dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/configurations/dev-vps.nix
Dan ab5aebb161 Phase 3: Extract and sanitize Matrix platform modules from ops-base 
Extracted modules:
- Matrix homeserver (matrix-continuwuity.nix)
- mautrix bridges (slack, whatsapp, gmessages)
- Security modules (fail2ban, ssh-hardening)
- Development services module
- Matrix secrets module

All modules sanitized to remove personal information:
- Domains: example.com, matrix.example.org
- IPs: 10.0.0.x, 203.0.113.10
- Paths: /home/user, /path/to/ops-base
- Emails: admin@example.com

Configuration:
- Updated flake.nix with sops-nix and nixpkgs-unstable
- Updated hosts/ops-jrz1.nix to import all extracted modules
- Added example files (secrets, minimal config)
- Generated flake.lock

Generated with Claude Code - https://claude.com/claude-code
2025-10-13 14:51:14 -07:00

131 lines
2.7 KiB
Nix
Raw Blame History

# NixOS configuration for development VPS
# Simple setup for Matrix + Forgejo + Slack bridge testing
{ config, pkgs, lib, ... }:
{
imports = [
../modules/dev-services.nix
];
# Basic boot configuration for VPS
boot = {
loader = {
grub = {
enable = true;
device = "/dev/vda"; # Common for cloud VPS
useOSProber = false;
};
};
# Cloud VPS typically uses virtio
initrd.availableKernelModules = [
"virtio_pci"
"virtio_blk"
"virtio_net"
"virtio_scsi"
];
};
# Network configuration
networking = {
hostName = "dev-matrix-vps";
# Most VPS providers use DHCP
useDHCP = false;
interfaces.ens3 = { # Common interface name, adjust as needed
useDHCP = true;
};
enableIPv6 = true;
# Firewall - only expose what's needed
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
3000 # Forgejo (for testing, remove in production)
8008 # Matrix (for testing, remove in production)
];
allowPing = true;
};
};
# SSH configuration
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
# Admin user
users.users.admin = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
# Add your SSH public key here
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI..."
];
};
# Enable sudo without password for admin (dev environment)
security.sudo.wheelNeedsPassword = false;
# Enable dev services stack
services.dev-platform = {
enable = true;
domain = "localhost"; # Change to your domain or IP
matrix = {
enable = true;
serverName = "dev.matrix";
};
forgejo = {
enable = true;
subdomain = "git";
};
slackBridge = {
enable = true;
workspace = ""; # Will be configured via secrets
};
};
# Basic monitoring
services.netdata = {
enable = true;
config = {
global = {
"bind to" = "127.0.0.1";
};
};
};
# Automatic garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# Enable flakes and optimize for deployment
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
# Optimize for builds and downloads
max-jobs = "auto";
cores = 0; # Use all cores
substituters = [
"https://cache.nixos.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
};
system.stateVersion = "24.11";
}
Reference in a new issue View git blame Copy permalink