Compare commits
2 commits
85f8932908
...
49d48dc8d4
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | 49d48dc8d4 | ||
Rouven Seifert | 7a9e841a5f |
43
flake.lock
43
flake.lock
|
@ -143,11 +143,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720926593,
|
||||
"narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=",
|
||||
"lastModified": 1721531260,
|
||||
"narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4",
|
||||
"rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -174,11 +174,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1720915306,
|
||||
"narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=",
|
||||
"lastModified": 1721524707,
|
||||
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d",
|
||||
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -188,13 +188,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1721226092,
|
||||
"narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=",
|
||||
"lastModified": 1721379653,
|
||||
"narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c716603a63aca44f39bef1986c13402167450e0a",
|
||||
"rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1721548954,
|
||||
"narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -270,6 +286,7 @@
|
|||
"kpp": "kpp",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"print-interface": "print-interface",
|
||||
"sops-nix": "sops-nix",
|
||||
"vscode-server": "vscode-server"
|
||||
|
@ -283,11 +300,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720926522,
|
||||
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
|
||||
"lastModified": 1721531171,
|
||||
"narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
|
||||
"rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||
|
@ -23,6 +24,7 @@
|
|||
outputs =
|
||||
{ self
|
||||
, nixpkgs
|
||||
, nixpkgs-unstable
|
||||
, sops-nix
|
||||
, nix-index-database
|
||||
, kpp
|
||||
|
@ -36,6 +38,7 @@
|
|||
supportedSystems = [ "x86_64-linux" ];
|
||||
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
|
||||
pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system});
|
||||
|
||||
in
|
||||
{
|
||||
packages = forAllSystems (system: rec {
|
||||
|
|
|
@ -23,4 +23,4 @@
|
|||
#docker-compose # start group of containers for dev
|
||||
#podman-compose # start group of containers for dev
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ let
|
|||
in
|
||||
{
|
||||
sops.secrets."kanboard_env" = { };
|
||||
|
||||
|
||||
virtualisation.oci-containers = {
|
||||
containers.kanboard = {
|
||||
image = "ghcr.io/kanboard/kanboard:v1.2.36";
|
||||
|
|
|
@ -1,13 +1,44 @@
|
|||
{ ... }:
|
||||
{config, pkgs, lib, nixpkgs-unstable, ... }:
|
||||
{
|
||||
services.minecraft-server = {
|
||||
enable = true;
|
||||
# hack to enable unstable unfree package
|
||||
package = nixpkgs-unstable.legacyPackages.x86_64-linux.minecraft-server.overrideAttrs (_old: { meta.license = [ lib.licenses.mit ]; });
|
||||
eula = true;
|
||||
};
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
host = "map.mc.ifsr.de";
|
||||
eula = true;
|
||||
defaultWorld = "${config.services.minecraft-server.dataDir}/world";
|
||||
};
|
||||
services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = ''
|
||||
allow 141.30.0.0/16;
|
||||
allow 141.76.0.0/16;
|
||||
deny all;
|
||||
'';
|
||||
|
||||
networking.firewall = {
|
||||
extraInputRules = ''
|
||||
ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow ldaps access from office nets and podman"
|
||||
ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow minecraft access from office nets and podman"
|
||||
'';
|
||||
};
|
||||
users.users.minecraft = {
|
||||
isNormalUser = true;
|
||||
isSystemUser = lib.mkForce false;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte
|
||||
];
|
||||
};
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = [ "minecraft" ];
|
||||
commands = [
|
||||
{ command = "/run/current-system/sw/bin/systemctl restart minecraft-server"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/systemctl start minecraft-server"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/systemctl stop minecraft-server"; options = [ "NOPASSWD" ]; }
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue