The backup_stack.service was failing because the deployed compose.yml
still had backup_net declared as external: true, but the network was
never created externally.
PR #45 on the compose repo (d7449e9) already fixed this by changing
to driver: bridge, but the infra submodule was still pinned to a
pre-fix commit.
This updates assets/compose to d7449e9 so the next nixos-rebuild
switch deploys the fix.
Updates assets/compose submodule to 8f09b43 which:
- Integrates uv pip install of openai and mautrix[encryption] into entrypoint
- Adds persistent volume mount for /opt/hermes/.venv
- Replaces matrix-nio with mautrix[encryption] for Matrix bridge
Updates the assets/compose submodule to point to the fix/vpn-iptables-nft-upstream
branch which contains:
- Switch FROM weejewel/wg-easy:latest (Alpine 3.11, stale 4yr) to
ghcr.io/wg-easy/wg-easy:latest (actively maintained, Alpine krypton)
- Use update-alternatives instead of raw ln -sf to flip iptables
from legacy to nftables backend
- Fix compose build context: ./vpn -> . (Dockerfile is at same level)
