dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/hosts/ops-jrz1-vm.nix
Dan 8826d62bcc Add maubot integration and infrastructure updates 
- maubot.nix: Declarative bot framework with plugin deployment
- backup.nix: Local backup service for Matrix/bridge data
- sna-instagram-bot: Instagram content bridge plugin
- beads: Issue tracking workflow integrated
- spec 004: Browser-based dev environment design
- nixpkgs bump: Oct 22 → Dec 2
- Fix maubot health check (401 = healthy)
2025-12-08 15:55:12 -08:00

89 lines
2.4 KiB
Nix
Raw Blame History

# VM testing configuration for ops-jrz1
# This configuration allows testing without real secrets
{ config, pkgs, pkgs-unstable, lib, ... }:
{
# Disable built-in NixOS maubot module to use our sops-nix enhanced version
disabledModules = [ "services/matrix/maubot.nix" ];
imports = [
# Import all modules (same as production)
../modules/matrix-continuwuity.nix
../modules/mautrix-slack.nix
../modules/mautrix-whatsapp.nix
../modules/mautrix-gmessages.nix
../modules/maubot.nix
../modules/dev-services.nix
../modules/security/fail2ban.nix
../modules/security/ssh-hardening.nix
# Note: Skip matrix-secrets for VM (no sops-nix in VM)
];
# Allow deprecated olm library for Matrix bridges (VM testing only)
# Note: olm is deprecated with known CVEs but required by mautrix bridges
# This is acceptable for local testing; production should migrate to newer crypto
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
# VM-specific settings
networking.hostName = "ops-jrz1-vm";
# Enable services for testing (using test values)
services.matrix-homeserver = {
enable = true;
domain = "matrix.example.org";
port = 8008;
enableRegistration = true;
enableFederation = false;
};
# Enable Slack bridge for testing structure
services.mautrix-slack = {
enable = true;
matrix = {
homeserverUrl = "http://127.0.0.1:8008";
serverName = "matrix.example.org";
};
bridge = {
permissions = {
"matrix.example.org" = "user";
"@admin:matrix.example.org" = "admin";
};
};
};
# PostgreSQL for bridge databases
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix_slack" ];
ensureUsers = [{
name = "mautrix_slack";
ensureDBOwnership = true;
}];
};
# Disable sops-nix for VM (no real secrets available)
# The matrix-secrets module isn't imported, so no sops config needed
# VM-specific: Allow password auth for easy VM access
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
# VM-specific: Simple root password for testing
users.users.root.password = "test";
# VM-specific: More permissive firewall for testing
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8008 3000 ];
};
# Dummy filesystem for VM evaluation
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink