From 2ae286ff754af94a1ef3e46613ab46fb61e93d22 Mon Sep 17 00:00:00 2001 From: Colin Date: Mon, 13 May 2024 07:52:55 +0000 Subject: [PATCH] nixpkgs: 2024-05-08 -> 2024-05-13, nixpkgs-wayland, sops-nix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``` • Updated input 'nixpkgs-next-unpatched': 'github:nixos/nixpkgs/c8e3f684443d7c2875ff169f6ef2533534105e7b' (2024-05-08) → 'github:nixos/nixpkgs/6a217e9b1d39415076c7a6cfc44be5e935e7a839' (2024-05-13) • Updated input 'nixpkgs-unpatched': 'github:nixos/nixpkgs/a751e2faa2fc94c1337c32aaf6a6e417afe90be9' (2024-05-08) → 'github:nixos/nixpkgs/6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5' (2024-05-13) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c' (2024-05-08) → 'github:nix-community/nixpkgs-wayland/5f7272dff81558143f93e2cb32189a52ef965892' (2024-05-13) • Updated input 'nixpkgs-wayland/lib-aggregate': 'github:nix-community/lib-aggregate/26fabca301e1133abd3d9192b1bcb6fb45b30f1d' (2024-05-05) → 'github:nix-community/lib-aggregate/09883ca828e8cfaacdb09e29190a7b84ad1d9925' (2024-05-12) • Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/4b620020fd73bdd5104e32c702e65b60b6869426' (2024-05-05) → 'github:nix-community/nixpkgs.lib/58e03b95f65dfdca21979a081aa62db0eed6b1d8' (2024-05-12) • Updated input 'nixpkgs-wayland/nix-eval-jobs': 'github:nix-community/nix-eval-jobs/7b6640f2a10701bf0db16aff048070f400e8ea7c' (2024-04-23) → 'github:nix-community/nix-eval-jobs/63154bdfb22091041b307d17863bdc0e01a32a00' (2024-05-09) • Updated input 'nixpkgs-wayland/nix-eval-jobs/nixpkgs': 'github:NixOS/nixpkgs/1e1dc66fe68972a76679644a5577828b6a7e8be4' (2024-04-22) → 'github:NixOS/nixpkgs/ad7efee13e0d216bf29992311536fce1d3eefbef' (2024-05-06) • Updated input 'sops-nix': 'github:Mic92/sops-nix/893e3df091f6838f4f9d71c61ab079d5c5dedbd1' (2024-05-06) → 'github:Mic92/sops-nix/b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e' (2024-05-12) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/b980b91038fc4b09067ef97bbe5ad07eecca1e76' (2024-05-04) → 'github:NixOS/nixpkgs/8e47858badee5594292921c2668c11004c3b0142' (2024-05-11) ``` --- flake.lock | 52 +++---- modules/services/default.nix | 1 - modules/services/mautrix-signal.nix | 207 ---------------------------- nixpatches/list.nix | 18 ++- 4 files changed, 38 insertions(+), 240 deletions(-) delete mode 100644 modules/services/mautrix-signal.nix diff --git a/flake.lock b/flake.lock index 459fb9a4..7a93a53f 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1714910950, - "narHash": "sha256-gaq5bphSsY+htEXFDkImOrH3MVCkxFTvCiwdCJj096E=", + "lastModified": 1715515815, + "narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "26fabca301e1133abd3d9192b1bcb6fb45b30f1d", + "rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925", "type": "github" }, "original": { @@ -99,11 +99,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1713858845, - "narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=", + "lastModified": 1715248291, + "narHash": "sha256-npC9Swu4VIlRIiEP0XFGoIukd6vOufS/M3PdHk6rQpc=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c", + "rev": "63154bdfb22091041b307d17863bdc0e01a32a00", "type": "github" }, "original": { @@ -136,11 +136,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713805509, - "narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=", + "lastModified": 1715037484, + "narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4", + "rev": "ad7efee13e0d216bf29992311536fce1d3eefbef", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1714870069, + "lastModified": 1715474941, "narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "4b620020fd73bdd5104e32c702e65b60b6869426", + "rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "nixpkgs-next-unpatched": { "locked": { - "lastModified": 1715148084, - "narHash": "sha256-arUW5NSCMy7K8uO+1ODJqyptf71HP69XbJlSuf361rI=", + "lastModified": 1715580068, + "narHash": "sha256-EuE4shavKc+ZX3eKbeVFLvajC72taSCh5kPc+91K9/k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c8e3f684443d7c2875ff169f6ef2533534105e7b", + "rev": "6a217e9b1d39415076c7a6cfc44be5e935e7a839", "type": "github" }, "original": { @@ -183,11 +183,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1714858427, - "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=", + "lastModified": 1715458492, + "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76", + "rev": "8e47858badee5594292921c2668c11004c3b0142", "type": "github" }, "original": { @@ -199,11 +199,11 @@ }, "nixpkgs-unpatched": { "locked": { - "lastModified": 1715156971, - "narHash": "sha256-sEgAH6EkkQf5Aux4JT5HvdKWia0ryePYI0RhioskVS8=", + "lastModified": 1715585398, + "narHash": "sha256-gkjMf9c+ggjxQ9hYDlVlLbz5IQ1WPtoyCl4EIImHJps=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a751e2faa2fc94c1337c32aaf6a6e417afe90be9", + "rev": "6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5", "type": "github" }, "original": { @@ -223,11 +223,11 @@ ] }, "locked": { - "lastModified": 1715156333, - "narHash": "sha256-8V09AxlIyKh8maX5/fAo8JuijEu9KM1DVlPscxzmKsk=", + "lastModified": 1715584565, + "narHash": "sha256-lg2mUWqSG5puwVBMGWo1fUhLuLxnsZoxItJqi68caiA=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c", + "rev": "5f7272dff81558143f93e2cb32189a52ef965892", "type": "github" }, "original": { @@ -254,11 +254,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1715035358, - "narHash": "sha256-RY6kqhpCPa/q3vbqt3iYRyjO3hJz9KZnshMjbpPon8o=", + "lastModified": 1715482972, + "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "893e3df091f6838f4f9d71c61ab079d5c5dedbd1", + "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e", "type": "github" }, "original": { diff --git a/modules/services/default.nix b/modules/services/default.nix index f6212feb..b6b7b9a0 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -5,7 +5,6 @@ ./dyn-dns.nix ./eg25-manager.nix ./kiwix-serve.nix - ./mautrix-signal.nix ./nixserve.nix ./trust-dns.nix ]; diff --git a/modules/services/mautrix-signal.nix b/modules/services/mautrix-signal.nix deleted file mode 100644 index 4c3f8574..00000000 --- a/modules/services/mautrix-signal.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - # TODO: upstream these "optional-dependencies" - # - search that phrase in - pkg = pkgs.mautrix-signal.overridePythonAttrs (super: { - propagatedBuildInputs = super.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [ - # these optional deps come from mautrix-signal's "optional-requirements.txt" - - # #/e2be - # python-olm>=3,<4 - # pycryptodome>=3,<4 - # unpaddedbase64>=1,<3 - # XXX: ^above already included in nixpkgs package - - # #/metrics - # prometheus_client>=0.6,<0.17 - # XXX: ^above already included in nixpkgs package - - # #/formattednumbers - # phonenumbers>=8,<9 - # XXX: ^above already included in nixpkgs package - - # #/qrlink - # qrcode>=6,<8 - # Pillow>=4,<10 - # XXX: ^above already included in nixpkgs package - - # #/stickers - # signalstickers-client>=3,<4 - - # #/sqlite - # aiosqlite>=0.16,<0.19 - aiosqlite - ]); - }); - dataDir = "/var/lib/mautrix-signal"; - registrationFile = "${dataDir}/signal-registration.yaml"; - cfg = config.services.mautrix-signal; - settingsFormat = pkgs.formats.json {}; - settingsFile = - settingsFormat.generate "mautrix-signal-config.json" cfg.settings; -in -{ - options = { - services.mautrix-signal = { - enable = mkEnableOption (lib.mdDoc "Mautrix-Signal, a Matrix-Signal puppeting bridge"); - - settings = mkOption rec { - apply = recursiveUpdate default; - inherit (settingsFormat) type; - default = { - # defaults based on this upstream example config: - # - - homeserver = { - address = "http://localhost:8008"; - software = "standard"; - # domain = "SETME"; - }; - - appservice = rec { - address = "http://${hostname}:${toString port}"; - hostname = "localhost"; - port = 29328; - - database = "sqlite:///${dataDir}/mautrix-signal.db"; - database_opts = {}; - bot_username = "signalbot"; - }; - - bridge = { - username_template = "signal_{userid}"; - permissions."*" = "relay"; - double_puppet_server_map = {}; - login_shared_secret_map = {}; - }; - - logging = { - version = 1; - - formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s"; - - handlers.console = { - class = "logging.StreamHandler"; - formatter = "precise"; - }; - - # log to console/systemd instead of file - root = { - level = "INFO"; - handlers = ["console"]; - }; - }; - }; - example = literalExpression '' - { - homeserver = { - address = "http://localhost:8008"; - domain = "mydomain.example"; - }; - - bridge.permissions = { - "@admin:mydomain.example" = "admin"; - "mydomain.example" = "user"; - }; - } - ''; - description = lib.mdDoc '' - {file}`config.yaml` configuration as a Nix attribute set. - Configuration options should match those described in - [example-config.yaml](https://github.com/mautrix/signale/blob/master/mautrix_signal/example-config.yaml). - ''; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = lib.mdDoc '' - File containing environment variables to be passed to the mautrix-signal service, - in which secret tokens can be specified securely by defining values for e.g. - `MAUTRIX_SIGNAL_APPSERVICE_AS_TOKEN`, - `MAUTRIX_SIGNAL_APPSERVICE_HS_TOKEN` - - These environment variables can also be used to set other options by - replacing hierarchy levels by `.`, converting the name to uppercase - and prepending `MAUTRIX_SIGNAL_`. - For example, the first value above maps to - {option}`settings.appservice.as_token`. - - The environment variable values can be prefixed with `json::` to have - them be parsed as JSON. For example, `login_shared_secret_map` can be - set as follows: - `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET_MAP=json::{"example.com":"secret"}`. - ''; - }; - - serviceDependencies = mkOption { - type = with types; listOf str; - default = optional config.services.matrix-synapse.enable "matrix-synapse.service"; - defaultText = literalExpression '' - optional config.services.matrix-synapse.enable "matrix-synapse.service" - ''; - description = lib.mdDoc '' - List of Systemd services to require and wait for when starting the application service. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - users.groups.mautrix-signal = {}; - - users.users.mautrix-signal = { - group = "mautrix-signal"; - isSystemUser = true; - }; - - systemd.services.mautrix-signal = { - description = "Mautrix-Signal, a Matrix-Signal puppeting bridge."; - - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ] ++ cfg.serviceDependencies; - after = [ "network-online.target" ] ++ cfg.serviceDependencies; - path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg` - - # environment.HOME = dataDir; - - preStart = '' - # generate the appservice's registration file if absent - if [ ! -f '${registrationFile}' ]; then - ${pkg}/bin/mautrix-signal \ - --generate-registration \ - --no-update \ - --base-config='${pkg}/${pkg.pythonModule.sitePackages}/mautrix_signal/example-config.yaml' \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - fi - ''; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - - User = "mautrix-signal"; - - ProtectSystem = "strict"; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - - PrivateTmp = true; - WorkingDirectory = pkg; - StateDirectory = baseNameOf dataDir; - UMask = "0027"; - EnvironmentFile = cfg.environmentFile; - - ExecStart = '' - ${pkg}/bin/mautrix-signal \ - --config='${settingsFile}' \ - --no-update - ''; - }; - }; - }; -} diff --git a/nixpatches/list.nix b/nixpatches/list.nix index f24fd075..de8b553f 100644 --- a/nixpatches/list.nix +++ b/nixpatches/list.nix @@ -32,6 +32,12 @@ in [ # etc, where "date" is like "20240228181608" # and can be found with `nix-repl > :lf . > lastModifiedDate` + (fetchpatch' { + title = "nixos/zsh: fix `lib.lib.mkAfter` typo"; + saneCommit = "e4fdd34dd9cf4797216f3ed37c416dcb147dd7a7"; + hash = "sha256-VG1wn8Z1K28bZfrcg4qFmecRMJq/T0XkgACt73GioZs="; + }) + (fetchpatch' { # TODO: send upstream title = "python3Packages.dbus-python: fix build when doInstallCheck=false"; @@ -141,12 +147,12 @@ in [ saneCommit = "56348833b4411e9fe2016c24c7fc4af1e3c1d28a"; hash = "sha256-RUw88u7CI2C1IpRUhGbdYamHsPT1jBV0ROyVvzLWdv8="; }) - (fetchpatch' { - # TODO: send for review (it should be unblocked as of 2024/05/08) - title = "pidgin: support cross compilation"; - saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a"; - hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0="; - }) + # (fetchpatch' { + # # TODO: send for review (it should be unblocked as of 2024/05/08) + # title = "pidgin: support cross compilation"; + # saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a"; + # hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0="; + # }) (fetchpatch' { title = "libgweather: enable introspection on cross builds";