diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 2bcfc86b432b..69981e94a81c 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -388,6 +388,116 @@
its reliance on python2.
+
+
+ The matrix-synapse service
+ (services.matrix-synapse) has been
+ converted to use the settings option
+ defined in RFC42. This means that options that are part of
+ your homeserver.yaml configuration, and
+ that were specified at the top-level of the module
+ (services.matrix-synapse) now need to be
+ moved into
+ services.matrix-synapse.settings. And while
+ not all options you may use are defined in there, they are
+ still supported, because you can set arbitrary values in this
+ freeform type.
+
+
+ An example to make the required migration clearer:
+
+
+ Before:
+
+
+{
+ services.matrix-synapse = {
+ enable = true;
+
+ server_name = "example.com";
+ public_baseurl = "https://example.com:8448";
+
+ enable_registration = false;
+ registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
+ macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
+
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+
+ listeners = [ {
+ port = 8448;
+ bind_address = "";
+ type = "http";
+ tls = true;
+ resources = [ {
+ names = [ "client" ];
+ compress = true;
+ } {
+ names = [ "federation" ];
+ compress = false;
+ } ];
+ } ];
+
+ };
+}
+
+
+ After:
+
+
+{
+ services.matrix-synapse = {
+ enable = true;
+
+ # this attribute set holds all values that go into your homeserver.yaml configuration
+ # See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
+ # possible values.
+ settings = {
+ server_name = "example.com";
+ public_baseurl = "https://example.com:8448";
+
+ enable_registration = false;
+ # pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
+
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+
+ listeners = [ {
+ port = 8448;
+ bind_address = [
+ "::"
+ "0.0.0.0"
+ ];
+ type = "http";
+ tls = true;
+ resources = [ {
+ names = [ "client" ];
+ compress = true;
+ } {
+ names = [ "federation" ];
+ compress = false;
+ } ];
+ } ];
+ };
+
+ extraConfigFiles = [
+ /run/keys/matrix-synapse/secrets.yaml
+ ];
+ };
+}
+
+
+ The secrets in your original config should be migrated into a
+ YAML file that is included via
+ extraConfigFiles.
+
+
+ Additionally a few option defaults have been synced up with
+ upstream default values, for example the
+ max_upload_size grew from
+ 10M to 50M.
+
+
The MoinMoin wiki engine
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 650ace8d9d2a..e35c9c8c6ada 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -128,6 +128,95 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
+- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
+ This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
+ module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
+ may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
+
+ An example to make the required migration clearer:
+
+ Before:
+ ```nix
+ {
+ services.matrix-synapse = {
+ enable = true;
+
+ server_name = "example.com";
+ public_baseurl = "https://example.com:8448";
+
+ enable_registration = false;
+ registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
+ macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
+
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+
+ listeners = [ {
+ port = 8448;
+ bind_address = "";
+ type = "http";
+ tls = true;
+ resources = [ {
+ names = [ "client" ];
+ compress = true;
+ } {
+ names = [ "federation" ];
+ compress = false;
+ } ];
+ } ];
+
+ };
+ }
+ ```
+
+ After:
+ ```nix
+ {
+ services.matrix-synapse = {
+ enable = true;
+
+ # this attribute set holds all values that go into your homeserver.yaml configuration
+ # See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
+ # possible values.
+ settings = {
+ server_name = "example.com";
+ public_baseurl = "https://example.com:8448";
+
+ enable_registration = false;
+ # pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
+
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+ tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
+
+ listeners = [ {
+ port = 8448;
+ bind_address = [
+ "::"
+ "0.0.0.0"
+ ];
+ type = "http";
+ tls = true;
+ resources = [ {
+ names = [ "client" ];
+ compress = true;
+ } {
+ names = [ "federation" ];
+ compress = false;
+ } ];
+ } ];
+ };
+
+ extraConfigFiles = [
+ /run/keys/matrix-synapse/secrets.yaml
+ ];
+ };
+ }
+ ```
+
+ The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
+
+ Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
+
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.