forked from continuwuation/continuwuity
		
	
		
			
				
	
	
		
			130 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			130 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Continuwuity for NixOS
 | |
| 
 | |
| NixOS packages Continuwuity as `matrix-continuwuity`. This package includes both the Continuwuity software and a dedicated NixOS module for configuration and deployment.
 | |
| 
 | |
| ## Installation methods
 | |
| 
 | |
| You can acquire Continuwuity with Nix (or [Lix][lix]) from these sources:
 | |
| 
 | |
| * Directly from Nixpkgs using the official package (`pkgs.matrix-continuwuity`)
 | |
| * The `flake.nix` at the root of the Continuwuity repo
 | |
| * The `default.nix` at the root of the Continuwuity repo
 | |
| 
 | |
| ## NixOS module
 | |
| 
 | |
| Continuwuity now has an official NixOS module that simplifies configuration and deployment. The module is available in Nixpkgs as `services.matrix-continuwuity` from NixOS 25.05.
 | |
| 
 | |
| Here's a basic example of how to use the module:
 | |
| 
 | |
| ```nix
 | |
| { config, pkgs, ... }:
 | |
| 
 | |
| {
 | |
|   services.matrix-continuwuity = {
 | |
|     enable = true;
 | |
|     settings = {
 | |
|       global = {
 | |
|         server_name = "example.com";
 | |
|         # Listening on localhost by default
 | |
|         # address and port are handled automatically
 | |
|         allow_registration = false;
 | |
|         allow_encryption = true;
 | |
|         allow_federation = true;
 | |
|         trusted_servers = [ "matrix.org" ];
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| }
 | |
| ```
 | |
| 
 | |
| ### Available options
 | |
| 
 | |
| The NixOS module provides these configuration options:
 | |
| 
 | |
| - `enable`: Enable the Continuwuity service
 | |
| - `user`: The user to run Continuwuity as (defaults to "continuwuity")
 | |
| - `group`: The group to run Continuwuity as (defaults to "continuwuity")
 | |
| - `extraEnvironment`: Extra environment variables to pass to the Continuwuity server
 | |
| - `package`: The Continuwuity package to use
 | |
| - `settings`: The Continuwuity configuration (in TOML format)
 | |
| 
 | |
| Use the `settings` option to configure Continuwuity itself. See the [example configuration file](../configuration/examples.md#example-configuration) for all available options.
 | |
| 
 | |
| ### UNIX sockets
 | |
| 
 | |
| The NixOS module natively supports UNIX sockets through the `global.unix_socket_path` option. When using UNIX sockets, set `global.address` to `null`:
 | |
| 
 | |
| ```nix
 | |
| services.matrix-continuwuity = {
 | |
|   enable = true;
 | |
|   settings = {
 | |
|     global = {
 | |
|       server_name = "example.com";
 | |
|       address = null; # Must be null when using unix_socket_path
 | |
|       unix_socket_path = "/run/continuwuity/continuwuity.sock";
 | |
|       unix_socket_perms = 660; # Default permissions for the socket
 | |
|       # ...
 | |
|     };
 | |
|   };
 | |
| };
 | |
| ```
 | |
| 
 | |
| The module automatically sets the correct `RestrictAddressFamilies` in the systemd service configuration to allow access to UNIX sockets.
 | |
| 
 | |
| ### RocksDB database
 | |
| 
 | |
| Continuwuity exclusively uses RocksDB as its database backend. The system configures the database path automatically to `/var/lib/continuwuity/` and you cannot change it due to the service's reliance on systemd's StateDir.
 | |
| 
 | |
| If you're migrating from Conduit with SQLite, use this [tool to migrate a Conduit SQLite database to RocksDB](https://github.com/ShadowJonathan/conduit_toolbox/).
 | |
| 
 | |
| ### jemalloc and hardened profile
 | |
| 
 | |
| Continuwuity uses jemalloc by default. This may interfere with the [`hardened.nix` profile][hardened.nix] because it uses `scudo` by default. Either disable/hide `scudo` from Continuwuity or disable jemalloc like this:
 | |
| 
 | |
| ```nix
 | |
| services.matrix-continuwuity = {
 | |
|   enable = true;
 | |
|   package = pkgs.matrix-continuwuity.override {
 | |
|     enableJemalloc = false;
 | |
|   };
 | |
|   # ...
 | |
| };
 | |
| ```
 | |
| 
 | |
| ## Upgrading from Conduit
 | |
| 
 | |
| If you previously used Conduit with the `services.matrix-conduit` module:
 | |
| 
 | |
| 1. Ensure your Conduit uses the RocksDB backend, or migrate from SQLite using the [migration tool](https://github.com/ShadowJonathan/conduit_toolbox/)
 | |
| 2. Switch to the new module by changing `services.matrix-conduit` to `services.matrix-continuwuity` in your configuration
 | |
| 3. Update any custom configuration to match the new module's structure
 | |
| 
 | |
| ## Reverse proxy configuration
 | |
| 
 | |
| You'll need to set up a reverse proxy (like nginx or caddy) to expose Continuwuity to the internet. Configure your reverse proxy to forward requests to `/_matrix` on port 443 and 8448 to your Continuwuity instance.
 | |
| 
 | |
| Here's an example nginx configuration:
 | |
| 
 | |
| ```nginx
 | |
| server {
 | |
|     listen 443 ssl;
 | |
|     listen [::]:443 ssl;
 | |
|     listen 8448 ssl;
 | |
|     listen [::]:8448 ssl;
 | |
| 
 | |
|     server_name example.com;
 | |
| 
 | |
|     # SSL configuration here...
 | |
| 
 | |
|     location /_matrix/ {
 | |
|         proxy_pass http://127.0.0.1:6167$request_uri;
 | |
|         proxy_set_header Host $host;
 | |
|         proxy_set_header X-Real-IP $remote_addr;
 | |
|         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 | |
|         proxy_set_header X-Forwarded-Proto $scheme;
 | |
|     }
 | |
| }
 | |
| ```
 | |
| 
 | |
| [lix]: https://lix.systems/
 | |
| [hardened.nix]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
 |