diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 14 | ||||
| -rw-r--r-- | nixos/modules/programs/shadow.nix | 10 | ||||
| -rw-r--r-- | nixos/modules/services/mail/dovecot.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/misc/matrix-synapse.nix | 63 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 12 | ||||
| -rw-r--r-- | nixos/release.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/matrix-synapse.nix | 30 |
7 files changed, 118 insertions, 14 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 46cbeb0a158e..8391c550afab 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -182,6 +182,20 @@ following incompatible changes:</para> <literal>lib.mkOverride</literal> can be used. </para> </listitem> + <listitem> + <para> + The following changes apply if the <literal>stateVersion</literal> is changed to 18.03 or higher. + For <literal>stateVersion = "17.09"</literal> or lower the old behavior is preserved. + </para> + <itemizedlist> + <listitem> + <para> + <literal>matrix-synapse</literal> uses postgresql by default instead of sqlite. + Migration instructions can be found <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite"> here </link>. + </para> + </listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 0f3f42901bab..8ec4169207db 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -26,8 +26,9 @@ let # Ensure privacy for newly created home directories. UMASK 077 - # Uncomment this to allow non-root users to change their account - #information. This should be made configurable. + # Uncomment this and install chfn SUID to allow non-root + # users to change their account GECOS information. + # This should be made configurable. #CHFN_RESTRICT frwh ''; @@ -103,13 +104,12 @@ in security.wrappers = { su.source = "${pkgs.shadow.su}/bin/su"; - chfn.source = "${pkgs.shadow.out}/bin/chfn"; + sg.source = "${pkgs.shadow.out}/bin/sg"; + newgrp.source = "${pkgs.shadow.out}/bin/newgrp"; newuidmap.source = "${pkgs.shadow.out}/bin/newuidmap"; newgidmap.source = "${pkgs.shadow.out}/bin/newgidmap"; } // (if config.users.mutableUsers then { passwd.source = "${pkgs.shadow.out}/bin/passwd"; - sg.source = "${pkgs.shadow.out}/bin/sg"; - newgrp.source = "${pkgs.shadow.out}/bin/newgrp"; } else {}); }; } diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 18101a312254..c5cb06cf54e2 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -104,7 +104,7 @@ let }; mailboxConfig = mailbox: '' - mailbox ${mailbox.name} { + mailbox "${mailbox.name}" { auto = ${toString mailbox.auto} '' + optionalString (mailbox.specialUse != null) '' special_use = \${toString mailbox.specialUse} diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 80979547d339..7e880ad09b89 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -4,6 +4,8 @@ with lib; let cfg = config.services.matrix-synapse; + pg = config.services.postgresql; + usePostgresql = cfg.database_type == "psycopg2"; logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig; mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}''; mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}''; @@ -38,7 +40,7 @@ database: { name: "${cfg.database_type}", args: { ${concatStringsSep ",\n " ( - mapAttrsToList (n: v: "\"${n}\": ${v}") cfg.database_args + mapAttrsToList (n: v: "\"${n}\": ${builtins.toJSON v}") cfg.database_args )} } } @@ -155,7 +157,7 @@ in { tls_certificate_path = mkOption { type = types.nullOr types.str; default = null; - example = "/var/lib/matrix-synapse/homeserver.tls.crt"; + example = "${cfg.dataDir}/homeserver.tls.crt"; description = '' PEM encoded X509 certificate for TLS. You can replace the self-signed certificate that synapse @@ -167,7 +169,7 @@ in { tls_private_key_path = mkOption { type = types.nullOr types.str; default = null; - example = "/var/lib/matrix-synapse/homeserver.tls.key"; + example = "${cfg.dataDir}/homeserver.tls.key"; description = '' PEM encoded private key for TLS. Specify null if synapse is not speaking TLS directly. @@ -176,7 +178,7 @@ in { tls_dh_params_path = mkOption { type = types.nullOr types.str; default = null; - example = "/var/lib/matrix-synapse/homeserver.tls.dh"; + example = "${cfg.dataDir}/homeserver.tls.dh"; description = '' PEM dh parameters for ephemeral keys ''; @@ -184,6 +186,7 @@ in { server_name = mkOption { type = types.str; example = "example.com"; + default = config.networking.hostName; description = '' The domain name of the server, with optional explicit port. This is used by remote servers to connect to this server, @@ -339,16 +342,39 @@ in { }; database_type = mkOption { type = types.enum [ "sqlite3" "psycopg2" ]; - default = "sqlite3"; + default = if versionAtLeast config.system.stateVersion "18.03" + then "psycopg2" + else "sqlite3"; description = '' The database engine name. Can be sqlite or psycopg2. ''; }; + create_local_database = mkOption { + type = types.bool; + default = true; + description = '' + Whether to create a local database automatically. + ''; + }; + database_name = mkOption { + type = types.str; + default = "matrix-synapse"; + description = "Database name."; + }; + database_user = mkOption { + type = types.str; + default = "matrix-synapse"; + description = "Database user name."; + }; database_args = mkOption { type = types.attrs; default = { - database = "${cfg.dataDir}/homeserver.db"; - }; + sqlite3 = { database = "${cfg.dataDir}/homeserver.db"; }; + psycopg2 = { + user = cfg.database_user; + database = cfg.database_name; + }; + }."${cfg.database_type}"; description = '' Arguments to pass to the engine. ''; @@ -623,15 +649,36 @@ in { gid = config.ids.gids.matrix-synapse; } ]; + services.postgresql.enable = mkIf usePostgresql (mkDefault true); + systemd.services.matrix-synapse = { description = "Synapse Matrix homeserver"; - after = [ "network.target" ]; + after = [ "network.target" "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; preStart = '' ${cfg.package}/bin/homeserver \ --config-path ${configFile} \ --keys-directory ${cfg.dataDir} \ --generate-keys + '' + optionalString (usePostgresql && cfg.create_local_database) '' + if ! test -e "${cfg.dataDir}/db-created"; then + ${pkgs.sudo}/bin/sudo -u ${pg.superUser} \ + ${pg.package}/bin/createuser \ + --login \ + --no-createdb \ + --no-createrole \ + --encrypted \ + ${cfg.database_user} + ${pkgs.sudo}/bin/sudo -u ${pg.superUser} \ + ${pg.package}/bin/createdb \ + --owner=${cfg.database_user} \ + --encoding=UTF8 \ + --lc-collate=C \ + --lc-ctype=C \ + --template=template0 \ + ${cfg.database_name} + touch "${cfg.dataDir}/db-created" + fi ''; serviceConfig = { Type = "simple"; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 17a2cde3a65d..4c76ce0bb195 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -47,6 +47,18 @@ in ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} + if [ -f "$HOME/.config/kdeglobals" ] + then + # Remove extraneous font style names. + # See also: https://phabricator.kde.org/D9070 + ${getBin pkgs.gnused}/bin/sed -i "$HOME/.config/kdeglobals" \ + -e '/^fixed=/ s/,Regular$//' \ + -e '/^font=/ s/,Regular$//' \ + -e '/^menuFont=/ s/,Regular$//' \ + -e '/^smallestReadableFont=/ s/,Regular$//' \ + -e '/^toolBarFont=/ s/,Regular$//' + fi + exec "${getBin plasma5.plasma-workspace}/bin/startkde" ''; }; diff --git a/nixos/release.nix b/nixos/release.nix index a396eaac9a3e..a9c0aae7a526 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -292,6 +292,7 @@ in rec { tests.login = callTest tests/login.nix {}; #tests.logstash = callTest tests/logstash.nix {}; tests.mathics = callTest tests/mathics.nix {}; + tests.matrix-synapse = callTest tests/matrix-synapse.nix {}; tests.mesos = callTest tests/mesos.nix {}; tests.misc = callTest tests/misc.nix {}; tests.mongodb = callTest tests/mongodb.nix {}; diff --git a/nixos/tests/matrix-synapse.nix b/nixos/tests/matrix-synapse.nix new file mode 100644 index 000000000000..113fb622588b --- /dev/null +++ b/nixos/tests/matrix-synapse.nix @@ -0,0 +1,30 @@ +import ./make-test.nix ({ pkgs, ... } : { + + name = "matrix-synapse"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ corngood ]; + }; + + nodes = { + server_postgres = args: { + services.matrix-synapse.enable = true; + services.matrix-synapse.database_type = "psycopg2"; + }; + + server_sqlite = args: { + services.matrix-synapse.enable = true; + services.matrix-synapse.database_type = "sqlite3"; + }; + }; + + testScript = '' + startAll; + $server_postgres->waitForUnit("matrix-synapse.service"); + $server_postgres->waitUntilSucceeds("curl -Lk https://localhost:8448/"); + $server_postgres->requireActiveUnit("postgresql.service"); + $server_sqlite->waitForUnit("matrix-synapse.service"); + $server_sqlite->waitUntilSucceeds("curl -Lk https://localhost:8448/"); + $server_sqlite->mustSucceed("[ -e /var/lib/matrix-synapse/homeserver.db ]"); + ''; + +}) |