8826d62bcc
- maubot.nix: Declarative bot framework with plugin deployment - backup.nix: Local backup service for Matrix/bridge data - sna-instagram-bot: Instagram content bridge plugin - beads: Issue tracking workflow integrated - spec 004: Browser-based dev environment design - nixpkgs bump: Oct 22 → Dec 2 - Fix maubot health check (401 = healthy)
99 lines
2.3 KiB
Nix
99 lines
2.3 KiB
Nix
{ config, pkgs, pkgs-unstable, ... }:
|
|
|
|
{
|
|
# ops-jrz1 production VPS configuration
|
|
# Imports extracted Matrix modules from ops-base
|
|
|
|
# Disable built-in NixOS maubot module to use our sops-nix enhanced version
|
|
disabledModules = [ "services/matrix/maubot.nix" ];
|
|
|
|
imports = [
|
|
# Hardware configuration
|
|
../hardware-configuration.nix
|
|
|
|
# Matrix platform modules
|
|
../modules/matrix-continuwuity.nix
|
|
../modules/mautrix-slack.nix
|
|
../modules/maubot.nix
|
|
../modules/dev-services.nix
|
|
../modules/security/fail2ban.nix
|
|
../modules/security/ssh-hardening.nix
|
|
../modules/matrix-secrets
|
|
../modules/backup.nix
|
|
];
|
|
|
|
# System configuration
|
|
networking.hostName = "jrz1";
|
|
|
|
# sops-nix secrets management
|
|
sops.defaultSopsFile = ../secrets/secrets.yaml;
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
sops.secrets.matrix-registration-token = {
|
|
# Used by dev-services.nix matrix-continuwuity via systemd LoadCredential
|
|
# Root ownership is correct for DynamicUser services
|
|
mode = "0400";
|
|
};
|
|
|
|
sops.secrets.acme-email = {
|
|
owner = "root";
|
|
mode = "0444";
|
|
};
|
|
|
|
sops.secrets.maubot-admin-password = {
|
|
# Maubot management interface admin password
|
|
mode = "0400";
|
|
};
|
|
|
|
sops.secrets.maubot-secret-key = {
|
|
# Maubot session secret key
|
|
mode = "0400";
|
|
};
|
|
|
|
# Matrix homeserver configuration
|
|
# NOTE: Disabled in favor of dev-platform.matrix which provides integrated
|
|
# bridge coordination and systemd credential-based secrets management
|
|
# services.matrix-homeserver = {
|
|
# enable = true;
|
|
# domain = "clarun.xyz";
|
|
# port = 8008;
|
|
# enableRegistration = true;
|
|
# enableFederation = false;
|
|
# };
|
|
|
|
# Development platform services (Matrix, Forgejo, bridges)
|
|
services.dev-platform = {
|
|
enable = true;
|
|
domain = "clarun.xyz";
|
|
|
|
matrix = {
|
|
enable = true;
|
|
serverName = "clarun.xyz";
|
|
port = 8008;
|
|
};
|
|
|
|
forgejo = {
|
|
enable = true;
|
|
subdomain = "git";
|
|
port = 3000;
|
|
};
|
|
|
|
slackBridge = {
|
|
enable = true;
|
|
workspace = "chochacho";
|
|
port = 29319;
|
|
};
|
|
|
|
maubot = {
|
|
enable = true;
|
|
port = 29316;
|
|
plugins = [ ../modules/plugins/sna-instagram-bot.mbp ];
|
|
};
|
|
};
|
|
|
|
# Local backup service (Phase 1: manual trigger)
|
|
services.backup.enable = true;
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|