2022-06-29 04:48:24 -04:00
|
|
|
{ config, lib, pkgs, java, quilt-server, ... }:
|
2022-05-13 20:28:07 -04:00
|
|
|
|
|
|
|
{
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# Configure networking
|
|
|
|
networking = {
|
|
|
|
hostName = "oracles";
|
|
|
|
domain = "mccarty.io";
|
|
|
|
useDHCP = false;
|
|
|
|
interfaces.enp1s0f1.ipv4.addresses = [{
|
|
|
|
address = "104.238.220.96";
|
|
|
|
prefixLength = 24;
|
|
|
|
}];
|
|
|
|
defaultGateway = "104.238.220.1";
|
|
|
|
nameservers = [ "172.23.98.121" "1.1.1.1" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Open ports in firewall
|
2022-06-03 23:08:40 -04:00
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 25565 ];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 22 80 443 25565 ];
|
2022-05-13 20:28:07 -04:00
|
|
|
networking.firewall.enable = true;
|
|
|
|
# Trust zerotier interface
|
|
|
|
networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ];
|
|
|
|
|
|
|
|
# Add nginx and acme certs
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
};
|
|
|
|
security.acme = {
|
2022-05-30 21:47:04 -04:00
|
|
|
defaults.email = "nathan@mccarty.io";
|
2022-05-13 20:28:07 -04:00
|
|
|
acceptTerms = true;
|
|
|
|
};
|
|
|
|
# Redis
|
2022-05-30 21:47:04 -04:00
|
|
|
services.redis.servers.main = {
|
|
|
|
enable = true;
|
|
|
|
bind = "172.23.108.12";
|
|
|
|
};
|
2022-06-03 23:00:13 -04:00
|
|
|
|
|
|
|
# Install java
|
|
|
|
environment.systemPackages = with pkgs; [
|
2022-06-17 18:40:24 -04:00
|
|
|
java.packages.${system}.semeru-latest
|
2022-06-10 19:30:15 -04:00
|
|
|
borgbackup
|
2022-06-03 23:00:13 -04:00
|
|
|
];
|
2022-06-10 19:30:15 -04:00
|
|
|
|
|
|
|
# Setup sops
|
|
|
|
sops.secrets."borg-sshKey" = {
|
|
|
|
format = "yaml";
|
|
|
|
sopsFile = ../secrets/borg.yaml;
|
|
|
|
};
|
|
|
|
sops.secrets."borg-oraclesPassword" = {
|
|
|
|
format = "yaml";
|
|
|
|
sopsFile = ../secrets/borg.yaml;
|
|
|
|
};
|
2022-06-29 04:48:24 -04:00
|
|
|
sops.secrets."friendpack-backblaze" = {
|
|
|
|
format = "yaml";
|
|
|
|
sopsFile = ../secrets/backblaze.yaml;
|
2022-06-29 05:48:39 -04:00
|
|
|
owner = config.users.users.nathan.name;
|
|
|
|
group = config.users.users.nathan.group;
|
2022-06-29 04:48:24 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
# Setup minecraft container
|
|
|
|
containers.minecraft =
|
|
|
|
let
|
|
|
|
b2AccountID = "00284106ead1ac40000000002";
|
|
|
|
b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}";
|
|
|
|
b2Bucket = "ForwardProgressServerBackup";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
config = { pkgs, lib, ... }@attrs:
|
|
|
|
let
|
|
|
|
# OpenJDK 17
|
|
|
|
javaPackage = pkgs.jdk;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
quilt-server.nixosModules.default
|
|
|
|
];
|
|
|
|
###
|
|
|
|
## Container stuff
|
|
|
|
###
|
|
|
|
# Let nix know this is a container
|
|
|
|
boot.isContainer = true;
|
|
|
|
# Set system state version
|
|
|
|
system.stateVersion = "22.05";
|
|
|
|
# Setup networking
|
|
|
|
networking.useDHCP = false;
|
|
|
|
# Allow minecraft out
|
|
|
|
networking.firewall.allowedTCPPorts = [ 25565 ];
|
|
|
|
|
|
|
|
###
|
|
|
|
## User
|
|
|
|
###
|
|
|
|
users = {
|
|
|
|
mutableUsers = false;
|
|
|
|
# Enable us to not use a password, this is a container
|
|
|
|
allowNoPasswordLogin = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
###
|
|
|
|
## Configure module
|
|
|
|
###
|
|
|
|
forward-progress = {
|
|
|
|
services = {
|
|
|
|
minecraft = {
|
|
|
|
enable = true;
|
|
|
|
minecraft-version = "1.18.2";
|
|
|
|
quilt-version = "0.17.1-beta.4";
|
|
|
|
ram = 6144;
|
|
|
|
properties = {
|
|
|
|
motd = "Nathan's Private Modded Minecraft";
|
2022-06-29 05:20:55 -04:00
|
|
|
white-list = true;
|
|
|
|
enforce-whitelist = true;
|
2022-06-29 04:48:24 -04:00
|
|
|
};
|
|
|
|
packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml";
|
|
|
|
acceptEula = true;
|
|
|
|
};
|
|
|
|
backup = {
|
|
|
|
enable = true;
|
|
|
|
backblaze = {
|
|
|
|
enable = true;
|
|
|
|
accountId = b2AccountID;
|
|
|
|
keyFile = b2KeyFile;
|
|
|
|
bucket = b2Bucket;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
autoStart = true;
|
|
|
|
bindMounts = {
|
|
|
|
"/var/minecraft" = {
|
|
|
|
hostPath = "/var/minecraft";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
2022-06-29 05:48:39 -04:00
|
|
|
"/run/secrets" = {
|
|
|
|
hostPath = "/run/secrets";
|
|
|
|
};
|
2022-06-29 04:48:24 -04:00
|
|
|
};
|
|
|
|
forwardPorts = [
|
|
|
|
{
|
|
|
|
containerPort = 25565;
|
|
|
|
hostPort = 25565;
|
|
|
|
protocol = "tcp";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
containerPort = 25565;
|
|
|
|
hostPort = 25565;
|
|
|
|
protocol = "udp";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Setup the backup job
|
2022-06-10 19:30:15 -04:00
|
|
|
services.borgbackup.jobs = {
|
|
|
|
files = {
|
|
|
|
paths = [
|
|
|
|
"/home"
|
|
|
|
"/var"
|
|
|
|
"/etc"
|
|
|
|
];
|
|
|
|
exclude = [
|
|
|
|
"*/.cache"
|
|
|
|
"*/.tmp"
|
|
|
|
"/home/nathan/minecraft/server/backup"
|
|
|
|
"/var/lib/postgresql"
|
|
|
|
"/var/lib/redis"
|
|
|
|
"/var/lib/docker"
|
2022-06-10 20:10:18 -04:00
|
|
|
"/var/log"
|
2022-06-29 04:48:24 -04:00
|
|
|
"/var/minecraft"
|
2022-06-10 19:30:15 -04:00
|
|
|
];
|
|
|
|
repo = "de1955@de1955.rsync.net:computers/oracles";
|
|
|
|
encryption = {
|
|
|
|
mode = "repokey-blake2";
|
2022-06-10 19:31:02 -04:00
|
|
|
passCommand = "cat ${config.sops.secrets."borg-oraclesPassword".path}";
|
2022-06-10 19:30:15 -04:00
|
|
|
};
|
|
|
|
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
|
|
|
|
compression = "auto,zstd";
|
2022-06-10 20:23:41 -04:00
|
|
|
startAt = "OnCalendar=00/4:30";
|
2022-06-10 19:30:15 -04:00
|
|
|
prune.keep = {
|
|
|
|
within = "7d"; # Keep all archives for the past week
|
|
|
|
daily = 1; # Keep 1 snapshot a day for 2 weeks
|
|
|
|
weekly = 4; # Keep 1 snapshot a week for 4 weeks
|
|
|
|
monthly = -1; # Keep unlimited monthly backups
|
|
|
|
};
|
|
|
|
};
|
2022-06-10 19:47:47 -04:00
|
|
|
};
|
|
|
|
# Backup postgres
|
|
|
|
services.postgresqlBackup = {
|
|
|
|
enable = true;
|
|
|
|
compression = "none";
|
|
|
|
backupAll = true;
|
|
|
|
startAt = "OnCalendar=00/2:00";
|
2022-06-10 19:30:15 -04:00
|
|
|
};
|
|
|
|
|
2022-05-13 20:28:07 -04:00
|
|
|
}
|