Wie Sie sehen, sehen sie nix!
https://docs.hacc.space
stuebinm
4c6f13c68a
tl;dr: mail config works, but on trying to send mail synapse gets rejected by postfix for using a too-old version of tls, as apparently tls in twisted (the python library used for mail in synapse) is just hardcoded to v1, which our postfix rejects. ``` postfix/smtpd[9737]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1685: synapse[9211]: synapse.handlers.identity: [POST-41] Error sending threepid validation email to stuebinm@hacc.space Traceback (most recent call last): File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/handlers/identity.py", line 382, in send_threepid_validation await send_email_func(email_address, token, client_secret, session_id) File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/push/mailer.py", line 207, in send_add_threepid_mail await self.send_email( File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/push/mailer.py", line 349, in send_email await make_deferred_yieldable( twisted.mail._except.SMTPConnectError: Unable to connect to server. ``` This is a known issue [1], which should be fixed in the current version of twisted, which will be in the next version of synapse. [1] https://github.com/matrix-org/synapse/issues/6211 |
||
---|---|---|
common | ||
desktop | ||
hosts | ||
modules | ||
nix | ||
pkgs | ||
services | ||
.gitignore | ||
.gitlab-ci.yml | ||
default.nix | ||
README.md |
hacc nixfiles
welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.
structure
default.nix
: Entrypoint to the configcommon/
: configuration common to all hostsdesktop/
: desktop-relevant communicationmodules/
: home-grown modules for hacc-specific servicesnix/
: sources files, managed with nivpkgs/
: packages we built and don't want to upstream
working with the haccfiles
deploy:
nix build -f . deploy.$hostname && ./result switch
$hostname
can be replaced with any hostname or group
committing to haccfiles
- Golden Rule: DO NOT COMMIT TO MAIN
- exceptions apply, if you are not sure where to commit, don't commit to main
- split up commits, every commit is one atomic change
- e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
- follow the commit format: "$prefix$place: $change"
- prefix: one of fixup, nothing
- place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
- change: describe your change, don't go over the character limit where git starts hiding/wrapping
- Exception: autogenerated messages (merge commits, reverts, etc)