nixpkgs: 2024-05-08 -> 2024-05-13, nixpkgs-wayland, sops-nix
``` • Updated input 'nixpkgs-next-unpatched': 'github:nixos/nixpkgs/c8e3f684443d7c2875ff169f6ef2533534105e7b' (2024-05-08) → 'github:nixos/nixpkgs/6a217e9b1d39415076c7a6cfc44be5e935e7a839' (2024-05-13) • Updated input 'nixpkgs-unpatched': 'github:nixos/nixpkgs/a751e2faa2fc94c1337c32aaf6a6e417afe90be9' (2024-05-08) → 'github:nixos/nixpkgs/6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5' (2024-05-13) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c' (2024-05-08) → 'github:nix-community/nixpkgs-wayland/5f7272dff81558143f93e2cb32189a52ef965892' (2024-05-13) • Updated input 'nixpkgs-wayland/lib-aggregate': 'github:nix-community/lib-aggregate/26fabca301e1133abd3d9192b1bcb6fb45b30f1d' (2024-05-05) → 'github:nix-community/lib-aggregate/09883ca828e8cfaacdb09e29190a7b84ad1d9925' (2024-05-12) • Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/4b620020fd73bdd5104e32c702e65b60b6869426' (2024-05-05) → 'github:nix-community/nixpkgs.lib/58e03b95f65dfdca21979a081aa62db0eed6b1d8' (2024-05-12) • Updated input 'nixpkgs-wayland/nix-eval-jobs': 'github:nix-community/nix-eval-jobs/7b6640f2a10701bf0db16aff048070f400e8ea7c' (2024-04-23) → 'github:nix-community/nix-eval-jobs/63154bdfb22091041b307d17863bdc0e01a32a00' (2024-05-09) • Updated input 'nixpkgs-wayland/nix-eval-jobs/nixpkgs': 'github:NixOS/nixpkgs/1e1dc66fe68972a76679644a5577828b6a7e8be4' (2024-04-22) → 'github:NixOS/nixpkgs/ad7efee13e0d216bf29992311536fce1d3eefbef' (2024-05-06) • Updated input 'sops-nix': 'github:Mic92/sops-nix/893e3df091f6838f4f9d71c61ab079d5c5dedbd1' (2024-05-06) → 'github:Mic92/sops-nix/b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e' (2024-05-12) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/b980b91038fc4b09067ef97bbe5ad07eecca1e76' (2024-05-04) → 'github:NixOS/nixpkgs/8e47858badee5594292921c2668c11004c3b0142' (2024-05-11) ```
This commit is contained in:
parent
a05fa53ee1
commit
2ae286ff75
52
flake.lock
52
flake.lock
|
@ -61,11 +61,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714910950,
|
||||
"narHash": "sha256-gaq5bphSsY+htEXFDkImOrH3MVCkxFTvCiwdCJj096E=",
|
||||
"lastModified": 1715515815,
|
||||
"narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"rev": "26fabca301e1133abd3d9192b1bcb6fb45b30f1d",
|
||||
"rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -99,11 +99,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713858845,
|
||||
"narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=",
|
||||
"lastModified": 1715248291,
|
||||
"narHash": "sha256-npC9Swu4VIlRIiEP0XFGoIukd6vOufS/M3PdHk6rQpc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c",
|
||||
"rev": "63154bdfb22091041b307d17863bdc0e01a32a00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -136,11 +136,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1713805509,
|
||||
"narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=",
|
||||
"lastModified": 1715037484,
|
||||
"narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4",
|
||||
"rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -152,11 +152,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1714870069,
|
||||
"lastModified": 1715474941,
|
||||
"narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "4b620020fd73bdd5104e32c702e65b60b6869426",
|
||||
"rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -167,11 +167,11 @@
|
|||
},
|
||||
"nixpkgs-next-unpatched": {
|
||||
"locked": {
|
||||
"lastModified": 1715148084,
|
||||
"narHash": "sha256-arUW5NSCMy7K8uO+1ODJqyptf71HP69XbJlSuf361rI=",
|
||||
"lastModified": 1715580068,
|
||||
"narHash": "sha256-EuE4shavKc+ZX3eKbeVFLvajC72taSCh5kPc+91K9/k=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c8e3f684443d7c2875ff169f6ef2533534105e7b",
|
||||
"rev": "6a217e9b1d39415076c7a6cfc44be5e935e7a839",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -183,11 +183,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1714858427,
|
||||
"narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
|
||||
"lastModified": 1715458492,
|
||||
"narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
|
||||
"rev": "8e47858badee5594292921c2668c11004c3b0142",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -199,11 +199,11 @@
|
|||
},
|
||||
"nixpkgs-unpatched": {
|
||||
"locked": {
|
||||
"lastModified": 1715156971,
|
||||
"narHash": "sha256-sEgAH6EkkQf5Aux4JT5HvdKWia0ryePYI0RhioskVS8=",
|
||||
"lastModified": 1715585398,
|
||||
"narHash": "sha256-gkjMf9c+ggjxQ9hYDlVlLbz5IQ1WPtoyCl4EIImHJps=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a751e2faa2fc94c1337c32aaf6a6e417afe90be9",
|
||||
"rev": "6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -223,11 +223,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715156333,
|
||||
"narHash": "sha256-8V09AxlIyKh8maX5/fAo8JuijEu9KM1DVlPscxzmKsk=",
|
||||
"lastModified": 1715584565,
|
||||
"narHash": "sha256-lg2mUWqSG5puwVBMGWo1fUhLuLxnsZoxItJqi68caiA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c",
|
||||
"rev": "5f7272dff81558143f93e2cb32189a52ef965892",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -254,11 +254,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715035358,
|
||||
"narHash": "sha256-RY6kqhpCPa/q3vbqt3iYRyjO3hJz9KZnshMjbpPon8o=",
|
||||
"lastModified": 1715482972,
|
||||
"narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "893e3df091f6838f4f9d71c61ab079d5c5dedbd1",
|
||||
"rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
./dyn-dns.nix
|
||||
./eg25-manager.nix
|
||||
./kiwix-serve.nix
|
||||
./mautrix-signal.nix
|
||||
./nixserve.nix
|
||||
./trust-dns.nix
|
||||
];
|
||||
|
|
|
@ -1,207 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
# TODO: upstream these "optional-dependencies"
|
||||
# - search that phrase in <nixpkgs:doc/languages-frameworks/python.section.md>
|
||||
pkg = pkgs.mautrix-signal.overridePythonAttrs (super: {
|
||||
propagatedBuildInputs = super.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [
|
||||
# these optional deps come from mautrix-signal's "optional-requirements.txt"
|
||||
|
||||
# #/e2be
|
||||
# python-olm>=3,<4
|
||||
# pycryptodome>=3,<4
|
||||
# unpaddedbase64>=1,<3
|
||||
# XXX: ^above already included in nixpkgs package
|
||||
|
||||
# #/metrics
|
||||
# prometheus_client>=0.6,<0.17
|
||||
# XXX: ^above already included in nixpkgs package
|
||||
|
||||
# #/formattednumbers
|
||||
# phonenumbers>=8,<9
|
||||
# XXX: ^above already included in nixpkgs package
|
||||
|
||||
# #/qrlink
|
||||
# qrcode>=6,<8
|
||||
# Pillow>=4,<10
|
||||
# XXX: ^above already included in nixpkgs package
|
||||
|
||||
# #/stickers
|
||||
# signalstickers-client>=3,<4
|
||||
|
||||
# #/sqlite
|
||||
# aiosqlite>=0.16,<0.19
|
||||
aiosqlite
|
||||
]);
|
||||
});
|
||||
dataDir = "/var/lib/mautrix-signal";
|
||||
registrationFile = "${dataDir}/signal-registration.yaml";
|
||||
cfg = config.services.mautrix-signal;
|
||||
settingsFormat = pkgs.formats.json {};
|
||||
settingsFile =
|
||||
settingsFormat.generate "mautrix-signal-config.json" cfg.settings;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.mautrix-signal = {
|
||||
enable = mkEnableOption (lib.mdDoc "Mautrix-Signal, a Matrix-Signal puppeting bridge");
|
||||
|
||||
settings = mkOption rec {
|
||||
apply = recursiveUpdate default;
|
||||
inherit (settingsFormat) type;
|
||||
default = {
|
||||
# defaults based on this upstream example config:
|
||||
# - <https://github.com/mautrix/signal/blob/master/mautrix_signal/example-config.yaml>
|
||||
homeserver = {
|
||||
address = "http://localhost:8008";
|
||||
software = "standard";
|
||||
# domain = "SETME";
|
||||
};
|
||||
|
||||
appservice = rec {
|
||||
address = "http://${hostname}:${toString port}";
|
||||
hostname = "localhost";
|
||||
port = 29328;
|
||||
|
||||
database = "sqlite:///${dataDir}/mautrix-signal.db";
|
||||
database_opts = {};
|
||||
bot_username = "signalbot";
|
||||
};
|
||||
|
||||
bridge = {
|
||||
username_template = "signal_{userid}";
|
||||
permissions."*" = "relay";
|
||||
double_puppet_server_map = {};
|
||||
login_shared_secret_map = {};
|
||||
};
|
||||
|
||||
logging = {
|
||||
version = 1;
|
||||
|
||||
formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
|
||||
|
||||
handlers.console = {
|
||||
class = "logging.StreamHandler";
|
||||
formatter = "precise";
|
||||
};
|
||||
|
||||
# log to console/systemd instead of file
|
||||
root = {
|
||||
level = "INFO";
|
||||
handlers = ["console"];
|
||||
};
|
||||
};
|
||||
};
|
||||
example = literalExpression ''
|
||||
{
|
||||
homeserver = {
|
||||
address = "http://localhost:8008";
|
||||
domain = "mydomain.example";
|
||||
};
|
||||
|
||||
bridge.permissions = {
|
||||
"@admin:mydomain.example" = "admin";
|
||||
"mydomain.example" = "user";
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
{file}`config.yaml` configuration as a Nix attribute set.
|
||||
Configuration options should match those described in
|
||||
[example-config.yaml](https://github.com/mautrix/signale/blob/master/mautrix_signal/example-config.yaml).
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
File containing environment variables to be passed to the mautrix-signal service,
|
||||
in which secret tokens can be specified securely by defining values for e.g.
|
||||
`MAUTRIX_SIGNAL_APPSERVICE_AS_TOKEN`,
|
||||
`MAUTRIX_SIGNAL_APPSERVICE_HS_TOKEN`
|
||||
|
||||
These environment variables can also be used to set other options by
|
||||
replacing hierarchy levels by `.`, converting the name to uppercase
|
||||
and prepending `MAUTRIX_SIGNAL_`.
|
||||
For example, the first value above maps to
|
||||
{option}`settings.appservice.as_token`.
|
||||
|
||||
The environment variable values can be prefixed with `json::` to have
|
||||
them be parsed as JSON. For example, `login_shared_secret_map` can be
|
||||
set as follows:
|
||||
`MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET_MAP=json::{"example.com":"secret"}`.
|
||||
'';
|
||||
};
|
||||
|
||||
serviceDependencies = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
|
||||
defaultText = literalExpression ''
|
||||
optional config.services.matrix-synapse.enable "matrix-synapse.service"
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
List of Systemd services to require and wait for when starting the application service.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.groups.mautrix-signal = {};
|
||||
|
||||
users.users.mautrix-signal = {
|
||||
group = "mautrix-signal";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
systemd.services.mautrix-signal = {
|
||||
description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||
path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg`
|
||||
|
||||
# environment.HOME = dataDir;
|
||||
|
||||
preStart = ''
|
||||
# generate the appservice's registration file if absent
|
||||
if [ ! -f '${registrationFile}' ]; then
|
||||
${pkg}/bin/mautrix-signal \
|
||||
--generate-registration \
|
||||
--no-update \
|
||||
--base-config='${pkg}/${pkg.pythonModule.sitePackages}/mautrix_signal/example-config.yaml' \
|
||||
--config='${settingsFile}' \
|
||||
--registration='${registrationFile}'
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
User = "mautrix-signal";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
|
||||
PrivateTmp = true;
|
||||
WorkingDirectory = pkg;
|
||||
StateDirectory = baseNameOf dataDir;
|
||||
UMask = "0027";
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
|
||||
ExecStart = ''
|
||||
${pkg}/bin/mautrix-signal \
|
||||
--config='${settingsFile}' \
|
||||
--no-update
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -32,6 +32,12 @@ in [
|
|||
# etc, where "date" is like "20240228181608"
|
||||
# and can be found with `nix-repl > :lf . > lastModifiedDate`
|
||||
|
||||
(fetchpatch' {
|
||||
title = "nixos/zsh: fix `lib.lib.mkAfter` typo";
|
||||
saneCommit = "e4fdd34dd9cf4797216f3ed37c416dcb147dd7a7";
|
||||
hash = "sha256-VG1wn8Z1K28bZfrcg4qFmecRMJq/T0XkgACt73GioZs=";
|
||||
})
|
||||
|
||||
(fetchpatch' {
|
||||
# TODO: send upstream
|
||||
title = "python3Packages.dbus-python: fix build when doInstallCheck=false";
|
||||
|
@ -141,12 +147,12 @@ in [
|
|||
saneCommit = "56348833b4411e9fe2016c24c7fc4af1e3c1d28a";
|
||||
hash = "sha256-RUw88u7CI2C1IpRUhGbdYamHsPT1jBV0ROyVvzLWdv8=";
|
||||
})
|
||||
(fetchpatch' {
|
||||
# TODO: send for review (it should be unblocked as of 2024/05/08)
|
||||
title = "pidgin: support cross compilation";
|
||||
saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a";
|
||||
hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0=";
|
||||
})
|
||||
# (fetchpatch' {
|
||||
# # TODO: send for review (it should be unblocked as of 2024/05/08)
|
||||
# title = "pidgin: support cross compilation";
|
||||
# saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a";
|
||||
# hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0=";
|
||||
# })
|
||||
|
||||
(fetchpatch' {
|
||||
title = "libgweather: enable introspection on cross builds";
|
||||
|
|
Loading…
Reference in New Issue
Block a user