10 changed files with 68 additions and 168 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -23,7 +23,6 @@
    ./services/foundryvtt.nix
    ./services/gitea.nix
    ./services/metrics
    ./services/minecraft.nix
    ./services/nextcloud.nix
    ./services/webserver.nix
    ./services/wireguard.nix
@ -74,6 +73,8 @@
        8448
        # starbound
        21025
        # Minecraft
        25565
        config.services.coturn.listening-port
        config.services.coturn.tls-listening-port
@ -82,6 +83,9 @@
      ];
      allowedUDPPorts = [
        # More minecraft
        25565
        config.services.coturn.listening-port
        config.services.coturn.tls-listening-port
        config.services.coturn.alt-listening-port
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@ -43,26 +43,15 @@
  ) config.services.nginx.virtualHosts;
  security.acme = {
-    defaults = {
+    defaults.email = "tm@tlater.net";
      email = "tm@tlater.net";
      group = "nginx";
    };
    acceptTerms = true;
    certs."tlater.net" = {
      extraDomainNames = [ "*.tlater.net" ];
      dnsProvider = "hetzner";
      group = "nginx";
      credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path;
    };
    certs."tlater.com" = {
      extraDomainNames = [ "*.tlater.com" ];
      dnsProvider = "porkbun";
      credentialFiles = {
        "PORKBUN_API_KEY_FILE" = config.sops.secrets."porkbun/api".path;
        "PORKBUN_SECRET_API_KEY_FILE" = config.sops.secrets."porkbun/secret-api".path;
      };
    };
  };
  services.backups.acme = {
--- a/configuration/services/minecraft.nix
+++ b/configuration/services/minecraft.nix
@ -1,83 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  services.minecraft-server = {
    enable = true;
    eula = true;
    # jvmOpts are set using a file for forge
    # jvmOpts = "-Xmx8G -Xms8G";
    openFirewall = true;
    declarative = true;
    whitelist = {
      tlater = "140d177a-966f-41b8-a4c0-e305babd291b";
      romino25 = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
      lasi25 = "0ab6e3d1-544a-47e7-8538-2e6c248e49a4";
    };
    serverProperties = {
      allow-flight = true;
      difficulty = "hard";
      motd = "tlater.net";
      spawn-protection = 1;
      white-list = true;
      enable-query = true;
      enable-status = true;
      # Allows the server to write chunks without hogging the main
      # thread...
      sync-chunk-writes = false;
      # Disables chat reporting, because we don't need any of that
      # drama on a lil' friends-only server.
      enforce-secure-profile = false;
    };
    package = pkgs.writeShellApplication {
      name = "minecraft-server";
      runtimeInputs = with pkgs; [ jdk17_headless ];
      text = ''
        exec /var/lib/minecraft/run.sh $@
      '';
    };
  };
  systemd.services.minecraft-server = {
    path = with pkgs; [ jdk17_headless ];
    # Since we read from our own HTTP server, we need to wait for it
    # to be up
    after = [ "nginx.service" ];
    serviceConfig = {
      # Use packwiz to install mods
      ExecStartPre = [
        "${pkgs.jdk17_headless}/bin/java -jar ${config.services.minecraft-server.dataDir}/packwiz-installer-bootstrap.jar -g -s server 'https://minecraft.${config.services.nginx.domain}/cobblemon-pack/pack.toml'"
      ];
      # Forge requires some bonus JVM options, which they include in a
      # little `run.sh` script
      ExecStart = lib.mkForce "${config.services.minecraft-server.dataDir}/run.sh --nogui";
    };
  };
  systemd.tmpfiles.settings."10-minecraft" = {
    "/srv/minecraft".d = {
      user = "nginx";
      group = "minecraft";
      mode = "0775";
    };
  };
  services.nginx.virtualHosts."minecraft.${config.services.nginx.domain}" = {
    forceSSL = true;
    useACMEHost = "tlater.net";
    enableHSTS = true;
    root = "/srv/minecraft";
  };
 }
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@ -5,7 +5,10 @@
  ...
 }:
 let
-  nextcloud = pkgs.nextcloud29;
+  # Update pending on rewrite of nextcloud news, though there is an
  # alpha to switch to if it becomes necessary:
  # https://github.com/nextcloud/news/issues/2610
  nextcloud = pkgs.nextcloud28;
  hostName = "nextcloud.${config.services.nginx.domain}";
 in
 {
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@ -38,14 +38,6 @@
        owner = "acme";
      };
      "porkbun/api" = {
        owner = "acme";
      };
      "porkbun/secret-api" = {
        owner = "acme";
      };
      # Nextcloud
      "nextcloud/tlater" = {
        owner = "nextcloud";
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1727447169,
+        "lastModified": 1718194053,
-        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
        "type": "github"
      },
      "original": {
@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729712798,
+        "lastModified": 1723685519,
-        "narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
+        "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
+        "rev": "276a0d055a720691912c6a34abb724e395c8e38a",
        "type": "github"
      },
      "original": {
@ -157,11 +157,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726638033,
+        "lastModified": 1722661736,
-        "narHash": "sha256-+hcgXKG5t/9wibv+8T9WASWItBAWb0tsmcZXH+VIYdw=",
+        "narHash": "sha256-0lujsK40JV/2PlqCjhZMGpHKL4vDKzJcnkFJYnG1WZA=",
        "owner": "reckenrode",
        "repo": "nix-foundryvtt",
-        "rev": "bf07f9dd916a97a091f8ab83358c2f295bea9ec9",
+        "rev": "699a175398410688214615a9d977354e9ef98d2d",
        "type": "github"
      },
      "original": {
@ -210,11 +210,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1729357638,
+        "lastModified": 1721524707,
-        "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
+        "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
+        "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
        "type": "github"
      },
      "original": {
@ -226,11 +226,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1729766066,
+        "lastModified": 1723957280,
-        "narHash": "sha256-QLeNRaGsoIFfv2Kfd4rw2l1TTDb1i4gQzvClSmrk1l4=",
+        "narHash": "sha256-J08Yqf2IJ73y7myI69qEKsQ048ibweG6FeJeCxbIdB4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8b052aac04356e25b6ec1058c86de8792440362d",
+        "rev": "abcef4da4ebb72240bddc370a27263627e64877f",
        "type": "github"
      },
      "original": {
@ -242,11 +242,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1729762315,
+        "lastModified": 1723920526,
-        "narHash": "sha256-l0HyBdB2drPowQm044HDWqMLWwf818G38flxL0bhwqU=",
+        "narHash": "sha256-USs6A60raDKZ/8BEpqja1XjZIsRzADX+NtWKH6wIxIw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "00c24c17345ba867086a807a7869b12e05955c81",
+        "rev": "1cbd3d585263dc620c483e138d352a39b9f0e3ec",
        "type": "github"
      },
      "original": {
@ -442,11 +442,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1729775275,
+        "lastModified": 1723501126,
-        "narHash": "sha256-J2vtHq9sw1wWm0aTMXpEEAzsVCUMZDTEe5kiBYccpLE=",
+        "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "78a0e634fc8981d6b564f08b6715c69a755c4c7d",
+        "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
        "type": "github"
      },
      "original": {
--- a/keys/production.yaml
+++ b/keys/production.yaml
@ -1,7 +1,4 @@
 hetzner-api: ENC[AES256_GCM,data:OsUfo86AzcBe/OELkfB5brEfsZ4gkbeehxwIVUBwQgE=,iv:Bt/cjlZ6oZEVUOQjWMDL7/mfL3HWLFAw1tEGeLMgeKg=,tag:TMU2XiHlMgP4aes10mIQYQ==,type:str]
 porkbun:
    api: ENC[AES256_GCM,data:lnspaxOUMMUh4IzWJQ4yizXob3YCMJeDKeqTf/pjPHdpiIDu/TZ+XUer6DPtLtJwUFz82528/HNtIE0RrxYw2lFiam8=,iv:nKp6eqFtHozioc5TvAXJFCqZbxI75kUIGbSrpfspSGE=,tag:+IRfb4xoowSCohw/08xKkw==,type:str]
    secret-api: ENC[AES256_GCM,data:nVQI/IH+DaTyOkogUoFs8J9ZzgJTsYAFSsx3KhhkVv4mQp3h+azktSKlth1oa0e71EEPMaYxDLNIhKkn4kUTnaM7iB4=,iv:pCm0YVdqTMDl/hUYyk65S1bwsBWcx0kepIopXwrPTfY=,tag:ScANzcC7qrzKDbFBzpXyiA==,type:str]
 battery-manager:
    email: ENC[AES256_GCM,data:rYLUACXR/n+bLBmZ,iv:sUBEkh2+7qGjHZ5R23e/hoCiyTA7GTL4bJvXmxjZ5Sw=,tag:fdPMllaQQfRgX0WZKIre4g==,type:str]
    password: ENC[AES256_GCM,data:7cokZa6Q6ahSeiFPz+cV,iv:vz405P0IcG9FsAQXlY7mi78GuushQUKJm2irG6buGzc=,tag:JLHG2jTkJDGbinAq9dXRsQ==,type:str]
@ -35,8 +32,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-11-17T18:21:07Z"
+    lastmodified: "2024-04-15T23:13:18Z"
-    mac: ENC[AES256_GCM,data:51FoQta3+opyqJKYR0xHuToLbJh3wQlByM78FgtsWjnQXME4+Fo8khfZzroqv9sAHZ62iarUXc8lCiR0u5YvqCgraE6qvDrHIy8nwh2/nwkpyPUSBEvkkDSakyLmvrIkRbV9XbI1qo3OunnZoFP4MqMblvlMclA2Y+LiIUgyxxE=,iv:vustCOMYyp06Xtylj1DoQ4370X1RCWppeu/mCoKQhmk=,tag:L4GujQF+O6KEQeyYA+LFOA==,type:str]
+    mac: ENC[AES256_GCM,data:3/v+WgSWJ+VcBSBe1Wkis3z+tMmSjbKzLFqBB8xugc6DvgQG8J+1HRrPucLnpNNtEdmpyoTa72U6fPm6JnyUsuj5pLEghLprOJkqQNdRI06fllhw+9d3e3twx6D4oIIsVH6/io4ElXrGsGQTsfNbYhgn+987wa3WP5N25fBac3U=,iv:FL3tzPutOMN6IPkQfXIu/JOZT+OzUSqpMSQrUeXZQHE=,tag:jL1BTsYTA9XjrsjFszxZhA==,type:str]
    pgp:
        - created_at: "2024-03-18T04:02:00Z"
          enc: |-
--- a/pkgs/_sources_nextcloud/generated.json
+++ b/pkgs/_sources_nextcloud/generated.json
@ -7,11 +7,11 @@
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-7BTNFsNcqmDACpj5PMEiS71xtr50v7Sqo3qeCL+3J9s=",
+            "sha256": "sha256-V4zZsAwPn8QiCXEDqOgNFHaXqMOcHMpMbJ1Oz3Db0pc=",
            "type": "tarball",
-            "url": "https://github.com/nextcloud/bookmarks/releases/download/v14.2.6/bookmarks-14.2.6.tar.gz"
+            "url": "https://github.com/nextcloud/bookmarks/releases/download/v14.2.4/bookmarks-14.2.4.tar.gz"
        },
-        "version": "14.2.6"
+        "version": "14.2.4"
    },
    "calendar": {
        "cargoLocks": null,
@ -21,11 +21,11 @@
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-X2XcH7HpxgizCEJVrazGtzNQTBihFxvTq/ybK939cxo=",
+            "sha256": "sha256-sipXeyOL4OhENz7V2beFeSYBAoFZdCWtqftIy0lsqEY=",
            "type": "tarball",
-            "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.16/calendar-v4.7.16.tar.gz"
+            "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.15/calendar-v4.7.15.tar.gz"
        },
-        "version": "v4.7.16"
+        "version": "v4.7.15"
    },
    "contacts": {
        "cargoLocks": null,
@ -49,11 +49,11 @@
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=",
+            "sha256": "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=",
            "type": "tarball",
-            "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/Cookbook-0.11.2.tar.gz"
+            "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/Cookbook-0.11.1.tar.gz"
        },
-        "version": "0.11.2"
+        "version": "0.11.1"
    },
    "news": {
        "cargoLocks": null,
@ -63,11 +63,11 @@
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=",
+            "sha256": "sha256-AhTZGQCLeNgsRBF5w3+Lf9JtNN4D1QncB5t+odU+XUc=",
            "type": "tarball",
-            "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
+            "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha8/news.tar.gz"
        },
-        "version": "25.0.0-alpha12"
+        "version": "25.0.0-alpha8"
    },
    "notes": {
        "cargoLocks": null,
@ -77,10 +77,10 @@
        "passthru": null,
        "pinned": false,
        "src": {
-            "sha256": "sha256-Cu73H0hJREbkskLbj56M8qUF1Tp4EazORlCF9rpPL90=",
+            "sha256": "sha256-A3QNWGWeC2OcZngMrh9NpYbU5qp5x9xiDcRfB9cRXBo=",
            "type": "tarball",
-            "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz"
+            "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.10.1/notes-v4.10.1.tar.gz"
        },
-        "version": "v4.11.0"
+        "version": "v4.10.1"
    }
 }
--- a/pkgs/_sources_nextcloud/generated.nix
+++ b/pkgs/_sources_nextcloud/generated.nix
@ -3,18 +3,18 @@
 {
  bookmarks = {
    pname = "bookmarks";
-    version = "14.2.6";
+    version = "14.2.4";
    src = fetchTarball {
-      url = "https://github.com/nextcloud/bookmarks/releases/download/v14.2.6/bookmarks-14.2.6.tar.gz";
+      url = "https://github.com/nextcloud/bookmarks/releases/download/v14.2.4/bookmarks-14.2.4.tar.gz";
-      sha256 = "sha256-7BTNFsNcqmDACpj5PMEiS71xtr50v7Sqo3qeCL+3J9s=";
+      sha256 = "sha256-V4zZsAwPn8QiCXEDqOgNFHaXqMOcHMpMbJ1Oz3Db0pc=";
    };
  };
  calendar = {
    pname = "calendar";
-    version = "v4.7.16";
+    version = "v4.7.15";
    src = fetchTarball {
-      url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.16/calendar-v4.7.16.tar.gz";
+      url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.15/calendar-v4.7.15.tar.gz";
-      sha256 = "sha256-X2XcH7HpxgizCEJVrazGtzNQTBihFxvTq/ybK939cxo=";
+      sha256 = "sha256-sipXeyOL4OhENz7V2beFeSYBAoFZdCWtqftIy0lsqEY=";
    };
  };
  contacts = {
@ -27,26 +27,26 @@
  };
  cookbook = {
    pname = "cookbook";
-    version = "0.11.2";
+    version = "0.11.1";
    src = fetchTarball {
-      url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/Cookbook-0.11.2.tar.gz";
+      url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/Cookbook-0.11.1.tar.gz";
-      sha256 = "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=";
+      sha256 = "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=";
    };
  };
  news = {
    pname = "news";
-    version = "25.0.0-alpha12";
+    version = "25.0.0-alpha8";
    src = fetchTarball {
-      url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
+      url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha8/news.tar.gz";
-      sha256 = "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=";
+      sha256 = "sha256-AhTZGQCLeNgsRBF5w3+Lf9JtNN4D1QncB5t+odU+XUc=";
    };
  };
  notes = {
    pname = "notes";
-    version = "v4.11.0";
+    version = "v4.10.1";
    src = fetchTarball {
-      url = "https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz";
+      url = "https://github.com/nextcloud-releases/notes/releases/download/v4.10.1/notes-v4.10.1.tar.gz";
-      sha256 = "sha256-Cu73H0hJREbkskLbj56M8qUF1Tp4EazORlCF9rpPL90=";
+      sha256 = "sha256-A3QNWGWeC2OcZngMrh9NpYbU5qp5x9xiDcRfB9cRXBo=";
    };
  };
 }
--- a/pkgs/nextcloud-apps.toml
+++ b/pkgs/nextcloud-apps.toml
@ -1,12 +1,10 @@
 [bookmarks]
-# src.github = "nextcloud/bookmarks"
+src.github = "nextcloud/bookmarks"
-# src.prefix = "v"
+src.prefix = "v"
 src.manual = "14.2.6"
 fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz"
 [calendar]
-# src.github = "nextcloud-releases/calendar"
+src.github = "nextcloud-releases/calendar"
 src.manual = "v4.7.16"
 fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz"
 [contacts]
@ -22,7 +20,7 @@ fetch.tarball = "https://github.com/christianlupus-nextcloud/cookbook-releases/r
 [news]
 # Update manually until angular rewrite is done
 # src.github = "nextcloud/news"
-src.manual = "25.0.0-alpha12"
+src.manual = "25.0.0-alpha8"
 fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz"
 [notes]