From 5e8b59c7adae1a100da6ec8a7e82172051bc8b36 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 22:56:40 -0600 Subject: [PATCH 1/2] feat: added minecraft server --- flake.lock | 213 +++++++++++++++++- flake.nix | 4 + modules/config/instances/config/minecraft.nix | 40 ++-- modules/nixos/default.nix | 2 +- .../nixos/desktop/wayland/tuios/default.nix | 6 + modules/nixos/guests/minecraft/default.nix | 11 + .../nixos/guests/minecraft/world0/default.nix | 185 +++++++++++++++ .../nixos/services/audiobookshelf/default.nix | 58 ----- modules/nixos/services/minecraft/default.nix | 98 -------- modules/nixos/services/prompter/default.nix | 48 ---- secrets/secrets.yaml | 7 +- 11 files changed, 441 insertions(+), 231 deletions(-) create mode 100755 modules/nixos/desktop/wayland/tuios/default.nix create mode 100755 modules/nixos/guests/minecraft/default.nix create mode 100755 modules/nixos/guests/minecraft/world0/default.nix delete mode 100755 modules/nixos/services/audiobookshelf/default.nix delete mode 100755 modules/nixos/services/minecraft/default.nix delete mode 100755 modules/nixos/services/prompter/default.nix diff --git a/flake.lock b/flake.lock index e8b964d..4e1e77d 100755 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "tuios", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "elm-spa": { "inputs": { "nixpkgs": [ @@ -194,6 +215,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1746162366, + "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1747046372, @@ -305,6 +342,27 @@ } }, "flake-parts_6": { + "inputs": { + "nixpkgs-lib": [ + "tuios", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_7": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -322,7 +380,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_5" }, @@ -340,6 +398,21 @@ "type": "github" } }, + "flake-root": { + "locked": { + "lastModified": 1723604017, + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", + "owner": "srid", + "repo": "flake-root", + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "flake-root", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -391,6 +464,32 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": [ + "tuios", + "flake-compat" + ], + "gitignore": "gitignore_3", + "nixpkgs": [ + "tuios", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -434,6 +533,28 @@ "type": "github" } }, + "gitignore_3": { + "inputs": { + "nixpkgs": [ + "tuios", + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -1038,6 +1159,35 @@ "type": "github" } }, + "nix-fast-build": { + "inputs": { + "flake-parts": [ + "tuios", + "flake-parts" + ], + "nixpkgs": [ + "tuios", + "nixpkgs" + ], + "treefmt-nix": [ + "tuios", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1760844047, + "narHash": "sha256-keUdhTbSV3PyqGxyXLE49FxsZ/Ev1dsSZPYOtQIJoDk=", + "owner": "Mic92", + "repo": "nix-fast-build", + "rev": "a0f6a196f09000e43951e543ede70140a16aa0ff", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-fast-build", + "type": "github" + } + }, "nixcord": { "inputs": { "flake-compat": "flake-compat_2", @@ -1532,6 +1682,7 @@ "sops-nix": "sops-nix", "systems": "systems_5", "treefmt-nix": "treefmt-nix_3", + "tuios": "tuios", "upRootNutrition": "upRootNutrition", "waybar": "waybar", "wpaperd": "wpaperd", @@ -1742,6 +1893,27 @@ } }, "treefmt-nix_4": { + "inputs": { + "nixpkgs": [ + "tuios", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760945191, + "narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_5": { "inputs": { "nixpkgs": "nixpkgs_8" }, @@ -1759,7 +1931,7 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { "nixpkgs": "nixpkgs_9" }, @@ -1777,13 +1949,40 @@ "type": "github" } }, + "tuios": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_6", + "flake-root": "flake-root", + "git-hooks-nix": "git-hooks-nix", + "nix-fast-build": "nix-fast-build", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_4" + }, + "locked": { + "lastModified": 1763040930, + "narHash": "sha256-iR8IPelvfTeS8cG7Duruf4zzVChdQCBdBvNFkjPUxMU=", + "owner": "Gaurav-Gosain", + "repo": "tuios", + "rev": "2fc6f7a498aef55c509c1eb575badd9d0b4855a9", + "type": "github" + }, + "original": { + "owner": "Gaurav-Gosain", + "repo": "tuios", + "type": "github" + } + }, "upRootNutrition": { "inputs": { - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "mkElmDerivation": "mkElmDerivation_2", "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_4", - "treefmt-nix": "treefmt-nix_4" + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1761538643, @@ -1801,7 +2000,7 @@ }, "waybar": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "nixpkgs": [ "nixpkgs" ] @@ -1918,11 +2117,11 @@ }, "zookeeper": { "inputs": { - "flake-parts": "flake-parts_7", + "flake-parts": "flake-parts_8", "nixpkgs": [ "nixpkgs" ], - "treefmt-nix": "treefmt-nix_5" + "treefmt-nix": "treefmt-nix_6" }, "locked": { "lastModified": 1763275059, diff --git a/flake.nix b/flake.nix index 715241b..4c4d320 100755 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,10 @@ url = "github:kaylorben/nixcord"; inputs.nixpkgs.follows = "nixpkgs"; }; + tuios = { + url = "github:Gaurav-Gosain/tuios"; + inputs.nixpkgs.follows = "nixpkgs"; + }; microvm = { url = "github:microvm-nix/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/config/instances/config/minecraft.nix b/modules/config/instances/config/minecraft.nix index e561368..e33ed15 100755 --- a/modules/config/instances/config/minecraft.nix +++ b/modules/config/instances/config/minecraft.nix @@ -1,30 +1,38 @@ { moduleFunctions }: let inherit (moduleFunctions.instancesFunctions) - domain0 - servicePath - sslPath - sopsPath + varPath + mntPath + secretPath ; - label = "Minecraft"; name = "minecraft"; + short = "mine"; + secrets = "${secretPath}/${name}"; in { label = label; name = name; - sops = { - path0 = "${sopsPath}/${name}"; - }; - subdomain = name; - paths = { - path0 = "${servicePath}/${label}"; - }; + short = short; ports = { - port0 = 43000; # Minecraft (Brix on Nix) + port0 = 43000; }; - ssl = { - cert = "${sslPath}/${name}.${domain0}/fullchain.pem"; - key = "${sslPath}/${name}.${domain0}/key.pem"; + interface = { + id = "vm-${short}"; + mac = "02:00:00:00:51:41"; + idUser = "vmuser-${short}"; + macUser = "02:00:00:00:00:41"; + ip = "192.168.50.141"; + gate = "192.168.50.1"; + ssh = 2401; + }; + varPaths = { + path0 = "${varPath}/${name}"; + }; + mntPaths = { + path0 = "${mntPath}/${name}"; + }; + secretPaths = { + path0 = secrets; }; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 55d22a1..53cb3ed 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -61,7 +61,7 @@ in mastodon microvm midnight - # minecraft + minecraft # ollamaCeres ceresOpenCloud # postgresCeres diff --git a/modules/nixos/desktop/wayland/tuios/default.nix b/modules/nixos/desktop/wayland/tuios/default.nix new file mode 100755 index 0000000..3f72270 --- /dev/null +++ b/modules/nixos/desktop/wayland/tuios/default.nix @@ -0,0 +1,6 @@ +{ flake, pkgs, ... }: +{ + environment.systemPackages = [ + flake.inputs.tuios.packages.${pkgs.system}.default + ]; +} diff --git a/modules/nixos/guests/minecraft/default.nix b/modules/nixos/guests/minecraft/default.nix new file mode 100755 index 0000000..da65bd2 --- /dev/null +++ b/modules/nixos/guests/minecraft/default.nix @@ -0,0 +1,11 @@ +let + importList = + let + content = builtins.readDir ./.; + dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content); + in + map (name: ./. + "/${name}") dirContent; +in +{ + imports = importList; +} diff --git a/modules/nixos/guests/minecraft/world0/default.nix b/modules/nixos/guests/minecraft/world0/default.nix new file mode 100755 index 0000000..ec77478 --- /dev/null +++ b/modules/nixos/guests/minecraft/world0/default.nix @@ -0,0 +1,185 @@ +{ + flake, + ... +}: +let + inherit (flake.config.people) user0; + inherit (flake.config.services) instances; + serviceCfg = instances.minecraft; + hostCfg = instances.web; + world = "world0"; +in +{ + microvm.vms = { + "${serviceCfg.name}-${world}" = { + autostart = true; + restartIfChanged = true; + config = { + system.stateVersion = "24.05"; + time.timeZone = "America/Winnipeg"; + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + services = { + minecraft-server = { + enable = true; + eula = true; + openFirewall = true; + declarative = true; + serverProperties = { + "rcon.password" = "/etc/${serviceCfg.name}-secrets/${world}"; + allow-flight = false; + allow-nether = true; + difficulty = 2; + enable-command-block = false; + enable-rcon = true; + enable-status = true; + force-gamemode = true; + gamemode = 0; + generate-structures = true; + hardcore = false; + hide-online-players = false; + level-name = "Brix on Nix"; + level-seed = "9064150133272194"; + max-players = 10; + max-world-size = 64000000; + motd = "A cool Minecraft server powered by NixOS"; + online-mode = true; + pvp = true; + server-port = serviceCfg.ports.port0; + spawn-animals = true; + spawn-monsters = true; + spawn-npcs = true; + spawn-protection = 16; + view-dtstance = 32; + white-list = true; + }; + whitelist = { + Hefty_Chungus = "b75a9816-d408-4c54-b226-385b59ea1cb3"; + Hefty_Chungus_Jr = "c3bf8cac-e953-4ea4-ae5f-7acb92a51a85"; + EclipseMoon01 = "adef4af7-d8c6-4627-b492-e990ea1bb993"; + Fallaryn = "d8baa117-ab58-4b07-92a5-48fb1978eb49"; + }; + }; + + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 22 # SSH + serviceCfg.ports.port0 + ]; + + systemd = { + services = { + "${serviceCfg.name}-copy-secrets" = { + description = "Copy secrets from virtiofs to local filesystem"; + before = [ "minecraft-server.service" ]; + requiredBy = [ "minecraft-server.service" ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p /etc/${serviceCfg.name}-secrets + cp /run/secrets/${world} /etc/${serviceCfg.name}-secrets/${world} + chmod 755 /etc/${serviceCfg.name}-secrets + chmod 644 /etc/${serviceCfg.name}-secrets/* + ''; + }; + + }; + network = { + enable = true; + networks."20-lan" = { + matchConfig.Name = "enp0s5"; + addresses = [ + { Address = "${serviceCfg.interface.ip}/24"; } + ]; + routes = [ + { + Destination = "${hostCfg.localhost.address1}/0"; + Gateway = serviceCfg.interface.gate; + } + ]; + dns = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; + }; + + tmpfiles.rules = [ + "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -" + ]; + + }; + + systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ]; + + microvm = { + vcpu = 6; + mem = 1024 * 8; + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = serviceCfg.interface.id; + mac = serviceCfg.interface.mac; + } + { + type = "user"; + id = serviceCfg.interface.idUser; + mac = serviceCfg.interface.macUser; + } + ]; + forwardPorts = [ + { + from = "host"; + host.port = serviceCfg.interface.ssh; + guest.port = 22; + } + ]; + shares = [ + { + mountPoint = "/nix/.ro-store"; + proto = "virtiofs"; + source = "/nix/store"; + tag = "read_only_nix_store"; + } + { + mountPoint = "/var/lib/${serviceCfg.name}"; + proto = "virtiofs"; + source = serviceCfg.mntPaths.path0; + tag = "${serviceCfg.name}_data"; + } + { + mountPoint = "/run/secrets"; + proto = "virtiofs"; + source = "/run/secrets/${serviceCfg.name}"; + tag = "host_secrets"; + } + ]; + }; + }; + }; + }; + + systemd = { + tmpfiles.rules = [ + "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" + ]; + }; + + sops.secrets = { + "${serviceCfg.name}/${world}" = { + owner = "root"; + mode = "0600"; + }; + }; +} diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix deleted file mode 100755 index 32ad1ec..0000000 --- a/modules/nixos/services/audiobookshelf/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ flake, ... }: -let - inherit (flake.config.services.instances) audiobookshelf web; - inherit (flake.config.machines.devices) ceres; - service = audiobookshelf; - host = service.domains.url0; - localhost = web.localhost.address0; -in -{ - services = { - audiobookshelf = { - enable = true; - host = localhost; - port = service.ports.port0; - dataDir = service.name; - openFirewall = true; - }; - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 - - reverse_proxy ${localhost}:${toString service.ports.port0} - - tls ${service.ssl.cert} ${service.ssl.key} - - encode gzip zstd - ''; - }; - }; - }; - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 0755 ${service.name} ${service.name} -" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - ]; - }; - }; -} diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix deleted file mode 100755 index cdb5fe4..0000000 --- a/modules/nixos/services/minecraft/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - config, - flake, - ... -}: -let - inherit (flake.config.machines.devices) ceres; - inherit (flake.config.services.instances) minecraft; - service = minecraft; -in -{ - services = { - minecraft-server = { - enable = true; - eula = true; - openFirewall = true; - declarative = true; - serverProperties = { - "rcon.password" = config.sops.secrets."${service.name}-pass".path; - allow-flight = false; - allow-nether = true; - difficulty = 2; - enable-command-block = false; - enable-rcon = true; - enable-status = true; - force-gamemode = true; - gamemode = 0; - generate-structures = true; - hardcore = false; - hide-online-players = false; - level-name = "Brix on Nix"; - level-seed = "9064150133272194"; - max-players = 10; - max-world-size = 64000000; - motd = "A cool Minecraft server powered by NixOS"; - online-mode = true; - pvp = true; - server-port = service.ports.port0; - spawn-animals = true; - spawn-monsters = true; - spawn-npcs = true; - spawn-protection = 16; - view-dtstance = 32; - white-list = true; - }; - whitelist = { - Hefty_Chungus = "b75a9816-d408-4c54-b226-385b59ea1cb3"; - Hefty_Chungus_Jr = "c3bf8cac-e953-4ea4-ae5f-7acb92a51a85"; - EclipseMoon01 = "adef4af7-d8c6-4627-b492-e990ea1bb993"; - Fallaryn = "d8baa117-ab58-4b07-92a5-48fb1978eb49"; - }; - }; - }; - sops = - let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}"; - owner = service.name; - mode = "600"; - }; - in - { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}-${secret}"; - value = sopsPath secret; - }) - [ - "pass" - ] - ); - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 0755 ${service.name} ${service.name} -" - "Z ${service.sops.path0} 0755 ${service.name} ${service.name} -" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - ]; - }; - }; -} diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix deleted file mode 100755 index f822cf6..0000000 --- a/modules/nixos/services/prompter/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, flake, ... }: -let - inherit (flake.config.services.instances) - prompter - ; - service = prompter; - host = prompter.domains.url0; -in -{ - services = { - caddy = { - environmentFile = config.sops.secrets."caddy/${service.name}-auth".path; - - virtualHosts = { - "${host}" = { - extraConfig = '' - basicauth { - {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH} - } - root * ${service.paths.path0} - file_server - encode gzip - try_files {path} /index.html - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - }; - sops = - let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}.env"; - owner = "caddy"; - mode = "0400"; - }; - in - { - secrets = { - "caddy/${service.name}-auth" = sopsPath "auth"; - }; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 caddy caddy -" - "Z ${service.sops.path0} 755 caddy caddy -" - ]; -} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 186bf68..29d26de 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -21,7 +21,8 @@ forgejo: smtp: ENC[AES256_GCM,data:rL1loo/yKrIPmZVpa6S8ka9lX2bwkgCNYRCZ1Np07ANp,iv:Si2sqBNlVQzi8rlfp8WQFUoyu4xJGfPYc9N6V6jrry4=,tag:SdPIRaiiIaHe1DnOxp1Y0Q==,type:str] zookeeper: env: ENC[AES256_GCM,data:CEEUmzRxvyeXSQfwUkmZq46HQNkv3I+wMzkBoUpAlh3D5O3L5kCeoDksDWuQrVTeQfIwKj18LDeeG+2Bz5XOVPTyXm/Ap+m2Jw==,iv:6eX7ocY5PiQaJ0KBDiKxhx0UguuQWcIbiZSYHY2hHjU=,tag:6vXg2fzRyfuJd5G3yNeUNA==,type:str] -minecraft-pass: ENC[AES256_GCM,data:0natV6dEpItFp5zsUKqgVMZLLmqRLBEf,iv:Bc7RTXnpdec0wn25Rb7SkVTf5BjXzq3YCXcjwrC7V9k=,tag:Og5qN94G6pHdpIk6YDg1ZA==,type:str] +minecraft: + world0: ENC[AES256_GCM,data:pz7P5g9jRL8KaARfSs2ddmN76ioKSuSv7A==,iv:ZFIhS15BPxHzTW4aPpT7A8R4rxuyNNGjPJXqJXYoBpk=,tag:aymiUs87YR519eZN8Aopyw==,type:str] vaultwarden: env: ENC[AES256_GCM,data:1MzIqnV/PCGNNqKVwhxZfmV92vRQsn3OxuvCXUtKyCmoA2xxD91U3EmMikTqM3EOHYAMHbF66YgQC5JjivbIF06OCeXMMLpGuN8ibCUQq7M6PQ34/LDMZnqynmC3/U0FJglSU7o1KA0=,iv:novSYG6j0l17xogdE5WiS2gNPNAVKeX9lgxe5EohBHk=,tag:w43z7a/MzObvVTQh8AiSTA==,type:str] dns: @@ -64,7 +65,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-17T02:11:29Z" - mac: ENC[AES256_GCM,data:hDts38zNNXTADzifmtdQhcC8mYE44eqGbnJU8RlXCoK/E7DV9frGqH1UHZFe+47Lk3byw/PF98GgT6u44BNQSQE9+h1D9IIBIqkG2WzeRA5JczW+yFjK/znGzYMmrIbQxqKlGY11KB7kEqi8wlaShhgnaWv2H4/eFGDmiwhv/zg=,iv:02j20UCXTkfx+XgtcF1kma3ljUElofd8tDtNRWC7Wn0=,tag:2JDbn4rqrgQpya1gRAImVg==,type:str] + lastmodified: "2025-11-18T04:44:47Z" + mac: ENC[AES256_GCM,data:B7g1vWlTq3SgmEr5ZMRXMJDmZa9G0OMaNqQLciNVTEwbR8h98K/5qdUl9XieA2Pr5114XwpV838iniCOeQfW3R7YTfhATw71flr1p6mXdHPIErVSFdeCT+xLhRk2uxCQLfQGiiZDcsuFt82byEYhgeXgrgp6ivo/sQOLaXAnbSY=,iv:eK9F3/tLxiEJnumuU6zVDh34fvXl3skCb0e4woZ59kI=,tag:hcaf72tZ4WuL3oAR/nuuEA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From e824bcaae1b05def8052d03f94440beb11134297 Mon Sep 17 00:00:00 2001 From: Nick Date: Tue, 18 Nov 2025 02:05:01 -0600 Subject: [PATCH 2/2] feat: added minecraft server --- .../home/gui/apps/messaging/vesktop/default.nix | 2 +- modules/nixos/guests/firefly-iii/default.nix | 17 +++++++++-------- .../nixos/guests/minecraft/world0/default.nix | 5 ++++- .../nixos/services/samba/sambaCeres/default.nix | 13 +++++++++++++ systems/mars/config/filesystem.nix | 1 + 5 files changed, 28 insertions(+), 10 deletions(-) diff --git a/modules/home/gui/apps/messaging/vesktop/default.nix b/modules/home/gui/apps/messaging/vesktop/default.nix index 1972a08..c977c79 100755 --- a/modules/home/gui/apps/messaging/vesktop/default.nix +++ b/modules/home/gui/apps/messaging/vesktop/default.nix @@ -6,7 +6,7 @@ { home.packages = builtins.attrValues { inherit (pkgs) - zoom-us + discord ; }; diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index fcf3188..d517e38 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -221,14 +221,6 @@ in }; }; - users.users.caddy.extraGroups = [ "acme" ]; - - security.acme.certs."${host}" = { - dnsProvider = dns; - environmentFile = config.sops.secrets.${dnsPath}.path; - group = "caddy"; - }; - systemd.tmpfiles.rules = [ "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -" @@ -253,6 +245,15 @@ in ] ); }; + + users.users.caddy.extraGroups = [ "acme" ]; + + security.acme.certs."${host}" = { + dnsProvider = dns; + environmentFile = config.sops.secrets.${dnsPath}.path; + group = "caddy"; + }; + services.caddy.virtualHosts."${host}" = { extraConfig = '' reverse_proxy http://${serviceCfg.interface.ip}:80 { diff --git a/modules/nixos/guests/minecraft/world0/default.nix b/modules/nixos/guests/minecraft/world0/default.nix index ec77478..7a2b15c 100755 --- a/modules/nixos/guests/minecraft/world0/default.nix +++ b/modules/nixos/guests/minecraft/world0/default.nix @@ -44,12 +44,13 @@ in motd = "A cool Minecraft server powered by NixOS"; online-mode = true; pvp = true; + server-ip = hostCfg.localhost.address1; server-port = serviceCfg.ports.port0; spawn-animals = true; spawn-monsters = true; spawn-npcs = true; spawn-protection = 16; - view-dtstance = 32; + view-distance = 32; white-list = true; }; whitelist = { @@ -182,4 +183,6 @@ in mode = "0600"; }; }; + + networking.firewall.allowedTCPPorts = [ serviceCfg.ports.port0 ]; } diff --git a/modules/nixos/services/samba/sambaCeres/default.nix b/modules/nixos/services/samba/sambaCeres/default.nix index 65c86f2..868b793 100755 --- a/modules/nixos/services/samba/sambaCeres/default.nix +++ b/modules/nixos/services/samba/sambaCeres/default.nix @@ -27,6 +27,19 @@ in "force create mode" = "0664"; "force directory mode" = "0775"; }; + "storage0" = { + path = "/mnt/storage"; + browseable = "yes"; + writeable = "yes"; + "guest ok" = "no"; + "create mask" = "0664"; + "directory mask" = "0775"; + "force user" = "microvm"; + "force group" = "wheel"; + "force create mode" = "0664"; + "force directory mode" = "0775"; + }; + }; }; }; diff --git a/systems/mars/config/filesystem.nix b/systems/mars/config/filesystem.nix index 7b5bbdc..e3c85b9 100755 --- a/systems/mars/config/filesystem.nix +++ b/systems/mars/config/filesystem.nix @@ -26,6 +26,7 @@ in ]; ceresFolders = [ "storage" + "storage0" ]; storageMounts = storageDrive: { name = "${mars.${storageDrive}.mount}";