This will reject connections from anywhere except 127.0.0.1, i.e., the
pod's network namespace.
This makes password authentication properly obsolete, instead of just
hiding the password (but still never authenticating with it), but
required a change upstream:
https://github.com/docker-library/postgres/pull/859
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.
This can result in connection issues, especially with containers that
don't support IPv6.
Podman pods make this obsolete; though we need to explicitly set
slirp4netns, otherwise podman will not create private network
namespaces for the pods.
In a nutshell:
- Apotheosis
- Don't clutter the world with super tall reed
- Don't ruin spawners - it's nice to build buildings in more
locations
- Ice and fire
- *Really* tone down the griefing and amount of spawns
- Iron furnaces
- *Hopefully* disable the annoying update chat messages
- Quark
- Disable matrix enchanting so that apotheosis works
This removes all existing services as well, in preparation of moving
them to `podman`. These are easier to update to
virtualisation.oci-containers while retaining the "networks" through
pods.
This changed because of a migration from postgresql 12 -> 13. Future
versions should probably be named with the database version appended,
rather than "new", but for now this is how the system is set up.
Previously this would add a checksum to the name because it would use
the name provided by nixos, which of course would make minecraft not
read the server properties file.
This previously didn't work because nextcloud believed we were running
http, when in reality we were running https.
Overwrite the protocol, so that nextcloud can authorize devices.
This needs to be done because the server does not support qemu, and
NixOS requires qemu to use the runAsRoot feature for docker images.
Instead, create the required files as part of the entrypoint.
Fixes#6
This is an initial configuration to restore old services.
Obviously, vendoring everything in a tarball is pretty awful, and if I
ever wanted to open source this, that would be a problem.
I intend to create a proper derivation in time, but including mods is
difficult from some initial experimentation.
