nixos/doc/2205: explain matrix-synapse rfc42 migration
This commit is contained in:
parent
550fc51d7b
commit
625ba6b0fa
@ -388,6 +388,116 @@
|
|||||||
its reliance on python2.
|
its reliance on python2.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>matrix-synapse</literal> service
|
||||||
|
(<literal>services.matrix-synapse</literal>) has been
|
||||||
|
converted to use the <literal>settings</literal> option
|
||||||
|
defined in RFC42. This means that options that are part of
|
||||||
|
your <literal>homeserver.yaml</literal> configuration, and
|
||||||
|
that were specified at the top-level of the module
|
||||||
|
(<literal>services.matrix-synapse</literal>) now need to be
|
||||||
|
moved into
|
||||||
|
<literal>services.matrix-synapse.settings</literal>. And while
|
||||||
|
not all options you may use are defined in there, they are
|
||||||
|
still supported, because you can set arbitrary values in this
|
||||||
|
freeform type.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
An example to make the required migration clearer:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Before:
|
||||||
|
</para>
|
||||||
|
<programlisting language="bash">
|
||||||
|
{
|
||||||
|
services.matrix-synapse = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
server_name = "example.com";
|
||||||
|
public_baseurl = "https://example.com:8448";
|
||||||
|
|
||||||
|
enable_registration = false;
|
||||||
|
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||||
|
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||||
|
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
|
||||||
|
listeners = [ {
|
||||||
|
port = 8448;
|
||||||
|
bind_address = "";
|
||||||
|
type = "http";
|
||||||
|
tls = true;
|
||||||
|
resources = [ {
|
||||||
|
names = [ "client" ];
|
||||||
|
compress = true;
|
||||||
|
} {
|
||||||
|
names = [ "federation" ];
|
||||||
|
compress = false;
|
||||||
|
} ];
|
||||||
|
} ];
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
After:
|
||||||
|
</para>
|
||||||
|
<programlisting language="bash">
|
||||||
|
{
|
||||||
|
services.matrix-synapse = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||||
|
# possible values.
|
||||||
|
settings = {
|
||||||
|
server_name = "example.com";
|
||||||
|
public_baseurl = "https://example.com:8448";
|
||||||
|
|
||||||
|
enable_registration = false;
|
||||||
|
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||||
|
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
|
||||||
|
listeners = [ {
|
||||||
|
port = 8448;
|
||||||
|
bind_address = [
|
||||||
|
"::"
|
||||||
|
"0.0.0.0"
|
||||||
|
];
|
||||||
|
type = "http";
|
||||||
|
tls = true;
|
||||||
|
resources = [ {
|
||||||
|
names = [ "client" ];
|
||||||
|
compress = true;
|
||||||
|
} {
|
||||||
|
names = [ "federation" ];
|
||||||
|
compress = false;
|
||||||
|
} ];
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfigFiles = [
|
||||||
|
/run/keys/matrix-synapse/secrets.yaml
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
The secrets in your original config should be migrated into a
|
||||||
|
YAML file that is included via
|
||||||
|
<literal>extraConfigFiles</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Additionally a few option defaults have been synced up with
|
||||||
|
upstream default values, for example the
|
||||||
|
<literal>max_upload_size</literal> grew from
|
||||||
|
<literal>10M</literal> to <literal>50M</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The MoinMoin wiki engine
|
The MoinMoin wiki engine
|
||||||
|
@ -128,6 +128,95 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||||||
|
|
||||||
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
|
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
|
||||||
|
|
||||||
|
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
|
||||||
|
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
|
||||||
|
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
|
||||||
|
may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
|
||||||
|
|
||||||
|
An example to make the required migration clearer:
|
||||||
|
|
||||||
|
Before:
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
services.matrix-synapse = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
server_name = "example.com";
|
||||||
|
public_baseurl = "https://example.com:8448";
|
||||||
|
|
||||||
|
enable_registration = false;
|
||||||
|
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||||
|
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||||
|
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
|
||||||
|
listeners = [ {
|
||||||
|
port = 8448;
|
||||||
|
bind_address = "";
|
||||||
|
type = "http";
|
||||||
|
tls = true;
|
||||||
|
resources = [ {
|
||||||
|
names = [ "client" ];
|
||||||
|
compress = true;
|
||||||
|
} {
|
||||||
|
names = [ "federation" ];
|
||||||
|
compress = false;
|
||||||
|
} ];
|
||||||
|
} ];
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
After:
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
services.matrix-synapse = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||||
|
# possible values.
|
||||||
|
settings = {
|
||||||
|
server_name = "example.com";
|
||||||
|
public_baseurl = "https://example.com:8448";
|
||||||
|
|
||||||
|
enable_registration = false;
|
||||||
|
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||||
|
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||||
|
|
||||||
|
listeners = [ {
|
||||||
|
port = 8448;
|
||||||
|
bind_address = [
|
||||||
|
"::"
|
||||||
|
"0.0.0.0"
|
||||||
|
];
|
||||||
|
type = "http";
|
||||||
|
tls = true;
|
||||||
|
resources = [ {
|
||||||
|
names = [ "client" ];
|
||||||
|
compress = true;
|
||||||
|
} {
|
||||||
|
names = [ "federation" ];
|
||||||
|
compress = false;
|
||||||
|
} ];
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfigFiles = [
|
||||||
|
/run/keys/matrix-synapse/secrets.yaml
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
|
||||||
|
|
||||||
|
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
|
||||||
|
|
||||||
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
|
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
|
||||||
|
|
||||||
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
||||||
|
Loading…
Reference in New Issue
Block a user