Compare commits

..

2 commits

Author SHA1 Message Date
Rouven Seifert 49d48dc8d4
minecraft: fix server and init bluemap 2024-07-22 18:05:26 +02:00
Rouven Seifert 7a9e841a5f
treewide: format 2024-07-22 18:05:07 +02:00
5 changed files with 68 additions and 17 deletions

View file

@ -143,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720926593, "lastModified": 1721531260,
"narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=", "narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4", "rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -174,11 +174,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1720915306, "lastModified": 1721524707,
"narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=", "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d", "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,13 +188,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1721226092, "lastModified": 1721379653,
"narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=", "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c716603a63aca44f39bef1986c13402167450e0a", "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1721548954,
"narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,6 +286,7 @@
"kpp": "kpp", "kpp": "kpp",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"print-interface": "print-interface", "print-interface": "print-interface",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"vscode-server": "vscode-server" "vscode-server": "vscode-server"
@ -283,11 +300,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1720926522, "lastModified": 1721531171,
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=", "narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617", "rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,6 +1,7 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.url = "github:nix-community/nix-index-database";
@ -23,6 +24,7 @@
outputs = outputs =
{ self { self
, nixpkgs , nixpkgs
, nixpkgs-unstable
, sops-nix , sops-nix
, nix-index-database , nix-index-database
, kpp , kpp
@ -36,6 +38,7 @@
supportedSystems = [ "x86_64-linux" ]; supportedSystems = [ "x86_64-linux" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system}); pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system});
in in
{ {
packages = forAllSystems (system: rec { packages = forAllSystems (system: rec {

View file

@ -23,4 +23,4 @@
#docker-compose # start group of containers for dev #docker-compose # start group of containers for dev
#podman-compose # start group of containers for dev #podman-compose # start group of containers for dev
]; ];
} }

View file

@ -5,7 +5,7 @@ let
in in
{ {
sops.secrets."kanboard_env" = { }; sops.secrets."kanboard_env" = { };
virtualisation.oci-containers = { virtualisation.oci-containers = {
containers.kanboard = { containers.kanboard = {
image = "ghcr.io/kanboard/kanboard:v1.2.36"; image = "ghcr.io/kanboard/kanboard:v1.2.36";

View file

@ -1,13 +1,44 @@
{ ... }: {config, pkgs, lib, nixpkgs-unstable, ... }:
{ {
services.minecraft-server = { services.minecraft-server = {
enable = true; enable = true;
# hack to enable unstable unfree package
package = nixpkgs-unstable.legacyPackages.x86_64-linux.minecraft-server.overrideAttrs (_old: { meta.license = [ lib.licenses.mit ]; });
eula = true; eula = true;
}; };
services.bluemap = {
enable = true;
host = "map.mc.ifsr.de";
eula = true;
defaultWorld = "${config.services.minecraft-server.dataDir}/world";
};
services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = ''
allow 141.30.0.0/16;
allow 141.76.0.0/16;
deny all;
'';
networking.firewall = { networking.firewall = {
extraInputRules = '' extraInputRules = ''
ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow ldaps access from office nets and podman" ip saddr { 141.30.0.0/16, 141.76.0.0/16} tcp dport 25565 accept comment "Allow minecraft access from office nets and podman"
''; '';
}; };
users.users.minecraft = {
isNormalUser = true;
isSystemUser = lib.mkForce false;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte
];
};
security.sudo.extraRules = [
{
users = [ "minecraft" ];
commands = [
{ command = "/run/current-system/sw/bin/systemctl restart minecraft-server"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/systemctl start minecraft-server"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/systemctl stop minecraft-server"; options = [ "NOPASSWD" ]; }
];
}
];
} }