| 13 Dec 2021 |
 philipp | It seems like at least element-web needs an update | 15:58:26 |
| philipp | https://github.com/NixOS/nixpkgs/pull/150558 | 16:16:18 |
| philipp | schildichat also needs a fix but it's not out yet. | 16:22:04 |
| philipp | https://github.com/NixOS/nixpkgs/pull/150562 | 16:54:52 |
 Sumner Evans | These are security issues. Can we get some eyes on these from users who actually have permission to merge? | 17:45:30 |
| philipp | My attempt at the backport for the element issue that didn't go through automatically. https://github.com/NixOS/nixpkgs/pull/150589 | 19:00:28 |
| philipp | I simply followed what the backporting bot told me to do but I'm not sure if my result is correct. manual nix-build of element-desktop worked but nixpkgs-review fails with an issue in an unrelated package. | 19:01:46 |
 [0x4A6F] | Thanks, there is also https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#backporting-changes | 19:07:54 |
| 14 Dec 2021 |
 hexa | https://nixpk.gs/pr-tracker.html?pr=150578 | 02:26:38 |
| philipp | I fixed the bapckport for element to 21.05. I think this should still be a pretty high priority for us. Could somebody take a look? https://github.com/NixOS/nixpkgs/pull/150589 | 19:38:33 |
| 17 Dec 2021 |
|  kuecki left the room. | 13:26:46 |
| 22 Dec 2021 |
|  Kng joined the room. | 02:30:40 |
| Kng | hs_token and as_token doesn't have to persist right, just be the same when running? Is there any mechanic and/or pattern to generate shared secrets to a tempfs or something? | 15:14:04 |
| Kng | rn I just add as/hs_token to services.mautrix-facebook.registrationData | 15:14:59 |
| 23 Dec 2021 |
 @pacien:pacien.net | In reply to @kng:kng.re
hs_token and as_token doesn't have to persist right, just be the same when running? Is there any mechanic and/or pattern to generate shared secrets to a tempfs or something? you could create a systemd service to generate the registration file in a tmpfs and register it as a dependency of both your application service and your homeserver. This however only works when both are running on the same machine, which is not always the case, so this is done that way in the modules. There is also the issue of the permissions of that registration file… | 04:54:31 |
| Kng | In reply to @pacien:pacien.net
you could create a systemd service to generate the registration file in a tmpfs and register it as a dependency of both your application service and your homeserver. This however only works when both are running on the same machine, which is not always the case, so this is done that way in the modules. There is also the issue of the permissions of that registration file… Neat! I think I’ll try this, I’m not on multiple machines (yet?) | 11:00:22 |
| 25 Dec 2021 |
|  clango joined the room. | 18:23:00 |
| 31 Dec 2021 |
|  konaya changed their display name from konaya to SA0TAY. | 23:14:19 |
| konaya changed their display name from SA0TAY to konaya. | 23:14:49 |
| 6 Jan 2022 |
|  piegames joined the room. | 12:19:28 |
| piegames | I'm about to write an announcement for the newly added Heisenbridge and Conduit modules fro TWIM. Do you think I could link this room in the post? | 12:21:36 |
| philipp | For it. Discoverability of resources is still a problem in the nix ecosystem, so any bit helps. | 12:56:43 |
| piegames | Nixos deployment
I don't think we've previously had any Nix/NixOS/nixpkgs related entries in TWIM, so I'll start ^^
We now have a module for Heisenbridge and Conduit, which makes it super easy to deploy any of those services: My configuration for Heisenbridge is 21 lines long, and Conduit is only 11 lines. You can browse the available configuration options online: services.matrix-conduit, services.heisenbridge (note that some of them are freeform and simply forward to the upstream configuration).
For support, join our Matrix space at #nix:nixos.org and the Matrix-Nix channel: #matrix-nix:transformierende-gesellschaft.org
| 13:36:21 |
| piegames | Feedback? | 13:36:23 |
| piegames | * Nixos deployment
I don't think we've previously had any Nix/NixOS/nixpkgs related entries in TWIM, so I'll start ^^
We now have a module for Heisenbridge and Conduit, which makes it super easy to deploy any of those services: My configuration for Heisenbridge is 21 lines long, and Conduit is only 11 lines. You can browse the available configuration options online: services.matrix-conduit, services.heisenbridge (note that some of them are freeform and simply forward to the upstream configuration).
For those that are not into NixOS, a module is the code that turns the declarative configuration files into your running system setup. As an example, if you enable services.heisenbridge the following things are done for you:
- Create a new
heisenbridge user and group for the service
- Create and manage the registration file for the homeserver (i.e. automatically regenerate it after the configuration changed)
- Create a systemd service that runs the
heisenbridge command with the requested bridge configuration. The unit also sets a few systemd security hardening options.
For support, join our Matrix space at #nix:nixos.org and the Matrix-Nix channel: #matrix-nix:transformierende-gesellschaft.org
| 13:49:09 |
|  Janne Heß joined the room. | 14:01:33 |
| Janne Heß | In reply to @piegames:matrix.org
Feedback? I think you mentioned the wrong room. The space is #community:nixos.org iirc | 14:03:32 |
| piegames | Oh, fair point. #nix:nixos.org is the general channel then? | 14:09:05 |
| Janne Heß | Yup | 14:09:46 |
| Janne Heß | Also I'd go for We now have a module for Heisenbridge and Conduit → The newly released [NixOS](https://nixos.org) 21.11 has extended Matrix support to also include Conduit and Heisenbridge packages and modules (Synapse and Element have already been supported for some time now). (maybe?) | 14:12:24 |
