flake.lock: Update

Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0?narHash=sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/%2BG0lKfv4kk/5Izdg%3D' (2025-09-10) → 'github:NixOS/nixpkgs/8eaee110344796db060382e15d3af0a9fc396e0e?narHash=sha256-iCGWf/LTy%2BaY0zFu8q12lK8KuZp7yvdhStehhyX1v8w%3D' (2025-09-19) • Updated input 'sops-nix': 'github:Mic92/sops-nix/0bf793823386187dff101ee2a9d4ed26de8bbf8c?narHash=sha256-S9F6bHUBh%2BCFEUalv/qxNImRapCxvSnOzWBUZgK1zDU%3D' (2025-09-10) → 'github:Mic92/sops-nix/e0fdaea3c31646e252a60b42d0ed8eafdb289762?narHash=sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ%2BY%3D' (2025-09-21) • Updated input 'sops-nix/nixpkgs': 'github:NixOS/nixpkgs/ca77296380960cd497a765102eeb1356eb80fed0?narHash=sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao%3D' (2025-09-05) → 'github:NixOS/nixpkgs/12bd230118a1901a4a5d393f9f56b6ad7e571d01?narHash=sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8%3D' (2025-09-19)
disable old mc server and paperless
2025-09-22 20:56:04 +02:00 · 2025-09-12 14:35:31 +02:00 · 2025-09-12 14:24:31 +02:00 · 2025-09-12 14:24:10 +02:00
6 changed files with 126 additions and 49 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -28,3 +28,7 @@ creation_rules:
    key_groups:
     - pgp: [*clara]
       age: [*vikunja]
+  - path_regex: secrets\/mastodon\/*
+    key_groups:
+     - pgp: [*clara]
+       age: [*mastodon]
--- a/configs/services/mastodon.nix
+++ b/configs/services/mastodon.nix
@ -1,44 +1,36 @@
 { lib, pkgs, config, ... }:
-let
-  http_port = 3000;
-  dbuname = "misskey";
-  dbport = 5432;
-in
 {
-  services = {
-    misskey = {
-      enable = true;
-      settings = {
-        url = "https://puppyplaypissparty.de";
-        port = http_port;
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "fedi@cdaut.de";
  };
-      settings = {
-        db = {
-          user = dbuname;
-          port = dbport;
-        };
-        setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
+
+  # set up smtp pass
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets.smtp_pass = {
+      sopsFile = ../../secrets/mastodon/secrets.yaml;
    };
  };

-    postgresql = {
+  services.mastodon = {
    enable = true;
-      ensureUsers = [
-        {
-          name = dbuname;
-          ensureDBOwnership = true;
-        }
-      ];
-      ensureDatabases = [
-        dbuname
-      ];
-      settings.port = dbport;
-    };
-    redis = {
-      servers."" = {
-        enable = true;
-      };
-    };
-  };
-  networking.firewall.allowedTCPPorts = [ http_port ];
+    streamingProcesses = 1;
+    localDomain = "puppyplaypissparty.de";
+    configureNginx = true;
+
+    smtp = {
+      fromAddress = "fedi@cdaut.de";
+      host = "mail.cdaut.de";
+      user = "fedi@cdaut.de";
+      port = 587;
+      authenticate = true;
+      passwordFile = config.sops.secrets.smtp_pass.path;
+    };
+
+    database = {
+      createLocally = true;
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/configs/services/misskey.nix
+++ b/configs/services/misskey.nix
@ -0,0 +1,44 @@
+{ lib, pkgs, config, ... }:
+let
+  http_port = 3000;
+  dbuname = "misskey";
+  dbport = 5432;
+in
+{
+  services = {
+    misskey = {
+      enable = true;
+      settings = {
+        url = "https://puppyplaypissparty.de";
+        port = http_port;
+      };
+      settings = {
+        db = {
+          user = dbuname;
+          port = dbport;
+        };
+        setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
+      };
+    };
+
+    postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = dbuname;
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [
+        dbuname
+      ];
+      settings.port = dbport;
+    };
+    redis = {
+      servers."" = {
+        enable = true;
+      };
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ http_port ];
+}
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1756787288,
-        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
+        "lastModified": 1758277210,
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
        "type": "github"
      },
      "original": {
@ -18,11 +18,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1744868846,
-        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
+        "lastModified": 1758262103,
+        "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
+        "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01",
        "type": "github"
      },
      "original": {
@ -43,11 +43,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1754988908,
-        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
+        "lastModified": 1758425756,
+        "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
+        "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -12,7 +12,7 @@
        specialArgs = { inherit inputs; };
      };

-      mcserver = import ./configs/containers/mc_container.nix;
+      #mcserver = import ./configs/containers/mc_container.nix;

      wireguard = import ./configs/containers/wg_container.nix;

@ -22,7 +22,7 @@

      mastodon = import ./configs/containers/mastodon_container.nix;

-      paperless = import ./configs/containers/paperless_container.nix;
+      #paperless = import ./configs/containers/paperless_container.nix;

      vikunja = import ./configs/containers/vikunja_container.nix;
    };
--- a/secrets/mastodon/secrets.yaml
+++ b/secrets/mastodon/secrets.yaml
@ -0,0 +1,37 @@
+smtp_pass: ENC[AES256_GCM,data:S1vB0GIb9c0Yov/wkGiqpt6goN/XmIWPFx0TYMvqhJUXtGgjKNtkmijYBsT0,iv:xnKh4edcHRDjxHRo84KxQKx6OrZlErla3yvLIZyqeUo=,tag:ftVNoc0qnRru+Z8TF3E0wQ==,type:str]
+sops:
+    age:
+        - recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bkMvTUZKbkpCeFg2Z3I4
+            L095TkFhVUNSWmNxWERicGdrZXF3dFFTcTFBCnhNTGxYSitrcGlYY2ZpTXNlQUhW
+            MmVocHFENmNGWXZ1QWxabG8xSTNWSmcKLS0tIFBkY1JXd3JuTVE4NEVFL2lLeUZT
+            YUdTMTk2V3QvN2NXWXlqbDh1SkNBZVUKI7aHgopbId8rjAKVXYstsXa36mLm1j4f
+            nknPOngq++hMoY/v3P2ipV+Ml0lgJt+Nk0BlA9RTBQ2FYg4cJhiOuA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-09-12T11:36:49Z"
+    mac: ENC[AES256_GCM,data:VWTDVy7Eoe71XNfKPcNUTZbfxH6BBkS+hHOCRImnZZnu8bEvdmrbvDFtKgvsmolijg870G4YVgdKiZc9REJAD2Egcq4rX6XXZi4F5AQISlU/vkQ5amUdvHAjbW9U+O67c1qxDsSOP489x3zDlR4LeoWALCXpnFNFCjBQwIIjKzM=,iv:uedmYsLS5TIMPprREzn5aRGXXJj8xKtr1mEocugiokA=,tag:jqXp8DCzqywu18gvfm5Qtw==,type:str]
+    pgp:
+        - created_at: "2025-09-12T10:53:07Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzwtBoBqH5ZOAQ//ePQhgxIhAoV0FXav0+Z8i9I+hri/OAvN0Isrjohss1uj
+            TRruFq0fxVQuvlbA1qXixPL/7bxE5dV2YGQbw+SmzD+joAo0VMvKzQzxd2cM4XUy
+            +S4T97lH8MlziGOTTi82Uw31PCvMy7HfgTS5ftIVPbsJ7VegDcs2OtWyqXDmNR/q
+            96gSGGGb0sIirVrv1mtSlmd2vKqN7pO72DNUsnJ8wTQ3h4ntH4LB3i859q1mwLSz
+            OSc7BQYY2GmtdFfhHrLT0b8abF19lD/JZEGRLgfOngPlR3aDJgtoh06x3zBcQ0Hp
+            aqLWr1HttJNEAET80zO38cdHUPe11G+3Vw7+7EgbRjOMKKORVpby0GSjZLWJJI3M
+            fR3er4CgVXSeCKkNuIQx/prwEMm5iHouKMN0fruy5R4eg07mZhIuGg7RsZs1T4Sr
+            ekPXHtK6HCD2XmXHM2dteWbO+DMOMKsF/lihM/ct5KAGHd+cLyHk98n3extmworv
+            PVzOTLE5xzGmAK87OtGL7DOlpxOfhgHYf1x9idLJorJMbg5MyAK/b8fjYtibN+nJ
+            sSQruHhBoc0ekyeyqIWY5vgd+oRf5Rma3CcJSMTEk09SlVYSN9n7ys+lSaD4DL3z
+            rck2N2FG+/L5cv3FfON3yJ+c4NUydehUzihWVGTE5LLSrwCMi8Lhp87Kse3vFmTS
+            XAFkdKenVseFcCGk271PCSThphSKdZYGJIuoRuyrVSFbhL/L7dTAHXRu6VHuXBTP
+            TfeUEyRqY6zaCOAEbS4K5NhcGbhVdXATWOgTSdLYGYVXPCtTYKrwEQPtzxyN
+            =cTu+
+            -----END PGP MESSAGE-----
+          fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
Author	SHA1	Message	Date
Clara Dautermann	682aff159f	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0?narHash=sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/%2BG0lKfv4kk/5Izdg%3D' (2025-09-10) → 'github:NixOS/nixpkgs/8eaee110344796db060382e15d3af0a9fc396e0e?narHash=sha256-iCGWf/LTy%2BaY0zFu8q12lK8KuZp7yvdhStehhyX1v8w%3D' (2025-09-19) • Updated input 'sops-nix': 'github:Mic92/sops-nix/0bf793823386187dff101ee2a9d4ed26de8bbf8c?narHash=sha256-S9F6bHUBh%2BCFEUalv/qxNImRapCxvSnOzWBUZgK1zDU%3D' (2025-09-10) → 'github:Mic92/sops-nix/e0fdaea3c31646e252a60b42d0ed8eafdb289762?narHash=sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ%2BY%3D' (2025-09-21) • Updated input 'sops-nix/nixpkgs': 'github:NixOS/nixpkgs/ca77296380960cd497a765102eeb1356eb80fed0?narHash=sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao%3D' (2025-09-05) → 'github:NixOS/nixpkgs/12bd230118a1901a4a5d393f9f56b6ad7e571d01?narHash=sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8%3D' (2025-09-19)	2025-09-22 20:56:04 +02:00
Clara Dautermann	437e954072	disable old mc server and paperless	2025-09-12 14:35:31 +02:00
Clara Dautermann	9cf0afe3e4	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02) → 'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0?narHash=sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/%2BG0lKfv4kk/5Izdg%3D' (2025-09-10) • Updated input 'sops-nix': 'github:Mic92/sops-nix/3223c7a92724b5d804e9988c6b447a0d09017d48?narHash=sha256-t%2Bvoe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U%3D' (2025-08-12) → 'github:Mic92/sops-nix/0bf793823386187dff101ee2a9d4ed26de8bbf8c?narHash=sha256-S9F6bHUBh%2BCFEUalv/qxNImRapCxvSnOzWBUZgK1zDU%3D' (2025-09-10) • Updated input 'sops-nix/nixpkgs': 'github:NixOS/nixpkgs/ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c?narHash=sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs%3D' (2025-04-17) → 'github:NixOS/nixpkgs/ca77296380960cd497a765102eeb1356eb80fed0?narHash=sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao%3D' (2025-09-05)	2025-09-12 14:24:31 +02:00
Clara Dautermann	96363ea213	setup mastodon	2025-09-12 14:24:10 +02:00