dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/docs/examples/alternative-deployments/dev-vps.nix
Dan f25a8b06ef Production hardening and technical debt cleanup 
Priority 1 - Production Quality:
- Revert Matrix homeserver log level from debug to info
- Reduces log volume by ~70% (22k+ lines/day to <7k)
- Improves performance and reduces disk usage

Priority 2 - Technical Debt:
- Automate sender_localpart fix in mautrix-slack.nix
- Eliminates manual sed command on fresh deployments
- Fix verified working (tested 2025-10-26)
- Update CLAUDE.md to document automated solution

Priority 3 - Project Hygiene:
- Remove unused mautrix-whatsapp and mautrix-gmessages imports
- Archive old configurations to docs/examples/alternative-deployments/
- Remove stale staging/ directories from 001 extraction workflow
- Update deployment documentation in tasks.md and quickstart.md
- Add deployment status notes to spec files

Files Modified:
- modules/dev-services.nix: log level debug → info
- modules/mautrix-slack.nix: automatic sender_localpart fix
- hosts/ops-jrz1.nix: remove unused bridge imports
- CLAUDE.md: update Known Issues, add Resolved Issues section
- specs/002-*/: add deployment status notes
- configurations/ → docs/examples/alternative-deployments/

Tested and Verified:
- All services running (matrix, bridge, forgejo, postgresql, nginx)
- Bridge authenticated and message flow working
- sender_localpart fix generates correct registration file
2025-10-26 15:59:05 -07:00

131 lines
2.7 KiB
Nix
Raw Blame History

# NixOS configuration for development VPS
# Simple setup for Matrix + Forgejo + Slack bridge testing
{ config, pkgs, lib, ... }:
{
imports = [
../modules/dev-services.nix
];
# Basic boot configuration for VPS
boot = {
loader = {
grub = {
enable = true;
device = "/dev/vda"; # Common for cloud VPS
useOSProber = false;
};
};
# Cloud VPS typically uses virtio
initrd.availableKernelModules = [
"virtio_pci"
"virtio_blk"
"virtio_net"
"virtio_scsi"
];
};
# Network configuration
networking = {
hostName = "dev-matrix-vps";
# Most VPS providers use DHCP
useDHCP = false;
interfaces.ens3 = { # Common interface name, adjust as needed
useDHCP = true;
};
enableIPv6 = true;
# Firewall - only expose what's needed
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
3000 # Forgejo (for testing, remove in production)
8008 # Matrix (for testing, remove in production)
];
allowPing = true;
};
};
# SSH configuration
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
# Admin user
users.users.admin = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
# Add your SSH public key here
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI..."
];
};
# Enable sudo without password for admin (dev environment)
security.sudo.wheelNeedsPassword = false;
# Enable dev services stack
services.dev-platform = {
enable = true;
domain = "localhost"; # Change to your domain or IP
matrix = {
enable = true;
serverName = "dev.matrix";
};
forgejo = {
enable = true;
subdomain = "git";
};
slackBridge = {
enable = true;
workspace = ""; # Will be configured via secrets
};
};
# Basic monitoring
services.netdata = {
enable = true;
config = {
global = {
"bind to" = "127.0.0.1";
};
};
};
# Automatic garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# Enable flakes and optimize for deployment
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
# Optimize for builds and downloads
max-jobs = "auto";
cores = 0; # Use all cores
substituters = [
"https://cache.nixos.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
};
system.stateVersion = "24.11";
}
Reference in a new issue View git blame Copy permalink