Remove redundant olm permission from VM config

VM imports configuration.nix which already has the permission. Clarified comments explaining why both flake.nix and configuration.nix need the permission (different pkgs sources). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-05 22:53:07 -08:00 · 2026-01-05 22:53:07 -08:00 · df2cb13f9b
parent 2aa005b300
commit df2cb13f9b
2 changed files with 3 additions and 9 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -174,9 +174,8 @@ in
    defaults.email = "dlei@duck.com";
  };

-  # Allow deprecated olm library for Matrix bridges
-  # Note: olm is deprecated with known CVEs but required by mautrix bridges
-  # This is necessary for Matrix bridge functionality until alternatives are available
+  # Allow deprecated olm library for Matrix bridges (maubot uses mautrix which needs olm)
+  # Note: Also permitted in flake.nix for pkgs-unstable (mautrix-slack)
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
--- a/hosts/ops-jrz1-vm.nix
+++ b/hosts/ops-jrz1-vm.nix
@ -19,12 +19,7 @@
    # Note: Skip matrix-secrets for VM (no sops-nix in VM)
  ];

-  # Allow deprecated olm library for Matrix bridges (VM testing only)
-  # Note: olm is deprecated with known CVEs but required by mautrix bridges
-  # This is acceptable for local testing; production should migrate to newer crypto
-  nixpkgs.config.permittedInsecurePackages = [
-    "olm-3.2.16"
-  ];
+  # Note: olm-3.2.16 is permitted in flake.nix where pkgs-unstable is defined

  # VM-specific settings
  networking.hostName = "ops-jrz1-vm";