pyrox.dev / nixpkgs
lol
fork atom

matrix-synapse: init at 0.12.0

roblabla 7e10bf43 c29df5f8

+533 -3
+2
nixos/modules/misc/ids.nix
··· 245 245 opendkim = 221; 246 246 dspam = 222; 247 247 gale = 223; 248 + matrix-synapse = 224; 248 249 249 250 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 250 251 ··· 467 468 opendkim = 221; 468 469 dspam = 222; 469 470 gale = 223; 471 + matrix-synapse = 224; 470 472 471 473 # When adding a gid, make sure it doesn't match an existing 472 474 # uid. Users and groups with the same name should have equal
+1
nixos/modules/module-list.nix
··· 214 214 ./services/misc/gpsd.nix 215 215 ./services/misc/ihaskell.nix 216 216 ./services/misc/mathics.nix 217 + ./services/misc/matrix-synapse.nix 217 218 ./services/misc/mbpfan.nix 218 219 ./services/misc/mediatomb.nix 219 220 ./services/misc/mesos-master.nix
+25
nixos/modules/services/misc/matrix-synapse-log_config.yaml
··· 1 + version: 1 2 + 3 + # In systemd's journal, loglevel is implicitly stored, so let's omit it 4 + # from the message text. 5 + formatters: 6 + journal_fmt: 7 + format: '%(name)s: [%(request)s] %(message)s' 8 + 9 + filters: 10 + context: 11 + (): synapse.util.logcontext.LoggingContextFilter 12 + request: "" 13 + 14 + handlers: 15 + journal: 16 + class: systemd.journal.JournalHandler 17 + formatter: journal_fmt 18 + filters: [context] 19 + SYSLOG_IDENTIFIER: synapse 20 + 21 + root: 22 + level: INFO 23 + handlers: [journal] 24 + 25 + disable_existing_loggers: False
+279
nixos/modules/services/misc/matrix-synapse.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.matrix-synapse; 7 + logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig; 8 + configFile = pkgs.writeText "homeserver.yaml" '' 9 + tls_certificate_path: "${cfg.tls_certificate_path}" 10 + tls_private_key_path: "${cfg.tls_private_key_path}" 11 + tls_dh_params_path: "${cfg.tls_dh_params_path}" 12 + no_tls: ${if cfg.no_tls then "true" else "false"} 13 + bind_port: ${toString cfg.bind_port} 14 + unsecure_port: ${toString cfg.unsecure_port} 15 + bind_host: "${cfg.bind_host}" 16 + server_name: "${cfg.server_name}" 17 + pid_file: "/var/run/matrix-synapse.pid" 18 + web_client: ${if cfg.web_client then "true" else "false"} 19 + database: { 20 + name: "${cfg.database_type}", 21 + args: { 22 + ${concatStringsSep ",\n " ( 23 + mapAttrsToList (n: v: "\"${n}\": ${v}") cfg.database_args 24 + )} 25 + } 26 + } 27 + log_file: "/var/log/matrix-synapse/homeserver.log" 28 + log_config: "${logConfigFile}" 29 + media_store_path: "/var/lib/matrix-synapse/media" 30 + recaptcha_private_key: "${cfg.recaptcha_private_key}" 31 + recaptcha_public_key: "${cfg.recaptcha_public_key}" 32 + enable_registration_captcha: ${if cfg.enable_registration_captcha then "true" else "false"} 33 + turn_uris: ${if (length cfg.turn_uris) == 0 then "[]" else ("\n" + (concatStringsSep "\n" (map (s: "- " + s) cfg.turn_uris)))} 34 + turn_shared_secret: "${cfg.turn_shared_secret}" 35 + enable_registration: ${if cfg.enable_registration then "true" else "false"} 36 + ${optionalString (cfg.registration_shared_secret != "") '' 37 + registration_shared_secret: "${cfg.registration_shared_secret}" 38 + ''} 39 + enable_metrics: ${if cfg.enable_metrics then "true" else "false"} 40 + report_stats: ${if cfg.report_stats then "true" else "false"} 41 + signing_key_path: "/var/lib/matrix-synapse/homeserver.signing.key" 42 + perspectives: 43 + servers: { 44 + ${concatStringsSep "},\n" (mapAttrsToList (n: v: '' 45 + "${n}": { 46 + "verify_keys": { 47 + ${concatStringsSep "},\n" (mapAttrsToList (n: v: '' 48 + "${n}": { 49 + "key": "${v}" 50 + }'') v)} 51 + } 52 + '') cfg.servers)} 53 + } 54 + } 55 + ${cfg.extraConfig} 56 + ''; 57 + in { 58 + options = { 59 + services.matrix-synapse = { 60 + enable = mkEnableOption "matrix.org synapse"; 61 + package = mkOption { 62 + type = types.package; 63 + default = pkgs.matrix-synapse; 64 + description = '' 65 + Overridable attribute of the matrix synapse server package to use. 66 + ''; 67 + }; 68 + no_tls = mkOption { 69 + type = types.bool; 70 + default = false; 71 + description = '' 72 + Don't bind to the https port 73 + ''; 74 + }; 75 + tls_certificate_path = mkOption { 76 + type = types.path; 77 + default = "/var/lib/matrix-synapse/homeserver.tls.crt"; 78 + description = '' 79 + PEM encoded X509 certificate for TLS 80 + ''; 81 + }; 82 + tls_private_key_path = mkOption { 83 + type = types.path; 84 + default = "/var/lib/matrix-synapse/homeserver.tls.key"; 85 + description = '' 86 + PEM encoded private key for TLS 87 + ''; 88 + }; 89 + tls_dh_params_path = mkOption { 90 + type = types.path; 91 + default = "/var/lib/matrix-synapse/homeserver.tls.dh"; 92 + description = '' 93 + PEM dh parameters for ephemeral keys 94 + ''; 95 + }; 96 + bind_port = mkOption { 97 + type = types.int; 98 + default = 8448; 99 + description = '' 100 + The port to listen for HTTPS requests on. 101 + For when matrix traffic is sent directly to synapse. 102 + ''; 103 + }; 104 + unsecure_port = mkOption { 105 + type = types.int; 106 + default = 8008; 107 + description = '' 108 + The port to listen for HTTP requests on. 109 + For when matrix traffic passes through loadbalancer that unwraps TLS. 110 + ''; 111 + }; 112 + bind_host = mkOption { 113 + type = types.str; 114 + default = ""; 115 + description = '' 116 + Local interface to listen on. 117 + The empty string will cause synapse to listen on all interfaces. 118 + ''; 119 + }; 120 + server_name = mkOption { 121 + type = types.str; 122 + description = '' 123 + The domain name of the server, with optional explicit port. 124 + This is used by remote servers to connect to this server, 125 + e.g. matrix.org, localhost:8080, etc. 126 + This is also the last part of your UserID. 127 + ''; 128 + }; 129 + web_client = mkOption { 130 + type = types.bool; 131 + default = false; 132 + description = '' 133 + Whether to serve a web client from the HTTP/HTTPS root resource. 134 + ''; 135 + }; 136 + database_type = mkOption { 137 + type = types.enum [ "sqlite3" "psycopg2" ]; 138 + default = "sqlite3"; 139 + description = '' 140 + The database engine name. Can be sqlite or psycopg2. 141 + ''; 142 + }; 143 + database_args = mkOption { 144 + type = types.attrs; 145 + default = { 146 + database = "/var/lib/matrix-synapse/homeserver.db"; 147 + }; 148 + description = '' 149 + Arguments to pass to the engine. 150 + ''; 151 + }; 152 + recaptcha_private_key = mkOption { 153 + type = types.str; 154 + default = ""; 155 + description = '' 156 + This Home Server's ReCAPTCHA private key. 157 + ''; 158 + }; 159 + recaptcha_public_key = mkOption { 160 + type = types.str; 161 + default = ""; 162 + description = '' 163 + This Home Server's ReCAPTCHA public key. 164 + ''; 165 + }; 166 + enable_registration_captcha = mkOption { 167 + type = types.bool; 168 + default = false; 169 + description = '' 170 + Enables ReCaptcha checks when registering, preventing signup 171 + unless a captcha is answered. Requires a valid ReCaptcha 172 + public/private key. 173 + ''; 174 + }; 175 + turn_uris = mkOption { 176 + type = types.listOf types.str; 177 + default = []; 178 + description = '' 179 + The public URIs of the TURN server to give to clients 180 + ''; 181 + }; 182 + turn_shared_secret = mkOption { 183 + type = types.str; 184 + default = ""; 185 + description = '' 186 + The shared secret used to compute passwords for the TURN server 187 + ''; 188 + }; 189 + enable_registration = mkOption { 190 + type = types.bool; 191 + default = false; 192 + description = '' 193 + Enable registration for new users. 194 + ''; 195 + }; 196 + registration_shared_secret = mkOption { 197 + type = types.str; 198 + default = ""; 199 + description = '' 200 + If set, allows registration by anyone who also has the shared 201 + secret, even if registration is otherwise disabled. 202 + ''; 203 + }; 204 + enable_metrics = mkOption { 205 + type = types.bool; 206 + default = false; 207 + description = '' 208 + Enable collection and rendering of performance metrics 209 + ''; 210 + }; 211 + report_stats = mkOption { 212 + type = types.bool; 213 + default = false; 214 + description = '' 215 + ''; 216 + }; 217 + servers = mkOption { 218 + type = types.attrs; 219 + default = { 220 + "matrix.org" = { 221 + "ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; 222 + }; 223 + }; 224 + description = '' 225 + The trusted servers to download signing keys from. 226 + ''; 227 + }; 228 + extraConfig = mkOption { 229 + type = types.lines; 230 + default = ""; 231 + description = '' 232 + Extra config options for matrix-synapse. 233 + ''; 234 + }; 235 + logConfig = mkOption { 236 + type = types.lines; 237 + default = readFile ./matrix-synapse-log_config.yaml; 238 + description = '' 239 + A yaml python logging config file 240 + ''; 241 + }; 242 + }; 243 + }; 244 + 245 + config = mkIf cfg.enable { 246 + users.extraUsers = [ 247 + { name = "matrix-synapse"; 248 + group = "matrix-synapse"; 249 + home = "/var/lib/matrix-synapse"; 250 + createHome = true; 251 + shell = "${pkgs.bash}/bin/bash"; 252 + uid = config.ids.uids.matrix-synapse; 253 + } ]; 254 + 255 + users.extraGroups = [ 256 + { name = "matrix-synapse"; 257 + gid = config.ids.gids.matrix-synapse; 258 + } ]; 259 + 260 + systemd.services.matrix-synapse = { 261 + after = [ "network.target" ]; 262 + wantedBy = [ "multi-user.target" ]; 263 + preStart = '' 264 + mkdir -p /var/lib/matrix-synapse 265 + chmod 700 /var/lib/matrix-synapse 266 + chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse 267 + ${cfg.package}/bin/homeserver --config-path ${configFile} --generate-keys 268 + ''; 269 + serviceConfig = { 270 + Type = "simple"; 271 + User = "matrix-synapse"; 272 + Group = "matrix-synapse"; 273 + WorkingDirectory = "/var/lib/matrix-synapse"; 274 + PermissionsStartOnly = true; 275 + ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile}"; 276 + }; 277 + }; 278 + }; 279 + }
+45
pkgs/servers/matrix-synapse/default.nix
··· 1 + { pkgs, stdenv, buildPythonPackage, pythonPackages, fetchurl, fetchFromGitHub }: 2 + let 3 + matrix-angular-sdk = buildPythonPackage rec { 4 + name = "matrix-angular-sdk-${version}"; 5 + version = "0.6.6"; 6 + 7 + src = fetchurl { 8 + url = "https://pypi.python.org/packages/source/m/matrix-angular-sdk/matrix-angular-sdk-${version}.tar.gz"; 9 + sha256 = "1vknhmibb8gh8lng50va2cdvng5xm7vqv9dl680m3gj38pg0bv8a"; 10 + }; 11 + }; 12 + in 13 + buildPythonPackage rec { 14 + name = "matrix-synapse-${version}"; 15 + version = "0.12.0"; 16 + 17 + src = fetchFromGitHub { 18 + owner = "matrix-org"; 19 + repo = "synapse"; 20 + rev = "f35f8d06ea58e2d0cdccd82924c7a44fd93f4c38"; 21 + sha256 = "0b0k1am9lh0qglagc06m91qs26ybv37k7wpbg5333x8jaf5d1si4"; 22 + }; 23 + 24 + patches = [ ./matrix-synapse.patch ]; 25 + 26 + propagatedBuildInputs = with pythonPackages; [ 27 + blist canonicaljson daemonize dateutil frozendict pillow pybcrypt pyasn1 28 + pydenticon pymacaroons-pynacl pynacl pyopenssl pysaml2 pytz requests2 29 + service-identity signedjson systemd twisted15 ujson unpaddedbase64 pyyaml 30 + matrix-angular-sdk 31 + ]; 32 + 33 + # Checks fail because of Tox. 34 + doCheck = false; 35 + 36 + buildInputs = with pythonPackages; [ 37 + mock setuptoolsTrial 38 + ]; 39 + 40 + meta = { 41 + homepage = https://matrix.org; 42 + description = "Matrix reference homeserver"; 43 + license = stdenv.lib.licenses.asl20; 44 + }; 45 + }
+20
pkgs/servers/matrix-synapse/matrix-synapse.patch
··· 1 + diff --git a/homeserver b/homeserver 2 + new file mode 120000 3 + index 0000000..2f1d413 4 + --- /dev/null 5 + +++ b/homeserver 6 + @@ -0,0 +1 @@ 7 + +synapse/app/homeserver.py 8 + \ No newline at end of file 9 + diff --git a/setup.py b/setup.py 10 + index 9d24761..f3e6a00 100755 11 + --- a/setup.py 12 + +++ b/setup.py 13 + @@ -85,6 +85,6 @@ setup( 14 + include_package_data=True, 15 + zip_safe=False, 16 + long_description=long_description, 17 + - scripts=["synctl"] + glob.glob("scripts/*"), 18 + + scripts=["synctl", "homeserver"] + glob.glob("scripts/*"), 19 + cmdclass={'test': Tox}, 20 + )
+2
pkgs/top-level/all-packages.nix
··· 2076 2076 2077 2077 makebootfat = callPackage ../tools/misc/makebootfat { }; 2078 2078 2079 + matrix-synapse = callPackage ../servers/matrix-synapse { }; 2080 + 2079 2081 memtester = callPackage ../tools/system/memtester { }; 2080 2082 2081 2083 minidlna = callPackage ../tools/networking/minidlna { };
+159 -3
pkgs/top-level/python-packages.nix
··· 17823 17823 md5 = "f16f4237c9ee483a0cd13208849d96ad"; 17824 17824 }; 17825 17825 17826 - propagatedBuildInputs = with self; [ twisted ]; 17826 + propagatedBuildInputs = with self; [ twisted15 ]; 17827 17827 17828 17828 meta = { 17829 17829 description = "setuptools plug-in that helps run unit tests built with the \"Trial\" framework (from Twisted)"; ··· 17852 17852 17853 17853 17854 17854 simplejson = buildPythonPackage (rec { 17855 - name = "simplejson-3.3.0"; 17855 + name = "simplejson-3.8.1"; 17856 17856 17857 17857 src = pkgs.fetchurl { 17858 17858 url = "http://pypi.python.org/packages/source/s/simplejson/${name}.tar.gz"; 17859 - md5 = "0e29b393bceac8081fa4e93ff9f6a001"; 17859 + sha256 = "14r4l4rcsyf87p2j4ycsbb017n4vzxfmv285rq2gny4w47rwi2j2"; 17860 17860 }; 17861 17861 17862 17862 meta = { ··· 19736 19736 src = pkgs.fetchurl { 19737 19737 url = "https://pypi.python.org/packages/source/T/Twisted/${name}.tar.bz2"; 19738 19738 sha256 = "05agfp17cndhv2w0p559lvknl7nv0xqkg10apc47fm53m8llbfvz"; 19739 + }; 19740 + 19741 + propagatedBuildInputs = with self; [ zope_interface ]; 19742 + 19743 + # Generate Twisted's plug-in cache. Twited users must do it as well. See 19744 + # http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3 19745 + # and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for 19746 + # details. 19747 + postInstall = "$out/bin/twistd --help > /dev/null"; 19748 + 19749 + meta = { 19750 + homepage = http://twistedmatrix.com/; 19751 + description = "Twisted, an event-driven networking engine written in Python"; 19752 + longDescription = '' 19753 + Twisted is an event-driven networking engine written in Python 19754 + and licensed under the MIT license. 19755 + ''; 19756 + license = licenses.mit; 19757 + maintainers = [ ]; 19758 + }; 19759 + }; 19760 + 19761 + twisted15 = buildPythonPackage rec { 19762 + disabled = isPy3k; 19763 + 19764 + name = "Twisted-15.5.0"; 19765 + src = pkgs.fetchurl { 19766 + url = "https://pypi.python.org/packages/source/T/Twisted/${name}.tar.bz2"; 19767 + sha256 = "0zy18lcrris4aaslil5k12i13k56c32hzfdv6h10kbnzl026h158"; 19739 19768 }; 19740 19769 19741 19770 propagatedBuildInputs = with self; [ zope_interface ]; ··· 22583 22612 }; 22584 22613 }; 22585 22614 22615 + blist = buildPythonPackage rec { 22616 + name = "blist-${version}"; 22617 + version = "1.3.6"; 22618 + disabled = isPyPy; 22619 + 22620 + src = pkgs.fetchurl { 22621 + url = "https://pypi.python.org/packages/source/b/blist/blist-${version}.tar.gz"; 22622 + sha256 = "1hqz9pqbwx0czvq9bjdqjqh5bwfksva1is0anfazig81n18c84is"; 22623 + }; 22624 + }; 22625 + 22626 + canonicaljson = buildPythonPackage rec { 22627 + name = "canonicaljson-${version}"; 22628 + version = "1.0.0"; 22629 + 22630 + src = pkgs.fetchgit { 22631 + url = "https://github.com/matrix-org/python-canonicaljson.git"; 22632 + rev = "refs/tags/v${version}"; 22633 + sha256 = "29802d0effacd26ca1d6eccc8d4c7e4f543a194754ba89263861e87f44a83f0c"; 22634 + }; 22635 + 22636 + propagatedBuildInputs = with self; [ 22637 + frozendict simplejson 22638 + ]; 22639 + }; 22640 + 22641 + daemonize = buildPythonPackage rec { 22642 + name = "daemonize-${version}"; 22643 + version = "2.4.2"; 22644 + 22645 + src = pkgs.fetchurl { 22646 + url = "https://pypi.python.org/packages/source/d/daemonize/daemonize-${version}.tar.gz"; 22647 + sha256 = "0y139sq657bpzfv6k0aqm4071z4s40i6ybpni9qvngvdcz6r86n2"; 22648 + }; 22649 + }; 22650 + 22651 + frozendict = buildPythonPackage rec { 22652 + name = "frozendict-${version}"; 22653 + version = "0.5"; 22654 + 22655 + src = pkgs.fetchurl { 22656 + url = "https://pypi.python.org/packages/source/f/frozendict/frozendict-0.5.tar.gz"; 22657 + sha256 = "0m4kg6hbadvf99if78nx01q7qnbyhdw3x4znl5dasgciyi54432n"; 22658 + }; 22659 + }; 22660 + 22661 + pydenticon = buildPythonPackage rec { 22662 + name = "pydenticon-${version}"; 22663 + version = "0.2"; 22664 + 22665 + src = pkgs.fetchurl { 22666 + url = "https://pypi.python.org/packages/source/p/pydenticon/pydenticon-0.2.tar.gz"; 22667 + sha256 = "035dawcspgjw2rksbnn863s7b0i9ac8cc1nshshvd1l837ir1czp"; 22668 + }; 22669 + propagatedBuildInputs = with self; [ 22670 + pillow mock 22671 + ]; 22672 + }; 22673 + 22674 + pymacaroons-pynacl = buildPythonPackage rec { 22675 + name = "pymacaroons-pynacl-${version}"; 22676 + version = "0.9.3"; 22677 + 22678 + src = pkgs.fetchgit { 22679 + url = "https://github.com/matrix-org/pymacaroons.git"; 22680 + rev = "refs/tags/v${version}"; 22681 + sha256 = "481a486520f5a3ad2761c3cd3954d2b08f456a94fb080aaa4ad1e68ddc705b52"; 22682 + }; 22683 + 22684 + propagatedBuildInputs = with self; [ pynacl six ]; 22685 + }; 22686 + 22687 + pynacl = buildPythonPackage rec { 22688 + name = "pynacl-${version}"; 22689 + version = "0.3.0"; 22690 + 22691 + src = pkgs.fetchurl { 22692 + url = "https://pypi.python.org/packages/source/P/PyNaCl/PyNaCl-0.3.0.tar.gz"; 22693 + sha256 = "1hknxlp3a3f8njn19w92p8nhzl9jkfwzhv5fmxhmyq2m8hqrfj8j"; 22694 + }; 22695 + 22696 + propagatedBuildInputs = with self; [pkgs.libsodium six cffi pycparser pytest]; 22697 + }; 22698 + 22699 + service-identity = buildPythonPackage rec { 22700 + name = "service-identity-${version}"; 22701 + version = "14.0.0"; 22702 + 22703 + src = pkgs.fetchurl { 22704 + url = "https://pypi.python.org/packages/source/s/service_identity/service_identity-${version}.tar.gz"; 22705 + sha256 = "0njg9bklkkp4rl2b9vsfh9aasxy3w2dmjkv9cq34jn65lwcs619i"; 22706 + }; 22707 + 22708 + propagatedBuildInputs = with self; [ 22709 + characteristic pyasn1 pyasn1-modules pyopenssl idna 22710 + ]; 22711 + 22712 + buildInputs = with self; [ 22713 + pytest 22714 + ]; 22715 + }; 22716 + 22717 + signedjson = buildPythonPackage rec { 22718 + name = "signedjson-${version}"; 22719 + version = "1.0.0"; 22720 + 22721 + src = pkgs.fetchgit { 22722 + url = "https://github.com/matrix-org/python-signedjson.git"; 22723 + rev = "refs/tags/v${version}"; 22724 + sha256 = "4ef1c89ea85846632d711a37a2e6aae1348c62b9d62ed0e80428b4a00642e9df"; 22725 + }; 22726 + 22727 + propagatedBuildInputs = with self; [ 22728 + canonicaljson unpaddedbase64 pynacl 22729 + ]; 22730 + }; 22731 + 22732 + unpaddedbase64 = buildPythonPackage rec { 22733 + name = "unpaddedbase64-${version}"; 22734 + version = "1.0.1"; 22735 + 22736 + src = pkgs.fetchgit { 22737 + url = "https://github.com/matrix-org/python-unpaddedbase64.git"; 22738 + rev = "refs/tags/v${version}"; 22739 + sha256 = "f221240a6d414c4244ab906b1dc8983c4d1114acb778cb857f6fc50d710be502"; 22740 + }; 22741 + }; 22586 22742 22587 22743 22588 22744 thumbor = buildPythonPackage rec {