diff --git a/flake.lock b/flake.lock index f315731..75fda3a 100644 --- a/flake.lock +++ b/flake.lock @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1720926593, - "narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=", + "lastModified": 1721531260, + "narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4", + "rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1720915306, - "narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { @@ -188,13 +188,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1721226092, - "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=", + "lastModified": 1721379653, + "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c716603a63aca44f39bef1986c13402167450e0a", + "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1721548954, + "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", "type": "github" }, "original": { @@ -270,6 +286,7 @@ "kpp": "kpp", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable", "print-interface": "print-interface", "sops-nix": "sops-nix", "vscode-server": "vscode-server" @@ -283,11 +300,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1720926522, - "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=", + "lastModified": 1721531171, + "narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "0703ba03fd9c1665f8ab68cc3487302475164617", + "rev": "909e8cfb60d83321d85c8d17209d733658a21c95", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fe35311..a150aa3 100755 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.url = "github:nix-community/nix-index-database"; @@ -23,6 +24,7 @@ outputs = { self , nixpkgs + , nixpkgs-unstable , sops-nix , nix-index-database , kpp @@ -36,6 +38,7 @@ supportedSystems = [ "x86_64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system}); + in { packages = forAllSystems (system: rec { diff --git a/modules/minecraft/default.nix b/modules/minecraft/default.nix index a06ec01..af96e95 100644 --- a/modules/minecraft/default.nix +++ b/modules/minecraft/default.nix @@ -1,13 +1,44 @@ -{ ... }: +{config, pkgs, lib, nixpkgs-unstable, ... }: { services.minecraft-server = { enable = true; + # hack to enable unstable unfree package + package = nixpkgs-unstable.legacyPackages.x86_64-linux.minecraft-server.overrideAttrs (_old: { meta.license = [ lib.licenses.mit ]; }); eula = true; }; + services.bluemap = { + enable = true; + host = "map.mc.ifsr.de"; + eula = true; + defaultWorld = "${config.services.minecraft-server.dataDir}/world"; + }; + services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = '' + allow 141.30.0.0/16; + allow 141.76.0.0/16; + deny all; + ''; networking.firewall = { extraInputRules = '' - ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow ldaps access from office nets and podman" + ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow minecraft access from office nets and podman" ''; }; + users.users.minecraft = { + isNormalUser = true; + isSystemUser = lib.mkForce false; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte + ]; + }; + security.sudo.extraRules = [ + { + users = [ "minecraft" ]; + commands = [ + { command = "/run/current-system/sw/bin/systemctl restart minecraft-server"; options = [ "NOPASSWD" ]; } + { command = "/run/current-system/sw/bin/systemctl start minecraft-server"; options = [ "NOPASSWD" ]; } + { command = "/run/current-system/sw/bin/systemctl stop minecraft-server"; options = [ "NOPASSWD" ]; } + ]; + } + ]; }