From 625ba6b0faad37d321eee6c3f11fd89298553deb Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 8 Feb 2022 16:11:53 +0100 Subject: nixos/doc/2205: explain matrix-synapse rfc42 migration --- .../from_md/release-notes/rl-2205.section.xml | 110 +++++++++++++++++++++ nixos/doc/manual/release-notes/rl-2205.section.md | 89 +++++++++++++++++ 2 files changed, 199 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 2bcfc86b432..69981e94a81 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -388,6 +388,116 @@ its reliance on python2. + + + The matrix-synapse service + (services.matrix-synapse) has been + converted to use the settings option + defined in RFC42. This means that options that are part of + your homeserver.yaml configuration, and + that were specified at the top-level of the module + (services.matrix-synapse) now need to be + moved into + services.matrix-synapse.settings. And while + not all options you may use are defined in there, they are + still supported, because you can set arbitrary values in this + freeform type. + + + An example to make the required migration clearer: + + + Before: + + +{ + services.matrix-synapse = { + enable = true; + + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut"; + macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l"; + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = ""; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + + }; +} + + + After: + + +{ + services.matrix-synapse = { + enable = true; + + # this attribute set holds all values that go into your homeserver.yaml configuration + # See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for + # possible values. + settings = { + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + # pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = [ + "::" + "0.0.0.0" + ]; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + }; + + extraConfigFiles = [ + /run/keys/matrix-synapse/secrets.yaml + ]; + }; +} + + + The secrets in your original config should be migrated into a + YAML file that is included via + extraConfigFiles. + + + Additionally a few option defaults have been synced up with + upstream default values, for example the + max_upload_size grew from + 10M to 50M. + + The MoinMoin wiki engine diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 650ace8d9d2..e35c9c8c6ad 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -128,6 +128,95 @@ In addition to numerous new and upgraded packages, this release has the followin - The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2. +- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42. + This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the + module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you + may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type. + + An example to make the required migration clearer: + + Before: + ```nix + { + services.matrix-synapse = { + enable = true; + + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut"; + macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l"; + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = ""; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + + }; + } + ``` + + After: + ```nix + { + services.matrix-synapse = { + enable = true; + + # this attribute set holds all values that go into your homeserver.yaml configuration + # See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for + # possible values. + settings = { + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + # pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = [ + "::" + "0.0.0.0" + ]; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + }; + + extraConfigFiles = [ + /run/keys/matrix-synapse/secrets.yaml + ]; + }; + } + ``` + + The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. + + Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`. + - The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs. - The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`. -- cgit 1.4.1