Fix mautrix-slack configuration and Matrix integration

- Add bridge.permissions for clarun.xyz to fix crash loop - Configure Matrix homeserver to load appservice registration - Update workspace from delpadtech to chochacho - Remove duplicate matrix-homeserver service config - Fix sops secret permissions for DynamicUser services
2025-10-25 17:36:07 -07:00 · 2025-10-25 17:36:07 -07:00 · d6e0df31ae
parent c4a00356fc
commit d6e0df31ae
2 changed files with 22 additions and 11 deletions
--- a/hosts/ops-jrz1.nix
+++ b/hosts/ops-jrz1.nix
@ -27,9 +27,9 @@
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  sops.secrets.matrix-registration-token = {
-    owner = "continuwuity";
-    group = "continuwuity";
-    mode = "0440";
+    # Used by dev-services.nix matrix-continuwuity via systemd LoadCredential
+    # Root ownership is correct for DynamicUser services
+    mode = "0400";
  };

  sops.secrets.acme-email = {
@ -38,13 +38,15 @@
  };

  # Matrix homeserver configuration
-  services.matrix-homeserver = {
-    enable = true;
-    domain = "clarun.xyz";
-    port = 8008;
-    enableRegistration = true;
-    enableFederation = false;
-  };
+  # NOTE: Disabled in favor of dev-platform.matrix which provides integrated
+  # bridge coordination and systemd credential-based secrets management
+  # services.matrix-homeserver = {
+  #   enable = true;
+  #   domain = "clarun.xyz";
+  #   port = 8008;
+  #   enableRegistration = true;
+  #   enableFederation = false;
+  # };

  # Development platform services (Matrix, Forgejo, bridges)
  services.dev-platform = {
@ -65,7 +67,7 @@

    slackBridge = {
      enable = true;
-      workspace = "delpadtech";
+      workspace = "chochacho";
      port = 29319;
    };
  };
--- a/modules/dev-services.nix
+++ b/modules/dev-services.nix
@ -118,6 +118,11 @@ in
        database_path = "/var/lib/matrix-continuwuity/db/"
        log = "info"
        admin_room_tag = "m.server_notice"
+        ${optionalString cfg.slackBridge.enable ''
+
+        [[appservices]]
+        registration = "/var/lib/matrix-appservices/mautrix_slack_registration.yaml"
+        ''}
        EOF
      '';

@ -215,6 +220,10 @@ in
        type = "postgres";
        uri = "postgresql:///mautrix_slack?host=/run/postgresql";
      };
+
+      bridge.permissions = {
+        "${cfg.matrix.serverName}" = "user";
+      };
    };

    # Basic Nginx reverse proxy