uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(etna): refactor and split into different files

Browse source 
this also disables the matrix server (conduit) and removes an unused open firewall port
This commit is contained in:
uku 2024-04-02 20:53:12 +02:00
parent 05c057f0ea
commit 26480457ff
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
4 changed files with 156 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
systems/etna/attic.nix Normal file
View file

@ -0,0 +1,32 @@
{config, ...}: {
cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticEnv.path;
settings = {
listen = "[::]:6000";
api-endpoint = "https://attic.uku3lig.net/";
storage = {
type = "local";
path = "/data/attic";
};
chunking = {
nar-size-threshold = 65536; # 64 KiB
min-size = 16384; # 16 KiB
avg-size = 65536; # 64 KiB
max-size = 262144; # 256 KiB
};
compression.type = "zstd";
garbage-collection = {
interval = "1 day";
default-retention-period = "6 weeks";
};
};
};
}

159
systems/etna/default.nix
View file

@ -1,8 +1,17 @@
{
lib,
config,
pkgs,
...
}: {
}: let
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
in {
imports = [
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
./minecraft.nix
./attic.nix
];
age.secrets = let
path = ../../secrets/etna;
in {
@ -21,8 +30,6 @@
boot.loader.systemd-boot.enable = true;
networking.firewall.allowedTCPPorts = [4040];
services = {
api-rs = {
enable = true;
@ -49,161 +56,19 @@
};
};
cron = {
enable = true;
systemCronJobs = [
"0 3 * * * systemctl restart podman-minecraft.service >> /data/minecraft/cronout 2>&1"
];
};
matrix-conduit = {
enable = true;
settings.global = {
server_name = "m.uku.moe";
allow_registration = true;
port = 6167;
};
};
frp = {
enable = true;
role = "client";
settings = {
common = {
server_addr = "49.13.148.129";
server_port = 7000;
};
minecraft = {
type = "tcp";
local_ip = "127.0.0.1";
local_port = 25565;
remote_port = 6000;
};
ragnamod7 = {
type = "tcp";
local_ip = "127.0.0.1";
local_port = 25566;
remote_port = 6001;
};
};
};
atticd = {
enable = true;
credentialsFile = config.age.secrets.atticEnv.path;
settings = {
listen = "[::]:6000";
api-endpoint = "https://attic.uku3lig.net/";
storage = {
type = "local";
path = "/data/attic";
};
chunking = {
nar-size-threshold = 65536; # 64 KiB
min-size = 16384; # 16 KiB
avg-size = 65536; # 64 KiB
max-size = 262144; # 256 KiB
};
compression.type = "zstd";
garbage-collection = {
interval = "1 day";
default-retention-period = "6 weeks";
};
};
};
cloudflared = {
enable = true;
tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = {
tunnels.${tunnelId} = {
credentialsFile = config.age.secrets.tunnelCreds.path;
ingress = {
"api.uku3lig.net" = "http://localhost:5000";
"bw.uku3lig.net" = "http://localhost:8222";
"maven.uku3lig.net" = "http://localhost:8080";
"attic.uku3lig.net" = "http://localhost:6000";
"m.uku.moe" = "http://localhost:80";
};
default = "http_status:404";
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."m.uku.moe" = {
locations."=/.well-known/matrix/server" = let
filename = "server-well-known";
content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
in {
alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
tryFiles = "${filename} =200";
extraConfig = ''
default_type application/json;
'';
};
locations."/" = {
proxyPass = "http://localhost:6167/";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
client_max_body_size 100M;
'';
};
};
};
};
virtualisation.oci-containers.containers = {
"minecraft" = {
image = "itzg/minecraft-server";
ports = ["25565:25565"];
volumes = [
"/data/minecraft:/data"
"/data/downloads:/downloads"
];
environmentFiles = [
config.age.secrets.minecraftEnv.path
];
environment = {
EULA = "true";
MEMORY = "12G";
USE_AIKAR_FLAGS = "true";
TYPE = "AUTO_CURSEFORGE";
CF_SLUG = "all-the-mods-8";
CF_FILE_ID = "4962718";
};
};
"ragnamod7" = {
image = "itzg/minecraft-server";
ports = ["25566:25565"];
volumes = [
"/data/ragnamod7:/data"
"/data/downloads:/downloads"
];
environmentFiles = [
config.age.secrets.minecraftEnv.path
];
environment = {
EULA = "true";
MEMORY = "12G";
USE_AIKAR_FLAGS = "true";
TYPE = "AUTO_CURSEFORGE";
CF_SLUG = "ragnamod-vii";
CF_FILE_ID = "5171286";
};
};
};
}

42
systems/etna/matrix.nix Normal file
View file

@ -0,0 +1,42 @@
{pkgs, ...}: {
cfTunnels."m.uku.moe" = "http://localhost:80";
services = {
matrix-conduit = {
enable = true;
settings.global = {
server_name = "m.uku.moe";
allow_registration = true;
port = 6167;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."m.uku.moe" = {
locations."=/.well-known/matrix/server" = let
filename = "server-well-known";
content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
in {
alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
tryFiles = "${filename} =200";
extraConfig = ''
default_type application/json;
'';
};
locations."/" = {
proxyPass = "http://localhost:6167/";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
client_max_body_size 100M;
'';
};
};
};
};
}

70
systems/etna/minecraft.nix Normal file
View file

@ -0,0 +1,70 @@
{config, ...}: {
services = {
frp = {
enable = true;
role = "client";
settings = {
common = {
server_addr = "49.13.148.129";
server_port = 7000;
};
minecraft = {
type = "tcp";
local_ip = "127.0.0.1";
local_port = 25565;
remote_port = 6000;
};
ragnamod7 = {
type = "tcp";
local_ip = "127.0.0.1";
local_port = 25566;
remote_port = 6001;
};
};
};
};
virtualisation.oci-containers.containers = {
"minecraft" = {
image = "itzg/minecraft-server";
ports = ["25565:25565"];
volumes = [
"/data/minecraft:/data"
"/data/downloads:/downloads"
];
environmentFiles = [
config.age.secrets.minecraftEnv.path
];
environment = {
EULA = "true";
MEMORY = "12G";
USE_AIKAR_FLAGS = "true";
TYPE = "AUTO_CURSEFORGE";
CF_SLUG = "all-the-mods-8";
CF_FILE_ID = "4962718";
};
};
"ragnamod7" = {
image = "itzg/minecraft-server";
ports = ["25566:25565"];
volumes = [
"/data/ragnamod7:/data"
"/data/downloads:/downloads"
];
environmentFiles = [
config.age.secrets.minecraftEnv.path
];
environment = {
EULA = "true";
MEMORY = "12G";
USE_AIKAR_FLAGS = "true";
TYPE = "AUTO_CURSEFORGE";
CF_SLUG = "ragnamod-vii";
CF_FILE_ID = "5171286";
};
};
};
}