +
           maintainers = with lib.maintainers; [

     

       272
       272
       +
             niklaskorz

     

       273
       273
       +
             frederictobiasc

     

       274
       274
       +
           ];

     

       275
       275
       +
         };

     

       254
       276
        
       }