dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
133 commits 3 branches 1 tag 5.5 MiB
Commit graph

14 commits

Author SHA1 Message Date
Dan 603b32b7ef Update musiclink flake input 2026-01-22 10:47:54 -08:00
Dan 9737371638 Update musiclink flake input 2026-01-22 09:13:07 -08:00
Dan ae16db4898 Refresh musiclink integration docs and tooling 
Use local musiclink flake input with Go 1.24.

Add matterbridge patch, routing docs, and deploy check script.
 2026-01-21 22:52:39 -08:00
Dan 8918b62765 Resolve git access to git.clarun.xyz for musiclink (zr0q) 
- Created musiclink repo on Forgejo
- Added dan's devserver SSH key to Forgejo
- Switched musiclink flake input from local path to git+ssh
- Updated musiclink testing room config in modules/musiclink.nix
 2026-01-20 20:34:39 -08:00
Dan 11b901b503 Add beads (bd) system-wide for all users 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-16 15:07:10 -08:00
Dan 75515c7e53 Update flake to NixOS 24.11 
- nixpkgs: 24.05 (Dec 2024) → 24.11 (Jun 2025)
- sops-nix: unpinned (now follows nixpkgs)
- nixpkgs-unstable: Dec 2025 → Jan 2026

Key version changes:
- PostgreSQL 15.10 → 15.13 (pinned to v15)
- Forgejo 7.0.12 → 7.0.15 LTS
- Matrix-continuwuity 0.5.0-rc → 0.5.1 stable
- maubot 0.4.2 → 0.5.0
- systemd 255 → 256

Build verified, deployment in separate task.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 18:12:33 -08:00
Dan 92d7646d52 Migrate Slack tokens to sops-nix, improve egress rate limits 
- Remove beads from VPS deployment (kept locally for dev workflow)
- Add slack-bot-token and slack-app-token secrets with devs group access
- Remove dead acme-email secret reference
- Increase egress limits from 30/min to 150/min (burst 60→300)
- Change egress blocking from REJECT to DROP for better app behavior
- Add egress-status script for user self-diagnosis
- Update dev-slack-direct.md with new /run/secrets access patterns

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-07 11:14:19 -08:00
Dan 2aa005b300 Pin beads and opencode flake inputs to commit hashes 
Prevents unexpected breakage from upstream changes.
To update: nix flake update beads opencode

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-05 20:56:25 -08:00
Dan 21d3038aca Add opencode and nodejs to system packages 
- opencode (v1.0.224) via flake input from github:sst/opencode
- nodejs_22 for npm-based AI tools (gemini-cli, codex)
- Closes ops-jrz1-ecw

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-02 17:41:48 -08:00
Dan 0ce7bc73d9 Add tmux and beads to system packages 
- tmux for session persistence
- beads (bd CLI) via flake input from github:steveyegge/beads
- Closes ops-jrz1-d38, ops-jrz1-jvt

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-02 17:26:11 -08:00
Dan 8826d62bcc Add maubot integration and infrastructure updates 
- maubot.nix: Declarative bot framework with plugin deployment
- backup.nix: Local backup service for Matrix/bridge data
- sna-instagram-bot: Instagram content bridge plugin
- beads: Issue tracking workflow integrated
- spec 004: Browser-based dev environment design
- nixpkgs bump: Oct 22 → Dec 2
- Fix maubot health check (401 = healthy)
 2025-12-08 15:55:12 -08:00
Dan 776a5a71eb Update nixpkgs-unstable for conduwuit 0.5.0-rc.8 2025-10-25 17:50:37 -07:00
Dan 64246a6615 Deploy Generation 31 with sops-nix secrets management 
Successfully deployed ops-jrz1 Matrix platform to production VPS using
extracted modules from ops-base. Validated deployment workflow following
ops-base best practices: boot -> reboot -> verify.

Changes:
- Pin sops-nix to June 2024 version for nixpkgs 24.05 compatibility
- Configure sops secrets for Matrix registration token and ACME email
- Add encrypted secrets.yaml (safe to commit, encrypted with age)
- Document deployment process and lessons learned

All services verified running:
- Matrix homeserver (matrix-continuwuity): conduwuit 0.5.0-rc.8
- nginx: Proxying Matrix and Forgejo
- PostgreSQL 15.10: Database services
- Forgejo 7.0.12: Git platform

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 21:32:23 -07:00
Dan ab5aebb161 Phase 3: Extract and sanitize Matrix platform modules from ops-base 
Extracted modules:
- Matrix homeserver (matrix-continuwuity.nix)
- mautrix bridges (slack, whatsapp, gmessages)
- Security modules (fail2ban, ssh-hardening)
- Development services module
- Matrix secrets module

All modules sanitized to remove personal information:
- Domains: example.com, matrix.example.org
- IPs: 10.0.0.x, 203.0.113.10
- Paths: /home/user, /path/to/ops-base
- Emails: admin@example.com

Configuration:
- Updated flake.nix with sops-nix and nixpkgs-unstable
- Updated hosts/ops-jrz1.nix to import all extracted modules
- Added example files (secrets, minimal config)
- Generated flake.lock

Generated with Claude Code - https://claude.com/claude-code
 2025-10-13 14:51:14 -07:00