From ebd4ae36a1e567896f4e2b85449a93d8908a7dbd Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Wed, 29 Jun 2022 04:48:24 -0400 Subject: [PATCH] feat: Add minecraft container to oracles --- flake.lock | 59 +++++++++++++++++++++++++ flake.nix | 5 +++ machines/oracles.nix | 97 +++++++++++++++++++++++++++++++++++++++++- modules/games.nix | 2 +- secrets/backblaze.yaml | 66 ++++++++++++++++++++++++++++ 5 files changed, 226 insertions(+), 3 deletions(-) create mode 100644 secrets/backblaze.yaml diff --git a/flake.lock b/flake.lock index dffd6a7..b6c424b 100644 --- a/flake.lock +++ b/flake.lock @@ -279,6 +279,28 @@ "type": "github" } }, + "java_2": { + "inputs": { + "nixpkgs": [ + "quilt-server", + "nixpkgs" + ], + "utils": "utils_3" + }, + "locked": { + "lastModified": 1656122108, + "narHash": "sha256-wJrVZLqvBhq+u2Mi3yc4oS8pOtzdxL6uMmmSt+1bNHE=", + "owner": "nathans-flakes", + "repo": "java", + "rev": "4ade2ae9e949b184ba2d47495ec348f385ab0300", + "type": "github" + }, + "original": { + "owner": "nathans-flakes", + "repo": "java", + "type": "github" + } + }, "libnbtplusplus": { "flake": false, "locked": { @@ -566,6 +588,27 @@ "type": "github" } }, + "quilt-server": { + "inputs": { + "java": "java_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656491198, + "narHash": "sha256-IGKH6jTFu5zrYZdkYw04Fbws4vcHAQL9AvUKSe+ZMXA=", + "owner": "forward-progress", + "repo": "quilt-server-nix-container", + "rev": "69fd2911bb627de147b44c0369065e00a79db7b7", + "type": "github" + }, + "original": { + "owner": "forward-progress", + "repo": "quilt-server-nix-container", + "type": "github" + } + }, "revealjs": { "flake": false, "locked": { @@ -594,6 +637,7 @@ "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "polymc": "polymc", + "quilt-server": "quilt-server", "sops-nix": "sops-nix" } }, @@ -681,6 +725,21 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_3": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d9c1a6d..a3bff71 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,10 @@ url = "github:nathans-flakes/java"; inputs.nixpkgs.follows = "nixpkgs"; }; + quilt-server = { + url = "github:forward-progress/quilt-server-nix-container"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -56,6 +60,7 @@ , polymc , nix-doom-emacs , java + , quilt-server }@attrs: let baseModules = [ diff --git a/machines/oracles.nix b/machines/oracles.nix index c094d6e..815da0d 100644 --- a/machines/oracles.nix +++ b/machines/oracles.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, java, ... }: +{ config, lib, pkgs, java, quilt-server, ... }: { # Use the systemd-boot EFI boot loader. @@ -57,7 +57,99 @@ format = "yaml"; sopsFile = ../secrets/borg.yaml; }; - # Setup the job + sops.secrets."friendpack-backblaze" = { + format = "yaml"; + sopsFile = ../secrets/backblaze.yaml; + }; + + # Setup minecraft container + containers.minecraft = + let + b2AccountID = "00284106ead1ac40000000002"; + b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}"; + b2Bucket = "ForwardProgressServerBackup"; + in + { + config = { pkgs, lib, ... }@attrs: + let + # OpenJDK 17 + javaPackage = pkgs.jdk; + in + { + imports = [ + quilt-server.nixosModules.default + ]; + ### + ## Container stuff + ### + # Let nix know this is a container + boot.isContainer = true; + # Set system state version + system.stateVersion = "22.05"; + # Setup networking + networking.useDHCP = false; + # Allow minecraft out + networking.firewall.allowedTCPPorts = [ 25565 ]; + + ### + ## User + ### + users = { + mutableUsers = false; + # Enable us to not use a password, this is a container + allowNoPasswordLogin = true; + }; + + ### + ## Configure module + ### + forward-progress = { + services = { + minecraft = { + enable = true; + minecraft-version = "1.18.2"; + quilt-version = "0.17.1-beta.4"; + ram = 6144; + properties = { + motd = "Nathan's Private Modded Minecraft"; + }; + packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml"; + acceptEula = true; + }; + backup = { + enable = true; + backblaze = { + enable = true; + accountId = b2AccountID; + keyFile = b2KeyFile; + bucket = b2Bucket; + }; + }; + }; + }; + }; + autoStart = true; + bindMounts = { + "/var/minecraft" = { + hostPath = "/var/minecraft"; + isReadOnly = false; + }; + }; + forwardPorts = [ + { + containerPort = 25565; + hostPort = 25565; + protocol = "tcp"; + } + { + containerPort = 25565; + hostPort = 25565; + protocol = "udp"; + } + ]; + }; + + # Setup the backup job services.borgbackup.jobs = { files = { paths = [ @@ -73,6 +165,7 @@ "/var/lib/redis" "/var/lib/docker" "/var/log" + "/var/minecraft" ]; repo = "de1955@de1955.rsync.net:computers/oracles"; encryption = { diff --git a/modules/games.nix b/modules/games.nix index 5e1b9b3..9ca50cc 100644 --- a/modules/games.nix +++ b/modules/games.nix @@ -16,7 +16,7 @@ # PolyMC minecraft stuff polymc glfw-patched - (pkgs.callPackage ../packages/blockbench/default.nix {}) + (pkgs.callPackage ../packages/blockbench/default.nix { }) ]; unstable-packages = with nixpkgs-unstable.legacyPackages."${pkgs.system}"; [ # Packwiz for maintaing modpacks diff --git a/secrets/backblaze.yaml b/secrets/backblaze.yaml new file mode 100644 index 0000000..7fe46a0 --- /dev/null +++ b/secrets/backblaze.yaml @@ -0,0 +1,66 @@ +friendpack-backblaze: ENC[AES256_GCM,data:m1QFetDGUMQabN5waGU7tSaxLQm42n3HViPVATiICg==,iv:VpDfdQ8MqqRje6DlZOJ01b7ZHmrD0g+ADtj/KQY+LR0=,tag:EwlRWLqtuldTSdFsaetisQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQWtYK2VSL1NjV2UrYnJE + aFpZUWVYZXFmallsa1lXRndSeW80Ti9FcEdvCjk3YU50M1Z4ZDhFNENUT0wxaTIx + dGorVzNMSGh6SUxOeXFlbEtRSWJlK1UKLS0tIGxTMS95OUxaeHNhclVLWUVCdnJU + NGRJS0xsV3JSNlRhTVMyVFZaWm9iU1kKsvP3YfIqo2ahRUrB+MvucmeaNW93je5s + SBLmbpGl7MxHG/nnsLMh1Qgm+7r3D3KcgneN/CCkgvGEiXBi7/Z/jw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdWZQN0MxZm5kVUpHdkNT + b2xVYXZ1eThwWUZWTzVSdkF4WUIreWoyQUcwCmZaNkphbjdlcTNOS1dzekhseWt2 + dndmdGdHSWxHK1hjL2lTVVluMEJtUU0KLS0tIE00SjdIYWY2MkFNMnNDUEphU3JT + SFpEMGFvRi92UXM2dXh4WlRNVm1zV3cK49jAamvCbTbzzS0EGo7JqdmQR/SDaTuV + UpZ63mtgWmmgDLGjJWtdNOR0QNu6i/vNCcJ7uQ5NgOnvuM267pSJYg== + -----END AGE ENCRYPTED FILE----- + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUb1l4ZzFhV3dIVHpsVFcr + K2J3cXEwWUhVTVZEcmFQVWZreTdQSVZCdmdZCmcybEM1djZRK2wrQ0VETDQ2V2Jr + SUlsZWo4MWYzQzVnNlVpb2IxS0czQmcKLS0tIG9YbE1hd3lrb0E0SmQyVnBUVkdH + ZzduU2ZTQ0xYZ2NDRHZ4WkhaN1lXVlUKJepT64ruXsICQELt1OYKkiVcG7VrC8AK + BU7KgpgNQ1S1izdmUsp/YtEOhT1JYFuqPZne1YBarCcxrs9yoe1qdw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dm5pdFJvdEkvQllIc25F + ZjkyT1BrU2FDUGIyK2lOK0hoc3cvekRhZDF3ClI3VGxTY0IrL1FqdHNvWndSQVFq + dVQvbmlEQWMwSmg1dnV5NmVhMlpHWUUKLS0tIGdaQXBNcHNJTUUyMEFoYkN5MFhN + RForSlpVOXY0L3JvRlprelkrRkFnQXMK9R3qCUxOZwuFqRbjKXuy9YMiPZYy0eb0 + ckrnzCAa6kCPTK7z59Ay8/YmrtFHgeJoqSDTvHg0V1H+Ynt+Wd84cg== + -----END AGE ENCRYPTED FILE----- + - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWa1ZMVjFaNGJVT3RTVnY3 + c25IWk11Wm5IbE1wV1JaaXNJZGI4eHhERkJJCi9zdTdEdmJQZTQ5ajJ5NHNYblVy + b2tFeEprOEt4V2huSzlDd0Y3c1lLOGsKLS0tIG9jczY3a1JjWDJXTkhRajI2cHhk + NjFqbnE2SlZ2TGhBeGFqbVdTUVBUZ0kKjsiT5P1bPSfI1V1CIkydWzPsat2aAwBi + ANUePn2zhaFDzZsKRVGkVc8M2pw4aQC3lk6r7bPoQZ7fjFIh45wm8A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZHlxRjVCZzZkOUhMaS9V + WldSM0tZUzNHQ3Z3L3Myd0cvT2lxUTlyV2xjCk1ZSm94SkJodktoS0NrWFhtZTlp + RU1nSGRnZHlMYzdzVW9QYi92NG45TnMKLS0tIHhMSnBuMHRBUU9CTmpCcTA0NE1Y + ak4waGp0UDJaaVk1eWgvazJhaHpVMzQKnsJLuWk/jzoQ45Po9esJyR8ynBWj88w5 + W3vSgFbAfr/pXaitCEBADMLDA21sNjq9/hm6VddhS3mgmZWuTBHlCA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-06-29T08:33:24Z" + mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3