diff --git a/.gitattributes b/.gitattributes index 82c6e8a..4c9ff84 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ secrets/murmur_password filter=git-crypt diff=git-crypt secrets/hashedPass filter=git-crypt diff=git-crypt secrets/mullvad.nix filter=git-crypt diff=git-crypt +secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt diff --git a/configuration.nix b/configuration.nix index 88498fe..644f636 100644 --- a/configuration.nix +++ b/configuration.nix @@ -15,7 +15,8 @@ ./services/caddy.nix ./services/quadlet.nix ./services/immich.nix - ./services/git.nix + ./services/gitea.nix + ./services/minecraft.nix ]; nix = { @@ -45,7 +46,19 @@ # Use the systemd-boot EFI boot loader. systemd-boot.enable = true; efi.canTouchEfiVariables = true; + + # 1 sec timeout + timeout = 1; }; + + initrd = { + compressor = "zstd"; + compressorArgs = [ "-19" ]; + }; + }; + + environment.etc = { + "issue".text = "muffin server :3\n"; }; # Set your time zone. @@ -210,10 +223,6 @@ ]; }; - networking.firewall.allowedTCPPorts = [ - service_configs.ports.minecraft - ]; - services.murmur = { enable = true; openFirewall = true; diff --git a/flake.lock b/flake.lock index 3d8f357..aa0651e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,17 +1,73 @@ { "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727487901, + "narHash": "sha256-m+QPmso7l/SVPgrQz72PicSQgaaLs/Iyy+9eAyHY3+c=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "39983d066b08107165ba5757d03f414abb4e52c9", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1727447095, - "narHash": "sha256-bUFP8kDHzrbnM3cTVu+k6kJ2qtA7a1Q5cZHjC0J0v7A=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c030cf309bffa9cd87336705e96ce941ce977d9", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -38,9 +94,25 @@ }, "root": { "inputs": { + "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs", "quadlet-nix": "quadlet-nix" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1d9989f..f4ec7d2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,16 +2,19 @@ description = "Flake for server muffin"; inputs = { - # nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:NixOS/nixpkgs/master"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # nixpkgs.url = "github:NixOS/nixpkgs/master"; quadlet-nix.url = "github:SEIAROTg/quadlet-nix"; quadlet-nix.inputs.nixpkgs.follows = "nixpkgs"; + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { nixpkgs, quadlet-nix, + nix-minecraft, ... }: let @@ -29,7 +32,7 @@ jellyfin = 8096; torrent = 6011; minecraft = 25565; - git-server = 3281; + gitea = 3281; }; https = { @@ -50,7 +53,7 @@ }; minecraft = { - dir = "/tank/services/minecraft"; + dir = "/tank/services/minecraft/main"; }; gluetun = { @@ -81,6 +84,13 @@ modules = [ ./configuration.nix quadlet-nix.nixosModules.quadlet + ( + { pkgs, ... }: + { + imports = [ nix-minecraft.nixosModules.minecraft-servers ]; + nixpkgs.overlays = [ nix-minecraft.overlay ]; + } + ) ]; }; }; diff --git a/secrets/minecraft-whitelist.nix b/secrets/minecraft-whitelist.nix new file mode 100644 index 0000000..f92437b Binary files /dev/null and b/secrets/minecraft-whitelist.nix differ diff --git a/services/caddy.nix b/services/caddy.nix index eba481a..493548c 100644 --- a/services/caddy.nix +++ b/services/caddy.nix @@ -26,7 +26,7 @@ ''; "git.gardling.com".extraConfig = '' - reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.git-server} + reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.gitea} ''; }; }; diff --git a/services/git.nix b/services/gitea.nix similarity index 94% rename from services/git.nix rename to services/gitea.nix index f06deb0..0d20746 100644 --- a/services/git.nix +++ b/services/gitea.nix @@ -16,7 +16,7 @@ server = { DOMAIN = "git.gardling.com"; ROOT_URL = "https://git.gardling.com"; - HTTP_PORT = service_configs.ports.git-server; + HTTP_PORT = service_configs.ports.gitea; LANDING_PAGE = "/explore/repos"; }; session = { diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 044d8f0..c602ce7 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -1,4 +1,9 @@ -{ pkgs, config, service_configs, ... }: +{ + pkgs, + config, + service_configs, + ... +}: { environment.systemPackages = with pkgs; [ jellyfin @@ -11,7 +16,7 @@ # used for local streaming openFirewall = true; - user = "jellyfin"; + user = "primary"; group = "users"; dataDir = service_configs.jellyfin.data_dir; cacheDir = service_configs.jellyfin.cache_dir; diff --git a/services/minecraft.nix b/services/minecraft.nix new file mode 100644 index 0000000..c456087 --- /dev/null +++ b/services/minecraft.nix @@ -0,0 +1,83 @@ +{ + pkgs, + service_configs, + lib, + ... +}: + +{ + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "minecraft-server" + ]; + + services.minecraft-servers = { + enable = true; + eula = true; + dataDir = "/tank/services/minecraft"; + openFirewall = true; + servers.main = { + enable = true; + package = pkgs.fabricServers.fabric-1_21_1; + jvmOpts = "-Xmx6144M -Xms6144M -XX:+AlwaysPreTouch -XX:+DisableExplicitGC -XX:+ParallelRefProcEnabled -XX:+PerfDisableSharedMem -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1HeapRegionSize=8M -XX:G1HeapWastePercent=5 -XX:G1MaxNewSizePercent=40 -XX:G1MixedGCCountTarget=4 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1NewSizePercent=30 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:G1ReservePercent=20 -XX:InitiatingHeapOccupancyPercent=15 -XX:MaxGCPauseMillis=200 -XX:MaxTenuringThreshold=1 -XX:SurvivorRatio=32"; + serverProperties = { + server-port = service_configs.ports.minecraft; + enforce-whitelist = true; + gamemode = "survival"; + white-list = true; + difficulty = "easy"; + motd = "A Minecraft Server"; + }; + + whitelist = import ../secrets/minecraft-whitelist.nix; + + symlinks = { + "mods" = pkgs.linkFarmFromDrvs "mods" ( + builtins.attrValues { + BadOptimizations = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/g96Z4WVZ/versions/XYBqWKD2/BadOptimizations-2.1.4-1.21.jar"; + sha512 = "6f12d5d7b75ed38f006e4c1e176a2308bf78e6bb5d49601152d7a8fa8e576b3e884bd04fcfb976b82fb67a62408e7efcff3ecc6844cea62b07d4b0538b9f0549"; + }; + ClothConfig = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/9s6osm5g/versions/HpMb5wGb/cloth-config-15.0.140-fabric.jar"; + sha512 = "1b3f5db4fc1d481704053db9837d530919374bf7518d7cede607360f0348c04fc6347a3a72ccfef355559e1f4aef0b650cd58e5ee79c73b12ff0fc2746797a00"; + }; + C2ME = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/VSNURh3q/versions/AHlC1pea/c2me-fabric-mc1.21.1-0.3.0%2Balpha.0.212.jar"; + sha512 = "a1977f3bb02a793677db0b0e20494af4bd648efd3b7e83d0c1ef3f14e7fdc0c4d3a9561b841fde97a123b87123275ce3c213bf414f91bc1393f26c95a70f0536"; + }; + FabricApi = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/WTaAx4ah/fabric-api-0.105.0%2B1.21.1.jar"; + sha512 = "6e1ffcf7f5af9589c16ccec1f9bb5ef8dede5ebe52ae09d94affa8050603f6ecd71d130a793c2bdb4bd42b2a70905425e55141d39369dfa9840569eef4dace16"; + }; + FerriteCore = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/uXXizFIs/versions/wmIZ4wP4/ferritecore-7.0.0-fabric.jar"; + sha512 = "0f2f9b5aebd71ef3064fc94df964296ac6ee8ea12221098b9df037bdcaaca7bccd473c981795f4d57ff3d49da3ef81f13a42566880b9f11dc64645e9c8ad5d4f"; + }; + Lithium = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/9x0igjLz/lithium-fabric-mc1.21.1-0.13.1.jar"; + sha512 = "4250a630d43492da35c4c197ae43082186938fdcb42bafcb6ccad925b79f583abdfdc17ce792c6c6686883f7f109219baecb4906a65d524026d4e288bfbaf146"; + }; + NoChatReports = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/qQyHxfxd/versions/riMhCAII/NoChatReports-FABRIC-1.21-v2.8.0.jar"; + sha512 = "092837afc0fcb5208561062f8e4cd69971efa94c0180ae377e318d35d8f278abbf1552e4a577be882dc7e870f884779bc36caf808c8bc90bb05490f1e034ddb8"; + }; + noisium = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/KuNKN7d2/versions/4sGQgiu2/noisium-fabric-2.3.0%2Bmc1.21-1.21.1.jar"; + sha512 = "606ba78cf7f30d99e417c96aa042f600c1b626ed9c783919496d139de650013f1434fcf93545782e3889660322837ce6e85530d9e1a5cc20f9ad161357ede43e"; + }; + threadtweak = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/vSEH1ERy/versions/F4sjmsi3/threadtweak-fabric-0.1.5%2Bmc1.21.1.jar"; + sha512 = "b0221075239b9998d08e9a42d7bb3205c22482dc39f4b62a1c57c1f7444c9ec9cdee4a245b6b9c6b23f61f3cec82056c40cfc09e6c1bc0690cd936dfed6393a1"; + }; + vmp = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/wnEe9KBa/versions/VuFHjBNh/vmp-fabric-mc1.21.1-0.2.0%2Bbeta.7.168-all.jar"; + sha512 = "5e2360e91a36d0e76ff0e805c504c773a1449252572ae218edf4430bdf179ac50b1a080d3ca25ecca266499b5637b5b92a228d1c6516e742a7c9f560791c4059"; + }; + } + ); + }; + }; + }; +} diff --git a/services/quadlet.nix b/services/quadlet.nix index 8e5ecee..47b997e 100644 --- a/services/quadlet.nix +++ b/services/quadlet.nix @@ -12,23 +12,23 @@ }; in { - minecraft-server.containerConfig = baseContainerConfig // { - image = "docker.io/itzg/minecraft-server:java21-graalvm"; - name = "minecraft"; + # minecraft-server.containerConfig = baseContainerConfig // { + # image = "docker.io/itzg/minecraft-server:java21-graalvm"; + # name = "minecraft"; - environments = { - TYPE = "QUILT"; - MEMORY = "4G"; - MOD_PLATFORM = "MODRINTH"; - USE_AIKAR_FLAGS = true; - JVM_OPTS = "-XX:-UseJVMCICompiler"; - MODRINTH_MODPACK = "https://modrinth.com/modpack/sop"; - VERSION = "1.21.1"; - }; + # environments = { + # TYPE = "QUILT"; + # MEMORY = "4G"; + # MOD_PLATFORM = "MODRINTH"; + # USE_AIKAR_FLAGS = true; + # JVM_OPTS = "-XX:-UseJVMCICompiler"; + # MODRINTH_MODPACK = "https://modrinth.com/modpack/sop"; + # VERSION = "1.21.1"; + # }; - publishPorts = [ "${builtins.toString service_configs.ports.minecraft}:25565" ]; - volumes = [ "${service_configs.minecraft.dir}:/data:z" ]; - }; + # publishPorts = [ "${builtins.toString service_configs.ports.minecraft}:25565" ]; + # volumes = [ "${service_configs.minecraft.dir}:/data:z" ]; + # }; gluetun.containerConfig = baseContainerConfig // { image = "docker.io/qmcgaw/gluetun"; @@ -61,6 +61,8 @@ environments = { WEBUI_PORT = service_configs.ports.torrent; DOCKER_MODS = "ghcr.io/gabe565/linuxserver-mod-vuetorrent"; + PUID = 1000; + PGID = 1000; }; volumes = [