From 3ad9fd2c464eae92306f08e600985a81b69fe568 Mon Sep 17 00:00:00 2001 From: mirror230469 Date: Fri, 27 Jun 2025 01:20:38 +0800 Subject: [PATCH 01/23] maintainers: add mirror230469 --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 78ebc75dae15..1d81d7868fb4 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -16655,6 +16655,12 @@ githubId = 1776903; name = "Andrew Abbott"; }; + mirror230469 = { + email = "mirror230469@disroot.org"; + github = "mirror230469"; + githubId = 215964377; + name = "mirror"; + }; mirrorwitch = { email = "mirrorwitch@transmom.love"; github = "mirrorwitch"; From 083f4c71b8b74128f00e5373a404e42ebb9c27c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:45:10 +0200 Subject: [PATCH 02/23] prosody: add mirror230469 as maintainer Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com> --- pkgs/servers/xmpp/prosody/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 891c7d866300..999d570dd01e 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -110,6 +110,9 @@ stdenv.mkDerivation rec { license = licenses.mit; homepage = "https://prosody.im"; platforms = platforms.linux; - maintainers = with maintainers; [ toastal ]; + maintainers = with maintainers; [ + toastal + mirror230469 + ]; }; } From b919d1cd8fedc0b085944a52609bfc8fc553caa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:46:17 +0200 Subject: [PATCH 03/23] prosody: use finalAttrs pattern Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com> --- pkgs/servers/xmpp/prosody/default.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 999d570dd01e..8b83430d7444 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -35,7 +35,7 @@ let ++ withExtraLuaPackages p ); in -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { version = "0.12.5"; # also update communityModules pname = "prosody"; # The following community modules are necessary for the nixos module @@ -47,7 +47,7 @@ stdenv.mkDerivation rec { "http_upload" ]; src = fetchurl { - url = "https://prosody.im/downloads/source/${pname}-${version}.tar.gz"; + url = "https://prosody.im/downloads/source/prosody-${finalAttrs.version}.tar.gz"; sha256 = "sha256-d4+3cHoPEDmVlbp6ucZt0qIojArjp/5Kt4+X1GK9OZ8="; }; @@ -93,9 +93,13 @@ stdenv.mkDerivation rec { postInstall = '' ${lib.concatMapStringsSep "\n" (module: '' - cp -r $communityModules/mod_${module} $out/lib/prosody/modules/ + cp -r ${finalAttrs.communityModules}/mod_${module} $out/lib/prosody/modules/ '') - (lib.lists.unique (nixosModuleDeps ++ withCommunityModules ++ withOnlyInstalledCommunityModules)) + ( + lib.lists.unique ( + finalAttrs.nixosModuleDeps ++ withCommunityModules ++ withOnlyInstalledCommunityModules + ) + ) } make -C tools/migration install ''; @@ -115,4 +119,4 @@ stdenv.mkDerivation rec { mirror230469 ]; }; -} +}) From e46dcd7074c41d570e7edbc5a8ef159b19c9ebb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:47:30 +0200 Subject: [PATCH 04/23] prosody: 0.12.5 -> 13.0.2, nixos/prosody: fix startup Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com> --- nixos/modules/services/networking/prosody.nix | 5 +++-- pkgs/servers/xmpp/prosody/default.nix | 9 +++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 468549281fc8..b46c97f96d81 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -993,11 +993,12 @@ in { User = cfg.user; Group = cfg.group; - Type = "forking"; + Type = "simple"; RuntimeDirectory = [ "prosody" ]; PIDFile = "/run/prosody/prosody.pid"; - ExecStart = "${cfg.package}/bin/prosodyctl start"; + ExecStart = "${lib.getExe cfg.package} -F"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "on-abnormal"; MemoryDenyWriteExecute = true; PrivateDevices = true; diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 8b83430d7444..fb90cd5016ae 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -36,7 +36,7 @@ let ); in stdenv.mkDerivation (finalAttrs: { - version = "0.12.5"; # also update communityModules + version = "13.0.2"; # also update communityModules pname = "prosody"; # The following community modules are necessary for the nixos module # prosody module to comply with XEP-0423 and provide a working @@ -48,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: { ]; src = fetchurl { url = "https://prosody.im/downloads/source/prosody-${finalAttrs.version}.tar.gz"; - sha256 = "sha256-d4+3cHoPEDmVlbp6ucZt0qIojArjp/5Kt4+X1GK9OZ8="; + hash = "sha256-PmG9OW83ylJF3r/WvkmkemGRMy8Pqi1O5fAPuwQK3bA="; }; # A note to all those merging automated updates: Please also update this @@ -56,8 +56,8 @@ stdenv.mkDerivation (finalAttrs: { # version. communityModules = fetchhg { url = "https://hg.prosody.im/prosody-modules"; - rev = "fc521fb5ffa0"; - hash = "sha256-Ci52Xkx1xd3GW9lBPKgWFBB52SocxKyj8f/Hq3hZeak="; + rev = "a4d7fefa4a8b"; + hash = "sha256-lPxKZlIVyAt1Nx+PQ0ru0qihJ1ecBbvO0fMk+5D+NzE="; }; nativeBuildInputs = [ makeWrapper ]; @@ -114,6 +114,7 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.mit; homepage = "https://prosody.im"; platforms = platforms.linux; + mainProgram = "prosody"; maintainers = with maintainers; [ toastal mirror230469 From 246e3fbf0f16b3a8c710ca018d9aeca99c71f1df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:47:50 +0200 Subject: [PATCH 05/23] nixos/prosody: allow listening on port 80 Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com> --- nixos/modules/services/networking/prosody.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index b46c97f96d81..a1b0f598ca2d 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -1000,6 +1000,7 @@ in ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "on-abnormal"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; MemoryDenyWriteExecute = true; PrivateDevices = true; PrivateMounts = true; From 21e3f8e74201feb65c7a85f334da37ee4bef5e8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:48:02 +0200 Subject: [PATCH 06/23] prosody: minor cleanups --- pkgs/servers/xmpp/prosody/default.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index fb90cd5016ae..3628c23dc242 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -36,8 +36,14 @@ let ); in stdenv.mkDerivation (finalAttrs: { - version = "13.0.2"; # also update communityModules pname = "prosody"; + version = "13.0.2"; # also update communityModules + + src = fetchurl { + url = "https://prosody.im/downloads/source/prosody-${finalAttrs.version}.tar.gz"; + hash = "sha256-PmG9OW83ylJF3r/WvkmkemGRMy8Pqi1O5fAPuwQK3bA="; + }; + # The following community modules are necessary for the nixos module # prosody module to comply with XEP-0423 and provide a working # default setup. @@ -46,10 +52,6 @@ stdenv.mkDerivation (finalAttrs: { "vcard_muc" "http_upload" ]; - src = fetchurl { - url = "https://prosody.im/downloads/source/prosody-${finalAttrs.version}.tar.gz"; - hash = "sha256-PmG9OW83ylJF3r/WvkmkemGRMy8Pqi1O5fAPuwQK3bA="; - }; # A note to all those merging automated updates: Please also update this # attribute as some modules might not be compatible with a newer prosody @@ -61,6 +63,7 @@ stdenv.mkDerivation (finalAttrs: { }; nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ luaEnv libidn @@ -77,6 +80,7 @@ stdenv.mkDerivation (finalAttrs: { "--c-compiler=${stdenv.cc.targetPrefix}cc" "--linker=${stdenv.cc.targetPrefix}cc" ]; + configurePlatforms = [ ]; postBuild = '' From 187ee9d89568fd82f24b35190264005682759b78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 31 Jul 2025 22:17:21 +0200 Subject: [PATCH 07/23] prosody: add c3d2 team as maintainer --- pkgs/servers/xmpp/prosody/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 3628c23dc242..8f05fd61806f 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -123,5 +123,6 @@ stdenv.mkDerivation (finalAttrs: { toastal mirror230469 ]; + teams = with lib.teams; [ c3d2 ]; }; }) From c26ed9f39126e932759319b0601401f4d3b0c3fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:26:51 +0200 Subject: [PATCH 08/23] nixos/prosody: remove vcard_muc as it has been obsoloted Sadly I did not find a way to use lib.mkRemovedOptionModule for this option that did not break eval. :( --- nixos/modules/services/networking/prosody.nix | 7 +------ pkgs/servers/xmpp/prosody/default.nix | 1 - 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index a1b0f598ca2d..48ad1f6ee4db 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -369,11 +369,6 @@ let kick other. Useful in jitsi-meet to kick ghosts. ''; }; - vcard_muc = mkOption { - type = types.bool; - default = true; - description = "Adds the ability to set vCard for Multi User Chat rooms"; - }; # Extra parameters. Defaulting to prosody default values. # Adding them explicitly to make them visible from the options @@ -579,7 +574,7 @@ let ${lib.concatMapStrings (muc: '' Component ${toLua muc.domain} "muc" - modules_enabled = { "muc_mam"; ${optionalString muc.vcard_muc ''"vcard_muc";''} ${optionalString muc.allowners_muc ''"muc_allowners";''} } + modules_enabled = { "muc_mam"; ${optionalString muc.allowners_muc ''"muc_allowners";''} } name = ${toLua muc.name} restrict_room_creation = ${toLua muc.restrictRoomCreation} max_history_messages = ${toLua muc.maxHistoryMessages} diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 8f05fd61806f..c63abc449323 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -49,7 +49,6 @@ stdenv.mkDerivation (finalAttrs: { # default setup. nixosModuleDeps = [ "cloud_notify" - "vcard_muc" "http_upload" ]; From 4e12c9b92e1d9dad6f6f4b7fe68b11061c18d593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:30:35 +0200 Subject: [PATCH 09/23] nixos/prosody: remove obsoloted http_upload and replace it with http_file_share --- nixos/modules/services/networking/prosody.nix | 144 +++++++----------- nixos/tests/xmpp/prosody.nix | 2 +- pkgs/servers/xmpp/prosody/default.nix | 1 - 3 files changed, 58 insertions(+), 89 deletions(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 48ad1f6ee4db..657ee76576bb 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -418,62 +418,50 @@ let }; }; - uploadHttpOpts = _: { - options = { - domain = mkOption { - type = types.nullOr types.str; - description = "Domain name for the http-upload service"; - }; - uploadFileSizeLimit = mkOption { - type = types.str; - default = "50 * 1024 * 1024"; - description = "Maximum file size, in bytes. Defaults to 50MB."; - }; - uploadExpireAfter = mkOption { - type = types.str; - default = "60 * 60 * 24 * 7"; - description = "Max age of a file before it gets deleted, in seconds."; - }; - userQuota = mkOption { - type = types.nullOr types.int; - default = null; - example = 1234; - description = '' - Maximum size of all uploaded files per user, in bytes. There - will be no quota if this option is set to null. - ''; - }; - httpUploadPath = mkOption { - type = types.str; - description = '' - Directory where the uploaded files will be stored when the http_upload module is used. - By default, uploaded files are put in a sub-directory of the default Prosody storage path (usually /var/lib/prosody). - ''; - default = "/var/lib/prosody"; + httpFileShareOpts = + { config, options, ... }: + { + freeformType = + with types; + let + atom = oneOf [ + int + bool + str + (listOf atom) + ]; + in + attrsOf (nullOr atom) + // { + description = "int, bool, string or list of them"; + }; + options = { + domain = mkOption { + type = with types; nullOr str; + description = "Domain name for a http_file_share service."; + }; + size_limit = mkOption { + type = types.int; + default = 10 * 1024 * 1024; + defaultText = "10 * 1024 * 1024"; + description = "Maximum file size, in bytes."; + }; + expires_after = mkOption { + type = types.str; + default = "1 week"; + description = "Max age of a file before it gets deleted."; + }; + daily_quota = mkOption { + type = types.nullOr types.int; + default = 10 * config.size_limit; + defaultText = lib.literalExpression "10 * ${options.size_limit}"; + example = "100*1024*1024"; + description = '' + Maximum size of daily uploaded files per user, in bytes. + ''; + }; }; }; - }; - - httpFileShareOpts = _: { - freeformType = - with types; - let - atom = oneOf [ - int - bool - str - (listOf atom) - ]; - in - attrsOf (nullOr atom) - // { - description = "int, bool, string or list of them"; - }; - options.domain = mkOption { - type = with types; nullOr str; - description = "Domain name for a http_file_share service."; - }; - }; vHostOpts = _: { options = { @@ -505,15 +493,10 @@ let configFile = let - httpDiscoItems = - optional (cfg.uploadHttp != null) { - url = cfg.uploadHttp.domain; - description = "HTTP upload endpoint"; - } - ++ optional (cfg.httpFileShare != null) { - url = cfg.httpFileShare.domain; - description = "HTTP file share endpoint"; - }; + httpDiscoItems = optional (cfg.httpFileShare != null) { + url = cfg.httpFileShare.domain; + description = "HTTP file share endpoint"; + }; mucDiscoItems = builtins.foldl' ( acc: muc: [ @@ -592,18 +575,9 @@ let ${muc.extraConfig} '') cfg.muc} - ${lib.optionalString (cfg.uploadHttp != null) '' - Component ${toLua cfg.uploadHttp.domain} "http_upload" - http_upload_file_size_limit = ${cfg.uploadHttp.uploadFileSizeLimit} - http_upload_expire_after = ${cfg.uploadHttp.uploadExpireAfter} - ${lib.optionalString ( - cfg.uploadHttp.userQuota != null - ) "http_upload_quota = ${toLua cfg.uploadHttp.userQuota}"} - http_upload_path = ${toLua cfg.uploadHttp.httpUploadPath} - ''} - ${lib.optionalString (cfg.httpFileShare != null) '' Component ${toLua cfg.httpFileShare.domain} "http_file_share" + modules_disabled = { "s2s" } ${settingsToLua " http_file_share_" (cfg.httpFileShare // { domain = null; })} ''} @@ -812,20 +786,11 @@ in description = "Additional path in which to look find plugins/modules"; }; - uploadHttp = mkOption { - description = '' - Configures the old Prosody builtin HTTP server to handle user uploads. - ''; - type = types.nullOr (types.submodule uploadHttpOpts); - default = null; - example = { - domain = "uploads.my-xmpp-example-host.org"; - }; - }; - httpFileShare = mkOption { description = '' Configures the http_file_share module to handle user uploads. + + See for a full list of options. ''; type = types.nullOr (types.submodule httpFileShareOpts); default = null; @@ -914,6 +879,12 @@ in }; }; + imports = [ + (lib.mkRemovedOptionModule [ "services" "prosody" "uploadHttp" ] + "mod_http_upload has been obsoloted and been replaced by mod_http_file_share which can be configured with httpFileShare options." + ) + ]; + config = mkIf cfg.enable { assertions = let @@ -936,10 +907,9 @@ in + genericErrMsg; } { - assertion = cfg.uploadHttp != null || cfg.httpFileShare != null || !cfg.xmppComplianceSuite; + assertion = cfg.httpFileShare != null || !cfg.xmppComplianceSuite; message = '' - You need to setup the http_upload or http_file_share modules through config.services.prosody.uploadHttp - or config.services.prosody.httpFileShare to comply with XEP-0423. + You need to setup http_file_share modules through config.services.prosody.httpFileShare to comply with XEP-0423. '' + genericErrMsg; } diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index 0183e876803e..2738ba386e6f 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -89,7 +89,7 @@ import ../make-test-python.nix { domain = "conference.example.com"; } ]; - uploadHttp = { + httpFileShare = { domain = "uploads.example.com"; }; }; diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index c63abc449323..bc261542477d 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -49,7 +49,6 @@ stdenv.mkDerivation (finalAttrs: { # default setup. nixosModuleDeps = [ "cloud_notify" - "http_upload" ]; # A note to all those merging automated updates: Please also update this From d323803eee83a3654648f412e1111f0797545ab7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:31:48 +0200 Subject: [PATCH 10/23] nixos/prosody: minor formatting cleanup --- nixos/modules/services/networking/prosody.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 657ee76576bb..7810e4488b7f 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -524,7 +524,6 @@ let admins = ${toLua cfg.admins} modules_enabled = { - ${lib.concatStringsSep "\n " ( lib.mapAttrsToList (name: val: optionalString val "${toLua name};") cfg.modules )} @@ -590,7 +589,6 @@ let '') cfg.virtualHosts )} ''; - in { options = { From c8094c2f0376b70474106f3284fcbfe8c6a2c874 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:32:30 +0200 Subject: [PATCH 11/23] nixos/prosody: fix logged error that /etc/mime.types cannot be found --- nixos/modules/services/networking/prosody.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 7810e4488b7f..e92d5c33ee7b 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -552,6 +552,8 @@ let http_ports = ${toLua cfg.httpPorts} https_ports = ${toLua cfg.httpsPorts} + mime_types_file = "${pkgs.mailcap}/etc/mime.types" + ${cfg.extraConfig} ${lib.concatMapStrings (muc: '' From 404f32129e4206457a1d4a15601607864ada27c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:54:57 +0200 Subject: [PATCH 12/23] nixos/tests/prosody: create cert with SANs --- nixos/tests/xmpp/prosody.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index 2738ba386e6f..9d947c52e5da 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -2,7 +2,8 @@ let cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' - openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500 + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 \ + -subj '/C=GB/CN=example.com' -addext "subjectAltName = DNS:example.com,DNS:uploads.example.com,DNS:conference.example.com" mkdir -p $out cp key.pem cert.pem $out ''; From e406b1f7dc059479764cbcd1811562dfd4755e8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:56:19 +0200 Subject: [PATCH 13/23] nixos/tests/prosody: misc cleanup --- nixos/tests/xmpp/prosody.nix | 43 ++++++++++++++---------------------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index 9d947c52e5da..08c49637918c 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -7,33 +7,26 @@ let mkdir -p $out cp key.pem cert.pem $out ''; + + # Creates and set password for the 2 xmpp test users. + # + # Doing that in a bash script instead of doing that in the test + # script allow us to easily provision the users when running that + # test interactively. createUsers = pkgs: pkgs.writeScriptBin "create-prosody-users" '' #!${pkgs.bash}/bin/bash set -e - - # Creates and set password for the 2 xmpp test users. - # - # Doing that in a bash script instead of doing that in the test - # script allow us to easily provision the users when running that - # test interactively. - prosodyctl register cthon98 example.com nothunter2 prosodyctl register azurediamond example.com hunter2 ''; + # Deletes the test users. delUsers = pkgs: pkgs.writeScriptBin "delete-prosody-users" '' #!${pkgs.bash}/bin/bash set -e - - # Deletes the test users. - # - # Doing that in a bash script instead of doing that in the test - # script allow us to easily provision the users when running that - # test interactively. - prosodyctl deluser cthon98@example.com prosodyctl deluser azurediamond@example.com ''; @@ -45,7 +38,6 @@ import ../make-test-python.nix { { nodes, pkgs, - config, ... }: { @@ -60,6 +52,7 @@ import ../make-test-python.nix { (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; }) ]; }; + server = { config, pkgs, ... }: { @@ -97,16 +90,14 @@ import ../make-test-python.nix { }; }; - testScript = - { nodes, ... }: - '' - # Check with sqlite storage - start_all() - server.wait_for_unit("prosody.service") - server.succeed('prosodyctl status | grep "Prosody is running"') + testScript = _: '' + # Check with sqlite storage + start_all() + server.wait_for_unit("prosody.service") + server.succeed('prosodyctl status | grep "Prosody is running"') - server.succeed("create-prosody-users") - client.succeed("send-message") - server.succeed("delete-prosody-users") - ''; + server.succeed("create-prosody-users") + client.succeed("send-message") + server.succeed("delete-prosody-users") + ''; } From 33f41baebd9aa73a4d12bcf08051b339c0d8eaa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:57:04 +0200 Subject: [PATCH 14/23] nixos/tests/prosody: use writeShellScriptBin wrapper --- nixos/tests/xmpp/prosody.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index 08c49637918c..abed11e5308a 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -15,8 +15,7 @@ let # test interactively. createUsers = pkgs: - pkgs.writeScriptBin "create-prosody-users" '' - #!${pkgs.bash}/bin/bash + pkgs.writeShellScriptBin "create-prosody-users" '' set -e prosodyctl register cthon98 example.com nothunter2 prosodyctl register azurediamond example.com hunter2 @@ -24,8 +23,7 @@ let # Deletes the test users. delUsers = pkgs: - pkgs.writeScriptBin "delete-prosody-users" '' - #!${pkgs.bash}/bin/bash + pkgs.writeShellScriptBin "delete-prosody-users" '' set -e prosodyctl deluser cthon98@example.com prosodyctl deluser azurediamond@example.com From 02c796e210b4bf71ebf63f197cbf6103763ca0bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:57:34 +0200 Subject: [PATCH 15/23] nixos/tests/prosody: remove french console layout --- nixos/tests/xmpp/prosody.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index abed11e5308a..e8d0677107f4 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -40,7 +40,6 @@ import ../make-test-python.nix { }: { security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; - console.keyMap = "fr-bepo"; networking.extraHosts = '' ${nodes.server.config.networking.primaryIPAddress} example.com ${nodes.server.config.networking.primaryIPAddress} conference.example.com @@ -55,7 +54,6 @@ import ../make-test-python.nix { { config, pkgs, ... }: { security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; - console.keyMap = "fr-bepo"; networking.extraHosts = '' ${config.networking.primaryIPAddress} example.com ${config.networking.primaryIPAddress} conference.example.com From 6db83a2f0e994bc862fd37565bc9397f84dca04b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 01:57:49 +0200 Subject: [PATCH 16/23] nixos/tests/prosody: fix warning --- nixos/tests/xmpp/prosody.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index e8d0677107f4..50df32f49601 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -41,9 +41,9 @@ import ../make-test-python.nix { { security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; networking.extraHosts = '' - ${nodes.server.config.networking.primaryIPAddress} example.com - ${nodes.server.config.networking.primaryIPAddress} conference.example.com - ${nodes.server.config.networking.primaryIPAddress} uploads.example.com + ${nodes.server.networking.primaryIPAddress} example.com + ${nodes.server.networking.primaryIPAddress} conference.example.com + ${nodes.server.networking.primaryIPAddress} uploads.example.com ''; environment.systemPackages = [ (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; }) From 3ea8513fb5431b65e827a9fb7bf72395e12db34f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 02:04:07 +0200 Subject: [PATCH 17/23] nixos/prosody: disable http_files per default as it requires configuration to not break http_file_share --- nixos/modules/services/networking/prosody.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index e92d5c33ee7b..cd69f827b99c 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -182,7 +182,7 @@ let http_files = mkOption { type = types.bool; - default = true; + default = false; description = "Serve static files from a directory over HTTP"; }; From 445cd5701d9874795241a8a5538f83b732047120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:33:17 +0200 Subject: [PATCH 18/23] nixos/prosody: enable admin_shell to fix tests --- nixos/modules/services/networking/prosody.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index cd69f827b99c..275b90848f27 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -524,6 +524,7 @@ let admins = ${toLua cfg.admins} modules_enabled = { + "admin_shell"; -- for prosodyctl ${lib.concatStringsSep "\n " ( lib.mapAttrsToList (name: val: optionalString val "${toLua name};") cfg.modules )} From a302465e0ed2cc85f92e3534e3ca2cf707dc8dca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:34:16 +0200 Subject: [PATCH 19/23] nixos/prosody: wire up modules.mam option --- nixos/modules/services/networking/prosody.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 275b90848f27..c270b1465122 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -559,7 +559,7 @@ let ${lib.concatMapStrings (muc: '' Component ${toLua muc.domain} "muc" - modules_enabled = { "muc_mam"; ${optionalString muc.allowners_muc ''"muc_allowners";''} } + modules_enabled = {${optionalString cfg.modules.mam ''" muc_mam";''}${optionalString muc.allowners_muc ''" muc_allowners";''} } name = ${toLua muc.name} restrict_room_creation = ${toLua muc.restrictRoomCreation} max_history_messages = ${toLua muc.maxHistoryMessages} From 76224149c10ea1e9c4b7fe7edb9baba9cdbeaeed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:34:49 +0200 Subject: [PATCH 20/23] nixos/prosody: fix certs directory missing error Prosody starts without it but not lay false leads for others to debug. --- nixos/modules/services/networking/prosody.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index c270b1465122..b097843c1c9d 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -920,6 +920,9 @@ in environment.systemPackages = [ cfg.package ]; + # prevent error if not all certs are configured by the user + environment.etc."prosody/certs/.dummy".text = ""; + environment.etc."prosody/prosody.cfg.lua".source = if cfg.checkConfig then pkgs.runCommandLocal "prosody.cfg.lua" From dfa4ce2923eb6925ec9688be7364a7a4452d94f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:35:37 +0200 Subject: [PATCH 21/23] nixos/prosody: add support for httpFileShare.http_host --- nixos/modules/services/networking/prosody.nix | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index b097843c1c9d..1cb047c9b125 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -440,6 +440,14 @@ let type = with types; nullOr str; description = "Domain name for a http_file_share service."; }; + http_host = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + To avoid an additional DNS record and certificate, you may set this option to your primary domain (e.g. "example.com") + or use a reverse proxy to handle the HTTP for that domain. + ''; + }; size_limit = mkOption { type = types.int; default = 10 * 1024 * 1024; @@ -577,11 +585,18 @@ let ${muc.extraConfig} '') cfg.muc} - ${lib.optionalString (cfg.httpFileShare != null) '' - Component ${toLua cfg.httpFileShare.domain} "http_file_share" - modules_disabled = { "s2s" } - ${settingsToLua " http_file_share_" (cfg.httpFileShare // { domain = null; })} - ''} + ${ + lib.optionalString (cfg.httpFileShare != null) '' + Component ${toLua cfg.httpFileShare.domain} "http_file_share" + modules_disabled = { "s2s" } + '' + + lib.optionalString (cfg.httpFileShare.http_host != null) '' + http_host = "${cfg.httpFileShare.http_host}" + '' + + '' + ${settingsToLua " http_file_share_" (cfg.httpFileShare // { domain = null; })} + '' + } ${lib.concatStringsSep "\n" ( lib.mapAttrsToList (n: v: '' From ccefdbb5873d85888d18e2cda44ef6e1d5a9671e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 04:54:58 +0200 Subject: [PATCH 22/23] nixos/release-notes: add notes for prosody 13.0.0. --- nixos/doc/manual/release-notes/rl-2511.section.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index 4f51b1e520e6..d199c9526b6b 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -107,6 +107,14 @@ - The `dovecot` systemd service was renamed from `dovecot2` to `dovecot`. The former is now just an alias. Update any overrides on the systemd unit to the new name. +- `Prosody` has been updated to major release 13 which removed some obsoleted modules and brought a couple of major and breaking changes: + - The `http_files` module is now disabled by default because it now requires `http_files_dir` to be configured. + - The `vcard_muc` module has been removed and got replaced by the inbuilt `muc_vcard` module. + - The `http_upload` module has been removed and you must migrate to the `http_file_share` module to stay XEP-0423 compliant. The `httpFileShare` options got expanded to better facility that. + - The `admin_shell` module is now always being loaded to make `prosodyctl` functional. + - The `mime_types_file` setting is now set to `"${pkgs.mailcap}/etc/mime.types"` to prevent errors. + For a complete list of changes, please see [their announcement](https://blog.prosody.im/prosody-13.0.0-released/). + - The `yeahwm` package and `services.xserver.windowManager.yeahwm` module were removed due to the package being broken and unmaintained upstream. - The `services.postgresql` module now sets up a systemd unit `postgresql.target`. Depending on `postgresql.target` guarantees that postgres is in read-write mode and initial/ensure scripts were executed. Depending on `postgresql.service` only guarantees a read-only connection. From e42cceb90c490aa5bb0a1c82e9601febadd3f84b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 1 Aug 2025 06:42:43 +0200 Subject: [PATCH 23/23] nixos/prosody: fix message reactions and moderation in muc's It took us over 3 hours to figure this out, I want to cry :,( --- nixos/modules/services/networking/prosody.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 1cb047c9b125..d1de1854c938 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -567,7 +567,7 @@ let ${lib.concatMapStrings (muc: '' Component ${toLua muc.domain} "muc" - modules_enabled = {${optionalString cfg.modules.mam ''" muc_mam";''}${optionalString muc.allowners_muc ''" muc_allowners";''} } + modules_enabled = {${optionalString cfg.modules.mam ''" muc_mam",''}${optionalString muc.allowners_muc ''" muc_allowners",''} } name = ${toLua muc.name} restrict_room_creation = ${toLua muc.restrictRoomCreation} max_history_messages = ${toLua muc.maxHistoryMessages}