dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix Matrix package references to use nixpkgs-unstable

Browse source 
Matrix packages (mautrix-*, matrix-continuwuity) only exist in
nixpkgs-unstable, not in nixpkgs 24.05 stable. This commit updates
all module defaults and references to use pkgs-unstable.

Changes:
- Add pkgs-unstable to module function signatures (4 modules)
- Update package option defaults from pkgs.* to pkgs-unstable.*
- Configure pkgs-unstable in flake.nix to permit olm-3.2.16
- Add VM config permittedInsecurePackages for olm (mautrix dependency)

The olm library is deprecated with known CVEs but required by mautrix
bridges. This is acceptable for testing; production should migrate to
newer cryptography implementations when available.

This maintains our stable base system (NixOS 24.05) while using
unstable only for Matrix ecosystem packages under active development.
This commit is contained in:
Dan 2025-10-21 00:06:43 -07:00
parent b8e00b75f6
commit 4c38331e17
6 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
flake.nix
View file

@ -35,7 +35,12 @@
specialArgs = { specialArgs = {
pkgs-unstable = import nixpkgs-unstable { pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # Required by mautrix bridges (VM testing only)
];
};
}; };
}; };
modules = [ modules = [

7
hosts/ops-jrz1-vm.nix
View file

@ -15,6 +15,13 @@
# Note: Skip matrix-secrets for VM (no sops-nix in VM) # Note: Skip matrix-secrets for VM (no sops-nix in VM)
]; ];
# Allow deprecated olm library for Matrix bridges (VM testing only)
# Note: olm is deprecated with known CVEs but required by mautrix bridges
# This is acceptable for local testing; production should migrate to newer crypto
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
# VM-specific settings # VM-specific settings
networking.hostName = "ops-jrz1-vm"; networking.hostName = "ops-jrz1-vm";

6
modules/dev-services.nix
View file

@ -1,5 +1,5 @@
# Development services module - Matrix, Forgejo, and Slack bridge # Development services module - Matrix, Forgejo, and Slack bridge
{ config, pkgs, lib, ... }: { config, pkgs, pkgs-unstable, lib, ... }:
with lib; with lib;
@ -130,7 +130,7 @@ in
# Load secrets via systemd credentials (proper way for DynamicUser) # Load secrets via systemd credentials (proper way for DynamicUser)
LoadCredential = "matrix-registration-token:/run/secrets/matrix-registration-token"; LoadCredential = "matrix-registration-token:/run/secrets/matrix-registration-token";
ExecStart = "${pkgs.matrix-continuwuity}/bin/conduwuit -c /var/lib/matrix-continuwuity/continuwuity.toml"; ExecStart = "${pkgs-unstable.matrix-continuwuity}/bin/conduwuit -c /var/lib/matrix-continuwuity/continuwuity.toml";
Restart = "always"; Restart = "always";
RestartSec = "10s"; RestartSec = "10s";
@ -199,7 +199,7 @@ in
# mautrix-slack bridge # mautrix-slack bridge
services.mautrix-slack = mkIf cfg.slackBridge.enable { services.mautrix-slack = mkIf cfg.slackBridge.enable {
enable = true; enable = true;
package = pkgs.mautrix-slack or (pkgs.callPackage ../pkgs/mautrix-slack {}); package = pkgs-unstable.mautrix-slack or (pkgs-unstable.callPackage ../pkgs/mautrix-slack {});
matrix = { matrix = {
homeserverUrl = "http://localhost:${toString cfg.matrix.port}"; homeserverUrl = "http://localhost:${toString cfg.matrix.port}";

4
modules/mautrix-gmessages.nix
View file

@ -1,6 +1,6 @@
# mautrix-gmessages Matrix-Google Messages bridge # mautrix-gmessages Matrix-Google Messages bridge
# Bridges Google Messages (RCS/SMS/MMS) to Matrix via web interface # Bridges Google Messages (RCS/SMS/MMS) to Matrix via web interface
{ config, pkgs, lib, ... }: { config, pkgs, pkgs-unstable, lib, ... }:
with lib; with lib;
@ -119,7 +119,7 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.mautrix-gmessages; default = pkgs-unstable.mautrix-gmessages;
description = "Package providing the bridge executable."; description = "Package providing the bridge executable.";
}; };

4
modules/mautrix-slack.nix
View file

@ -1,7 +1,7 @@
# mautrix-slack Matrix-Slack bridge # mautrix-slack Matrix-Slack bridge
# Bridges Slack to Matrix via appservice # Bridges Slack to Matrix via appservice
# Implementation follows mautrix-gmessages pattern for config management # Implementation follows mautrix-gmessages pattern for config management
{ config, pkgs, lib, ... }: { config, pkgs, pkgs-unstable, lib, ... }:
with lib; with lib;
@ -55,7 +55,7 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.mautrix-slack; default = pkgs-unstable.mautrix-slack;
description = "Package providing the bridge executable."; description = "Package providing the bridge executable.";
}; };

4
modules/mautrix-whatsapp.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, pkgs-unstable, lib, ... }:
with lib; with lib;
@ -218,7 +218,7 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.mautrix-whatsapp; default = pkgs-unstable.mautrix-whatsapp;
description = "Package providing the bridge executable."; description = "Package providing the bridge executable.";
}; };