From e5e4d387e11e2d877acd7cfc791b63e42000116b Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 3 Oct 2019 16:57:51 +0300
Subject: [PATCH 1/4] pythonPackages.python-pam: init at 1.8.4

---
 .../python-modules/python-pam/default.nix     | 23 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 25 insertions(+)
 create mode 100644 pkgs/development/python-modules/python-pam/default.nix

diff --git a/pkgs/development/python-modules/python-pam/default.nix b/pkgs/development/python-modules/python-pam/default.nix
new file mode 100644
index 000000000000..4065cd7c0145
--- /dev/null
+++ b/pkgs/development/python-modules/python-pam/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, buildPythonPackage, fetchPypi, pam }:
+
+buildPythonPackage rec {
+  pname = "python-pam";
+  version = "1.8.4";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "16whhc0vr7gxsbzvsnq65nq8fs3wwmx755cavm8kkczdkz4djmn8";
+  };
+
+  postPatch = ''
+    substituteInPlace pam.py --replace 'find_library("pam")' \
+      '"${pam}/lib/libpam${stdenv.hostPlatform.extensions.sharedLibrary}"'
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Python PAM module using ctypes";
+    homepage = "https://github.com/FirefighterBlu3/python-pam";
+    maintainers = with maintainers; [ abbradar ];
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 1b772561929c..50d3b48c8c0a 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -3316,6 +3316,8 @@ in {
 
   python-axolotl-curve25519 = callPackage ../development/python-modules/python-axolotl-curve25519 { };
 
+  python-pam = callPackage ../development/python-modules/python-pam { };
+
   pythonix = callPackage ../development/python-modules/pythonix {
     inherit (pkgs) meson pkgconfig;
   };

From 9f0da72abc39765471b60f7d33bb011eb5456bfb Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 3 Oct 2019 16:59:06 +0300
Subject: [PATCH 2/4] matrix-synapse: factor out plugins

We build plugins separately from the server now.
---
 pkgs/servers/matrix-synapse/default.nix       | 27 +++++--------------
 .../matrix-synapse/plugins/default.nix        |  5 ++++
 pkgs/servers/matrix-synapse/plugins/ldap3.nix | 17 ++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 4 files changed, 31 insertions(+), 20 deletions(-)
 create mode 100644 pkgs/servers/matrix-synapse/plugins/default.nix
 create mode 100644 pkgs/servers/matrix-synapse/plugins/ldap3.nix

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index d2c1afa0e7ca..15df735b7072 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -5,23 +5,9 @@
 with python3.pkgs;
 
 let
-  matrix-synapse-ldap3 = buildPythonPackage rec {
-    pname = "matrix-synapse-ldap3";
-    version = "0.1.4";
-
-    src = fetchPypi {
-      inherit pname version;
-      sha256 = "01bms89sl16nyh9f141idsz4mnhxvjrc3gj721wxh1fhikps0djx";
-    };
-
-    propagatedBuildInputs = [ service-identity ldap3 twisted ];
-
-    # ldaptor is not ready for py3 yet
-    doCheck = !isPy3k;
-    checkInputs = [ ldaptor mock ];
-  };
-
-in buildPythonApplication rec {
+  plugins = python3.pkgs.callPackage ./plugins { };
+in
+buildPythonApplication rec {
   pname = "matrix-synapse";
   version = "1.14.0";
 
@@ -45,7 +31,6 @@ in buildPythonApplication rec {
     jinja2
     jsonschema
     lxml
-    matrix-synapse-ldap3
     msgpack
     netaddr
     phonenumbers
@@ -79,12 +64,14 @@ in buildPythonApplication rec {
 
   doCheck = !stdenv.isDarwin;
 
-  passthru.tests = { inherit (nixosTests) matrix-synapse; };
-
   checkPhase = ''
     PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests
   '';
 
+  passthru.tests = { inherit (nixosTests) matrix-synapse; };
+  passthru.plugins = plugins;
+  passthru.python = python3;
+
   meta = with stdenv.lib; {
     homepage = "https://matrix.org";
     description = "Matrix reference homeserver";
diff --git a/pkgs/servers/matrix-synapse/plugins/default.nix b/pkgs/servers/matrix-synapse/plugins/default.nix
new file mode 100644
index 000000000000..e32ba673d291
--- /dev/null
+++ b/pkgs/servers/matrix-synapse/plugins/default.nix
@@ -0,0 +1,5 @@
+{ callPackage }:
+
+{
+  matrix-synapse-ldap3 = callPackage ./ldap3.nix { };
+}
diff --git a/pkgs/servers/matrix-synapse/plugins/ldap3.nix b/pkgs/servers/matrix-synapse/plugins/ldap3.nix
new file mode 100644
index 000000000000..9f1aec20033b
--- /dev/null
+++ b/pkgs/servers/matrix-synapse/plugins/ldap3.nix
@@ -0,0 +1,17 @@
+{ isPy3k, buildPythonPackage, fetchPypi, service-identity, ldap3, twisted, ldaptor, mock }:
+
+buildPythonPackage rec {
+  pname = "matrix-synapse-ldap3";
+  version = "0.1.4";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "01bms89sl16nyh9f141idsz4mnhxvjrc3gj721wxh1fhikps0djx";
+  };
+
+  propagatedBuildInputs = [ service-identity ldap3 twisted ];
+
+  # ldaptor is not ready for py3 yet
+  doCheck = !isPy3k;
+  checkInputs = [ ldaptor mock ];
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2f6c5dfea4f8..cee2dd78fccc 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4706,6 +4706,8 @@ in
     (https://github.com/NixOS/nixpkgs/issues/76093) */
   matrix-synapse = callPackage ../servers/matrix-synapse { /*python3 = python38;*/ };
 
+  matrix-synapse-plugins = recurseIntoAttrs matrix-synapse.plugins;
+
   matrix-appservice-slack = callPackage ../servers/matrix-synapse/matrix-appservice-slack {};
 
   mautrix-telegram = recurseIntoAttrs (callPackage ../servers/mautrix-telegram { });

From b5e9f87f82d4221f7504fa5d2c7da0c31b3263a8 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 3 Oct 2019 17:00:11 +0300
Subject: [PATCH 3/4] matrix-synapse-plugins.matrix-synapse-pam: init at 0.1.2

---
 pkgs/servers/matrix-synapse/plugins/default.nix |  1 +
 pkgs/servers/matrix-synapse/plugins/pam.nix     | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 pkgs/servers/matrix-synapse/plugins/pam.nix

diff --git a/pkgs/servers/matrix-synapse/plugins/default.nix b/pkgs/servers/matrix-synapse/plugins/default.nix
index e32ba673d291..f3dbaa1573f0 100644
--- a/pkgs/servers/matrix-synapse/plugins/default.nix
+++ b/pkgs/servers/matrix-synapse/plugins/default.nix
@@ -2,4 +2,5 @@
 
 {
   matrix-synapse-ldap3 = callPackage ./ldap3.nix { };
+  matrix-synapse-pam = callPackage ./pam.nix { };
 }
diff --git a/pkgs/servers/matrix-synapse/plugins/pam.nix b/pkgs/servers/matrix-synapse/plugins/pam.nix
new file mode 100644
index 000000000000..47ee28a7794c
--- /dev/null
+++ b/pkgs/servers/matrix-synapse/plugins/pam.nix
@@ -0,0 +1,15 @@
+{ buildPythonPackage, fetchFromGitHub, twisted, python-pam }:
+
+buildPythonPackage rec {
+  pname = "matrix-synapse-pam";
+  version = "0.1.2";
+
+  src = fetchFromGitHub {
+    owner = "14mRh4X0r";
+    repo = "matrix-synapse-pam";
+    rev = "v${version}";
+    sha256 = "10byma9hxz3g4sirw5sa4pvljn83h9vs7zc15chhpl2n14bdx45l";
+  };
+
+  propagatedBuildInputs = [ twisted python-pam ];
+}

From cd92184f3de50335c54cec707c5fa9a40e50a3f4 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 3 Oct 2019 17:00:41 +0300
Subject: [PATCH 4/4] matrix-synapse service: add plugins option

---
 nixos/modules/services/misc/matrix-synapse.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix
index 703bc9416f88..8ed4bbdd031c 100644
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@@ -9,6 +9,9 @@ let
   logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
   mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
   mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
+  pluginsEnv = cfg.package.python.buildEnv.override {
+    extraLibs = cfg.plugins;
+  };
   configFile = pkgs.writeText "homeserver.yaml" ''
 ${optionalString (cfg.tls_certificate_path != null) ''
 tls_certificate_path: "${cfg.tls_certificate_path}"
@@ -125,6 +128,14 @@ in {
           Overridable attribute of the matrix synapse server package to use.
         '';
       };
+      plugins = mkOption {
+        type = types.listOf types.package;
+        default = [ ];
+        defaultText = "with config.services.matrix-synapse.package.plugins [ matrix-synapse-ldap3 matrix-synapse-pam ]";
+        description = ''
+          List of additional Matrix plugins to make available.
+        '';
+      };
       no_tls = mkOption {
         type = types.bool;
         default = false;
@@ -686,6 +697,7 @@ in {
           --keys-directory ${cfg.dataDir} \
           --generate-keys
       '';
+      environment.PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
       serviceConfig = {
         Type = "notify";
         User = "matrix-synapse";