nixos/mautrix-signal: Adapt to new configuration
With mautrix-signal v0.7.0 the bridge is built upon the bridgev2 architecture. With this, the configuration file was slightly rearranged. Options like login_shared_secret_map and double_puppet_server_map were dropped.
This commit is contained in:
		
							parent
							
								
									e38c90b7c9
								
							
						
					
					
						commit
						aab2bd233c
					
				| @ -171,6 +171,9 @@ | ||||
|   Processes also now run as a dynamically allocated user by default instead of | ||||
|   root. | ||||
| 
 | ||||
| - The `mautrix-signal` module was adapted to incorporate the configuration rearrangement that resulted from the update to the mautrix bridgev2 architecture. Pre-0.7.0 configurations should continue to work. | ||||
|   In case you want to update your configuration make sure to check the NixOS manual. | ||||
| 
 | ||||
| - The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver. | ||||
| 
 | ||||
| - `singularity-tools` have the `storeDir` argument removed from its override interface and use `builtins.storeDir` instead. | ||||
|  | ||||
							
								
								
									
										32
									
								
								nixos/modules/services/matrix/mautrix-signal.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								nixos/modules/services/matrix/mautrix-signal.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,32 @@ | ||||
| # Mautrix-Signal {#module-services-mautrix-signal} | ||||
| 
 | ||||
| [Mautrix-Signal](https://github.com/mautrix/signal) is a Matrix-Signal puppeting bridge. | ||||
| 
 | ||||
| ## Configuration {#module-services-mautrix-signal-configuration} | ||||
| 
 | ||||
| 1. Set [](#opt-services.mautrix-signal.enable) to `true`. The service will use | ||||
|    SQLite by default. | ||||
| 2. To create your configuration check the default configuration for | ||||
|    [](#opt-services.mautrix-signal.settings). To obtain the complete default | ||||
|    configuration, run | ||||
|    `nix-shell -p mautrix-signal --run "mautrix-signal -c default.yaml -e"`. | ||||
| 
 | ||||
| ::: {.warning} | ||||
| Mautrix-Signal allows for some options like `encryption.pickle_key`, | ||||
| `provisioning.shared_secret`, allow the value `generate` to be set. | ||||
| Since the configuration file is regenerated on every start of the | ||||
| service, the generated values would be discarded and might break your | ||||
| installation. Instead, set those values via | ||||
| [](#opt-services.mautrix-signal.environmentFile). | ||||
| ::: | ||||
| 
 | ||||
| ## Migrating from an older configuration {#module-services-mautrix-signal-migrate-configuration} | ||||
| 
 | ||||
| With Mautrix-Signal v0.7.0 the configuration has been rearranged. Mautrix-Signal | ||||
| performs an automatic configuration migration so your pre-0.7.0 configuration | ||||
| should just continue to work. | ||||
| 
 | ||||
| In case you want to update your NixOS configuration, compare the migrated configuration | ||||
| at `/var/lib/mautrix-signal/config.yaml` with the default configuration | ||||
| (`nix-shell -p mautrix-signal --run "mautrix-signal -c example.yaml -e"`) and | ||||
| update your module configuration accordingly. | ||||
| @ -17,12 +17,22 @@ let | ||||
|   optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); | ||||
|   mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); | ||||
|   defaultConfig = { | ||||
|     network = { | ||||
|       displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}"; | ||||
|     }; | ||||
|     bridge = { | ||||
|       command_prefix = "!signal"; | ||||
|       relay.enabled = true; | ||||
|       permissions."*" = "relay"; | ||||
|     }; | ||||
|     database = { | ||||
|       type = "sqlite3"; | ||||
|       uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate"; | ||||
|     }; | ||||
|     homeserver.address = "http://localhost:8448"; | ||||
|     appservice = { | ||||
|       hostname = "[::]"; | ||||
|       port = appservicePort; | ||||
|       database.type = "sqlite3"; | ||||
|       database.uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate"; | ||||
|       id = "signal"; | ||||
|       bot = { | ||||
|         username = "signalbot"; | ||||
| @ -30,16 +40,19 @@ let | ||||
|       }; | ||||
|       as_token = ""; | ||||
|       hs_token = ""; | ||||
|     }; | ||||
|     bridge = { | ||||
|       username_template = "signal_{{.}}"; | ||||
|       displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}"; | ||||
|       double_puppet_server_map = { }; | ||||
|       login_shared_secret_map = { }; | ||||
|       command_prefix = "!signal"; | ||||
|       permissions."*" = "relay"; | ||||
|       relay.enabled = true; | ||||
|     }; | ||||
|     double_puppet = { | ||||
|       servers = { }; | ||||
|       secrets = { }; | ||||
|     }; | ||||
|     # By default, the following keys/secrets are set to `generate`. This would break when the service | ||||
|     # is restarted, since the previously generated configuration will be overwritten everytime. | ||||
|     # If encryption is enabled, it's recommended to set those keys via `environmentFile`. | ||||
|     encryption.pickle_key = ""; | ||||
|     provisioning.shared_secret = ""; | ||||
|     public_media.signing_key = ""; | ||||
|     direct_media.server_key = ""; | ||||
|     logging = { | ||||
|       min_level = "info"; | ||||
|       writers = lib.singleton { | ||||
| @ -61,38 +74,42 @@ in | ||||
|       default = defaultConfig; | ||||
|       description = '' | ||||
|         {file}`config.yaml` configuration as a Nix attribute set. | ||||
|         Configuration options should match those described in | ||||
|         [example-config.yaml](https://github.com/mautrix/signal/blob/master/example-config.yaml). | ||||
|         Configuration options should match those described in the example configuration. | ||||
|         Get an example configuration by executing `mautrix-signal -c example.yaml --generate-example-config` | ||||
|         Secret tokens should be specified using {option}`environmentFile` | ||||
|         instead of this world-readable attribute set. | ||||
|       ''; | ||||
|       example = { | ||||
|         appservice = { | ||||
|           database = { | ||||
|             type = "postgres"; | ||||
|             uri = "postgresql:///mautrix_signal?host=/run/postgresql"; | ||||
|           }; | ||||
|           id = "signal"; | ||||
|           ephemeral_events = false; | ||||
|         }; | ||||
|         bridge = { | ||||
|           history_sync = { | ||||
|             request_full_sync = true; | ||||
|           }; | ||||
|           private_chat_portal_meta = true; | ||||
|           mute_bridging = true; | ||||
|           encryption = { | ||||
|             allow = true; | ||||
|             default = true; | ||||
|             require = true; | ||||
|           }; | ||||
|           provisioning = { | ||||
|             shared_secret = "disable"; | ||||
|           }; | ||||
|           mute_only_on_create = false; | ||||
|           permissions = { | ||||
|             "example.com" = "user"; | ||||
|           }; | ||||
|         }; | ||||
|         database = { | ||||
|           type = "postgres"; | ||||
|           uri = "postgresql:///mautrix_signal?host=/run/postgresql"; | ||||
|         }; | ||||
|         homeserver = { | ||||
|           address = "http://[::1]:8008"; | ||||
|           domain = "my-domain.tld"; | ||||
|         }; | ||||
|         appservice = { | ||||
|           id = "signal"; | ||||
|           ephemeral_events = false; | ||||
|         }; | ||||
|         matrix.message_status_events = true; | ||||
|         provisioning = { | ||||
|           shared_secret = "disable"; | ||||
|         }; | ||||
|         backfill.enabled = true; | ||||
|         encryption = { | ||||
|           allow = true; | ||||
|           default = true; | ||||
|           require = true; | ||||
|           pickle_key = "$ENCRYPTION_PICKLE_KEY"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
| 
 | ||||
| @ -103,10 +120,8 @@ in | ||||
|         File containing environment variables to be passed to the mautrix-signal service. | ||||
|         If an environment variable `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET` is set, | ||||
|         then its value will be used in the configuration file for the option | ||||
|         `login_shared_secret_map` without leaking it to the store, using the configured | ||||
|         `double_puppet.secrets` without leaking it to the store, using the configured | ||||
|         `homeserver.domain` as key. | ||||
|         See [here](https://github.com/mautrix/signal/blob/main/example-config.yaml) | ||||
|         for the documentation of `login_shared_secret_map`. | ||||
|       ''; | ||||
|     }; | ||||
| 
 | ||||
| @ -206,7 +221,7 @@ in | ||||
|         ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token | ||||
|           | .[0].appservice.hs_token = .[1].hs_token | ||||
|           | .[0] | ||||
|           | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \ | ||||
|           | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \ | ||||
|           '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' | ||||
|         mv '${settingsFile}.tmp' '${settingsFile}' | ||||
|         umask $old_umask | ||||
| @ -250,5 +265,12 @@ in | ||||
|       restartTriggers = [ settingsFileUnsubstituted ]; | ||||
|     }; | ||||
|   }; | ||||
|   meta.maintainers = with lib.maintainers; [ niklaskorz ]; | ||||
|   meta = { | ||||
|     buildDocsInSandbox = false; | ||||
|     doc = ./mautrix-signal.md; | ||||
|     maintainers = with lib.maintainers; [ | ||||
|       niklaskorz | ||||
|       frederictobiasc | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Frédéric Christ
						Frédéric Christ