From 0818a4afa80c270480065e35fdbb23c2631b9ee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:57:24 +0000 Subject: [PATCH 01/12] WIP: nextcloud: Update the service and apps for 22.11 --- configuration/services/nextcloud.nix | 10 +---- pkgs/_sources_nextcloud/generated.json | 59 ++++++++++++-------------- pkgs/_sources_nextcloud/generated.nix | 52 +++++++++++------------ pkgs/default.nix | 4 +- pkgs/mkNextcloudApp.nix | 15 +++---- pkgs/nextcloud-apps.toml | 27 ++++-------- 6 files changed, 70 insertions(+), 97 deletions(-) diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index fddddde..c25cfb2 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -3,14 +3,14 @@ config, ... }: let - inherit (pkgs) fetchNextcloudApp; - nextcloud = pkgs.nextcloud24; + nextcloud = pkgs.nextcloud25; hostName = "nextcloud.${config.services.nginx.domain}"; in { services.nextcloud = { inherit hostName; package = nextcloud; + enableBrokenCiphersForSSE = false; enable = true; maxUploadSize = "2G"; https = true; @@ -28,12 +28,6 @@ in { }; extraApps = { - # TODO(tlater): Seems like this won't work anymore from - # Nextcloud 25 onwards. - # - # Adopt whatever upstream does with this: - # https://github.com/nextcloud/server/issues/4917 - inherit (pkgs.local) apporder; inherit (pkgs.local) bookmarks calendar contacts cookbook news notes; }; diff --git a/pkgs/_sources_nextcloud/generated.json b/pkgs/_sources_nextcloud/generated.json index c4a4b55..7752f5e 100644 --- a/pkgs/_sources_nextcloud/generated.json +++ b/pkgs/_sources_nextcloud/generated.json @@ -7,9 +7,8 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE=", - "type": "url", + "sha256": "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96", + "type": "tarball", "url": "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz" }, "version": "v0.15.0" @@ -22,12 +21,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM=", - "type": "url", - "url": "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz" + "sha256": "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx", + "type": "tarball", + "url": "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz" }, - "version": "11.0.4" + "version": "12.0.0" }, "calendar": { "cargoLocks": null, @@ -37,12 +35,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0=", - "type": "url", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz" + "sha256": "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an", + "type": "tarball", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz" }, - "version": "v3.5.0" + "version": "v4.2.0" }, "contacts": { "cargoLocks": null, @@ -52,12 +49,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A=", - "type": "url", - "url": "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz" + "sha256": "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8", + "type": "tarball", + "url": "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz" }, - "version": "v4.2.2" + "version": "v5.0.2" }, "cookbook": { "cargoLocks": null, @@ -67,12 +63,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I=", - "type": "url", - "url": "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz" + "sha256": "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg", + "type": "tarball", + "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz" }, - "version": "0.9.17" + "version": "0.10.1" }, "news": { "cargoLocks": null, @@ -82,12 +77,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY=", - "type": "url", - "url": "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz" + "sha256": "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7", + "type": "tarball", + "url": "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz" }, - "version": "19.0.0" + "version": "20.0.0" }, "notes": { "cargoLocks": null, @@ -97,11 +91,10 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk=", - "type": "url", - "url": "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz" + "sha256": "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl", + "type": "tarball", + "url": "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz" }, - "version": "v4.5.1" + "version": "v4.6.0" } } \ No newline at end of file diff --git a/pkgs/_sources_nextcloud/generated.nix b/pkgs/_sources_nextcloud/generated.nix index 324306d..f3a0521 100644 --- a/pkgs/_sources_nextcloud/generated.nix +++ b/pkgs/_sources_nextcloud/generated.nix @@ -4,57 +4,57 @@ apporder = { pname = "apporder"; version = "v0.15.0"; - src = fetchurl { + src = fetchTarball { url = "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz"; - sha256 = "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE="; + sha256 = "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96"; }; }; bookmarks = { pname = "bookmarks"; - version = "11.0.4"; - src = fetchurl { - url = "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz"; - sha256 = "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM="; + version = "12.0.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz"; + sha256 = "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx"; }; }; calendar = { pname = "calendar"; - version = "v3.5.0"; - src = fetchurl { - url = "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz"; - sha256 = "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0="; + version = "v4.2.0"; + src = fetchTarball { + url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz"; + sha256 = "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an"; }; }; contacts = { pname = "contacts"; - version = "v4.2.2"; - src = fetchurl { - url = "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz"; - sha256 = "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A="; + version = "v5.0.2"; + src = fetchTarball { + url = "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz"; + sha256 = "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8"; }; }; cookbook = { pname = "cookbook"; - version = "0.9.17"; - src = fetchurl { - url = "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz"; - sha256 = "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I="; + version = "0.10.1"; + src = fetchTarball { + url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; + sha256 = "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg"; }; }; news = { pname = "news"; - version = "19.0.0"; - src = fetchurl { - url = "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz"; - sha256 = "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY="; + version = "20.0.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz"; + sha256 = "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7"; }; }; notes = { pname = "notes"; - version = "v4.5.1"; - src = fetchurl { - url = "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz"; - sha256 = "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk="; + version = "v4.6.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz"; + sha256 = "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl"; }; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 545984a..3818a26 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,7 +2,7 @@ pkgs, lib, }: let - inherit (builtins) listToAttrs mapAttrs; + inherit (builtins) fromJSON mapAttrs readFile; inherit (pkgs) callPackage; in { @@ -12,7 +12,7 @@ in # Add nextcloud apps let mkNextcloudApp = pkgs.callPackage ./mkNextcloudApp.nix {}; - sources = pkgs.callPackage ./_sources_nextcloud/generated.nix {}; + sources = fromJSON (readFile ./_sources_nextcloud/generated.json); in mapAttrs (_: source: mkNextcloudApp source) sources ) diff --git a/pkgs/mkNextcloudApp.nix b/pkgs/mkNextcloudApp.nix index 3c78a94..6430ac1 100644 --- a/pkgs/mkNextcloudApp.nix +++ b/pkgs/mkNextcloudApp.nix @@ -1,13 +1,8 @@ { fetchNextcloudApp, lib, -}: let - inherit (lib) removePrefix; -in - source: - fetchNextcloudApp { - name = source.pname; - version = removePrefix "v" source.version; - url = source.src.url; - sha256 = source.src.outputHash; - } +}: source: +fetchNextcloudApp { + url = source.src.url; + sha256 = source.src.sha256; +} diff --git a/pkgs/nextcloud-apps.toml b/pkgs/nextcloud-apps.toml index 6e06432..69bccdc 100644 --- a/pkgs/nextcloud-apps.toml +++ b/pkgs/nextcloud-apps.toml @@ -1,35 +1,26 @@ -[apporder] -src.github = "juliushaertl/apporder" -fetch.url = "https://github.com/juliushaertl/apporder/releases/download/$ver/apporder.tar.gz" - [bookmarks] src.github = "nextcloud/bookmarks" src.prefix = "v" -fetch.url = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz" +fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz" [calendar] -src.manual = "v3.5.0" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud-releases/calendar" -fetch.url = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz" +src.github = "nextcloud-releases/calendar" +fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz" [contacts] -src.manual = "v4.2.2" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud-releases/contacts" -fetch.url = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz" +src.github = "nextcloud-releases/contacts" +fetch.tarball = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz" [cookbook] src.github_tag = "nextcloud/cookbook" src.prefix = "v" src.exclude_regex = 'v\d+\.\d+\.\d+-rc\d+' -fetch.url = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz" +fetch.tarball = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz" [news] src.github = "nextcloud/news" -# Sadly, the news app vendors things, and those are only included in -# their tarball. -fetch.url = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz" +fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz" [notes] -src.manual = "v4.5.1" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud/notes" -fetch.url = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz" +src.github = "nextcloud/notes" +fetch.tarball = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz" From 785f41c3769f163a5351283df9b37a7520e3fb95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:04 +0000 Subject: [PATCH 02/12] keys/staging: Add a few missing keys that made the vm break --- keys/staging.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/keys/staging.yaml b/keys/staging.yaml index 9adfde8..069a405 100644 --- a/keys/staging.yaml +++ b/keys/staging.yaml @@ -5,14 +5,17 @@ steam: turn: env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] + ssl-key: ENC[AES256_GCM,data:RYfwHjBvwFXgXxXIEuWUzaycTdrCvmPivsNvvUIwDRynS5G2Dl6RCVp1w9zuLvoNun5ncUPGGuLMmVqN2wkJlw==,iv:UKI3bVTY7iTDNvp5UqrZ3QlQkMZ5p2bjgODEc6DCBfQ=,tag:sz7VTyRWyZxAsP4nE48DnA==,type:str] + #ENC[AES256_GCM,data:bxhKzU5Tzezl749CDu8e8kxa7ahGuZFaPa9K3kxuD+4sg5Hi3apgDlC0n8oK0DeiK4Ks7+9Cyw==,iv:T/zVJUpNAv1rR0a9+6SDTG08ws2A1hFBs5Ia3TpT0uk=,tag:uGXb1VryM+lIJ8r0I5durA==,type:comment] + ssl-cert: ENC[AES256_GCM,data:xHUr14CjKslgbGh/n5jYSOuCw9JRxS6YXE4fxS+aJzFcNeSeGNqoipPeuJupZGBnQP/FCqohiHY=,iv:/OEsVqRshGL9NIvntMC42EPZSNL0u6EfhtUBqgV7qog=,tag:4pxtNjuvy/ibm6nDtKdSkw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-10-28T22:54:01Z" - mac: ENC[AES256_GCM,data:1nsv+Dl7lzRZNNb9kSuqFrXrcncIklw/A2uwd/yQQ546Rm/4gzpBZqCi6cv5VBCdc1iNuBcAM74DnZHMDmeWAiW0WfACPJMQjCes21P6IUsP2gu+bV2f9qqqnP2a5voxzFHp1aclklzMiiZJBEB1Y3UNz0ZG7A43hsOAE0/fJ9o=,iv:kY10PF5ErkKHXx8m0OyX2eU6kcFQsrsP3V2scVBMsuA=,tag:Uth0XfP2c0LBJQ7+7Uc0BQ==,type:str] + lastmodified: "2023-01-11T01:49:31Z" + mac: ENC[AES256_GCM,data:5IcHdNQ/mh6Jz60dlpgqbBtVGKYml4EOs7YXsBcejgAoPzZqEK+xb3f9+rq2G6sCcMXzROHJsdQUfp1wMgfp8DwVm4H+XO+SQh/E1kFuWO8G/IpXOT4P9RQC+wHxrVuxHd8pwl9CLv6uuMnO+FNg9TeWB2GAVxIBsY8JHwGN/BA=,iv:/Yqfij58LGNooyyhmr8aWCpknd4dN+b4iSvokVoDGls=,tag:XHm8Qcg75B1+pTOcgZubIQ==,type:str] pgp: - created_at: "2022-10-12T16:48:23Z" enc: | From 4da28ef564a8d5560a711ec90a5d2871866b4df9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:35 +0000 Subject: [PATCH 03/12] flake.nix: Build the VM using `nix build` --- flake.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 49b4358..7bbc320 100644 --- a/flake.nix +++ b/flake.nix @@ -73,15 +73,14 @@ ################### packages.${system} = let inherit (nixpkgs.legacyPackages.${system}) writeShellScript; + vm = self.lib.makeNixosSystem { + inherit system; + extraModules = [(import ./configuration/hardware-specific/vm.nix)]; + }; in { - default = self.packages.${system}.run-vm; + default = vm.config.system.build.vm; run-vm = let - vm = self.lib.makeNixosSystem { - inherit system; - extraModules = [(import ./configuration/hardware-specific/vm.nix)]; - }; - qemuNetOpts = self.lib.makeQemuNetOpts { "2222" = "2222"; "3080" = "80"; @@ -105,9 +104,7 @@ ''; }; - apps.${system} = let - inherit (nixpkgs.legacyPackages.${system}) writeShellScript; - in { + apps.${system} = { default = { type = "app"; program = builtins.toString self.packages.${system}.run-vm; From c0399670e4b1e2d470f6df285321f2ed29ec751c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:54 +0000 Subject: [PATCH 04/12] gitea: Update configuration for 22.11 --- configuration/services/gitea.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index f346097..1d3308a 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -8,12 +8,15 @@ in { httpAddress = "127.0.0.1"; database.type = "postgres"; - ssh.clonePort = 2222; rootUrl = "https://${domain}/"; - cookieSecure = true; appName = "Gitea: Git with a cup of tea"; - disableRegistration = true; + + settings = { + server.SSH_PORT = 2222; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; + }; }; # Set up SSL From 0fd4bfcbb03ccf2aed6660016afd30c0b62d3173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 02:00:13 +0000 Subject: [PATCH 05/12] firewall: Open Minecraft ports for port forwarding --- configuration/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configuration/default.nix b/configuration/default.nix index 34a7868..b84937e 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -63,6 +63,8 @@ 8448 # starbound 21025 + # Minecraft + 25565 config.services.coturn.listening-port config.services.coturn.tls-listening-port @@ -71,6 +73,9 @@ ]; allowedUDPPorts = [ + # More minecraft + 25565 + config.services.coturn.listening-port config.services.coturn.tls-listening-port config.services.coturn.alt-listening-port From faaaad8e97ad45ab43f888e7deaea709062d551e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 02:00:33 +0000 Subject: [PATCH 06/12] config: Make changes suggested post 22.11 update --- configuration/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/default.nix b/configuration/default.nix index b84937e..d090cef 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -35,11 +35,11 @@ ''; # Enable remote builds from tlater - trustedUsers = ["@wheel"]; + settings.trusted-users = ["@wheel"]; }; nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steamcmd"]; + builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steam-run" "steamcmd"]; # Optimization for minecraft servers, see: # https://bugs.mojang.com/browse/MC-183518 From a5bd000e6c03a80d018ed36583808db39ac18598 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:57:24 +0000 Subject: [PATCH 07/12] nextcloud: Update the service and apps for 22.11 --- configuration/services/nextcloud.nix | 10 +---- pkgs/_sources_nextcloud/generated.json | 59 ++++++++++++-------------- pkgs/_sources_nextcloud/generated.nix | 52 +++++++++++------------ pkgs/default.nix | 4 +- pkgs/mkNextcloudApp.nix | 15 +++---- pkgs/nextcloud-apps.toml | 27 ++++-------- 6 files changed, 70 insertions(+), 97 deletions(-) diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index fddddde..c25cfb2 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -3,14 +3,14 @@ config, ... }: let - inherit (pkgs) fetchNextcloudApp; - nextcloud = pkgs.nextcloud24; + nextcloud = pkgs.nextcloud25; hostName = "nextcloud.${config.services.nginx.domain}"; in { services.nextcloud = { inherit hostName; package = nextcloud; + enableBrokenCiphersForSSE = false; enable = true; maxUploadSize = "2G"; https = true; @@ -28,12 +28,6 @@ in { }; extraApps = { - # TODO(tlater): Seems like this won't work anymore from - # Nextcloud 25 onwards. - # - # Adopt whatever upstream does with this: - # https://github.com/nextcloud/server/issues/4917 - inherit (pkgs.local) apporder; inherit (pkgs.local) bookmarks calendar contacts cookbook news notes; }; diff --git a/pkgs/_sources_nextcloud/generated.json b/pkgs/_sources_nextcloud/generated.json index c4a4b55..7752f5e 100644 --- a/pkgs/_sources_nextcloud/generated.json +++ b/pkgs/_sources_nextcloud/generated.json @@ -7,9 +7,8 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE=", - "type": "url", + "sha256": "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96", + "type": "tarball", "url": "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz" }, "version": "v0.15.0" @@ -22,12 +21,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM=", - "type": "url", - "url": "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz" + "sha256": "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx", + "type": "tarball", + "url": "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz" }, - "version": "11.0.4" + "version": "12.0.0" }, "calendar": { "cargoLocks": null, @@ -37,12 +35,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0=", - "type": "url", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz" + "sha256": "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an", + "type": "tarball", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz" }, - "version": "v3.5.0" + "version": "v4.2.0" }, "contacts": { "cargoLocks": null, @@ -52,12 +49,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A=", - "type": "url", - "url": "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz" + "sha256": "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8", + "type": "tarball", + "url": "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz" }, - "version": "v4.2.2" + "version": "v5.0.2" }, "cookbook": { "cargoLocks": null, @@ -67,12 +63,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I=", - "type": "url", - "url": "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz" + "sha256": "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg", + "type": "tarball", + "url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz" }, - "version": "0.9.17" + "version": "0.10.1" }, "news": { "cargoLocks": null, @@ -82,12 +77,11 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY=", - "type": "url", - "url": "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz" + "sha256": "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7", + "type": "tarball", + "url": "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz" }, - "version": "19.0.0" + "version": "20.0.0" }, "notes": { "cargoLocks": null, @@ -97,11 +91,10 @@ "passthru": null, "pinned": false, "src": { - "name": null, - "sha256": "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk=", - "type": "url", - "url": "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz" + "sha256": "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl", + "type": "tarball", + "url": "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz" }, - "version": "v4.5.1" + "version": "v4.6.0" } } \ No newline at end of file diff --git a/pkgs/_sources_nextcloud/generated.nix b/pkgs/_sources_nextcloud/generated.nix index 324306d..f3a0521 100644 --- a/pkgs/_sources_nextcloud/generated.nix +++ b/pkgs/_sources_nextcloud/generated.nix @@ -4,57 +4,57 @@ apporder = { pname = "apporder"; version = "v0.15.0"; - src = fetchurl { + src = fetchTarball { url = "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz"; - sha256 = "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE="; + sha256 = "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96"; }; }; bookmarks = { pname = "bookmarks"; - version = "11.0.4"; - src = fetchurl { - url = "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz"; - sha256 = "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM="; + version = "12.0.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz"; + sha256 = "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx"; }; }; calendar = { pname = "calendar"; - version = "v3.5.0"; - src = fetchurl { - url = "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz"; - sha256 = "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0="; + version = "v4.2.0"; + src = fetchTarball { + url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz"; + sha256 = "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an"; }; }; contacts = { pname = "contacts"; - version = "v4.2.2"; - src = fetchurl { - url = "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz"; - sha256 = "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A="; + version = "v5.0.2"; + src = fetchTarball { + url = "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz"; + sha256 = "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8"; }; }; cookbook = { pname = "cookbook"; - version = "0.9.17"; - src = fetchurl { - url = "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz"; - sha256 = "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I="; + version = "0.10.1"; + src = fetchTarball { + url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; + sha256 = "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg"; }; }; news = { pname = "news"; - version = "19.0.0"; - src = fetchurl { - url = "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz"; - sha256 = "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY="; + version = "20.0.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz"; + sha256 = "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7"; }; }; notes = { pname = "notes"; - version = "v4.5.1"; - src = fetchurl { - url = "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz"; - sha256 = "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk="; + version = "v4.6.0"; + src = fetchTarball { + url = "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz"; + sha256 = "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl"; }; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 545984a..3818a26 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,7 +2,7 @@ pkgs, lib, }: let - inherit (builtins) listToAttrs mapAttrs; + inherit (builtins) fromJSON mapAttrs readFile; inherit (pkgs) callPackage; in { @@ -12,7 +12,7 @@ in # Add nextcloud apps let mkNextcloudApp = pkgs.callPackage ./mkNextcloudApp.nix {}; - sources = pkgs.callPackage ./_sources_nextcloud/generated.nix {}; + sources = fromJSON (readFile ./_sources_nextcloud/generated.json); in mapAttrs (_: source: mkNextcloudApp source) sources ) diff --git a/pkgs/mkNextcloudApp.nix b/pkgs/mkNextcloudApp.nix index 3c78a94..6430ac1 100644 --- a/pkgs/mkNextcloudApp.nix +++ b/pkgs/mkNextcloudApp.nix @@ -1,13 +1,8 @@ { fetchNextcloudApp, lib, -}: let - inherit (lib) removePrefix; -in - source: - fetchNextcloudApp { - name = source.pname; - version = removePrefix "v" source.version; - url = source.src.url; - sha256 = source.src.outputHash; - } +}: source: +fetchNextcloudApp { + url = source.src.url; + sha256 = source.src.sha256; +} diff --git a/pkgs/nextcloud-apps.toml b/pkgs/nextcloud-apps.toml index 6e06432..69bccdc 100644 --- a/pkgs/nextcloud-apps.toml +++ b/pkgs/nextcloud-apps.toml @@ -1,35 +1,26 @@ -[apporder] -src.github = "juliushaertl/apporder" -fetch.url = "https://github.com/juliushaertl/apporder/releases/download/$ver/apporder.tar.gz" - [bookmarks] src.github = "nextcloud/bookmarks" src.prefix = "v" -fetch.url = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz" +fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz" [calendar] -src.manual = "v3.5.0" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud-releases/calendar" -fetch.url = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz" +src.github = "nextcloud-releases/calendar" +fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz" [contacts] -src.manual = "v4.2.2" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud-releases/contacts" -fetch.url = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz" +src.github = "nextcloud-releases/contacts" +fetch.tarball = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz" [cookbook] src.github_tag = "nextcloud/cookbook" src.prefix = "v" src.exclude_regex = 'v\d+\.\d+\.\d+-rc\d+' -fetch.url = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz" +fetch.tarball = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz" [news] src.github = "nextcloud/news" -# Sadly, the news app vendors things, and those are only included in -# their tarball. -fetch.url = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz" +fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz" [notes] -src.manual = "v4.5.1" # Pinned until we update to nextcloud 25 -# src.github = "nextcloud/notes" -fetch.url = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz" +src.github = "nextcloud/notes" +fetch.tarball = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz" From 1a78ebdbcaf4746a15d55bc99df4fa75448e0d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:04 +0000 Subject: [PATCH 08/12] keys/staging: Add a few missing keys that made the vm break --- keys/staging.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/keys/staging.yaml b/keys/staging.yaml index 9adfde8..069a405 100644 --- a/keys/staging.yaml +++ b/keys/staging.yaml @@ -5,14 +5,17 @@ steam: turn: env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] + ssl-key: ENC[AES256_GCM,data:RYfwHjBvwFXgXxXIEuWUzaycTdrCvmPivsNvvUIwDRynS5G2Dl6RCVp1w9zuLvoNun5ncUPGGuLMmVqN2wkJlw==,iv:UKI3bVTY7iTDNvp5UqrZ3QlQkMZ5p2bjgODEc6DCBfQ=,tag:sz7VTyRWyZxAsP4nE48DnA==,type:str] + #ENC[AES256_GCM,data:bxhKzU5Tzezl749CDu8e8kxa7ahGuZFaPa9K3kxuD+4sg5Hi3apgDlC0n8oK0DeiK4Ks7+9Cyw==,iv:T/zVJUpNAv1rR0a9+6SDTG08ws2A1hFBs5Ia3TpT0uk=,tag:uGXb1VryM+lIJ8r0I5durA==,type:comment] + ssl-cert: ENC[AES256_GCM,data:xHUr14CjKslgbGh/n5jYSOuCw9JRxS6YXE4fxS+aJzFcNeSeGNqoipPeuJupZGBnQP/FCqohiHY=,iv:/OEsVqRshGL9NIvntMC42EPZSNL0u6EfhtUBqgV7qog=,tag:4pxtNjuvy/ibm6nDtKdSkw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-10-28T22:54:01Z" - mac: ENC[AES256_GCM,data:1nsv+Dl7lzRZNNb9kSuqFrXrcncIklw/A2uwd/yQQ546Rm/4gzpBZqCi6cv5VBCdc1iNuBcAM74DnZHMDmeWAiW0WfACPJMQjCes21P6IUsP2gu+bV2f9qqqnP2a5voxzFHp1aclklzMiiZJBEB1Y3UNz0ZG7A43hsOAE0/fJ9o=,iv:kY10PF5ErkKHXx8m0OyX2eU6kcFQsrsP3V2scVBMsuA=,tag:Uth0XfP2c0LBJQ7+7Uc0BQ==,type:str] + lastmodified: "2023-01-11T01:49:31Z" + mac: ENC[AES256_GCM,data:5IcHdNQ/mh6Jz60dlpgqbBtVGKYml4EOs7YXsBcejgAoPzZqEK+xb3f9+rq2G6sCcMXzROHJsdQUfp1wMgfp8DwVm4H+XO+SQh/E1kFuWO8G/IpXOT4P9RQC+wHxrVuxHd8pwl9CLv6uuMnO+FNg9TeWB2GAVxIBsY8JHwGN/BA=,iv:/Yqfij58LGNooyyhmr8aWCpknd4dN+b4iSvokVoDGls=,tag:XHm8Qcg75B1+pTOcgZubIQ==,type:str] pgp: - created_at: "2022-10-12T16:48:23Z" enc: | From 3145943936f225a9ee8bd5218265f88844aadc97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:35 +0000 Subject: [PATCH 09/12] flake.nix: Build the VM using `nix build` --- flake.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 49b4358..7bbc320 100644 --- a/flake.nix +++ b/flake.nix @@ -73,15 +73,14 @@ ################### packages.${system} = let inherit (nixpkgs.legacyPackages.${system}) writeShellScript; + vm = self.lib.makeNixosSystem { + inherit system; + extraModules = [(import ./configuration/hardware-specific/vm.nix)]; + }; in { - default = self.packages.${system}.run-vm; + default = vm.config.system.build.vm; run-vm = let - vm = self.lib.makeNixosSystem { - inherit system; - extraModules = [(import ./configuration/hardware-specific/vm.nix)]; - }; - qemuNetOpts = self.lib.makeQemuNetOpts { "2222" = "2222"; "3080" = "80"; @@ -105,9 +104,7 @@ ''; }; - apps.${system} = let - inherit (nixpkgs.legacyPackages.${system}) writeShellScript; - in { + apps.${system} = { default = { type = "app"; program = builtins.toString self.packages.${system}.run-vm; From 92c05b08295cdf9de5ca6398accbefbe7cb0b0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 01:59:54 +0000 Subject: [PATCH 10/12] gitea: Update configuration for 22.11 --- configuration/services/gitea.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index f346097..1d3308a 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -8,12 +8,15 @@ in { httpAddress = "127.0.0.1"; database.type = "postgres"; - ssh.clonePort = 2222; rootUrl = "https://${domain}/"; - cookieSecure = true; appName = "Gitea: Git with a cup of tea"; - disableRegistration = true; + + settings = { + server.SSH_PORT = 2222; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; + }; }; # Set up SSL From 4de14a5b0e38a19fb2f52aeb6a35b3a92c3e7aca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 02:00:13 +0000 Subject: [PATCH 11/12] firewall: Open Minecraft ports for port forwarding --- configuration/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configuration/default.nix b/configuration/default.nix index 34a7868..b84937e 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -63,6 +63,8 @@ 8448 # starbound 21025 + # Minecraft + 25565 config.services.coturn.listening-port config.services.coturn.tls-listening-port @@ -71,6 +73,9 @@ ]; allowedUDPPorts = [ + # More minecraft + 25565 + config.services.coturn.listening-port config.services.coturn.tls-listening-port config.services.coturn.alt-listening-port From 276b0df1cad8ea7ff6277907e229eaa6eb70e7e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 11 Jan 2023 02:00:33 +0000 Subject: [PATCH 12/12] config: Make changes suggested post 22.11 update --- configuration/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/default.nix b/configuration/default.nix index b84937e..d090cef 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -35,11 +35,11 @@ ''; # Enable remote builds from tlater - trustedUsers = ["@wheel"]; + settings.trusted-users = ["@wheel"]; }; nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steamcmd"]; + builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steam-run" "steamcmd"]; # Optimization for minecraft servers, see: # https://bugs.mojang.com/browse/MC-183518