diff --git a/flake.lock b/flake.lock index 75fda3a..f315731 100644 --- a/flake.lock +++ b/flake.lock @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1721531260, - "narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=", + "lastModified": 1720926593, + "narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d", + "rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1720915306, + "narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d", "type": "github" }, "original": { @@ -188,29 +188,13 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1721548954, - "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", + "lastModified": 1721226092, + "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=", "owner": "nixos", "repo": "nixpkgs", - "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", + "rev": "c716603a63aca44f39bef1986c13402167450e0a", "type": "github" }, "original": { @@ -286,7 +270,6 @@ "kpp": "kpp", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", "print-interface": "print-interface", "sops-nix": "sops-nix", "vscode-server": "vscode-server" @@ -300,11 +283,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1721531171, - "narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=", + "lastModified": 1720926522, + "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "909e8cfb60d83321d85c8d17209d733658a21c95", + "rev": "0703ba03fd9c1665f8ab68cc3487302475164617", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a150aa3..fe35311 100755 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.url = "github:nix-community/nix-index-database"; @@ -24,7 +23,6 @@ outputs = { self , nixpkgs - , nixpkgs-unstable , sops-nix , nix-index-database , kpp @@ -38,7 +36,6 @@ supportedSystems = [ "x86_64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system}); - in { packages = forAllSystems (system: rec { diff --git a/modules/core/podman.nix b/modules/core/podman.nix index 625d25b..ad47b5b 100644 --- a/modules/core/podman.nix +++ b/modules/core/podman.nix @@ -23,4 +23,4 @@ #docker-compose # start group of containers for dev #podman-compose # start group of containers for dev ]; -} +} \ No newline at end of file diff --git a/modules/kanboard.nix b/modules/kanboard.nix index 6b4841f..9edc86a 100644 --- a/modules/kanboard.nix +++ b/modules/kanboard.nix @@ -5,7 +5,7 @@ let in { sops.secrets."kanboard_env" = { }; - + virtualisation.oci-containers = { containers.kanboard = { image = "ghcr.io/kanboard/kanboard:v1.2.36"; diff --git a/modules/minecraft/default.nix b/modules/minecraft/default.nix index af96e95..a06ec01 100644 --- a/modules/minecraft/default.nix +++ b/modules/minecraft/default.nix @@ -1,44 +1,13 @@ -{config, pkgs, lib, nixpkgs-unstable, ... }: +{ ... }: { services.minecraft-server = { enable = true; - # hack to enable unstable unfree package - package = nixpkgs-unstable.legacyPackages.x86_64-linux.minecraft-server.overrideAttrs (_old: { meta.license = [ lib.licenses.mit ]; }); eula = true; }; - services.bluemap = { - enable = true; - host = "map.mc.ifsr.de"; - eula = true; - defaultWorld = "${config.services.minecraft-server.dataDir}/world"; - }; - services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = '' - allow 141.30.0.0/16; - allow 141.76.0.0/16; - deny all; - ''; networking.firewall = { extraInputRules = '' - ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow minecraft access from office nets and podman" + ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow ldaps access from office nets and podman" ''; }; - users.users.minecraft = { - isNormalUser = true; - isSystemUser = lib.mkForce false; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte - ]; - }; - security.sudo.extraRules = [ - { - users = [ "minecraft" ]; - commands = [ - { command = "/run/current-system/sw/bin/systemctl restart minecraft-server"; options = [ "NOPASSWD" ]; } - { command = "/run/current-system/sw/bin/systemctl start minecraft-server"; options = [ "NOPASSWD" ]; } - { command = "/run/current-system/sw/bin/systemctl stop minecraft-server"; options = [ "NOPASSWD" ]; } - ]; - } - ]; }