gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(access): minecraft

Browse source
This commit is contained in:
arcnmx 2024-09-19 13:49:04 -07:00
parent 75b123776b
commit f3b8f606b8
9 changed files with 55 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/minecraft-katsink.nix
View file

@ -89,6 +89,12 @@ in {
requires = ["minecraft-katsink-server.socket"]; requires = ["minecraft-katsink-server.socket"];
after = ["network.target" "minecraft-katsink-server.socket"]; after = ["network.target" "minecraft-katsink-server.socket"];
restartTriggers = [
cfg.dataDir
cfg.jvmOpts
cfg.argsFiles
];
serviceConfig = { serviceConfig = {
ExecStart = [execStart]; ExecStart = [execStart];
ExecStop = "${getExe execStop} $MAINPID"; ExecStop = "${getExe execStop} $MAINPID";

25
nixos/access/gensokyo.nix
View file

@ -5,9 +5,11 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (lib.modules) mkMerge mkAfter; inherit (lib.modules) mkMerge mkAfter mkDefault;
inherit (lib.strings) escapeRegex; inherit (lib.strings) escapeRegex;
inherit (gensokyo-zone.lib) domain; inherit (gensokyo-zone.lib) domain;
inherit (config.services) nginx;
minecraftBackups = "${config.kyuuto.dataDir}/minecraft/simplebackups";
in { in {
services.nginx.virtualHosts.gensokyoZone = { services.nginx.virtualHosts.gensokyoZone = {
serverName = domain; serverName = domain;
@ -23,6 +25,20 @@ in {
} }
]; ];
}; };
"/minecraft/backups" = {
root = pkgs.linkFarm "genso-minecraft-backups" [
{
name = "minecraft/backups";
path = minecraftBackups;
}
];
extraConfig = ''
gzip off;
autoindex on;
auth_basic "private";
auth_basic_user_file ${config.sops.secrets.access-web-htpasswd.path};
'';
};
"/.well-known/webfinger" = let "/.well-known/webfinger" = let
# https://www.rfc-editor.org/rfc/rfc7033#section-3.1 # https://www.rfc-editor.org/rfc/rfc7033#section-3.1
oidc = { oidc = {
@ -57,4 +73,11 @@ in {
}; };
}; };
}; };
systemd.services.nginx.serviceConfig.BindReadOnlyPaths = [
minecraftBackups
];
sops.secrets.access-web-htpasswd = {
sopsFile = mkDefault ../secrets/access.yaml;
owner = nginx.user;
};
} }

16
nixos/kyuuto/mount.nix
View file

@ -9,6 +9,10 @@
inherit (lib.attrsets) listToAttrs nameValuePair; inherit (lib.attrsets) listToAttrs nameValuePair;
inherit (config.services.steam) accountSwitch beatsaber; inherit (config.services.steam) accountSwitch beatsaber;
cfg = config.kyuuto; cfg = config.kyuuto;
mapId = id:
if config.proxmoxLXC.privileged or true
then 100000 + id
else id;
in { in {
options.kyuuto = with lib.types; { options.kyuuto = with lib.types; {
setup = mkEnableOption "directory and permission setup"; setup = mkEnableOption "directory and permission setup";
@ -32,6 +36,10 @@ in {
type = path; type = path;
default = cfg.libraryDir + "/games"; default = cfg.libraryDir + "/games";
}; };
dataDir = mkOption {
type = path;
default = "/mnt/kyuuto-data";
};
gameLibraries = mkOption { gameLibraries = mkOption {
type = listOf str; type = listOf str;
default = ["PC"]; default = ["PC"];
@ -98,6 +106,10 @@ in {
${cfg.libraryDir + "/movies"} = leaf; ${cfg.libraryDir + "/movies"} = leaf;
${cfg.libraryDir + "/software"} = leaf; ${cfg.libraryDir + "/software"} = leaf;
${cfg.libraryDir + "/books"} = leaf; ${cfg.libraryDir + "/books"} = leaf;
${cfg.dataDir + "/minecraft/simplebackups"} = leaf // {
owner = toString (mapId 913); # minecraft-bedrock uid
group = "admin";
};
${cfg.gameLibraryDir} = shared; ${cfg.gameLibraryDir} = shared;
} }
(listToAttrs ( (listToAttrs (
@ -123,10 +135,6 @@ in {
}; };
users = let users = let
mapId = id:
if config.proxmoxLXC.privileged or true
then 100000 + id
else id;
mkDummyUsers = { mkDummyUsers = {
name, name,
group ? name, group ? name,

2
nixos/minecraft/katsink.nix
View file

@ -25,13 +25,13 @@ in {
root = config.rootDir + "/minecraft/katsink"; root = config.rootDir + "/minecraft/katsink";
path = mkDefault cfg.dataDir; path = mkDefault cfg.dataDir;
}; };
# TODO: serviceConfig.ExecStart = mkForce [ "${pkgs.runtimeShell} ${cfg.dataDir}/run.sh" ]; for imperative updates ?
}; };
sockets.minecraft-katsink-server = { sockets.minecraft-katsink-server = {
socketConfig.SocketGroup = "admin"; socketConfig.SocketGroup = "admin";
}; };
}; };
networking.firewall = mkIf cfg.enable { networking.firewall = mkIf cfg.enable {
interfaces.tailscale0.allowedTCPPorts = [cfg.port];
interfaces.local.allowedTCPPorts = [cfg.port]; interfaces.local.allowedTCPPorts = [cfg.port];
}; };
} }

7
nixos/secrets/access.yaml
View file

@ -1,4 +1,5 @@
access-peeps-nft-connieallure: ENC[AES256_GCM,data:K+Mjtc/23sseniuQg9GyklMkvRh2VZFFQHGsw6MWMYgpriX6KI3o0V+0upoxrXzDHtNE/Hp/OHE=,iv:Oo0fIUHkXFeQA6jyyTCInsQYM9x7B9ZbkAyBQSt86Xk=,tag:v87P8BXfvqJcn9qKUM0CQw==,type:str] access-peeps-nft-connieallure: ENC[AES256_GCM,data:K+Mjtc/23sseniuQg9GyklMkvRh2VZFFQHGsw6MWMYgpriX6KI3o0V+0upoxrXzDHtNE/Hp/OHE=,iv:Oo0fIUHkXFeQA6jyyTCInsQYM9x7B9ZbkAyBQSt86Xk=,tag:v87P8BXfvqJcn9qKUM0CQw==,type:str]
access-web-htpasswd: ENC[AES256_GCM,data:whmIMgMrw8Us8VoUsoE3WmIX3EHWChuTOMgwPFqin4gAwydefBr93J8S2MBj78iweX18jT+F+Zgs0zERYPybMXo8y2orM/fPD6pgafm4nKQHRQARpyB9v2HcJ7q5hK0S/2qFB83wZ52OKlwWWRXJuJP+NPcJBQSmr19tAu99JA==,iv:eP48z2rYqVK1juefM2H34ft9YmXEFMqD0SwlpTRpdAY=,tag:bln/5tvgj5LiBoO0XRSFuQ==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
kms: [] kms: []
@ -114,8 +115,8 @@ sops:
ZUIxR09QTEM1RVN4MkI3NjkrUVg0am8KV6Q6RqJj9GGDG0gcpS2crPP07W6B8qOB ZUIxR09QTEM1RVN4MkI3NjkrUVg0am8KV6Q6RqJj9GGDG0gcpS2crPP07W6B8qOB
dwjE9Efx+NaA4xKtt/cd2S/YUiMwj97qgOLYIseHAuxnbVIm6PNB7g== dwjE9Efx+NaA4xKtt/cd2S/YUiMwj97qgOLYIseHAuxnbVIm6PNB7g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-01T16:50:29Z" lastmodified: "2024-09-19T23:41:25Z"
mac: ENC[AES256_GCM,data:humfCS9LaB0pcAObLZH+8huTED1/eW6ZtR7PVZ33JPrTJhc9ttorbsfsVPGjsd52I0RT4cNNk9iRDGSqNvgCP+BdvOyILDRA0kxKvF3XLX76Iw0v5jWlPBUts0Hi5ch9Mzn5abN/w3E/5D7z1OMQN11kroJtVpnQMdPDza/qK4g=,iv:UNHN2BYkC0AShqtB7gRLIBYqYwASqVbYhA2RC1dSWYE=,tag:Qo/1LczVrlTHFvWkCG3GIw==,type:str] mac: ENC[AES256_GCM,data:ZZyOf4N1qJ61XsxMp/oL8K+6fU3edDz6oFdFZP80Ej0KazdY54fH93Xq5QXjzOZAQif9PSizmSRqIibVHaBC2OfZRMf8RfWky8V5dEauiGHuncyPQyyirFARWOWtzPfbA6AhCcd+mEWzsppuR6K3X7NPMraKna1DXAJ97I5zkPk=,iv:+m9NAXKD8sLeLxA8pcSCpHUDs4HYgjiCGQYLRvrrAx4=,tag:AqBcJgRWV9tfhgrPnNnD1A==,type:str]
pgp: pgp:
- created_at: "2024-09-17T02:19:48Z" - created_at: "2024-09-17T02:19:48Z"
enc: |- enc: |-
@ -153,4 +154,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 65BD3044771CB6FB fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.0

1
systems/hakurei/lxc.json
View file

@ -2,6 +2,7 @@
"lxc": { "lxc": {
"lxc.mount.entry": [ "lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir", "/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir",
"/dev/net/tun dev/net/tun none bind,optional,create=file" "/dev/net/tun dev/net/tun none bind,optional,create=file"
], ],
"lxc.idmap": [ "lxc.idmap": [

8
systems/minecraft/default.nix
View file

@ -4,17 +4,9 @@ _: {
]; ];
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
ci.allowFailure = true;
access.online.enable = false;
modules = [ modules = [
./nixos.nix ./nixos.nix
]; ];
network.networks = {
tail = {
address4 = "100.73.157.122";
address6 = "fd7a:115c:a1e0::1f01:9d7a";
};
};
exports = { exports = {
services = { services = {
tailscale.enable = true; tailscale.enable = true;

6
systems/minecraft/proxmox.nix
View file

@ -14,4 +14,10 @@ _: {
}; };
}; };
}; };
network.networks = {
tail = {
address4 = "100.73.157.122";
address6 = "fd7a:115c:a1e0::1f01:9d7a";
};
};
} }

1
systems/reimu/lxc.json
View file

@ -2,6 +2,7 @@
"lxc": { "lxc": {
"lxc.mount.entry": [ "lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir", "/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir",
"/dev/net/tun dev/net/tun none bind,optional,create=file" "/dev/net/tun dev/net/tun none bind,optional,create=file"
], ],
"lxc.cgroup2.devices.allow": [ "lxc.cgroup2.devices.allow": [