f25a8b06ef
Priority 1 - Production Quality: - Revert Matrix homeserver log level from debug to info - Reduces log volume by ~70% (22k+ lines/day to <7k) - Improves performance and reduces disk usage Priority 2 - Technical Debt: - Automate sender_localpart fix in mautrix-slack.nix - Eliminates manual sed command on fresh deployments - Fix verified working (tested 2025-10-26) - Update CLAUDE.md to document automated solution Priority 3 - Project Hygiene: - Remove unused mautrix-whatsapp and mautrix-gmessages imports - Archive old configurations to docs/examples/alternative-deployments/ - Remove stale staging/ directories from 001 extraction workflow - Update deployment documentation in tasks.md and quickstart.md - Add deployment status notes to spec files Files Modified: - modules/dev-services.nix: log level debug → info - modules/mautrix-slack.nix: automatic sender_localpart fix - hosts/ops-jrz1.nix: remove unused bridge imports - CLAUDE.md: update Known Issues, add Resolved Issues section - specs/002-*/: add deployment status notes - configurations/ → docs/examples/alternative-deployments/ Tested and Verified: - All services running (matrix, bridge, forgejo, postgresql, nginx) - Bridge authenticated and message flow working - sender_localpart fix generates correct registration file
75 lines
1.7 KiB
Nix
75 lines
1.7 KiB
Nix
{ config, pkgs, pkgs-unstable, ... }:
|
|
|
|
{
|
|
# ops-jrz1 production VPS configuration
|
|
# Imports extracted Matrix modules from ops-base
|
|
|
|
imports = [
|
|
# Hardware configuration
|
|
../hardware-configuration.nix
|
|
|
|
# Matrix platform modules
|
|
../modules/matrix-continuwuity.nix
|
|
../modules/mautrix-slack.nix
|
|
../modules/dev-services.nix
|
|
../modules/security/fail2ban.nix
|
|
../modules/security/ssh-hardening.nix
|
|
../modules/matrix-secrets
|
|
];
|
|
|
|
# System configuration
|
|
networking.hostName = "jrz1";
|
|
|
|
# sops-nix secrets management
|
|
sops.defaultSopsFile = ../secrets/secrets.yaml;
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
sops.secrets.matrix-registration-token = {
|
|
# Used by dev-services.nix matrix-continuwuity via systemd LoadCredential
|
|
# Root ownership is correct for DynamicUser services
|
|
mode = "0400";
|
|
};
|
|
|
|
sops.secrets.acme-email = {
|
|
owner = "root";
|
|
mode = "0444";
|
|
};
|
|
|
|
# Matrix homeserver configuration
|
|
# NOTE: Disabled in favor of dev-platform.matrix which provides integrated
|
|
# bridge coordination and systemd credential-based secrets management
|
|
# services.matrix-homeserver = {
|
|
# enable = true;
|
|
# domain = "clarun.xyz";
|
|
# port = 8008;
|
|
# enableRegistration = true;
|
|
# enableFederation = false;
|
|
# };
|
|
|
|
# Development platform services (Matrix, Forgejo, bridges)
|
|
services.dev-platform = {
|
|
enable = true;
|
|
domain = "clarun.xyz";
|
|
|
|
matrix = {
|
|
enable = true;
|
|
serverName = "clarun.xyz";
|
|
port = 8008;
|
|
};
|
|
|
|
forgejo = {
|
|
enable = true;
|
|
subdomain = "git";
|
|
port = 3000;
|
|
};
|
|
|
|
slackBridge = {
|
|
enable = true;
|
|
workspace = "chochacho";
|
|
port = 29319;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|