fmt: trailing LF

chore: update secrets
feat(server/nextcloud): upgrade to 32
2025-11-15 15:08:20 +08:00 · 2025-11-15 14:55:38 +08:00 · 2025-11-15 14:55:38 +08:00 · 2025-11-15 14:55:38 +08:00
10 changed files with 38 additions and 27 deletions
--- a/config/hosts/imxyy-nix-server/ai.nix
+++ b/config/hosts/imxyy-nix-server/ai.nix
@@ -13,4 +13,4 @@
      }
    '';
  };
-}
+}
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -175,7 +175,7 @@
    enable = true;
    role = "client";
    settings = {
-      serverAddr = "hk.vkvm.imxyy.top";
+      serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}";
      serverPort = 7000;
      auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}";
      proxies = [
--- a/config/hosts/imxyy-nix-server/nextcloud.nix
+++ b/config/hosts/imxyy-nix-server/nextcloud.nix
@@ -17,9 +17,9 @@ in

  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud31;
+    package = pkgs.nextcloud32;
    extraApps = {
-      inherit (pkgs.nextcloud31.packages.apps)
+      inherit (pkgs.nextcloud32.packages.apps)
        bookmarks
        previewgenerator
        spreed
@@ -34,16 +34,23 @@ in
    caching.redis = true;
    configureRedis = true;
    database.createLocally = true;
+    notify_push.enable = true;
    config = {
      dbtype = "pgsql";
      adminpassFile = toString (pkgs.writeText "nextcloud-pass" "admin12345!");
      adminuser = "admin";
    };
-    settings.trusted_domains = [
-      hostname
-      "192.168.3.2"
-      "10.0.0.1"
-    ];
+    settings = {
+      trusted_domains = [
+        hostname
+        "192.168.3.2"
+        "10.0.0.1"
+      ];
+      trusted_proxies = [
+        "127.0.0.1"
+        "192.168.3.0/24"
+      ];
+    };
    phpExtraExtensions =
      all: with all; [
        pdlib
@@ -52,7 +59,7 @@ in
    phpOptions = {
      "opcache.enable" = 1;
      "opcache.enable_cli" = 1;
-      "opcache.interned_strings_buffer" = 8;
+      "opcache.interned_strings_buffer" = 23;
      "opcache.max_accelerated_files" = 10000;
      "opcache.memory_consumption" = 128;
      "opcache.save_comments" = 1;
@@ -93,9 +100,12 @@ in
  */
  services.caddy.virtualHosts."nextcloud.imxyy.top" = {
    extraConfig = ''
-      reverse_proxy :8084 {
-        header_up X-Real-IP {remote_host}
+      reverse_proxy http://127.0.0.1:8084 {
+        trusted_proxies 192.168.3.0/24
      }
+
+      redir /.well-known/carddav /remote.php/dav/ 301
+      redir /.well-known/caldav /remote.php/dav/ 301
    '';
  };

--- a/config/hosts/imxyy-nix/home.nix
+++ b/config/hosts/imxyy-nix/home.nix
@@ -162,4 +162,4 @@
      ];
    };
  };
-}
+}
--- a/flake.nix
+++ b/flake.nix
@@ -253,4 +253,4 @@
        }
      );
    };
-}
+}
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -70,4 +70,4 @@ lib.my.makeSwitch {
      };
    */
  };
-}
+}
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -66,4 +66,4 @@
      config.allowUnfree = true;
    };
  };
-}
+}
--- a/secrets/et-imxyy-nix-server.toml
+++ b/secrets/et-imxyy-nix-server.toml
@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:EhKN6pwYzXGI9EWxzXhZc2jwWzRis6uHPpa5irR+A5z5txH9Uq2QYBpeUD0y/1BQlMeUNxe5pb7S8NQ8CwuK1W+upoA4a5rZeCrLsMoXhcq0d9QWNLDs7QQYEXoHHgZ7ewLN1hmyblu4ctw9TlJpImj2tzstzSF5EZA6wUi6RXKn/Crtb6frjB8M3ZF73b6tMaLs3hxJqbei2WwVLFWoeMHbQavqBKpTczrEL01g7H/rvccgQXf2UTUXCtst+YJVGmueZaOZRkFSoxUHuUQYeNb1cDyyPpMd7OfEwrdm2aDXw3zxbqffjlFdYncboRgpv85Ncwrbkepdf8gbwfIGLv+7ChmNH8PPq/3pYe5K4hr8HpBoXd+vHW/yjuUGpyi242zIDTGlwdG5WRvDXAxcaiAXoEK1ppU87Y1GSDuG7cbx2k4Rf/wO+wzzuflX82fGIYJzlJr+x3V5dGrUERm1b7lzpA37NrrowZqBPpetwP9o1raKAaFvmaU+2cDpkHpWKz/QlSHBowjsPuL2QoRsuAZr+VvfLKWbnzU7jMy/bCDmwjQto0K/jF+nY3urvcDrXzZEZdpfjskoaAkBf1WSmj1VkR5cAGU1sO1C1U3ErKdQoJYAWQnYblef0HgWhAylG5nGjaNrHbXOZJMx94+y+Qj1ySiq6wcGbaQNf5AkXWOULYnrZzicexwqF7dBEVhEVS/E55rSi+TZ2mPoUscMhi4PNVkHKUqQKwD1lrIEeq/YtsGqb9RL3KslHTqVMqPIbb7ST1Tb2cflHB0a/+hy,iv:jmTS1BKSu0/vNrTABAcxp81OwfSmvnPLW/ZxGoKuG9Q=,tag:SZ9xLd4o1vJ0QRbz5nmi0w==,type:str]",
+	"data": "ENC[AES256_GCM,data:4cmw8oDwaX+EY8HjZ+4mOV/prR1/bYX/rHdGkRAr++cPmacX6N45JCmcHD6Fk9lUrTqpdRHCbY+/xM0BEwOGfWgzNe6UbXJH9WRK0ZV1xCfsx2y8Ei1WokqmK33leJjIZZeVISuwNznjumzC893Pntmmvs2IG4VHE29LD7VFM+4j8HZCV2DME3iK/USUxiDjfu6G+ME6ezKDvDZjW6BhtxyANzjhbZkHWhfsKdNB29+sMoi+uKt0UWiLRBEkIDVPoHXRN2HcHe5I8tWSRd3LHOWnJMv/37AYNQ6VLmTfzKMqwc5r3m4WWD/ET3CGkJGuYeSEwju8eQM4XpKRQarrHmUpjySabj85D4c4PayyrxhBzdOYCJzHYeoYMGB4xiaXh0rhHR8/PnB/QV09P0YM0tp5Xv1+ej/7kuMxpUtzYWn1RTE0314o/uiD5METH+9dk8f5KLXrc94aXiG0c8sCkn6U7QLmsksqyXEWtigT2/yvqG6vtzQZ3TLacGIUAL5Zmupx8IOLyLCO/lCIPwGtK8tTc5rQummwLO+BrLaGx+0UYRrNzvC+NgetvR4vuD5ai3DsjrPLo85Aqp6i53Ozz/78WxUC9Bu/J1crd5UYiEFRfLgfBJrhhxGbOFcnGibJ7vMFNQcRcYa9P+cb+97mzKyTn1Qa1aQU6Vj8RttJaIKNKOyW9Xoky0TEnP8u4JhTTOHz0+J3tHueMVK3gsdN6bpl9BQ=,iv:/hrpL6q6PPEs7tCrAMWOivpWs95SxkuHBgnwAgNSg5Y=,tag:qifRiFQGm5nUo0ir5rlRDw==,type:str]",
 	"sops": {
 		"age": [
 			{
@@ -15,9 +15,9 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBFZ1J2\nNk9yWUNaemVBOFRiVmdmWGdRWVN0UG5Hc1lZRTBiaHdnS0E2UlN3CitPUmdjdVdu\nS1FXbjVCRkxZUk5KdW0xRzNheWJ1TWVYcUJMK3k0TlRFSWsKLS0tIFJSTlN4a29x\nWG8zUlcvYmlZQkQwT3hlWFlOVUIwSkt3SE5RTzhQWVIxUkUKVSMJtNCEZ1KpcUgQ\nkuTFjaBHvizq980kkbNbD4FgeCAPZ3CwXA8/nKhN03iPeFqwX5AsO0n3+ge/qMnO\nkoRc/Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-09-13T11:55:08Z",
-		"mac": "ENC[AES256_GCM,data:kaNd9pyzw3Yo5DK6OZoJ7opvcqjT+V2AsM8klUrQJMcqw3pRnB0/Bx+DolhFOVY9bkr4GGYtSZ9Xd23BfSFnEPDe23Nrp6q7XCFa5YuAyiLrt0j4IZYFHA8ZFDdKMzKZm/b7pxRiae/56jH1RSBb45lIM7cCeJMb2Q66YAwwMAo=,iv:W4Ett/EEybBBBQ6YibEfVtFDjeDxQi8/HGCra1dk6LQ=,tag:ipS3vd/QoqVcu3Cup9bz0A==,type:str]",
+		"lastmodified": "2025-11-08T13:03:24Z",
+		"mac": "ENC[AES256_GCM,data:1Pn7Dmh8Z9WOacM+FDa0OI7w+3Ma3X48DKFr2Q95jX5RgKrNZzL7qGOHJG37cnYDALwD0+qzrzVZM6lKEJXSwWemxVdH0yEkdGJPiGM1t1zJ1VDlr+7KJCdf5T3j+wxDSny7fCIKpWynpuh/e61JXT8+gAFjx+6GA/0e9RhgDCU=,iv:w1enxlVka1gYEFLSEsX39WvvPgq6AKfQ+1OjVlesggs=,tag:w9VNuePuwv5st39Gh2dpOA==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.10.2"
+		"version": "3.11.0"
 	}
 }
--- a/secrets/et-imxyy-nix.toml
+++ b/secrets/et-imxyy-nix.toml
@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:BD5OZjwOk20gtiMymcAzkSz/zKM2jRQKeXs/zygxljpfr+WSoAwEhwvLofCQfiapxJ9YLPInMWH8nf+AH8vWCtiI1mqNCLTyBXqBBzD+Dcu4WeglCvqDIMGIPysEqq8jd27LXkGCUmg1TVgYXK2/K6m+tXVP1z0eUIVlmDHoSzu2NjMYg5nZLZA5W7kmlKmqsDlQHvvNIg9DdVa96zA1vk0lgpsWTiADY7zT13DDX2C4MJW5sfeXrmtTu/fNiR2jnSBaZ4PA9L03/skhVWW+XIkPXN/07F+uVpcB37hM+O3z0Aw5npSzQ6bDJRSoUrzClG9Knra7/PCPsiPvztRa31EqsoRV50ND7kpwKIbr+AZybRGujf6VkJADmAeF6WODtURvlATphFFtBKX7pRLWJbyYc1EolrK2KVGNiGc2KUn0ExSoNRZXjjXoQikxnsIHsa8snWOMI35uVFwPehv27zKVEzI4TR/Hp9pzMSWyc6v30bLgZrJDeIozzq9XFGEq116T6PtZvKuYz3tzJf4LH8BSpEgtCHN5KMqhk1LfwxMJi4u4AaFD49AAwyPnIWbZjvODFHLREjK+ywjqbVn5igGYj2b2WD2zV/yEyju8McV/4tgI8Ff4TmASNnquhodvGFF51LTvKwDPMO/scAJPC9C56IZ8m9UK4BO2wOpYBQX5fuoeoLAy2j7wU2k4agfv4xlrCNwodkiJWom8/g==,iv:RzlPJelRssQKKzcZGFaXxBGwz59LK6ZLuzp7t8CMn08=,tag:RSr0BdNm6mQMZMqrLixSsw==,type:str]",
+	"data": "ENC[AES256_GCM,data:dMHcyiqxP7GFLgFpW4QvwA9f5ZCvFpJ8Kb+SpZmd1iWt3LQb4mYsK/CbqnqinNC7IKSkjE5ftLupCJJA2V+8HnRDKjwNyuaGZn0qoty8oJ1ttzZ42OXPX7tn/18Ig2YVv9QhWix5oiwKt03t7O/ZGhC56rSVtYebmoZNhidQRJgCZaDpHZyDF74POYpsaaU1eV5UmoI3iyMHAfD1B3ryQ9PBcNprFo5zUW6HG8BG9+M6l9r3SKIjPiyfoimslmXrOowbIapPkyn8rjXltv65RpU5SbxJ4E+o8w/M/Gewbg/BvEzb5Cv/6BmU9Kdrks1F9BuPHRi7xvAtkaa0IkQUANWdPJg1vhvJnmpwfFfjkOzHkzAjay0gEs4e3ffD3FouWPEic0yhqBdyhYJUdaJoW+3jO0r2WgwkH8J7YYp8vJTIn4GK2fRUF+JGBTPEkGqwL6YywDmqAM6tMOqB9UAKb1zjDuQkQpsPw7bShOu+jYLVfKFgHETZrA9pZ1M4qP01aYAJ33Clj7E4o6MbHq+JCDmo1zgI7gFfOlsATUpq8WlL2snuMyktoTe0EZD0fh4rfRvHCPYNRHgSS3xldXlr43WYc2T58xdgqo0kDEnL9xPeaO+7tHs+hRw177MZoQKQjOFMgMkSeXNydp96NtRUar8Z,iv:/0GM/1InePGUraWpEzOJMXw5NngwVJHu69Vqpq/8ass=,tag:7VMG31bOgepWR4uHF6Beyg==,type:str]",
 	"sops": {
 		"age": [
 			{
@@ -15,9 +15,9 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyA4RjNs\nWlYvc0tEN2hOUTA5SEV6MUhTeFViRTBqVWJLcGVDZ0JROCtONlQ0CnU0Z2FWQUlw\nakt0dk1nbVFHaVlyMjBqS3hCSDdHZEYwT0pXaXhOclFvSjgKLS0tIG9ZZUQ2dTI5\nWFVJanhac0QxVHM2b04wNE1jcHdHa3JJYzBlTE1iS1ZPTHcKZPvA9MwYT4JfG3/F\nqSI09TWeEv7TAWGeZr6OS++egtpdVoM3hF8s1B1TZb3bf/BMqo49NEkvD56pOKvo\no0jjHw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-09-13T11:55:15Z",
-		"mac": "ENC[AES256_GCM,data:VbO8XkSCvGO3JW6Z+PjH60DBAnKvTPufKLRHRh7eFhPpfu3OOBquiRmY2rr7D4Kk2ptn3+Ns36UODWsgIhd8KqGeg53yw8zzkyftfhsitywCawkSSsEcjJqu4+rav+y4eamSW4hI0J7yt7dkeMDPkWwPRcKtM5I5LNsmjkeMKhw=,iv:uQkmxbF2GC4aZoM7X3fSvTuMTNlKxVrSV2ETiCQg8Ho=,tag:u2Cv7uerz0QxkGt9CdY+nA==,type:str]",
+		"lastmodified": "2025-11-08T13:03:12Z",
+		"mac": "ENC[AES256_GCM,data:6g9EKsiiDYFXsw5hhp1veIuziS5ypTH6yVJ9CduP5/0QosHIevtxbqOm17V/aUyntYMUFtfXbF1r1hMFXNT6Jitjz/Wmh5oMxupxIjt5M1cxDb8SKYrWyrxMBPlmA/Wkbj3ahlVcy+0BKxTVpXVLhnBObN7x8fy/1sqFk3Azi2g=,iv:Li83o/t3LSfN057d0tgt1uNez3HoSb+BYJ8Wa4PxlK0=,tag:zqqLrA7Ka1oH7b17zQoMVg==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.10.2"
+		"version": "3.11.0"
 	}
 }
--- a/secrets/frp.env
+++ b/secrets/frp.env
@@ -1,3 +1,4 @@
+FRP_SERVER_ADDR=ENC[AES256_GCM,data:8RVPir4laCnHAR9zj6mlcc3ucrE=,iv:gdhwdyZVMyT07r6EuEIES1lInJcc5bY7xWtuwFI4Bds=,tag:4YK/eN5Yf7IZvU/ZSIBuLw==,type:str]
 FRP_AUTH_TOKEN=ENC[AES256_GCM,data:CXFJwOOHEbtn1PI0TQc=,iv:yItYliwZGxZs8YAWksV7BqJP3TUBadxXpf99J5nXR3A=,tag:9earTQfuoLO132UZnTjlWQ==,type:str]
 sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSA3MGVN\nU2NSR2F1R3g0dldCbGtaZGRtRCt3NGg2YnZQTGVDN3RtaEhUMkVzCnJrdzlRSTB4\nVG14KzNXUHlib1RGTy9DVnJwdDRaaTZ5ZGVoWWUvNm9KSncKLS0tIGVpMlQzQ24v\nRVhVVTVSTWNlUVN3L0x0dFJMN3JxODZBTHdIUFJxZEViWjQKv+64wRf+a0Ci4XXp\nesM8zaQXeFPIstdsOJCj8yD5ARZi4kUnhRjRK1/xmjyLmh9h8rZ3QQyUF4uh+Jhi\nQJ0Qkw==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
@@ -5,7 +6,7 @@ sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2
 sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
 sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyAwZFFW\ncERDSnRiL0dMbmVQMGhDMWNSbXpUVVhXeXJreEVzN2dmNlJpWG5nCmV2OGVUMmZ3\nQjRqdGlnc3FtWVpxbHhnMk9xeW9BVUdoTlFud3RKRHNKcVUKLS0tIHZpbTltYnNk\nZEVqUWlhdmloRGVQU05YMkF5aUdmNExPVysxZm55czdZVEEKWo3hFbF1007tSgYq\nzVK1ycmeQglKDNPS1yVedBoF/gj1L69EmjhiOLMMwAetMINufQQpcFRR88VQlqQp\nMPaXMQ==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
-sops_lastmodified=2025-04-13T06:57:07Z
-sops_mac=ENC[AES256_GCM,data:WJ9FCO78LRFbU7o9uEZ70s/OJIHN5/UQVKrgt/Zve6x9yVChaRtHmvk7kF/SoRsheLIbeYoY8RI0rUn3Sx7Y7o/ib/u9dMAec0xGt0K6+yde0DUO/uH1KpjXd6WHRPjoMERld6xA1fWVRu7G+gXrEZA1dN5Jbs8ZWVYGF6IBw2A=,iv:r4eYeCDJOw40hK7cyIEbEW+Pq+VFgUOJr1ydkSyjaEg=,tag:ucFH1pNqAHg7eWm1tYYi/g==,type:str]
+sops_lastmodified=2025-11-09T02:56:14Z
+sops_mac=ENC[AES256_GCM,data:4R9WVOAX0CORavojMhvOA6pYOdNE7sHBTi3rf96HMQlAF45TmLtO5GUk74BLYliutpyWryx1vP63FK3UgQG80K9FhdNc7a8L1DSypwPHp3Wlu0blWq/bHhQVqsiy0bnYrhaENQjW2Ks+psRveZ0QSYBAUfggJ41rG2e5cgN8Ecc=,iv:O0P1Oj7aH04b64gMC0iKAhhEsssikvEPZhLB651VSmg=,tag:cLO0J8OHstq2DDkG07C6FQ==,type:str]
 sops_unencrypted_suffix=_unencrypted
-sops_version=3.10.1
+sops_version=3.11.0
Author	SHA1	Message	Date
imxyy_soope_	12c381da5f	fmt: trailing LF	2025-11-15 15:08:20 +08:00
imxyy_soope_	23a24820c5	chore: update secrets	2025-11-15 14:55:38 +08:00
imxyy_soope_	d6e0b0ef96	feat(server/nextcloud): upgrade to 32	2025-11-15 14:55:38 +08:00
imxyy_soope_	ef913abe9e	feat: secure frp server address	2025-11-15 14:55:38 +08:00