Matrix: Difference between revisions

(4 intermediate revisions by 3 users not shown)

Line 13:

=== Desktop clients ===

~~These~~ clients ~~are known to work:~~ <code>element-desktop</code> [https://element.io/] and <code>fractal</code> [https://gitlab.gnome.org/World/fractal]

The clients <code>element-desktop</code> [https://element.io/] and <code>fractal</code> [https://gitlab.gnome.org/World/fractal] are known to work and are kept up to date.

~~Most of the other~~ clients packaged in Nixpkgs, such as <code>matrix-commander</code>, <code>neochat</code>, <code>nheko</code>, ~~rely~~ on the ~~'''~~insecure~~''' and '''deprecated'''~~ <code>olm</code> library susceptible to various security vulnerabilities.[https://nvd.nist.gov/vuln/detail/CVE-2024-45191][https://nvd.nist.gov/vuln/detail/CVE-2024-45193][https://nvd.nist.gov/vuln/detail/CVE-2024-45192]

Other clients packaged in Nixpkgs, such as <code>matrix-commander</code>, <code>neochat</code>, <code>nheko</code>, depend on the insecure <code>olm</code> library susceptible to various security vulnerabilities.[https://nvd.nist.gov/vuln/detail/CVE-2024-45191][https://nvd.nist.gov/vuln/detail/CVE-2024-45193][https://nvd.nist.gov/vuln/detail/CVE-2024-45192]

If this is not a concern, the guide to [https://nixos.org/manual/nixpkgs/stable/#sec-allow-insecure install insecure packages] may be followed.

If this isn't a problem for you, you can install them as usual, and upon evaluation, Nix will helpfully guide you on how to [https://nixos.org/manual/nixpkgs/stable/#sec-allow-insecure install insecure packages].

=== Web clients ===

There is a web version of the client [https://element.io/ Element], <code>element-web</code> on Nixpkgs, which you can use as a regular web application. See [https://nixos.org/nixos/manual/index.html#module-services-matrix-element-web the NixOS manual entry].<syntaxhighlight lang="nixos">

Line 165:

Line 166:

</syntaxhighlight>

==== Livekit ====

==== Synapse with Workers ====

There's an external module to automatically set up synapse and configure nginx with workers:

https://github.com/dali99/nixos-matrix-modules

==== Synapse Admin with Caddy ====

Setting up [https://github.com/etkecc/synapse-admin Synapse Admin] with [[Caddy]] is quite easy!

The example uses the newer <code>pkgs.synapse-admin-etkecc</code> which may not be what you want if you have heard of the old one which is available at: <code>pkgs.synapse-admin</code>

{{File|3={ pkgs, ... }:

let

synapse-admin = pkgs.synapse-admin-etkecc.withConfig {

restrictBaseUrl = [

"https://matrix.example.com" # Synapse domain

];

};

in

{

services.caddy.virtualHosts."synapse-admin.example.com".extraConfig = ''

root * ${synapse-admin}

file_server

'';

}|name=/etc/nixos/configuration.nix|lang=nix}}

== Homeserver Independent ==

=== Livekit ===

In order to set up element call or for calls to work in Element X it is necessary to set up and announce livekit. To set up livekit for matrix in nixos use<syntaxhighlight lang="nix" line="1">

{ config, lib, pkgs, ... }: let

Line 173:

Line 199:

enable = true;

openFirewall = true;

settings.room.auto_create = false;

inherit keyFile;

};

Line 187:

Line 214:

path = with pkgs; [ livekit coreutils gawk ];

script = ''

~~if [ -f ${keyFile} ]; then~~

~~echo "Key exists"~~

~~else~~

echo "Key missing, generating key"

echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"

fi

'';

serviceConfig.Type = "oneshot";

unitConfig.ConditionPathExists = "!${keyFile}";

};

# restrict access to livekit room creation to a homeserver

Line 237:

Line 261:

}

</syntaxhighlight>

~~==== Synapse with Workers ====~~

~~There's an external module to automatically set up synapse and configure nginx with workers:~~

~~https://github.com/dali99/nixos-matrix-modules~~

== Application services (a.k.a. bridges) ==

@@ Line 13: / Line 13: @@
 === Desktop clients ===
-These clients are known to work: <code>element-desktop</code> [https://element.io/] and <code>fractal</code> [https://gitlab.gnome.org/World/fractal]
+The clients <code>element-desktop</code> [https://element.io/] and <code>fractal</code> [https://gitlab.gnome.org/World/fractal] are known to work and are kept up to date.
-Most of the other clients packaged in Nixpkgs, such as <code>matrix-commander</code>, <code>neochat</code>, <code>nheko</code>, rely on the '''insecure''' and '''deprecated''' <code>olm</code> library susceptible to various security vulnerabilities.[https://nvd.nist.gov/vuln/detail/CVE-2024-45191][https://nvd.nist.gov/vuln/detail/CVE-2024-45193][https://nvd.nist.gov/vuln/detail/CVE-2024-45192]
+Other clients packaged in Nixpkgs, such as <code>matrix-commander</code>, <code>neochat</code>, <code>nheko</code>, depend on the insecure <code>olm</code> library susceptible to various security vulnerabilities.[https://nvd.nist.gov/vuln/detail/CVE-2024-45191][https://nvd.nist.gov/vuln/detail/CVE-2024-45193][https://nvd.nist.gov/vuln/detail/CVE-2024-45192]
+If this is not a concern, the guide to [https://nixos.org/manual/nixpkgs/stable/#sec-allow-insecure install insecure packages] may be followed.
-If this isn't a problem for you, you can install them as usual, and upon evaluation, Nix will helpfully guide you on how to [https://nixos.org/manual/nixpkgs/stable/#sec-allow-insecure install insecure packages].
 === Web clients ===
 There is a web version of the client [https://element.io/ Element], <code>element-web</code> on Nixpkgs, which you can use as a regular web application.  See [https://nixos.org/nixos/manual/index.html#module-services-matrix-element-web the NixOS manual entry].<syntaxhighlight lang="nixos">
@@ Line 165: / Line 166: @@
 </syntaxhighlight>
-==== Livekit ====
+==== Synapse with Workers ====
+There's an external module to automatically set up synapse and configure nginx with workers:
+https://github.com/dali99/nixos-matrix-modules
+==== Synapse Admin with Caddy ====
+Setting up [https://github.com/etkecc/synapse-admin Synapse Admin] with [[Caddy]] is quite easy!
+The example uses the newer <code>pkgs.synapse-admin-etkecc</code> which may not be what you want if you have heard of the old one which is available at: <code>pkgs.synapse-admin</code>
+{{File|3={ pkgs, ... }:
+let
+  synapse-admin = pkgs.synapse-admin-etkecc.withConfig {
+    restrictBaseUrl = [
+      "https://matrix.example.com" # Synapse domain
+    ];
+  };
+in
+{
+  services.caddy.virtualHosts."synapse-admin.example.com".extraConfig = ''
+    root * ${synapse-admin}
+    file_server
+  '';
+}|name=/etc/nixos/configuration.nix|lang=nix}}
+== Homeserver Independent ==
+=== Livekit ===
 In order to set up element call or for calls to work in Element X it is necessary to set up and announce livekit. To set up livekit for matrix in nixos use<syntaxhighlight lang="nix" line="1">
 { config, lib, pkgs, ... }: let
@@ Line 173: / Line 199: @@
      enable = true;
      openFirewall = true;
+    settings.room.auto_create = false;
      inherit keyFile;
    };
@@ Line 187: / Line 214: @@
      path = with pkgs; [ livekit coreutils gawk ];
      script = ''
-      if [ -f ${keyFile} ]; then
-        echo "Key exists"
-      else
          echo "Key missing, generating key"
          echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
-      fi
      '';
      serviceConfig.Type = "oneshot";
+    unitConfig.ConditionPathExists = "!${keyFile}";
    };
    # restrict access to livekit room creation to a homeserver
@@ Line 237: / Line 261: @@
 }
 </syntaxhighlight>
-==== Synapse with Workers ====
-There's an external module to automatically set up synapse and configure nginx with workers:
-https://github.com/dali99/nixos-matrix-modules
 == Application services (a.k.a. bridges) ==