3d33a45cc9
Learner account management: - learner-add.sh: create accounts with SSH, plugin skeleton - learner-remove.sh: remove accounts with optional archive - plugin-skeleton template: starter maubot plugin Testing: - flake.nix: add checks output for pre-deploy validation - smoke-test.sh: post-deploy service verification Documentation: - learner-onboarding.md: VS Code Remote-SSH setup guide - learner-admin.md: account management procedures Skills: - code-review.md: multi-lens code review skill - orch, worklog: symlinks to shared skills
73 lines
2.2 KiB
Nix
73 lines
2.2 KiB
Nix
{
|
|
description = "ops-jrz1 NixOS server configuration with Matrix platform";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
|
|
sops-nix = {
|
|
url = "github:Mic92/sops-nix/c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3"; # Pin to June 2024 version compatible with nixpkgs 24.05
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
in {
|
|
# Pre-deploy checks: nix flake check
|
|
checks.${system} = {
|
|
# Verify production config evaluates and builds
|
|
ops-jrz1-config = self.nixosConfigurations.ops-jrz1.config.system.build.toplevel;
|
|
|
|
# Verify VM config evaluates (lighter weight)
|
|
ops-jrz1-vm-config = self.nixosConfigurations.ops-jrz1-vm.config.system.build.toplevel;
|
|
};
|
|
|
|
nixosConfigurations = {
|
|
# Production configuration (for actual VPS deployment)
|
|
ops-jrz1 = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
specialArgs = {
|
|
pkgs-unstable = import nixpkgs-unstable {
|
|
system = "x86_64-linux";
|
|
config = {
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
"olm-3.2.16" # Required by mautrix bridges
|
|
];
|
|
};
|
|
};
|
|
};
|
|
modules = [
|
|
./configuration.nix
|
|
./hosts/ops-jrz1.nix
|
|
sops-nix.nixosModules.sops
|
|
];
|
|
};
|
|
|
|
# VM testing configuration (for local validation before deployment)
|
|
ops-jrz1-vm = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
specialArgs = {
|
|
pkgs-unstable = import nixpkgs-unstable {
|
|
system = "x86_64-linux";
|
|
config = {
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
"olm-3.2.16" # Required by mautrix bridges (VM testing only)
|
|
];
|
|
};
|
|
};
|
|
};
|
|
modules = [
|
|
./configuration.nix
|
|
./hosts/ops-jrz1-vm.nix
|
|
# Note: No sops-nix for VM testing
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|