- Add permittedInsecurePackages for deprecated olm library
- Required by mautrix-slack, mautrix-whatsapp, mautrix-gmessages bridges
- Acceptable risk for Matrix bridge functionality until alternatives available
- Accept Let's Encrypt terms of service
- Configure email for certificate notifications (dlei@duck.com)
- Nginx virtual hosts already configured with enableACME and forceSSL
Ready for deployment to VPS.
- Add hardware-configuration.nix from VPS (45.77.205.49)
- Update configuration.nix with correct boot loader (/dev/vda) and network (ens3)
- Enable Matrix homeserver and dev-platform services in hosts/ops-jrz1.nix
- Configure for clarun.xyz domain with Matrix, Forgejo, and mautrix-slack
- Add SSH authorized keys and enable Nix flakes
Ready to deploy to replace ops-base configuration.
Matrix packages (mautrix-*, matrix-continuwuity) only exist in
nixpkgs-unstable, not in nixpkgs 24.05 stable. This commit updates
all module defaults and references to use pkgs-unstable.
Changes:
- Add pkgs-unstable to module function signatures (4 modules)
- Update package option defaults from pkgs.* to pkgs-unstable.*
- Configure pkgs-unstable in flake.nix to permit olm-3.2.16
- Add VM config permittedInsecurePackages for olm (mautrix dependency)
The olm library is deprecated with known CVEs but required by mautrix
bridges. This is acceptable for testing; production should migrate to
newer cryptography implementations when available.
This maintains our stable base system (NixOS 24.05) while using
unstable only for Matrix ecosystem packages under active development.
- Add ops-jrz1-vm NixOS configuration to flake outputs
- Create hosts/ops-jrz1-vm.nix with VM-specific settings
- Configure test credentials (root:test) for local testing
- Import all Matrix platform modules for validation
- Enable VM testing workflow to catch deployment issues early
The VM config uses specialArgs to pass pkgs-unstable for Matrix
packages while keeping the base system on nixpkgs 24.05 stable.
