# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; age.secrets.cloudflared = { file = ../../secrets/minecraft-server-cloudflared.age; owner = "cloudflared"; }; nixpkgs.config.allowUnfree = true; nix = { settings = { auto-optimise-store = true; experimental-features = ["nix-command" "flakes"]; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { hostName = "minecraft-server"; # Define your hostname. useDHCP = true; firewall = { enable = true; allowedUDPPorts = []; allowedTCPPorts = [22 80 443]; trustedInterfaces = ["enp6s18"]; checkReversePath = "loose"; }; nftables.enable = true; }; services = { openssh.enable = true; minecraft-server = { enable = true; openFirewall = true; eula = true; package = pkgs.papermc; }; bluemap = { enable = true; eula = true; defaultWorld = "${config.services.minecraft-server.dataDir}/world"; host = "mc.gmem.ca"; }; cloudflared = { enable = true; tunnels.minecraft = { credentialsFile = config.age.secrets.cloudflared.path; default = "http_status:404"; ingress = { "mc.gmem.ca" = "http://localhost:80"; }; warp-routing.enabled = true; }; }; # nginx reverse proxy nginx = { enable = true; recommendedGzipSettings = true; recommendedBrotliSettings = true; recommendedZstdSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; }; qemuGuest.enable = true; }; system.stateVersion = "23.11"; # Did you read the comment? }