feat: Add minecraft container to oracles

This commit is contained in:
Nathan McCarty 2022-06-29 04:48:24 -04:00
parent 20d3ba6052
commit ebd4ae36a1
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
5 changed files with 226 additions and 3 deletions

View File

@ -279,6 +279,28 @@
"type": "github" "type": "github"
} }
}, },
"java_2": {
"inputs": {
"nixpkgs": [
"quilt-server",
"nixpkgs"
],
"utils": "utils_3"
},
"locked": {
"lastModified": 1656122108,
"narHash": "sha256-wJrVZLqvBhq+u2Mi3yc4oS8pOtzdxL6uMmmSt+1bNHE=",
"owner": "nathans-flakes",
"repo": "java",
"rev": "4ade2ae9e949b184ba2d47495ec348f385ab0300",
"type": "github"
},
"original": {
"owner": "nathans-flakes",
"repo": "java",
"type": "github"
}
},
"libnbtplusplus": { "libnbtplusplus": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -566,6 +588,27 @@
"type": "github" "type": "github"
} }
}, },
"quilt-server": {
"inputs": {
"java": "java_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1656491198,
"narHash": "sha256-IGKH6jTFu5zrYZdkYw04Fbws4vcHAQL9AvUKSe+ZMXA=",
"owner": "forward-progress",
"repo": "quilt-server-nix-container",
"rev": "69fd2911bb627de147b44c0369065e00a79db7b7",
"type": "github"
},
"original": {
"owner": "forward-progress",
"repo": "quilt-server-nix-container",
"type": "github"
}
},
"revealjs": { "revealjs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -594,6 +637,7 @@
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"polymc": "polymc", "polymc": "polymc",
"quilt-server": "quilt-server",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
@ -681,6 +725,21 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_3": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@ -41,6 +41,10 @@
url = "github:nathans-flakes/java"; url = "github:nathans-flakes/java";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
quilt-server = {
url = "github:forward-progress/quilt-server-nix-container";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
@ -56,6 +60,7 @@
, polymc , polymc
, nix-doom-emacs , nix-doom-emacs
, java , java
, quilt-server
}@attrs: }@attrs:
let let
baseModules = [ baseModules = [

View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, java, ... }: { config, lib, pkgs, java, quilt-server, ... }:
{ {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -57,7 +57,99 @@
format = "yaml"; format = "yaml";
sopsFile = ../secrets/borg.yaml; sopsFile = ../secrets/borg.yaml;
}; };
# Setup the job sops.secrets."friendpack-backblaze" = {
format = "yaml";
sopsFile = ../secrets/backblaze.yaml;
};
# Setup minecraft container
containers.minecraft =
let
b2AccountID = "00284106ead1ac40000000002";
b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}";
b2Bucket = "ForwardProgressServerBackup";
in
{
config = { pkgs, lib, ... }@attrs:
let
# OpenJDK 17
javaPackage = pkgs.jdk;
in
{
imports = [
quilt-server.nixosModules.default
];
###
## Container stuff
###
# Let nix know this is a container
boot.isContainer = true;
# Set system state version
system.stateVersion = "22.05";
# Setup networking
networking.useDHCP = false;
# Allow minecraft out
networking.firewall.allowedTCPPorts = [ 25565 ];
###
## User
###
users = {
mutableUsers = false;
# Enable us to not use a password, this is a container
allowNoPasswordLogin = true;
};
###
## Configure module
###
forward-progress = {
services = {
minecraft = {
enable = true;
minecraft-version = "1.18.2";
quilt-version = "0.17.1-beta.4";
ram = 6144;
properties = {
motd = "Nathan's Private Modded Minecraft";
};
packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml";
acceptEula = true;
};
backup = {
enable = true;
backblaze = {
enable = true;
accountId = b2AccountID;
keyFile = b2KeyFile;
bucket = b2Bucket;
};
};
};
};
};
autoStart = true;
bindMounts = {
"/var/minecraft" = {
hostPath = "/var/minecraft";
isReadOnly = false;
};
};
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
};
# Setup the backup job
services.borgbackup.jobs = { services.borgbackup.jobs = {
files = { files = {
paths = [ paths = [
@ -73,6 +165,7 @@
"/var/lib/redis" "/var/lib/redis"
"/var/lib/docker" "/var/lib/docker"
"/var/log" "/var/log"
"/var/minecraft"
]; ];
repo = "de1955@de1955.rsync.net:computers/oracles"; repo = "de1955@de1955.rsync.net:computers/oracles";
encryption = { encryption = {

66
secrets/backblaze.yaml Normal file
View File

@ -0,0 +1,66 @@
friendpack-backblaze: ENC[AES256_GCM,data:m1QFetDGUMQabN5waGU7tSaxLQm42n3HViPVATiICg==,iv:VpDfdQ8MqqRje6DlZOJ01b7ZHmrD0g+ADtj/KQY+LR0=,tag:EwlRWLqtuldTSdFsaetisQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQWtYK2VSL1NjV2UrYnJE
aFpZUWVYZXFmallsa1lXRndSeW80Ti9FcEdvCjk3YU50M1Z4ZDhFNENUT0wxaTIx
dGorVzNMSGh6SUxOeXFlbEtRSWJlK1UKLS0tIGxTMS95OUxaeHNhclVLWUVCdnJU
NGRJS0xsV3JSNlRhTVMyVFZaWm9iU1kKsvP3YfIqo2ahRUrB+MvucmeaNW93je5s
SBLmbpGl7MxHG/nnsLMh1Qgm+7r3D3KcgneN/CCkgvGEiXBi7/Z/jw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdWZQN0MxZm5kVUpHdkNT
b2xVYXZ1eThwWUZWTzVSdkF4WUIreWoyQUcwCmZaNkphbjdlcTNOS1dzekhseWt2
dndmdGdHSWxHK1hjL2lTVVluMEJtUU0KLS0tIE00SjdIYWY2MkFNMnNDUEphU3JT
SFpEMGFvRi92UXM2dXh4WlRNVm1zV3cK49jAamvCbTbzzS0EGo7JqdmQR/SDaTuV
UpZ63mtgWmmgDLGjJWtdNOR0QNu6i/vNCcJ7uQ5NgOnvuM267pSJYg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUb1l4ZzFhV3dIVHpsVFcr
K2J3cXEwWUhVTVZEcmFQVWZreTdQSVZCdmdZCmcybEM1djZRK2wrQ0VETDQ2V2Jr
SUlsZWo4MWYzQzVnNlVpb2IxS0czQmcKLS0tIG9YbE1hd3lrb0E0SmQyVnBUVkdH
ZzduU2ZTQ0xYZ2NDRHZ4WkhaN1lXVlUKJepT64ruXsICQELt1OYKkiVcG7VrC8AK
BU7KgpgNQ1S1izdmUsp/YtEOhT1JYFuqPZne1YBarCcxrs9yoe1qdw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dm5pdFJvdEkvQllIc25F
ZjkyT1BrU2FDUGIyK2lOK0hoc3cvekRhZDF3ClI3VGxTY0IrL1FqdHNvWndSQVFq
dVQvbmlEQWMwSmg1dnV5NmVhMlpHWUUKLS0tIGdaQXBNcHNJTUUyMEFoYkN5MFhN
RForSlpVOXY0L3JvRlprelkrRkFnQXMK9R3qCUxOZwuFqRbjKXuy9YMiPZYy0eb0
ckrnzCAa6kCPTK7z59Ay8/YmrtFHgeJoqSDTvHg0V1H+Ynt+Wd84cg==
-----END AGE ENCRYPTED FILE-----
- recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWa1ZMVjFaNGJVT3RTVnY3
c25IWk11Wm5IbE1wV1JaaXNJZGI4eHhERkJJCi9zdTdEdmJQZTQ5ajJ5NHNYblVy
b2tFeEprOEt4V2huSzlDd0Y3c1lLOGsKLS0tIG9jczY3a1JjWDJXTkhRajI2cHhk
NjFqbnE2SlZ2TGhBeGFqbVdTUVBUZ0kKjsiT5P1bPSfI1V1CIkydWzPsat2aAwBi
ANUePn2zhaFDzZsKRVGkVc8M2pw4aQC3lk6r7bPoQZ7fjFIh45wm8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZHlxRjVCZzZkOUhMaS9V
WldSM0tZUzNHQ3Z3L3Myd0cvT2lxUTlyV2xjCk1ZSm94SkJodktoS0NrWFhtZTlp
RU1nSGRnZHlMYzdzVW9QYi92NG45TnMKLS0tIHhMSnBuMHRBUU9CTmpCcTA0NE1Y
ak4waGp0UDJaaVk1eWgvazJhaHpVMzQKnsJLuWk/jzoQ45Po9esJyR8ynBWj88w5
W3vSgFbAfr/pXaitCEBADMLDA21sNjq9/hm6VddhS3mgmZWuTBHlCA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-29T08:33:24Z"
mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3