From d6e0df31ae8d0bc4210257d7bba1330cdfdacd67 Mon Sep 17 00:00:00 2001
From: Dan <dleink@gmail.com>
Date: Sat, 25 Oct 2025 17:36:07 -0700
Subject: [PATCH] Fix mautrix-slack configuration and Matrix integration

- Add bridge.permissions for clarun.xyz to fix crash loop
- Configure Matrix homeserver to load appservice registration
- Update workspace from delpadtech to chochacho
- Remove duplicate matrix-homeserver service config
- Fix sops secret permissions for DynamicUser services
---
 hosts/ops-jrz1.nix       | 24 +++++++++++++-----------
 modules/dev-services.nix |  9 +++++++++
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/hosts/ops-jrz1.nix b/hosts/ops-jrz1.nix
index 4596f59..f45164c 100644
--- a/hosts/ops-jrz1.nix
+++ b/hosts/ops-jrz1.nix
@@ -27,9 +27,9 @@
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
   sops.secrets.matrix-registration-token = {
-    owner = "continuwuity";
-    group = "continuwuity";
-    mode = "0440";
+    # Used by dev-services.nix matrix-continuwuity via systemd LoadCredential
+    # Root ownership is correct for DynamicUser services
+    mode = "0400";
   };
 
   sops.secrets.acme-email = {
@@ -38,13 +38,15 @@
   };
 
   # Matrix homeserver configuration
-  services.matrix-homeserver = {
-    enable = true;
-    domain = "clarun.xyz";
-    port = 8008;
-    enableRegistration = true;
-    enableFederation = false;
-  };
+  # NOTE: Disabled in favor of dev-platform.matrix which provides integrated
+  # bridge coordination and systemd credential-based secrets management
+  # services.matrix-homeserver = {
+  #   enable = true;
+  #   domain = "clarun.xyz";
+  #   port = 8008;
+  #   enableRegistration = true;
+  #   enableFederation = false;
+  # };
 
   # Development platform services (Matrix, Forgejo, bridges)
   services.dev-platform = {
@@ -65,7 +67,7 @@
 
     slackBridge = {
       enable = true;
-      workspace = "delpadtech";
+      workspace = "chochacho";
       port = 29319;
     };
   };
diff --git a/modules/dev-services.nix b/modules/dev-services.nix
index a47f441..96faa45 100644
--- a/modules/dev-services.nix
+++ b/modules/dev-services.nix
@@ -118,6 +118,11 @@ in
         database_path = "/var/lib/matrix-continuwuity/db/"
         log = "info"
         admin_room_tag = "m.server_notice"
+        ${optionalString cfg.slackBridge.enable ''
+
+        [[appservices]]
+        registration = "/var/lib/matrix-appservices/mautrix_slack_registration.yaml"
+        ''}
         EOF
       '';
 
@@ -215,6 +220,10 @@ in
         type = "postgres";
         uri = "postgresql:///mautrix_slack?host=/run/postgresql";
       };
+
+      bridge.permissions = {
+        "${cfg.matrix.serverName}" = "user";
+      };
     };
 
     # Basic Nginx reverse proxy