Dan ab5aebb161 Phase 3: Extract and sanitize Matrix platform modules from ops-base

Extracted modules:
- Matrix homeserver (matrix-continuwuity.nix)
- mautrix bridges (slack, whatsapp, gmessages)
- Security modules (fail2ban, ssh-hardening)
- Development services module
- Matrix secrets module

All modules sanitized to remove personal information:
- Domains: example.com, matrix.example.org
- IPs: 10.0.0.x, 203.0.113.10
- Paths: /home/user, /path/to/ops-base
- Emails: admin@example.com

Configuration:
- Updated flake.nix with sops-nix and nixpkgs-unstable
- Updated hosts/ops-jrz1.nix to import all extracted modules
- Added example files (secrets, minimal config)
- Generated flake.lock

Generated with Claude Code - https://claude.com/claude-code

2025-10-13 14:51:14 -07:00

593 B

Raw Blame History

Matrix secret mapping module

Provides a declarative helper for mapping entries in secrets/secrets.yaml to the file paths expected by Matrix services. Each secret is defined once, then delivered via sops-nix to /run/secrets/... with the correct owner and permissions.

Example:

{
  matrix.secrets = {
    "matrix-services.mautrix_whatsapp.as_token" = {
      key = "matrix-services.mautrix_whatsapp.as_token";
      path = "/run/secrets/mautrix-whatsapp-as-token";
      user = "mautrix-whatsapp";
      group = "mautrix-whatsapp";
      mode = "0400";
    };
    # ...
  };
}

593 B Raw Blame History

Matrix secret mapping module

593 B

Raw Blame History