# VM testing configuration for ops-jrz1 # This configuration allows testing without real secrets { config, pkgs, pkgs-unstable, lib, ... }: { imports = [ # Import all modules (same as production) ../modules/matrix-continuwuity.nix ../modules/mautrix-slack.nix ../modules/mautrix-whatsapp.nix ../modules/mautrix-gmessages.nix ../modules/dev-services.nix ../modules/security/fail2ban.nix ../modules/security/ssh-hardening.nix # Note: Skip matrix-secrets for VM (no sops-nix in VM) ]; # Allow deprecated olm library for Matrix bridges (VM testing only) # Note: olm is deprecated with known CVEs but required by mautrix bridges # This is acceptable for local testing; production should migrate to newer crypto nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; # VM-specific settings networking.hostName = "ops-jrz1-vm"; # Enable services for testing (using test values) services.matrix-homeserver = { enable = true; domain = "matrix.example.org"; port = 8008; enableRegistration = true; enableFederation = false; }; # Enable Slack bridge for testing structure services.mautrix-slack = { enable = true; matrix = { homeserverUrl = "http://127.0.0.1:8008"; serverName = "matrix.example.org"; }; bridge = { permissions = { "matrix.example.org" = "user"; "@admin:matrix.example.org" = "admin"; }; }; }; # PostgreSQL for bridge databases services.postgresql = { enable = true; ensureDatabases = [ "mautrix_slack" ]; ensureUsers = [{ name = "mautrix_slack"; ensureDBOwnership = true; }]; }; # Disable sops-nix for VM (no real secrets available) # The matrix-secrets module isn't imported, so no sops config needed # VM-specific: Allow password auth for easy VM access services.openssh.settings.PasswordAuthentication = lib.mkForce true; # VM-specific: Simple root password for testing users.users.root.password = "test"; # VM-specific: More permissive firewall for testing networking.firewall = { enable = true; allowedTCPPorts = [ 22 80 443 8008 3000 ]; }; system.stateVersion = "24.05"; }