dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
61 commits 3 branches 1 tag 5.5 MiB
Commit graph

61 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dan b0934dbff6 bd sync: 2026-01-05 09:13:18 2026-01-05 09:13:18 -08:00
Dan 3e7fcd6017 bd sync: 2026-01-04 16:56:36 2026-01-04 16:56:36 -08:00
Dan 96065529a0 bd sync: 2026-01-04 16:44:07 2026-01-04 16:44:07 -08:00
Dan 0191b6eea3 bd sync: 2026-01-04 13:56:15 2026-01-04 13:56:15 -08:00
Dan 15e9e44752 bd sync: 2026-01-03 18:39:05 2026-01-03 18:39:05 -08:00
Dan 9ca23fefad bd sync: 2026-01-03 17:11:11 2026-01-03 17:11:11 -08:00
Dan e53c01450a bd sync: 2026-01-03 11:00:09 2026-01-03 11:00:09 -08:00
Dan 83617a6063 bd sync: 2026-01-03 10:42:28 2026-01-03 10:42:28 -08:00
Dan 7c79f6a2d3 bd sync: 2026-01-03 10:08:47 2026-01-03 10:08:47 -08:00
Dan 1d24afa364 bd sync: 2026-01-03 10:02:31 2026-01-03 10:02:31 -08:00
Dan fbd5c0e4ac bd sync: 2026-01-03 09:35:23 2026-01-03 09:35:23 -08:00
Dan 1e9e388898 bd sync: 2026-01-03 09:21:30 2026-01-03 09:21:30 -08:00
Dan 7d8b3402b5 bd sync: 2026-01-03 08:46:12 2026-01-03 08:46:12 -08:00
Dan bd044f7caf bd sync: 2026-01-03 08:40:36 2026-01-03 08:40:36 -08:00
Dan a32e7e6c67 bd sync: 2026-01-03 08:26:37 2026-01-03 08:26:37 -08:00
Dan e56d36b5f7 bd sync: 2026-01-03 06:02:20 2026-01-03 06:02:20 -08:00
Dan b3783419b5 bd sync: 2026-01-02 21:12:39 2026-01-02 21:12:39 -08:00
Dan e77dc36e76 bd sync: 2026-01-02 21:02:38 2026-01-02 21:02:38 -08:00
Dan 66f609f10d bd sync: 2026-01-02 20:25:43 2026-01-02 20:25:43 -08:00
Dan 40b5bf43a9 bd sync: 2026-01-02 19:14:57 2026-01-02 19:14:57 -08:00
Dan 9b7e7a6e81 bd sync: 2026-01-02 19:04:01 2026-01-02 19:04:01 -08:00
Dan b6d24b0776 bd sync: 2026-01-02 17:42:37 2026-01-02 17:42:37 -08:00
Dan aa3f1b9db1 bd sync: 2026-01-02 17:27:13 2026-01-02 17:27:13 -08:00
Dan cef104542c bd sync: 2026-01-02 16:48:20 2026-01-02 16:48:20 -08:00
Dan cd770d75d3 bd sync: 2026-01-02 12:32:55 2026-01-02 12:32:55 -08:00
Dan 76914cd4b6 bd sync: 2026-01-02 12:28:12 2026-01-02 12:28:12 -08:00
Dan 50e4a4379a bd sync: 2026-01-02 10:22:18 2026-01-02 10:22:18 -08:00
Dan f8f7ae7dec bd sync: 2026-01-02 10:05:19 2026-01-02 10:05:19 -08:00
Dan 3cd336beef bd sync: 2025-12-29 18:56:39 2025-12-29 18:56:39 -05:00
Dan a36c20ff36 bd sync: 2025-12-28 22:23:15 2025-12-28 22:23:15 -05:00
Dan b40b88bb7f Add docs, ignore local dev config 2025-12-08 16:31:40 -08:00
Dan acfee9fea9 Add maubot spec artifacts (research, data-model, checklists) 2025-12-08 16:31:10 -08:00
Dan 8826d62bcc Add maubot integration and infrastructure updates 
- maubot.nix: Declarative bot framework with plugin deployment
- backup.nix: Local backup service for Matrix/bridge data
- sna-instagram-bot: Instagram content bridge plugin
- beads: Issue tracking workflow integrated
- spec 004: Browser-based dev environment design
- nixpkgs bump: Oct 22 → Dec 2
- Fix maubot health check (401 = healthy)
 2025-12-08 15:55:12 -08:00
Dan f25a8b06ef Production hardening and technical debt cleanup 
Priority 1 - Production Quality:
- Revert Matrix homeserver log level from debug to info
- Reduces log volume by ~70% (22k+ lines/day to <7k)
- Improves performance and reduces disk usage

Priority 2 - Technical Debt:
- Automate sender_localpart fix in mautrix-slack.nix
- Eliminates manual sed command on fresh deployments
- Fix verified working (tested 2025-10-26)
- Update CLAUDE.md to document automated solution

Priority 3 - Project Hygiene:
- Remove unused mautrix-whatsapp and mautrix-gmessages imports
- Archive old configurations to docs/examples/alternative-deployments/
- Remove stale staging/ directories from 001 extraction workflow
- Update deployment documentation in tasks.md and quickstart.md
- Add deployment status notes to spec files

Files Modified:
- modules/dev-services.nix: log level debug → info
- modules/mautrix-slack.nix: automatic sender_localpart fix
- hosts/ops-jrz1.nix: remove unused bridge imports
- CLAUDE.md: update Known Issues, add Resolved Issues section
- specs/002-*/: add deployment status notes
- configurations/ → docs/examples/alternative-deployments/

Tested and Verified:
- All services running (matrix, bridge, forgejo, postgresql, nginx)
- Bridge authenticated and message flow working
- sender_localpart fix generates correct registration file
 2025-10-26 15:59:05 -07:00
Dan fb27e5b709 Add Trunk-Based Development workflow documentation to CLAUDE.md 2025-10-26 15:21:14 -07:00
Dan 2dfe4ea829 Document current architecture, manual fixes, and QA checklist 
Added comprehensive documentation:
- Manual workaround for sender_localpart registration bug
- QA testing checklist for untested features
- Future monitoring/alerting requirements
- Current architecture diagram and data flow
- Security model and operational notes
 2025-10-26 14:52:31 -07:00
Dan 0b1751766b Ignore worklogs directory for security 
Worklogs may contain sensitive troubleshooting information, error messages,
tokens, or infrastructure details that should not be in version control.
 2025-10-26 14:37:26 -07:00
Dan bce31933ed Add platform vision and spec-kit integration docs 2025-10-26 14:36:52 -07:00
Dan ca379311b8 Add Slack bridge integration feature specification 
Includes spec, plan, research, data model, contracts, and quickstart guide
for mautrix-slack Socket Mode bridge deployment.
 2025-10-26 14:36:44 -07:00
Dan d69f8a4ac8 Add Forgejo repository setup worklog 2025-10-26 14:36:42 -07:00
Dan 3337175436 Ignore VM disk images 2025-10-26 14:34:50 -07:00
Dan 406dda9960 Untrack spec-kit framework files 
These files are maintained in ~/proj/spec-kit repo and should not be
tracked here. Added to .gitignore to prevent future tracking.
 2025-10-26 14:34:18 -07:00
Dan a00a5fe312 Deploy mautrix-slack bridge with IPv4 networking fixes 
Changes:
- Fix nginx proxy_pass directives to use 127.0.0.1 instead of localhost
- Fix bridge homeserverUrl to use explicit IPv4 address
- Enable debug logging on conduwuit
- Add spec-kit framework files to .gitignore
- Document deployment in comprehensive worklog

Resolves connection refused errors from localhost resolving to IPv6 [::1]
while services bind only to IPv4 127.0.0.1. Bridge now fully operational
with bidirectional Slack-Matrix message flow working.
 2025-10-26 14:33:00 -07:00
Dan 8d51f6f16e Fix bridge homeserver URL to use IPv4 (127.0.0.1) instead of localhost 2025-10-25 21:48:38 -07:00
Dan 776a5a71eb Update nixpkgs-unstable for conduwuit 0.5.0-rc.8 2025-10-25 17:50:37 -07:00
Dan 7ca9770e14 Remove TOML appservice config - conduwuit uses admin command registration 2025-10-25 17:40:47 -07:00
Dan d6e0df31ae Fix mautrix-slack configuration and Matrix integration 
- Add bridge.permissions for clarun.xyz to fix crash loop
- Configure Matrix homeserver to load appservice registration
- Update workspace from delpadtech to chochacho
- Remove duplicate matrix-homeserver service config
- Fix sops secret permissions for DynamicUser services
 2025-10-25 17:36:07 -07:00
Dan c4a00356fc Add comprehensive security & validation test report for Generation 31 
Performed full security audit including:
- Matrix API endpoint validation
- TLS/nginx reverse proxy verification
- sops-nix secrets management testing
- Firewall and network security analysis
- SSH hardening verification
- Database connectivity and permissions
- System integrity and log review

Results: All critical tests PASSED
- Excellent network isolation (Matrix/PostgreSQL localhost-only)
- Proper secrets encryption with sops-nix
- Strong SSH hardening (key-only authentication)
- Valid TLS with HSTS enabled
- Minimal attack surface (only SSH/HTTP/HTTPS exposed)

Known issues documented:
- mautrix-slack exit code 11 (non-critical)
- fail2ban not enabled (optional enhancement)
- Forgejo migrations in progress (temporary)

System validated as PRODUCTION READY.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 22:25:08 -07:00
Dan 64246a6615 Deploy Generation 31 with sops-nix secrets management 
Successfully deployed ops-jrz1 Matrix platform to production VPS using
extracted modules from ops-base. Validated deployment workflow following
ops-base best practices: boot -> reboot -> verify.

Changes:
- Pin sops-nix to June 2024 version for nixpkgs 24.05 compatibility
- Configure sops secrets for Matrix registration token and ACME email
- Add encrypted secrets.yaml (safe to commit, encrypted with age)
- Document deployment process and lessons learned

All services verified running:
- Matrix homeserver (matrix-continuwuity): conduwuit 0.5.0-rc.8
- nginx: Proxying Matrix and Forgejo
- PostgreSQL 15.10: Database services
- Forgejo 7.0.12: Git platform

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 21:32:23 -07:00
Dan 40e5501dd5 Fix: Add olm permission to pkgs-unstable in production config 
- Configure pkgs-unstable with permittedInsecurePackages in flake.nix
- Matches VM configuration approach
- Allows mautrix bridges to build successfully
 2025-10-21 18:38:42 -07:00