- Replace openssl rand with /dev/urandom (openssl not in NixOS path)
- Update forgejo-api-token with admin scope for user provisioning
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- forgejo-admin-password: dan user password
- forgejo-api-token: API token for automation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove beads from VPS deployment (kept locally for dev workflow)
- Add slack-bot-token and slack-app-token secrets with devs group access
- Remove dead acme-email secret reference
- Increase egress limits from 30/min to 150/min (burst 60→300)
- Change egress blocking from REJECT to DROP for better app behavior
- Add egress-status script for user self-diagnosis
- Update dev-slack-direct.md with new /run/secrets access patterns
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Successfully deployed ops-jrz1 Matrix platform to production VPS using
extracted modules from ops-base. Validated deployment workflow following
ops-base best practices: boot -> reboot -> verify.
Changes:
- Pin sops-nix to June 2024 version for nixpkgs 24.05 compatibility
- Configure sops secrets for Matrix registration token and ACME email
- Add encrypted secrets.yaml (safe to commit, encrypted with age)
- Document deployment process and lessons learned
All services verified running:
- Matrix homeserver (matrix-continuwuity): conduwuit 0.5.0-rc.8
- nginx: Proxying Matrix and Forgejo
- PostgreSQL 15.10: Database services
- Forgejo 7.0.12: Git platform
Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
