NixOS Updates: LUKS FIDO2 Support, Network Interface Naming, Matrix-Synapse Database Changes, systemd.network Links, and MongoDB Relicensing

- It is now possible to unlock LUKS-Encrypted file systems using a FIDO2 token via `boot.initrd.luks.fido2Support`. - Predictably named network interfaces get renamed in stage-1. This means that it is possible to use the proper interface name for e.g. Dropbear setups. For further reference, please read [\#68953](https://github.com/NixOS/nixpkgs/pull/68953) or the corresponding [discourse thread](https://discourse.nixos.org/t/predictable-network-interface-names-in-initrd/4055). - The matrix-synapse-package has been updated to [v1.11.1](https://github.com/matrix-org/synapse/releases/tag/v1.11.1). Due to [stricter requirements](https://github.com/matrix-org/synapse/releases/tag/v1.10.0rc1) for database configuration when using postgresql, the automated database setup of the module has been removed to avoid any further edge-cases. matrix-synapse expects `postgresql`-databases to have the options `LC_COLLATE` and `LC_CTYPE` set to [`'C'`](https://www.postgresql.org/docs/12/locale.html) which basically instructs `postgresql` to ignore any locale-based preferences. Depending on your setup, you need to incorporate one of the following changes in your setup to upgrade to 20.03: - If you use `sqlite3` you don't need to do anything. - If you use `postgresql` on a different server, you don't need to change anything as well since this module was never designed to configure remote databases. - If you use `postgresql` and configured your synapse initially on `19.09` or older, you need to enable postgresql-support explicitly: ```nix { ... }: { services.matrix-synapse = { enable = true; # and all the other config you've defined here }; services.postgresql.enable = true; } ``` - If you deploy a fresh matrix-synapse, you need to configure the database yourself (e.g. by using the [services.postgresql.initialScript](options.html#opt-services.postgresql.initialScript) option). An example for this can be found in the [documentation of the Matrix module](#module-services-matrix). - If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it's recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html). - The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It's udev that parses `.link` files, not `systemd-networkd`. - mongodb has been updated to version `3.4.24`. ::: {.warning} Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it's not entirely free and not OSI-approved, it's listed as non-free. This means that Hydra doesn't provide prebuilt mongodb-packages and needs to be built locally. :::

This chunk details several updates and changes in NixOS: FIDO2 tokens can now unlock LUKS-encrypted file systems via `boot.initrd.luks.fido2Support`. Predictably named network interfaces are now renamed in stage-1, improving configurations like Dropbear. The matrix-synapse package has been updated to v1.11.1, removing its automated PostgreSQL database setup due to stricter requirements (specifically, `LC_COLLATE` and `LC_CTYPE` must be 'C'), with detailed upgrade instructions provided for different database setups, including manual configuration for fresh deployments. The `systemd.network.links` option is now respected even when `systemd-networkd` is disabled, as udev handles `.link` files. Lastly, MongoDB has been updated to 3.4.24, but its relicensing under the non-OSI-approved SSPL means it's considered non-free, requiring local building as Hydra will no longer provide prebuilt packages.