f25a8b06ef
Priority 1 - Production Quality: - Revert Matrix homeserver log level from debug to info - Reduces log volume by ~70% (22k+ lines/day to <7k) - Improves performance and reduces disk usage Priority 2 - Technical Debt: - Automate sender_localpart fix in mautrix-slack.nix - Eliminates manual sed command on fresh deployments - Fix verified working (tested 2025-10-26) - Update CLAUDE.md to document automated solution Priority 3 - Project Hygiene: - Remove unused mautrix-whatsapp and mautrix-gmessages imports - Archive old configurations to docs/examples/alternative-deployments/ - Remove stale staging/ directories from 001 extraction workflow - Update deployment documentation in tasks.md and quickstart.md - Add deployment status notes to spec files Files Modified: - modules/dev-services.nix: log level debug → info - modules/mautrix-slack.nix: automatic sender_localpart fix - hosts/ops-jrz1.nix: remove unused bridge imports - CLAUDE.md: update Known Issues, add Resolved Issues section - specs/002-*/: add deployment status notes - configurations/ → docs/examples/alternative-deployments/ Tested and Verified: - All services running (matrix, bridge, forgejo, postgresql, nginx) - Bridge authenticated and message flow working - sender_localpart fix generates correct registration file |
||
|---|---|---|
| docs | ||
| hosts | ||
| modules | ||
| scripts | ||
| secrets | ||
| specs | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| CLAUDE.md | ||
| configuration.nix | ||
| flake.lock | ||
| flake.nix | ||
| hardware-configuration.nix | ||
| LICENSE | ||
| README.md | ||
ops-jrz1 NixOS Server Configuration
Status: Work in Progress - Matrix Platform Extraction
This repository contains the NixOS configuration for the ops-jrz1 dev/test server, including extracted Matrix homeserver modules and bridge configurations from the ops-base production environment.
Overview
The ops-jrz1 server provides a Matrix homeserver (Continuwuity/Conduwuit) with bridges for:
- Slack (mautrix-slack)
- WhatsApp (mautrix-whatsapp)
- Google Messages (mautrix-gmessages)
Additional services:
- Security hardening (fail2ban, SSH hardening)
- Secrets management (sops-nix with age encryption)
Current Status
Phase: Extracting and sanitizing modules from ops-base
- Repository structure created
- Skeleton configuration files (flake.nix, configuration.nix, hosts/ops-jrz1.nix)
- Sanitization and validation scripts
- Git hooks for security validation
- Module extraction from ops-base
- Documentation (deployment guides, bridge setup)
- Server deployment and testing
Repository Structure
ops-jrz1/
├── flake.nix # Nix flake configuration
├── configuration.nix # Main NixOS configuration
├── hosts/
│ └── ops-jrz1.nix # Server-specific configuration
├── modules/ # Extracted Matrix platform modules (pending)
├── docs/ # Deployment and setup documentation (pending)
├── secrets/ # sops-nix encrypted secrets (gitignored)
├── scripts/ # Sanitization and validation scripts
│ ├── sanitize-files.sh
│ └── validate-sanitization.sh
└── specs/ # Project planning and specifications
└── 001-extract-matrix-platform/
Planned Features
Matrix Homeserver
- Continuwuity/Conduwuit: Lightweight Rust-based Matrix homeserver
- Federation support
- User registration with tokens
- Admin room for management
Bridges
- Slack: Socket Mode authentication, workspace integration
- WhatsApp: QR code pairing, message synchronization
- Google Messages: Pairing flow, SMS/MMS support
Security & Operations
- fail2ban: Intrusion prevention
- SSH hardening: Key-only authentication, restricted access
- sops-nix: Encrypted secrets management with age keys
- Git hooks: Pre-commit validation, pre-push build checks
Development Workflow
Prerequisites
- NixOS 24.05+ or Nix with flakes enabled
- SSH access to ops-jrz1 server
- Age encryption key for secrets management
Building Locally
# Check flake validity
nix flake check
# Build ops-jrz1 configuration
nix build .#nixosConfigurations.ops-jrz1
# Deploy to server (when ready)
nixos-rebuild switch --flake .#ops-jrz1 --target-host root@ops-jrz1
Sanitization Workflow
# Extract modules from ops-base
./scripts/sanitize-files.sh ~/proj/ops-base/modules staging/modules
# Validate sanitization
./scripts/validate-sanitization.sh staging/modules
# Move to permanent location
mv staging/modules/* modules/
Security Notes
- Never commit secrets: All secrets managed via sops-nix, encrypted with age keys
- Git hooks active: Pre-commit hooks validate for personal information leakage
- Sanitization enforced: All extracted code must pass validation before commit
License
MIT License (see LICENSE file)
Related Documentation
- Project Specification:
specs/001-extract-matrix-platform/spec.md - Implementation Plan:
specs/001-extract-matrix-platform/plan.md - Task Breakdown:
specs/001-extract-matrix-platform/tasks.md - Sanitization Rules:
specs/001-extract-matrix-platform/contracts/sanitization-rules.yaml
Note: This repository is currently in active development. Documentation and deployment guides will be added as modules are extracted and tested.