public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #109561 from mjlbach/init_matrix_dendrite 

matrix-dendrite: init at 0.3.11
This commit is contained in:
Silvan Mosberger 2021-05-03 20:16:27 +02:00 committed by GitHub
parent cc3609a59c ff43bbe53e
commit 0111666954
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 208 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
maintainers/team-list.nix
View File

@ -135,6 +135,7 @@ with lib.maintainers; {
mguentner
ekleog
ralith
mjlbach
];
scope = "Maintain the ecosystem around Matrix, a decentralized messenger.";
};

1
nixos/modules/module-list.nix
View File

@ -511,6 +511,7 @@
./services/misc/mame.nix
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-dendrite.nix
./services/misc/matrix-synapse.nix
./services/misc/mautrix-telegram.nix
./services/misc/mbpfan.nix

181
nixos/modules/services/misc/matrix-dendrite.nix Normal file
View File

@ -0,0 +1,181 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.matrix-dendrite;
settingsFormat = pkgs.formats.yaml { };
configurationYaml = settingsFormat.generate "dendrite.yaml" cfg.settings;
workingDir = "/var/lib/matrix-dendrite";
in
{
options.services.matrix-dendrite = {
enable = lib.mkEnableOption "matrix.org dendrite";
httpPort = lib.mkOption {
type = lib.types.nullOr lib.types.port;
default = 8008;
description = ''
The port to listen for HTTP requests on.
'';
};
httpsPort = lib.mkOption {
type = lib.types.nullOr lib.types.port;
default = null;
description = ''
The port to listen for HTTPS requests on.
'';
};
tlsCert = lib.mkOption {
type = lib.types.nullOr lib.types.path;
example = "/var/lib/matrix-dendrite/server.cert";
default = null;
description = ''
The path to the TLS certificate.
<programlisting>
nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
</programlisting>
'';
};
tlsKey = lib.mkOption {
type = lib.types.nullOr lib.types.path;
example = "/var/lib/matrix-dendrite/server.key";
default = null;
description = ''
The path to the TLS key.
<programlisting>
nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
</programlisting>
'';
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
example = "/var/lib/matrix-dendrite/registration_secret";
default = null;
description = ''
Environment file as defined in <citerefentry>
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
Secrets may be passed to the service without adding them to the world-readable
Nix store, by specifying placeholder variables as the option value in Nix and
setting these variables accordingly in the environment file. Currently only used
for the registration secret to allow secure registration when
client_api.registration_disabled is true.
<programlisting>
# snippet of dendrite-related config
services.matrix-dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
</programlisting>
<programlisting>
# content of the environment file
REGISTRATION_SHARED_SECRET=verysecretpassword
</programlisting>
Note that this file needs to be available on the host on which
<literal>dendrite</literal> is running.
'';
};
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options.global = {
server_name = lib.mkOption {
type = lib.types.str;
example = "example.com";
description = ''
The domain name of the server, with optional explicit port.
This is used by remote servers to connect to this server.
This is also the last part of your UserID.
'';
};
private_key = lib.mkOption {
type = lib.types.path;
example = "${workingDir}/matrix_key.pem";
description = ''
The path to the signing private key file, used to sign
requests and events.
<programlisting>
nix-shell -p matrix-dendrite --command "generate-keys --private-key matrix_key.pem"
</programlisting>
'';
};
trusted_third_party_id_servers = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [ "matrix.org" ];
default = [ "matrix.org" "vector.im" ];
description = ''
Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
'';
};
};
options.client_api = {
registration_disabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to disable user registration to the server
without the shared secret.
'';
};
};
};
default = { };
description = ''
Configuration for dendrite, see:
<link xlink:href="https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml"/>
for available options with which to populate settings.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [{
assertion = cfg.httpsPort != null -> (cfg.tlsCert != null && cfg.tlsKey != null);
message = ''
If Dendrite is configured to use https, tlsCert and tlsKey must be provided.
nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
'';
}];
systemd.services.matrix-dendrite = {
description = "Dendrite Matrix homeserver";
after = [
"network.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = "matrix-dendrite";
WorkingDirectory = workingDir;
RuntimeDirectory = "matrix-dendrite";
RuntimeDirectoryMode = "0700";
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStartPre =
if (cfg.environmentFile != null) then ''
${pkgs.envsubst}/bin/envsubst \
-i ${configurationYaml} \
-o /run/matrix-dendrite/dendrite.yaml
'' else ''
${pkgs.coreutils}/bin/cp ${configurationYaml} /run/matrix-dendrite/dendrite.yaml
'';
ExecStart = lib.strings.concatStringsSep " " ([
"${pkgs.matrix-dendrite}/bin/dendrite-monolith-server"
"--config /run/matrix-dendrite/dendrite.yaml"
] ++ lib.optionals (cfg.httpPort != null) [
"--http-bind-address :${builtins.toString cfg.httpPort}"
] ++ lib.optionals (cfg.httpsPort != null) [
"--https-bind-address :${builtins.toString cfg.httpsPort}"
"--tls-cert ${cfg.tlsCert}"
"--tls-key ${cfg.tlsKey}"
]);
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
};
};
};
meta.maintainers = lib.teams.matrix.members;
}

23
pkgs/servers/matrix-dendrite/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ lib, buildGoModule, fetchFromGitHub}:
buildGoModule rec {
pname = "matrix-dendrite";
version = "0.3.11";
src = fetchFromGitHub {
owner = "matrix-org";
repo = "dendrite";
rev = "v${version}";
sha256 = "15xqd4yhsnnpz5n90fbny9i8lp7ki2z3fbpbd8cvsp49347rm483";
};
vendorSha256 = "1l1wydvi0yalas79cvhrqg563cvs57hg9rv6qnkw879r6smb2x1n";
meta = with lib; {
homepage = "https://matrix.org";
description = "Dendrite is a second-generation Matrix homeserver written in Go!";
license = licenses.asl20;
maintainers = teams.matrix.members;
platforms = platforms.unix;
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -6111,6 +6111,8 @@ in
inherit (darwin.apple_sdk.frameworks) Security;
};
matrix-dendrite = callPackage ../servers/matrix-dendrite { };
/* Python 3.8 is currently broken with matrix-synapse since `python38Packages.bleach` fails
(https://github.com/NixOS/nixpkgs/issues/76093) */
matrix-synapse = callPackage ../servers/matrix-synapse { /*python3 = python38;*/ };