2024-06-07 14:48:13 +01:00
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
|
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
imports = [
|
|
|
|
|
# Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
age.secrets.cloudflared = {
|
|
|
|
|
file = ../../secrets/minecraft-server-cloudflared.age;
|
|
|
|
|
owner = "cloudflared";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
nix = {
|
|
|
|
|
settings = {
|
|
|
|
|
auto-optimise-store = true;
|
|
|
|
|
experimental-features = ["nix-command" "flakes"];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "minecraft-server"; # Define your hostname.
|
|
|
|
|
useDHCP = true;
|
|
|
|
|
|
|
|
|
|
firewall = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowedUDPPorts = [];
|
|
|
|
|
allowedTCPPorts = [22 80 443];
|
|
|
|
|
trustedInterfaces = ["enp6s18"];
|
|
|
|
|
checkReversePath = "loose";
|
|
|
|
|
};
|
|
|
|
|
nftables.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
openssh.enable = true;
|
|
|
|
|
minecraft-server = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
eula = true;
|
2024-06-22 22:55:11 +01:00
|
|
|
package = pkgs.papermc;
|
2024-06-07 14:48:13 +01:00
|
|
|
};
|
|
|
|
|
bluemap = {
|
|
|
|
|
enable = true;
|
|
|
|
|
eula = true;
|
|
|
|
|
defaultWorld = "${config.services.minecraft-server.dataDir}/world";
|
|
|
|
|
host = "mc.gmem.ca";
|
|
|
|
|
};
|
|
|
|
|
cloudflared = {
|
|
|
|
|
enable = true;
|
|
|
|
|
tunnels.minecraft = {
|
|
|
|
|
credentialsFile = config.age.secrets.cloudflared.path;
|
|
|
|
|
default = "http_status:404";
|
|
|
|
|
ingress = {
|
|
|
|
|
"mc.gmem.ca" = "http://localhost:80";
|
|
|
|
|
};
|
|
|
|
|
warp-routing.enabled = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
# nginx reverse proxy
|
|
|
|
|
nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedBrotliSettings = true;
|
|
|
|
|
recommendedZstdSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
};
|
|
|
|
|
qemuGuest.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
|
|
|
}
|
