aboutsummaryrefslogtreecommitdiff
path: root/overlays
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-04-11 17:30:45 +0900
committersefidel <contact@sefidel.net>2023-04-11 17:30:45 +0900
commitdcb3804c0d1e9a59388507e078b6436ad6807951 (patch)
treeee72f183e2218eb60c3849d2e7da05a0e87512c8 /overlays
parent9ce636d49dd498b89f1b38d9754a3e2054e8eb21 (diff)
downloadinfra-dcb3804c0d1e9a59388507e078b6436ad6807951.zip
feat(overlays/dendrite): switch to upstream 0.12.0
Diffstat (limited to 'overlays')
-rw-r--r--overlays/default.nix1
-rw-r--r--overlays/dendrite-module.nix323
-rw-r--r--overlays/dendrite.nix59
3 files changed, 0 insertions, 383 deletions
diff --git a/overlays/default.nix b/overlays/default.nix
index 6d07c04..353d5bd 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,5 +1,4 @@
self: super: {
mjolnir = super.callPackage ./mjolnir-package { };
sliding-sync = super.callPackage ./sliding-sync.nix { };
- dendrite = super.callPackage ./dendrite.nix { };
}
diff --git a/overlays/dendrite-module.nix b/overlays/dendrite-module.nix
deleted file mode 100644
index 244c15f..0000000
--- a/overlays/dendrite-module.nix
+++ /dev/null
@@ -1,323 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- cfg = config.services.dendrite;
- settingsFormat = pkgs.formats.yaml { };
- configurationYaml = settingsFormat.generate "dendrite.yaml" cfg.settings;
- workingDir = "/var/lib/dendrite";
-in
-{
- options.services.dendrite = {
- enable = lib.mkEnableOption (lib.mdDoc "matrix.org dendrite");
- httpPort = lib.mkOption {
- type = lib.types.nullOr lib.types.port;
- default = 8008;
- description = lib.mdDoc ''
- The port to listen for HTTP requests on.
- '';
- };
- httpsPort = lib.mkOption {
- type = lib.types.nullOr lib.types.port;
- default = null;
- description = lib.mdDoc ''
- The port to listen for HTTPS requests on.
- '';
- };
- tlsCert = lib.mkOption {
- type = lib.types.nullOr lib.types.path;
- example = "/var/lib/dendrite/server.cert";
- default = null;
- description = lib.mdDoc ''
- The path to the TLS certificate.
-
- ```
- nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
- ```
- '';
- };
- tlsKey = lib.mkOption {
- type = lib.types.nullOr lib.types.path;
- example = "/var/lib/dendrite/server.key";
- default = null;
- description = lib.mdDoc ''
- The path to the TLS key.
-
- ```
- nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
- ```
- '';
- };
- environmentFile = lib.mkOption {
- type = lib.types.nullOr lib.types.path;
- example = "/var/lib/dendrite/registration_secret";
- default = null;
- description = lib.mdDoc ''
- Environment file as defined in {manpage}`systemd.exec(5)`.
- Secrets may be passed to the service without adding them to the world-readable
- Nix store, by specifying placeholder variables as the option value in Nix and
- setting these variables accordingly in the environment file. Currently only used
- for the registration secret to allow secure registration when
- client_api.registration_disabled is true.
-
- ```
- # snippet of dendrite-related config
- services.dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
- ```
-
- ```
- # content of the environment file
- REGISTRATION_SHARED_SECRET=verysecretpassword
- ```
-
- Note that this file needs to be available on the host on which
- `dendrite` is running.
- '';
- };
- loadCredential = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- default = [ ];
- example = [ "private_key:/path/to/my_private_key" ];
- description = lib.mdDoc ''
- This can be used to pass secrets to the systemd service without adding them to
- the nix store.
- To use the example setting, see the example of
- {option}`services.dendrite.settings.global.private_key`.
- See the LoadCredential section of systemd.exec manual for more information.
- '';
- };
- settings = lib.mkOption {
- type = lib.types.submodule {
- freeformType = settingsFormat.type;
- options.global = {
- server_name = lib.mkOption {
- type = lib.types.str;
- example = "example.com";
- description = lib.mdDoc ''
- The domain name of the server, with optional explicit port.
- This is used by remote servers to connect to this server.
- This is also the last part of your UserID.
- '';
- };
- private_key = lib.mkOption {
- type = lib.types.either
- lib.types.path
- (lib.types.strMatching "^\\$CREDENTIALS_DIRECTORY/.+");
- example = "$CREDENTIALS_DIRECTORY/private_key";
- description = lib.mdDoc ''
- The path to the signing private key file, used to sign
- requests and events.
-
- ```
- nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
- ```
- '';
- };
- trusted_third_party_id_servers = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- example = [ "matrix.org" ];
- default = [ "matrix.org" "vector.im" ];
- description = lib.mdDoc ''
- Lists of domains that the server will trust as identity
- servers to verify third party identifiers such as phone
- numbers and email addresses
- '';
- };
- };
- options.app_service_api.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:federationapi.db";
- description = lib.mdDoc ''
- Database for the Appservice API.
- '';
- };
- };
- options.client_api = {
- registration_disabled = lib.mkOption {
- type = lib.types.bool;
- default = true;
- description = lib.mdDoc ''
- Whether to disable user registration to the server
- without the shared secret.
- '';
- };
- };
- options.federation_api.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:federationapi.db";
- description = lib.mdDoc ''
- Database for the Federation API.
- '';
- };
- };
- options.key_server.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:keyserver.db";
- description = lib.mdDoc ''
- Database for the Key Server (for end-to-end encryption).
- '';
- };
- };
- options.relay_api.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:relayapi.db";
- description = lib.mdDoc ''
- Database for the Relay Server.
- '';
- };
- };
- options.media_api = {
- database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:mediaapi.db";
- description = lib.mdDoc ''
- Database for the Media API.
- '';
- };
- };
- base_path = lib.mkOption {
- type = lib.types.str;
- default = "${workingDir}/media_store";
- description = lib.mdDoc ''
- Storage path for uploaded media.
- '';
- };
- };
- options.room_server.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:roomserver.db";
- description = lib.mdDoc ''
- Database for the Room Server.
- '';
- };
- };
- options.sync_api.database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:syncserver.db";
- description = lib.mdDoc ''
- Database for the Sync API.
- '';
- };
- };
- options.sync_api.search = {
- enable = lib.mkEnableOption (lib.mdDoc "Dendrite's full-text search engine");
- index_path = lib.mkOption {
- type = lib.types.str;
- default = "${workingDir}/searchindex";
- description = lib.mdDoc ''
- The path the search index will be created in.
- '';
- };
- language = lib.mkOption {
- type = lib.types.str;
- default = "en";
- description = lib.mdDoc ''
- The language most likely to be used on the server - used when indexing, to
- ensure the returned results match expectations. A full list of possible languages
- can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
- '';
- };
- };
- options.user_api = {
- account_database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:userapi_accounts.db";
- description = lib.mdDoc ''
- Database for the User API, accounts.
- '';
- };
- };
- device_database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:userapi_devices.db";
- description = lib.mdDoc ''
- Database for the User API, devices.
- '';
- };
- };
- };
- options.mscs = {
- database = {
- connection_string = lib.mkOption {
- type = lib.types.str;
- default = "file:mscs.db";
- description = lib.mdDoc ''
- Database for exerimental MSC's.
- '';
- };
- };
- };
- };
- default = { };
- description = lib.mdDoc ''
- Configuration for dendrite, see:
- <https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml>
- for available options with which to populate settings.
- '';
- };
- openRegistration = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = lib.mdDoc ''
- Allow open registration without secondary verification (reCAPTCHA).
- '';
- };
- };
-
- config = lib.mkIf cfg.enable {
- assertions = [{
- assertion = cfg.httpsPort != null -> (cfg.tlsCert != null && cfg.tlsKey != null);
- message = ''
- If Dendrite is configured to use https, tlsCert and tlsKey must be provided.
-
- nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
- '';
- }];
-
- systemd.services.dendrite = {
- description = "Dendrite Matrix homeserver";
- after = [
- "network.target"
- ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Type = "simple";
- DynamicUser = true;
- StateDirectory = "dendrite";
- WorkingDirectory = workingDir;
- RuntimeDirectory = "dendrite";
- RuntimeDirectoryMode = "0700";
- LimitNOFILE = 65535;
- EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
- LoadCredential = cfg.loadCredential;
- ExecStartPre = [''
- ${pkgs.envsubst}/bin/envsubst \
- -i ${configurationYaml} \
- -o /run/dendrite/dendrite.yaml
- ''];
- ExecStart = lib.strings.concatStringsSep " " ([
- "${pkgs.dendrite}/bin/dendrite"
- "--config /run/dendrite/dendrite.yaml"
- ] ++ lib.optionals (cfg.httpPort != null) [
- "--http-bind-address :${builtins.toString cfg.httpPort}"
- ] ++ lib.optionals (cfg.httpsPort != null) [
- "--https-bind-address :${builtins.toString cfg.httpsPort}"
- "--tls-cert ${cfg.tlsCert}"
- "--tls-key ${cfg.tlsKey}"
- ] ++ lib.optionals cfg.openRegistration [
- "--really-enable-open-registration"
- ]);
- ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
- Restart = "on-failure";
- };
- };
- };
- meta.maintainers = lib.teams.matrix.members;
-}
diff --git a/overlays/dendrite.nix b/overlays/dendrite.nix
deleted file mode 100644
index 67b91bb..0000000
--- a/overlays/dendrite.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ lib, buildGoModule, fetchFromGitHub
-, nixosTests, postgresql, postgresqlTestHook }:
-
-buildGoModule rec {
- pname = "matrix-dendrite";
- version = "0.12.0";
-
- src = fetchFromGitHub {
- owner = "matrix-org";
- repo = "dendrite";
- rev = "v${version}";
- hash = "sha256-syOLrw4ig8rmFDkxJ9KSAuzUVO8UokekV17mT1bJNNM=";
- };
-
- vendorHash = "sha256-nvGhKCUiyHSD0VpE4OtT9YQSHxv0d7iwOChCJl2D3zk=";
-
- subPackages = [
- # The server
- "cmd/dendrite"
- # admin tools
- "cmd/create-account"
- "cmd/generate-config"
- "cmd/generate-keys"
- "cmd/resolve-state"
- ## curl, but for federation requests, only useful for developers
- # "cmd/furl"
- ## an internal tool for upgrading ci tests, only relevant for developers
- # "cmd/dendrite-upgrade-tests"
- ## tech demos
- # "cmd/dendrite-demo-pinecone"
- # "cmd/dendrite-demo-yggdrasil"
- ];
-
- nativeCheckInputs = [
- postgresqlTestHook
- postgresql
- ];
-
- postgresqlTestUserOptions = "LOGIN SUPERUSER";
- preCheck = ''
- export PGUSER=$(whoami)
- # temporarily disable this failing test
- # it passes in upstream CI and requires further investigation
- rm roomserver/internal/input/input_test.go
- '';
-
- passthru.tests = {
- inherit (nixosTests) dendrite;
- };
-
- meta = with lib; {
- homepage = "https://matrix-org.github.io/dendrite";
- description = "A second-generation Matrix homeserver written in Go";
- changelog = "https://github.com/matrix-org/dendrite/releases/tag/v${version}";
- license = licenses.asl20;
- maintainers = teams.matrix.members;
- platforms = platforms.unix;
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-07 00:07:10 +0000