oss/continuwuity
oss/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-07-28 02:38:30 +00:00
Code Wiki Activity
continuwuity/docs/deploying/nixos.md

2.9 KiB
Raw Blame History

Continuwuity for NixOS

You can acquire Continuwuity with Nix (or Lix) from various places:

  • The flake.nix at the root of the repo
  • The default.nix at the root of the repo
  • From Continuwuity's binary cache

NixOS module

The flake.nix and default.nix do not currently provide a NixOS module (contributions welcome!), so you can use services.matrix-conduit from Nixpkgs to configure Continuwuity.

Conduit NixOS Config Module and SQLite

Beware! The services.matrix-conduit module defaults to SQLite as a database backend. Continuwuity dropped SQLite support in favor of exclusively supporting the much faster RocksDB. Make sure you are using the RocksDB backend before migrating!

There is a tool to migrate a Conduit SQLite database to RocksDB.

If you want to run the latest code, get Continuwuity from the flake.nix or default.nix and set services.matrix-conduit.package appropriately to use Continuwuity instead of Conduit.

UNIX sockets

Due to the lack of a Continuwuity NixOS module, when using the services.matrix-conduit module, a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX socket option does not exist in Conduit, and the module forcibly sets the address and port config options.

options.services.matrix-conduit.settings = lib.mkOption {
  apply = old: old // (
    if (old.global ? "unix_socket_path")
    then { global = builtins.removeAttrs old.global [ "address" "port" ]; }
    else {  }
  );
};

Additionally, the matrix-conduit systemd unit in the module does not allow the AF_UNIX socket address family in its systemd unit's RestrictAddressFamilies=. This disallows the namespace from accessing or creating UNIX sockets and must be enabled like this:

systemd.services.conduit.serviceConfig.RestrictAddressFamilies = [ "AF_UNIX" ];

Although these workarounds are feasible, a dedicated Continuwuity NixOS configuration module, developed and published by the community, would be appreciated.

jemalloc and hardened profile

Continuwuity uses jemalloc by default. This may interfere with the hardened.nix profile because it uses scudo by default. You must either disable/hide scudo from Continuwuity or disable jemalloc like this:

let
    conduwuit = pkgs.unstable.conduwuit.override {
      enableJemalloc = false;
    };
in