gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(access): minecraft

Browse source
This commit is contained in:
arcnmx 2024-09-19 13:49:04 -07:00
parent 75b123776b
commit f3b8f606b8
9 changed files with 55 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/minecraft-katsink.nix
View file

@ -89,6 +89,12 @@ in {
requires = ["minecraft-katsink-server.socket"];
after = ["network.target" "minecraft-katsink-server.socket"];
restartTriggers = [
cfg.dataDir
cfg.jvmOpts
cfg.argsFiles
];
serviceConfig = {
ExecStart = [execStart];
ExecStop = "${getExe execStop} $MAINPID";

25
nixos/access/gensokyo.nix
View file

@ -5,9 +5,11 @@
pkgs,
...
}: let
inherit (lib.modules) mkMerge mkAfter;
inherit (lib.modules) mkMerge mkAfter mkDefault;
inherit (lib.strings) escapeRegex;
inherit (gensokyo-zone.lib) domain;
inherit (config.services) nginx;
minecraftBackups = "${config.kyuuto.dataDir}/minecraft/simplebackups";
in {
services.nginx.virtualHosts.gensokyoZone = {
serverName = domain;
@ -23,6 +25,20 @@ in {
}
];
};
"/minecraft/backups" = {
root = pkgs.linkFarm "genso-minecraft-backups" [
{
name = "minecraft/backups";
path = minecraftBackups;
}
];
extraConfig = ''
gzip off;
autoindex on;
auth_basic "private";
auth_basic_user_file ${config.sops.secrets.access-web-htpasswd.path};
'';
};
"/.well-known/webfinger" = let
# https://www.rfc-editor.org/rfc/rfc7033#section-3.1
oidc = {
@ -57,4 +73,11 @@ in {
};
};
};
systemd.services.nginx.serviceConfig.BindReadOnlyPaths = [
minecraftBackups
];
sops.secrets.access-web-htpasswd = {
sopsFile = mkDefault ../secrets/access.yaml;
owner = nginx.user;
};
}

16
nixos/kyuuto/mount.nix
View file

@ -9,6 +9,10 @@
inherit (lib.attrsets) listToAttrs nameValuePair;
inherit (config.services.steam) accountSwitch beatsaber;
cfg = config.kyuuto;
mapId = id:
if config.proxmoxLXC.privileged or true
then 100000 + id
else id;
in {
options.kyuuto = with lib.types; {
setup = mkEnableOption "directory and permission setup";
@ -32,6 +36,10 @@ in {
type = path;
default = cfg.libraryDir + "/games";
};
dataDir = mkOption {
type = path;
default = "/mnt/kyuuto-data";
};
gameLibraries = mkOption {
type = listOf str;
default = ["PC"];
@ -98,6 +106,10 @@ in {
${cfg.libraryDir + "/movies"} = leaf;
${cfg.libraryDir + "/software"} = leaf;
${cfg.libraryDir + "/books"} = leaf;
${cfg.dataDir + "/minecraft/simplebackups"} = leaf // {
owner = toString (mapId 913); # minecraft-bedrock uid
group = "admin";
};
${cfg.gameLibraryDir} = shared;
}
(listToAttrs (
@ -123,10 +135,6 @@ in {
};
users = let
mapId = id:
if config.proxmoxLXC.privileged or true
then 100000 + id
else id;
mkDummyUsers = {
name,
group ? name,

2
nixos/minecraft/katsink.nix
View file

@ -25,13 +25,13 @@ in {
root = config.rootDir + "/minecraft/katsink";
path = mkDefault cfg.dataDir;
};
# TODO: serviceConfig.ExecStart = mkForce [ "${pkgs.runtimeShell} ${cfg.dataDir}/run.sh" ]; for imperative updates ?
};
sockets.minecraft-katsink-server = {
socketConfig.SocketGroup = "admin";
};
};
networking.firewall = mkIf cfg.enable {
interfaces.tailscale0.allowedTCPPorts = [cfg.port];
interfaces.local.allowedTCPPorts = [cfg.port];
};
}

7
nixos/secrets/access.yaml
View file

@ -1,4 +1,5 @@
access-peeps-nft-connieallure: ENC[AES256_GCM,data:K+Mjtc/23sseniuQg9GyklMkvRh2VZFFQHGsw6MWMYgpriX6KI3o0V+0upoxrXzDHtNE/Hp/OHE=,iv:Oo0fIUHkXFeQA6jyyTCInsQYM9x7B9ZbkAyBQSt86Xk=,tag:v87P8BXfvqJcn9qKUM0CQw==,type:str]
access-web-htpasswd: ENC[AES256_GCM,data:whmIMgMrw8Us8VoUsoE3WmIX3EHWChuTOMgwPFqin4gAwydefBr93J8S2MBj78iweX18jT+F+Zgs0zERYPybMXo8y2orM/fPD6pgafm4nKQHRQARpyB9v2HcJ7q5hK0S/2qFB83wZ52OKlwWWRXJuJP+NPcJBQSmr19tAu99JA==,iv:eP48z2rYqVK1juefM2H34ft9YmXEFMqD0SwlpTRpdAY=,tag:bln/5tvgj5LiBoO0XRSFuQ==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -114,8 +115,8 @@ sops:
ZUIxR09QTEM1RVN4MkI3NjkrUVg0am8KV6Q6RqJj9GGDG0gcpS2crPP07W6B8qOB
dwjE9Efx+NaA4xKtt/cd2S/YUiMwj97qgOLYIseHAuxnbVIm6PNB7g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-01T16:50:29Z"
mac: ENC[AES256_GCM,data:humfCS9LaB0pcAObLZH+8huTED1/eW6ZtR7PVZ33JPrTJhc9ttorbsfsVPGjsd52I0RT4cNNk9iRDGSqNvgCP+BdvOyILDRA0kxKvF3XLX76Iw0v5jWlPBUts0Hi5ch9Mzn5abN/w3E/5D7z1OMQN11kroJtVpnQMdPDza/qK4g=,iv:UNHN2BYkC0AShqtB7gRLIBYqYwASqVbYhA2RC1dSWYE=,tag:Qo/1LczVrlTHFvWkCG3GIw==,type:str]
lastmodified: "2024-09-19T23:41:25Z"
mac: ENC[AES256_GCM,data:ZZyOf4N1qJ61XsxMp/oL8K+6fU3edDz6oFdFZP80Ej0KazdY54fH93Xq5QXjzOZAQif9PSizmSRqIibVHaBC2OfZRMf8RfWky8V5dEauiGHuncyPQyyirFARWOWtzPfbA6AhCcd+mEWzsppuR6K3X7NPMraKna1DXAJ97I5zkPk=,iv:+m9NAXKD8sLeLxA8pcSCpHUDs4HYgjiCGQYLRvrrAx4=,tag:AqBcJgRWV9tfhgrPnNnD1A==,type:str]
pgp:
- created_at: "2024-09-17T02:19:48Z"
enc: |-
@ -153,4 +154,4 @@ sops:
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

1
systems/hakurei/lxc.json
View file

@ -2,6 +2,7 @@
"lxc": {
"lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir",
"/dev/net/tun dev/net/tun none bind,optional,create=file"
],
"lxc.idmap": [

8
systems/minecraft/default.nix
View file

@ -4,17 +4,9 @@ _: {
];
arch = "x86_64";
type = "NixOS";
ci.allowFailure = true;
access.online.enable = false;
modules = [
./nixos.nix
];
network.networks = {
tail = {
address4 = "100.73.157.122";
address6 = "fd7a:115c:a1e0::1f01:9d7a";
};
};
exports = {
services = {
tailscale.enable = true;

6
systems/minecraft/proxmox.nix
View file

@ -14,4 +14,10 @@ _: {
};
};
};
network.networks = {
tail = {
address4 = "100.73.157.122";
address6 = "fd7a:115c:a1e0::1f01:9d7a";
};
};
}

1
systems/reimu/lxc.json
View file

@ -2,6 +2,7 @@
"lxc": {
"lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir",
"/dev/net/tun dev/net/tun none bind,optional,create=file"
],
"lxc.cgroup2.devices.allow": [