dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/docs/examples/minimal-matrix.nix
Dan ab5aebb161 Phase 3: Extract and sanitize Matrix platform modules from ops-base 
Extracted modules:
- Matrix homeserver (matrix-continuwuity.nix)
- mautrix bridges (slack, whatsapp, gmessages)
- Security modules (fail2ban, ssh-hardening)
- Development services module
- Matrix secrets module

All modules sanitized to remove personal information:
- Domains: example.com, matrix.example.org
- IPs: 10.0.0.x, 203.0.113.10
- Paths: /home/user, /path/to/ops-base
- Emails: admin@example.com

Configuration:
- Updated flake.nix with sops-nix and nixpkgs-unstable
- Updated hosts/ops-jrz1.nix to import all extracted modules
- Added example files (secrets, minimal config)
- Generated flake.lock

Generated with Claude Code - https://claude.com/claude-code
2025-10-13 14:51:14 -07:00

80 lines
1.6 KiB
Nix
Raw Blame History

# Minimal ops-jrz1 configuration example
# Demonstrates Matrix homeserver + single bridge deployment
{ config, pkgs, ... }:
{
imports = [
../../modules/matrix-continuwuity.nix
../../modules/mautrix-slack.nix
../../modules/security/ssh-hardening.nix
../../modules/security/fail2ban.nix
];
# Basic networking
networking = {
hostName = "matrix";
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8008 ];
};
};
# Matrix homeserver configuration
services.matrix-homeserver = {
enable = true;
domain = "matrix.example.org";
port = 8008;
enableRegistration = true;
enableFederation = false;
};
# Slack bridge configuration
services.mautrix-slack = {
enable = true;
matrix = {
homeserverUrl = "http://127.0.0.1:8008";
serverName = "matrix.example.org";
};
bridge = {
permissions = {
"matrix.example.org" = "user";
"@admin:matrix.example.org" = "admin";
};
};
};
# Security hardening
security = {
fail2ban-enhanced = {
enable = true;
bantime = "1h";
maxretry = 3;
};
acme = {
acceptTerms = true;
defaults.email = "admin@example.com";
};
};
# SSH hardening
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
# PostgreSQL for bridge database
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix_slack" ];
ensureUsers = [{
name = "mautrix_slack";
ensureDBOwnership = true;
}];
};
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink