Compare commits

...

4 commits

Author SHA1 Message Date
Tristan Daniël Maat a8de5feb77
WIP: acme: Add tlater.com 2024-11-17 20:00:19 +01:00
Tristan Daniël Maat c2d7f7dbc0
WIP: feat: Add minecraft server 2024-11-11 19:30:18 +01:00
Tristan Daniël Maat cbbe555f07
bump: Update nextcloud 2024-10-25 00:17:29 +02:00
Tristan Daniël Maat c4ec382de9
flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
  → 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27)
• Updated input 'disko':
    'github:nix-community/disko/276a0d055a720691912c6a34abb724e395c8e38a' (2024-08-15)
  → 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'foundryvtt':
    'github:reckenrode/nix-foundryvtt/699a175398410688214615a9d977354e9ef98d2d' (2024-08-03)
  → 'github:reckenrode/nix-foundryvtt/bf07f9dd916a97a091f8ab83358c2f295bea9ec9' (2024-09-18)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1cbd3d585263dc620c483e138d352a39b9f0e3ec' (2024-08-17)
  → 'github:nixos/nixpkgs/00c24c17345ba867086a807a7869b12e05955c81' (2024-10-24)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/abcef4da4ebb72240bddc370a27263627e64877f' (2024-08-18)
  → 'github:nixos/nixpkgs/8b052aac04356e25b6ec1058c86de8792440362d' (2024-10-24)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
  → 'github:Mic92/sops-nix/78a0e634fc8981d6b564f08b6715c69a755c4c7d' (2024-10-24)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171' (2024-07-21)
  → 'github:NixOS/nixpkgs/bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22' (2024-10-19)
2024-10-24 23:02:57 +02:00
10 changed files with 168 additions and 68 deletions

View file

@ -23,6 +23,7 @@
./services/foundryvtt.nix
./services/gitea.nix
./services/metrics
./services/minecraft.nix
./services/nextcloud.nix
./services/webserver.nix
./services/wireguard.nix
@ -73,8 +74,6 @@
8448
# starbound
21025
# Minecraft
25565
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
@ -83,9 +82,6 @@
];
allowedUDPPorts = [
# More minecraft
25565
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port

View file

@ -43,15 +43,26 @@
) config.services.nginx.virtualHosts;
security.acme = {
defaults.email = "tm@tlater.net";
defaults = {
email = "tm@tlater.net";
group = "nginx";
};
acceptTerms = true;
certs."tlater.net" = {
extraDomainNames = [ "*.tlater.net" ];
dnsProvider = "hetzner";
group = "nginx";
credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path;
};
certs."tlater.com" = {
extraDomainNames = [ "*.tlater.com" ];
dnsProvider = "porkbun";
credentialFiles = {
"PORKBUN_API_KEY_FILE" = config.sops.secrets."porkbun/api".path;
"PORKBUN_SECRET_API_KEY_FILE" = config.sops.secrets."porkbun/secret-api".path;
};
};
};
services.backups.acme = {

View file

@ -0,0 +1,83 @@
{
pkgs,
lib,
config,
...
}:
{
services.minecraft-server = {
enable = true;
eula = true;
# jvmOpts are set using a file for forge
# jvmOpts = "-Xmx8G -Xms8G";
openFirewall = true;
declarative = true;
whitelist = {
tlater = "140d177a-966f-41b8-a4c0-e305babd291b";
romino25 = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
lasi25 = "0ab6e3d1-544a-47e7-8538-2e6c248e49a4";
};
serverProperties = {
allow-flight = true;
difficulty = "hard";
motd = "tlater.net";
spawn-protection = 1;
white-list = true;
enable-query = true;
enable-status = true;
# Allows the server to write chunks without hogging the main
# thread...
sync-chunk-writes = false;
# Disables chat reporting, because we don't need any of that
# drama on a lil' friends-only server.
enforce-secure-profile = false;
};
package = pkgs.writeShellApplication {
name = "minecraft-server";
runtimeInputs = with pkgs; [ jdk17_headless ];
text = ''
exec /var/lib/minecraft/run.sh $@
'';
};
};
systemd.services.minecraft-server = {
path = with pkgs; [ jdk17_headless ];
# Since we read from our own HTTP server, we need to wait for it
# to be up
after = [ "nginx.service" ];
serviceConfig = {
# Use packwiz to install mods
ExecStartPre = [
"${pkgs.jdk17_headless}/bin/java -jar ${config.services.minecraft-server.dataDir}/packwiz-installer-bootstrap.jar -g -s server 'https://minecraft.${config.services.nginx.domain}/cobblemon-pack/pack.toml'"
];
# Forge requires some bonus JVM options, which they include in a
# little `run.sh` script
ExecStart = lib.mkForce "${config.services.minecraft-server.dataDir}/run.sh --nogui";
};
};
systemd.tmpfiles.settings."10-minecraft" = {
"/srv/minecraft".d = {
user = "nginx";
group = "minecraft";
mode = "0775";
};
};
services.nginx.virtualHosts."minecraft.${config.services.nginx.domain}" = {
forceSSL = true;
useACMEHost = "tlater.net";
enableHSTS = true;
root = "/srv/minecraft";
};
}

View file

@ -5,10 +5,7 @@
...
}:
let
# Update pending on rewrite of nextcloud news, though there is an
# alpha to switch to if it becomes necessary:
# https://github.com/nextcloud/news/issues/2610
nextcloud = pkgs.nextcloud28;
nextcloud = pkgs.nextcloud29;
hostName = "nextcloud.${config.services.nginx.domain}";
in
{

View file

@ -38,6 +38,14 @@
owner = "acme";
};
"porkbun/api" = {
owner = "acme";
};
"porkbun/secret-api" = {
owner = "acme";
};
# Nextcloud
"nextcloud/tlater" = {
owner = "nextcloud";

View file

@ -7,11 +7,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
@ -27,11 +27,11 @@
]
},
"locked": {
"lastModified": 1723685519,
"narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
"lastModified": 1729712798,
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"owner": "nix-community",
"repo": "disko",
"rev": "276a0d055a720691912c6a34abb724e395c8e38a",
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"type": "github"
},
"original": {
@ -157,11 +157,11 @@
]
},
"locked": {
"lastModified": 1722661736,
"narHash": "sha256-0lujsK40JV/2PlqCjhZMGpHKL4vDKzJcnkFJYnG1WZA=",
"lastModified": 1726638033,
"narHash": "sha256-+hcgXKG5t/9wibv+8T9WASWItBAWb0tsmcZXH+VIYdw=",
"owner": "reckenrode",
"repo": "nix-foundryvtt",
"rev": "699a175398410688214615a9d977354e9ef98d2d",
"rev": "bf07f9dd916a97a091f8ab83358c2f295bea9ec9",
"type": "github"
},
"original": {
@ -210,11 +210,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1721524707,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"lastModified": 1729357638,
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
"type": "github"
},
"original": {
@ -226,11 +226,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1723957280,
"narHash": "sha256-J08Yqf2IJ73y7myI69qEKsQ048ibweG6FeJeCxbIdB4=",
"lastModified": 1729766066,
"narHash": "sha256-QLeNRaGsoIFfv2Kfd4rw2l1TTDb1i4gQzvClSmrk1l4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "abcef4da4ebb72240bddc370a27263627e64877f",
"rev": "8b052aac04356e25b6ec1058c86de8792440362d",
"type": "github"
},
"original": {
@ -242,11 +242,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1723920526,
"narHash": "sha256-USs6A60raDKZ/8BEpqja1XjZIsRzADX+NtWKH6wIxIw=",
"lastModified": 1729762315,
"narHash": "sha256-l0HyBdB2drPowQm044HDWqMLWwf818G38flxL0bhwqU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1cbd3d585263dc620c483e138d352a39b9f0e3ec",
"rev": "00c24c17345ba867086a807a7869b12e05955c81",
"type": "github"
},
"original": {
@ -442,11 +442,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1723501126,
"narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
"lastModified": 1729775275,
"narHash": "sha256-J2vtHq9sw1wWm0aTMXpEEAzsVCUMZDTEe5kiBYccpLE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
"rev": "78a0e634fc8981d6b564f08b6715c69a755c4c7d",
"type": "github"
},
"original": {

View file

@ -1,4 +1,7 @@
hetzner-api: ENC[AES256_GCM,data:OsUfo86AzcBe/OELkfB5brEfsZ4gkbeehxwIVUBwQgE=,iv:Bt/cjlZ6oZEVUOQjWMDL7/mfL3HWLFAw1tEGeLMgeKg=,tag:TMU2XiHlMgP4aes10mIQYQ==,type:str]
porkbun:
api: ENC[AES256_GCM,data:lnspaxOUMMUh4IzWJQ4yizXob3YCMJeDKeqTf/pjPHdpiIDu/TZ+XUer6DPtLtJwUFz82528/HNtIE0RrxYw2lFiam8=,iv:nKp6eqFtHozioc5TvAXJFCqZbxI75kUIGbSrpfspSGE=,tag:+IRfb4xoowSCohw/08xKkw==,type:str]
secret-api: ENC[AES256_GCM,data:nVQI/IH+DaTyOkogUoFs8J9ZzgJTsYAFSsx3KhhkVv4mQp3h+azktSKlth1oa0e71EEPMaYxDLNIhKkn4kUTnaM7iB4=,iv:pCm0YVdqTMDl/hUYyk65S1bwsBWcx0kepIopXwrPTfY=,tag:ScANzcC7qrzKDbFBzpXyiA==,type:str]
battery-manager:
email: ENC[AES256_GCM,data:rYLUACXR/n+bLBmZ,iv:sUBEkh2+7qGjHZ5R23e/hoCiyTA7GTL4bJvXmxjZ5Sw=,tag:fdPMllaQQfRgX0WZKIre4g==,type:str]
password: ENC[AES256_GCM,data:7cokZa6Q6ahSeiFPz+cV,iv:vz405P0IcG9FsAQXlY7mi78GuushQUKJm2irG6buGzc=,tag:JLHG2jTkJDGbinAq9dXRsQ==,type:str]
@ -32,8 +35,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-04-15T23:13:18Z"
mac: ENC[AES256_GCM,data:3/v+WgSWJ+VcBSBe1Wkis3z+tMmSjbKzLFqBB8xugc6DvgQG8J+1HRrPucLnpNNtEdmpyoTa72U6fPm6JnyUsuj5pLEghLprOJkqQNdRI06fllhw+9d3e3twx6D4oIIsVH6/io4ElXrGsGQTsfNbYhgn+987wa3WP5N25fBac3U=,iv:FL3tzPutOMN6IPkQfXIu/JOZT+OzUSqpMSQrUeXZQHE=,tag:jL1BTsYTA9XjrsjFszxZhA==,type:str]
lastmodified: "2024-11-17T18:21:07Z"
mac: ENC[AES256_GCM,data:51FoQta3+opyqJKYR0xHuToLbJh3wQlByM78FgtsWjnQXME4+Fo8khfZzroqv9sAHZ62iarUXc8lCiR0u5YvqCgraE6qvDrHIy8nwh2/nwkpyPUSBEvkkDSakyLmvrIkRbV9XbI1qo3OunnZoFP4MqMblvlMclA2Y+LiIUgyxxE=,iv:vustCOMYyp06Xtylj1DoQ4370X1RCWppeu/mCoKQhmk=,tag:L4GujQF+O6KEQeyYA+LFOA==,type:str]
pgp:
- created_at: "2024-03-18T04:02:00Z"
enc: |-

View file

@ -7,11 +7,11 @@
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-V4zZsAwPn8QiCXEDqOgNFHaXqMOcHMpMbJ1Oz3Db0pc=",
"sha256": "sha256-7BTNFsNcqmDACpj5PMEiS71xtr50v7Sqo3qeCL+3J9s=",
"type": "tarball",
"url": "https://github.com/nextcloud/bookmarks/releases/download/v14.2.4/bookmarks-14.2.4.tar.gz"
"url": "https://github.com/nextcloud/bookmarks/releases/download/v14.2.6/bookmarks-14.2.6.tar.gz"
},
"version": "14.2.4"
"version": "14.2.6"
},
"calendar": {
"cargoLocks": null,
@ -21,11 +21,11 @@
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-sipXeyOL4OhENz7V2beFeSYBAoFZdCWtqftIy0lsqEY=",
"sha256": "sha256-X2XcH7HpxgizCEJVrazGtzNQTBihFxvTq/ybK939cxo=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.15/calendar-v4.7.15.tar.gz"
"url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.16/calendar-v4.7.16.tar.gz"
},
"version": "v4.7.15"
"version": "v4.7.16"
},
"contacts": {
"cargoLocks": null,
@ -49,11 +49,11 @@
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=",
"sha256": "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/Cookbook-0.11.1.tar.gz"
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/Cookbook-0.11.2.tar.gz"
},
"version": "0.11.1"
"version": "0.11.2"
},
"news": {
"cargoLocks": null,
@ -63,11 +63,11 @@
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-AhTZGQCLeNgsRBF5w3+Lf9JtNN4D1QncB5t+odU+XUc=",
"sha256": "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha8/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
},
"version": "25.0.0-alpha8"
"version": "25.0.0-alpha12"
},
"notes": {
"cargoLocks": null,
@ -77,10 +77,10 @@
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-A3QNWGWeC2OcZngMrh9NpYbU5qp5x9xiDcRfB9cRXBo=",
"sha256": "sha256-Cu73H0hJREbkskLbj56M8qUF1Tp4EazORlCF9rpPL90=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/notes/releases/download/v4.10.1/notes-v4.10.1.tar.gz"
"url": "https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz"
},
"version": "v4.10.1"
"version": "v4.11.0"
}
}

View file

@ -3,18 +3,18 @@
{
bookmarks = {
pname = "bookmarks";
version = "14.2.4";
version = "14.2.6";
src = fetchTarball {
url = "https://github.com/nextcloud/bookmarks/releases/download/v14.2.4/bookmarks-14.2.4.tar.gz";
sha256 = "sha256-V4zZsAwPn8QiCXEDqOgNFHaXqMOcHMpMbJ1Oz3Db0pc=";
url = "https://github.com/nextcloud/bookmarks/releases/download/v14.2.6/bookmarks-14.2.6.tar.gz";
sha256 = "sha256-7BTNFsNcqmDACpj5PMEiS71xtr50v7Sqo3qeCL+3J9s=";
};
};
calendar = {
pname = "calendar";
version = "v4.7.15";
version = "v4.7.16";
src = fetchTarball {
url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.15/calendar-v4.7.15.tar.gz";
sha256 = "sha256-sipXeyOL4OhENz7V2beFeSYBAoFZdCWtqftIy0lsqEY=";
url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.16/calendar-v4.7.16.tar.gz";
sha256 = "sha256-X2XcH7HpxgizCEJVrazGtzNQTBihFxvTq/ybK939cxo=";
};
};
contacts = {
@ -27,26 +27,26 @@
};
cookbook = {
pname = "cookbook";
version = "0.11.1";
version = "0.11.2";
src = fetchTarball {
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/Cookbook-0.11.1.tar.gz";
sha256 = "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=";
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/Cookbook-0.11.2.tar.gz";
sha256 = "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=";
};
};
news = {
pname = "news";
version = "25.0.0-alpha8";
version = "25.0.0-alpha12";
src = fetchTarball {
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha8/news.tar.gz";
sha256 = "sha256-AhTZGQCLeNgsRBF5w3+Lf9JtNN4D1QncB5t+odU+XUc=";
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
sha256 = "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=";
};
};
notes = {
pname = "notes";
version = "v4.10.1";
version = "v4.11.0";
src = fetchTarball {
url = "https://github.com/nextcloud-releases/notes/releases/download/v4.10.1/notes-v4.10.1.tar.gz";
sha256 = "sha256-A3QNWGWeC2OcZngMrh9NpYbU5qp5x9xiDcRfB9cRXBo=";
url = "https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz";
sha256 = "sha256-Cu73H0hJREbkskLbj56M8qUF1Tp4EazORlCF9rpPL90=";
};
};
}

View file

@ -1,10 +1,12 @@
[bookmarks]
src.github = "nextcloud/bookmarks"
src.prefix = "v"
# src.github = "nextcloud/bookmarks"
# src.prefix = "v"
src.manual = "14.2.6"
fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz"
[calendar]
src.github = "nextcloud-releases/calendar"
# src.github = "nextcloud-releases/calendar"
src.manual = "v4.7.16"
fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz"
[contacts]
@ -20,7 +22,7 @@ fetch.tarball = "https://github.com/christianlupus-nextcloud/cookbook-releases/r
[news]
# Update manually until angular rewrite is done
# src.github = "nextcloud/news"
src.manual = "25.0.0-alpha8"
src.manual = "25.0.0-alpha12"
fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz"
[notes]