dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/flake.nix
Dan 64246a6615 Deploy Generation 31 with sops-nix secrets management 
Successfully deployed ops-jrz1 Matrix platform to production VPS using
extracted modules from ops-base. Validated deployment workflow following
ops-base best practices: boot -> reboot -> verify.

Changes:
- Pin sops-nix to June 2024 version for nixpkgs 24.05 compatibility
- Configure sops secrets for Matrix registration token and ACME email
- Add encrypted secrets.yaml (safe to commit, encrypted with age)
- Document deployment process and lessons learned

All services verified running:
- Matrix homeserver (matrix-continuwuity): conduwuit 0.5.0-rc.8
- nginx: Proxying Matrix and Forgejo
- PostgreSQL 15.10: Database services
- Forgejo 7.0.12: Git platform

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 21:32:23 -07:00

60 lines
1.8 KiB
Nix
Raw Blame History

{
description = "ops-jrz1 NixOS server configuration with Matrix platform";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
sops-nix = {
url = "github:Mic92/sops-nix/c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3"; # Pin to June 2024 version compatible with nixpkgs 24.05
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs: {
nixosConfigurations = {
# Production configuration (for actual VPS deployment)
ops-jrz1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # Required by mautrix bridges
];
};
};
};
modules = [
./configuration.nix
./hosts/ops-jrz1.nix
sops-nix.nixosModules.sops
];
};
# VM testing configuration (for local validation before deployment)
ops-jrz1-vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # Required by mautrix bridges (VM testing only)
];
};
};
};
modules = [
./configuration.nix
./hosts/ops-jrz1-vm.nix
# Note: No sops-nix for VM testing
];
};
};
};
}
Reference in a new issue View git blame Copy permalink