dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/hosts/ops-jrz1-vm.nix
Dan 99927712c5 Add VM integration test and shellcheck linting to flake checks 
- VM test boots a VM and verifies PostgreSQL, conduwuit, dnsmasq, nginx
- Shellcheck runs on all shell scripts (errors and warnings)
- Fix unused variables in sanitize-files.sh
- Use initialHashedPassword for root in VM config

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 11:04:00 -08:00

84 lines
2.2 KiB
Nix
Raw Blame History

# VM testing configuration for ops-jrz1
# This configuration allows testing without real secrets
{ lib, ... }:
{
# Disable built-in NixOS maubot module to use our sops-nix enhanced version
disabledModules = [ "services/matrix/maubot.nix" ];
imports = [
# Import all modules (same as production)
../modules/matrix-continuwuity.nix
../modules/mautrix-slack.nix
../modules/mautrix-whatsapp.nix
../modules/mautrix-gmessages.nix
../modules/maubot.nix
../modules/dev-services.nix
../modules/security/fail2ban.nix
../modules/security/ssh-hardening.nix
# Note: Skip matrix-secrets for VM (no sops-nix in VM)
];
# Note: olm-3.2.16 is permitted in flake.nix where pkgs-unstable is defined
# VM-specific settings
networking.hostName = "ops-jrz1-vm";
# Enable services for testing (using test values)
services.matrix-homeserver = {
enable = true;
domain = "matrix.example.org";
port = 8008;
enableRegistration = true;
enableFederation = false;
};
# Enable Slack bridge for testing structure
services.mautrix-slack = {
enable = true;
matrix = {
homeserverUrl = "http://127.0.0.1:8008";
serverName = "matrix.example.org";
};
bridge = {
permissions = {
"matrix.example.org" = "user";
"@admin:matrix.example.org" = "admin";
};
};
};
# PostgreSQL for bridge databases
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix_slack" ];
ensureUsers = [{
name = "mautrix_slack";
ensureDBOwnership = true;
}];
};
# Disable sops-nix for VM (no real secrets available)
# The matrix-secrets module isn't imported, so no sops config needed
# VM-specific: Allow password auth for easy VM access
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
# VM-specific: Simple root password for testing
users.users.root.initialHashedPassword = ""; # Empty password for VM testing
# VM-specific: More permissive firewall for testing
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8008 3000 ];
};
# Dummy filesystem for VM evaluation
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink