dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/hosts/ops-jrz1-vm.nix
Dan 4c38331e17 Fix Matrix package references to use nixpkgs-unstable 
Matrix packages (mautrix-*, matrix-continuwuity) only exist in
nixpkgs-unstable, not in nixpkgs 24.05 stable. This commit updates
all module defaults and references to use pkgs-unstable.

Changes:
- Add pkgs-unstable to module function signatures (4 modules)
- Update package option defaults from pkgs.* to pkgs-unstable.*
- Configure pkgs-unstable in flake.nix to permit olm-3.2.16
- Add VM config permittedInsecurePackages for olm (mautrix dependency)

The olm library is deprecated with known CVEs but required by mautrix
bridges. This is acceptable for testing; production should migrate to
newer cryptography implementations when available.

This maintains our stable base system (NixOS 24.05) while using
unstable only for Matrix ecosystem packages under active development.
2025-10-21 00:06:43 -07:00

79 lines
2.2 KiB
Nix
Raw Blame History

# VM testing configuration for ops-jrz1
# This configuration allows testing without real secrets
{ config, pkgs, pkgs-unstable, lib, ... }:
{
imports = [
# Import all modules (same as production)
../modules/matrix-continuwuity.nix
../modules/mautrix-slack.nix
../modules/mautrix-whatsapp.nix
../modules/mautrix-gmessages.nix
../modules/dev-services.nix
../modules/security/fail2ban.nix
../modules/security/ssh-hardening.nix
# Note: Skip matrix-secrets for VM (no sops-nix in VM)
];
# Allow deprecated olm library for Matrix bridges (VM testing only)
# Note: olm is deprecated with known CVEs but required by mautrix bridges
# This is acceptable for local testing; production should migrate to newer crypto
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
# VM-specific settings
networking.hostName = "ops-jrz1-vm";
# Enable services for testing (using test values)
services.matrix-homeserver = {
enable = true;
domain = "matrix.example.org";
port = 8008;
enableRegistration = true;
enableFederation = false;
};
# Enable Slack bridge for testing structure
services.mautrix-slack = {
enable = true;
matrix = {
homeserverUrl = "http://127.0.0.1:8008";
serverName = "matrix.example.org";
};
bridge = {
permissions = {
"matrix.example.org" = "user";
"@admin:matrix.example.org" = "admin";
};
};
};
# PostgreSQL for bridge databases
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix_slack" ];
ensureUsers = [{
name = "mautrix_slack";
ensureDBOwnership = true;
}];
};
# Disable sops-nix for VM (no real secrets available)
# The matrix-secrets module isn't imported, so no sops config needed
# VM-specific: Allow password auth for easy VM access
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
# VM-specific: Simple root password for testing
users.users.root.password = "test";
# VM-specific: More permissive firewall for testing
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8008 3000 ];
};
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink