arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Minecraft Server nix configs

Browse source
This commit is contained in:
Gabriel Simmer 2024-06-07 14:48:13 +01:00
parent a837289720
commit 539899a65b
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
7 changed files with 306 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

188
flake.lock
View file

@ -94,6 +94,26 @@
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1717664893,
"narHash": "sha256-k79hmHv7Q1/FZSqBzNqmLAU6WGICKPFN6QcCX0QM8Og=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "28779a7abf781d387806f2567b578af6fd165705",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -128,11 +148,11 @@
},
"flake-compat_3": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
@ -180,7 +200,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
@ -198,7 +218,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
@ -215,6 +235,24 @@
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -272,11 +310,11 @@
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"lastModified": 1717525419,
"narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "a7117efb3725e6197dd95424136f79147aa35e5b",
"type": "github"
},
"original": {
@ -288,16 +326,16 @@
"kubenix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"systems": "systems",
"nixpkgs": "nixpkgs_4",
"systems": "systems_2",
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1715211269,
"narHash": "sha256-bO1n41QjfdFNoEih0csMe/MUB42DdOuwlT+6LGpUCSc=",
"lastModified": 1717524369,
"narHash": "sha256-OR0IaHPh6dHrpwTJJdq9IMvJyY6/OQWmS4FEk38Qlm4=",
"owner": "hall",
"repo": "kubenix",
"rev": "060f4757292e1e7172cc9ebcb16f38d89cb707ab",
"rev": "b5dc95c847893857f02579118f7dfb37b580746e",
"type": "github"
},
"original": {
@ -308,15 +346,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1715515815,
"narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
"lastModified": 1717330178,
"narHash": "sha256-rRZjmC3xcPpHTJHnEy3T99O86Ecjao5YhakzaoNiRcs=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
"rev": "64d43e2bbc6eab8d1cbdfba96d90a71e15a847d7",
"type": "github"
},
"original": {
@ -344,7 +382,7 @@
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": [
"lix"
@ -354,11 +392,11 @@
]
},
"locked": {
"lastModified": 1715885250,
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"lastModified": 1717647344,
"narHash": "sha256-m8XYt8NU2T4gvkien7H7LFGXHhSA5z4tHOeuXQ3DJi4=",
"ref": "refs/heads/main",
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 81,
"rev": "4e25f1ab68f2270f9cff59216056c21073db0164",
"revCount": 87,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
@ -371,7 +409,7 @@
"inputs": {
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
@ -412,7 +450,7 @@
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1708891350,
@ -449,7 +487,7 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_3",
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
@ -474,11 +512,11 @@
]
},
"locked": {
"lastModified": 1713783234,
"narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=",
"lastModified": 1716210724,
"narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e",
"rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94",
"type": "github"
},
"original": {
@ -489,11 +527,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1716034089,
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"lastModified": 1717574423,
"narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177",
"type": "github"
},
"original": {
@ -521,11 +559,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1715474941,
"narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
"lastModified": 1717289404,
"narHash": "sha256-4q6ZO3BqHgdd3Aacb/xiQXB4g9TQKpQg/praTpD9vbI=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
"rev": "e090cb30ae82f4b4461aafdb808847c6c97b08c2",
"type": "github"
},
"original": {
@ -534,6 +572,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1717530100,
"narHash": "sha256-b4Dn+PnrZoVZ/BoR9JN2fTxXxplJrAsdSUIePf4Cacs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a2e1d0414259a144ebdc048408a807e69e0565af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_3",
@ -544,11 +598,11 @@
]
},
"locked": {
"lastModified": 1716052422,
"narHash": "sha256-9zObaIzZ3OnW4nMdNzMmrjUrGhqhAZhn1VQnxWUlKts=",
"lastModified": 1717669106,
"narHash": "sha256-C7jLK3KgTbGBQcpRsu1qivSoSfkp7PaWI+tLfo9qHHY=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "0c6afa4c3c068730a90ce20762bf0fdfac23e64b",
"rev": "27f970b56d7de3b7214b6017cec7f149656448a1",
"type": "github"
},
"original": {
@ -574,6 +628,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1686488075,
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
@ -589,7 +659,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
@ -605,13 +675,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1715996989,
"narHash": "sha256-ObD9YSelkwCAylEXJHcNjrn3hLOfIVScB1tPz9zeDN8=",
"lastModified": 1717459389,
"narHash": "sha256-I8/plBsua4/NZ5bKgj+z7/ThiWuud1YFwLsn1QQ5PgE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63d3e5d82edf5a138e7d0872231cc23ed4e740fd",
"rev": "3b01abcc24846ae49957b30f4345bab4b3f1d14b",
"type": "github"
},
"original": {
@ -621,7 +691,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1715037484,
"narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
@ -637,7 +707,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -656,6 +726,7 @@
"inputs": {
"agenix": "agenix",
"alertmanager-ntfy": "alertmanager-ntfy",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2",
"kubenix": "kubenix",
"lix": "lix",
@ -664,7 +735,7 @@
"nixos-dns": "nixos-dns",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix"
}
@ -679,11 +750,26 @@
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -698,7 +784,7 @@
"type": "github"
}
},
"systems_3": {
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -712,7 +798,7 @@
"type": "indirect"
}
},
"systems_4": {
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -731,8 +817,8 @@
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_8",
"terranix-examples": "terranix-examples"
},
"locked": {

16
flake.nix
View file

@ -412,6 +412,22 @@
}
];
};
minecraft-server = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
agenix.nixosModules.default
(import ./nix/minecraft-server/configuration.nix)
{
_module.args.nixinate = {
host = "192.168.50.13";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
];
};
};
};
}

84
nix/minecraft-server/configuration.nix Normal file
View file

@ -0,0 +1,84 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
age.secrets.cloudflared = {
file = ../../secrets/minecraft-server-cloudflared.age;
owner = "cloudflared";
};
nixpkgs.config.allowUnfree = true;
nix = {
settings = {
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "minecraft-server"; # Define your hostname.
useDHCP = true;
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [22 80 443];
trustedInterfaces = ["enp6s18"];
checkReversePath = "loose";
};
nftables.enable = true;
};
services = {
openssh.enable = true;
minecraft-server = {
enable = true;
openFirewall = true;
eula = true;
#package = pkgs.papermc;
};
bluemap = {
enable = true;
eula = true;
defaultWorld = "${config.services.minecraft-server.dataDir}/world";
host = "mc.gmem.ca";
};
cloudflared = {
enable = true;
tunnels.minecraft = {
credentialsFile = config.age.secrets.cloudflared.path;
default = "http_status:404";
ingress = {
"mc.gmem.ca" = "http://localhost:80";
};
warp-routing.enabled = true;
};
};
# nginx reverse proxy
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
qemuGuest.enable = true;
};
system.stateVersion = "23.11"; # Did you read the comment?
}

32
nix/minecraft-server/disk-config.nix Normal file
View file

@ -0,0 +1,32 @@
{
disko.devices = {
disk = {
my-disk = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

33
nix/minecraft-server/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.6.1.tar.gz";
sha256 = "1p9vsml07bm3riw703dv83ihlmgyc11qv882qa6bqzqdgn86y8z4";
}}/module.nix''
./disk-config.nix
];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
secrets.nix
View file

@ -8,6 +8,8 @@ let
dnsmasq = [dnsmasq-cache dnsmasq-cache-floof];
minecraft-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkLMVdCnjFsZ3tg7s3fE64VBw4QIekgMt2fAY1E79wv";
proxmox-k3s-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1KEjdFl0UmuKfESJTMZdKR2H9a405z0SSlt75NKKht";
seattle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9pTEqeVljLq0ctFgDn25Q76mCqpddkSNN9kd3IQXd1";
glasgow = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgZSpfnx/4kfE4P1tFpq047IZkF2Q0UYahputnWxtEJ";
@ -33,4 +35,6 @@ in {
"secrets/paperless-oauth.age".publicKeys = [vancouver] ++ users;
"secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
"secrets/minecraft-server-cloudflared.age".publicKeys = [minecraft-server] ++ users;
}

BIN
secrets/minecraft-server-cloudflared.age Normal file
View file

Binary file not shown.