From 26480457ffc8031e49173d3cfe2c1a9835901bd8 Mon Sep 17 00:00:00 2001 From: uku Date: Tue, 2 Apr 2024 20:53:12 +0200 Subject: [PATCH] chore(etna): refactor and split into different files this also disables the matrix server (conduit) and removes an unused open firewall port --- systems/etna/attic.nix | 32 ++++++++ systems/etna/default.nix | 159 +++---------------------------------- systems/etna/matrix.nix | 42 ++++++++++ systems/etna/minecraft.nix | 70 ++++++++++++++++ 4 files changed, 156 insertions(+), 147 deletions(-) create mode 100644 systems/etna/attic.nix create mode 100644 systems/etna/matrix.nix create mode 100644 systems/etna/minecraft.nix diff --git a/systems/etna/attic.nix b/systems/etna/attic.nix new file mode 100644 index 0000000..42ee98e --- /dev/null +++ b/systems/etna/attic.nix @@ -0,0 +1,32 @@ +{config, ...}: { + cfTunnels."attic.uku3lig.net" = "http://localhost:6000"; + + services.atticd = { + enable = true; + credentialsFile = config.age.secrets.atticEnv.path; + + settings = { + listen = "[::]:6000"; + api-endpoint = "https://attic.uku3lig.net/"; + + storage = { + type = "local"; + path = "/data/attic"; + }; + + chunking = { + nar-size-threshold = 65536; # 64 KiB + min-size = 16384; # 16 KiB + avg-size = 65536; # 64 KiB + max-size = 262144; # 256 KiB + }; + + compression.type = "zstd"; + + garbage-collection = { + interval = "1 day"; + default-retention-period = "6 weeks"; + }; + }; + }; +} \ No newline at end of file diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 2f01dfd..6038f4a 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -1,8 +1,17 @@ { + lib, config, - pkgs, ... -}: { +}: let + tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; +in { + imports = [ + (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) + + ./minecraft.nix + ./attic.nix + ]; + age.secrets = let path = ../../secrets/etna; in { @@ -21,8 +30,6 @@ boot.loader.systemd-boot.enable = true; - networking.firewall.allowedTCPPorts = [4040]; - services = { api-rs = { enable = true; @@ -49,161 +56,19 @@ }; }; - cron = { - enable = true; - systemCronJobs = [ - "0 3 * * * systemctl restart podman-minecraft.service >> /data/minecraft/cronout 2>&1" - ]; - }; - - matrix-conduit = { - enable = true; - settings.global = { - server_name = "m.uku.moe"; - allow_registration = true; - port = 6167; - }; - }; - - frp = { - enable = true; - role = "client"; - settings = { - common = { - server_addr = "49.13.148.129"; - server_port = 7000; - }; - - minecraft = { - type = "tcp"; - local_ip = "127.0.0.1"; - local_port = 25565; - remote_port = 6000; - }; - - ragnamod7 = { - type = "tcp"; - local_ip = "127.0.0.1"; - local_port = 25566; - remote_port = 6001; - }; - }; - }; - - atticd = { - enable = true; - credentialsFile = config.age.secrets.atticEnv.path; - - settings = { - listen = "[::]:6000"; - api-endpoint = "https://attic.uku3lig.net/"; - - storage = { - type = "local"; - path = "/data/attic"; - }; - - chunking = { - nar-size-threshold = 65536; # 64 KiB - min-size = 16384; # 16 KiB - avg-size = 65536; # 64 KiB - max-size = 262144; # 256 KiB - }; - - compression.type = "zstd"; - - garbage-collection = { - interval = "1 day"; - default-retention-period = "6 weeks"; - }; - }; - }; - cloudflared = { enable = true; - tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = { + tunnels.${tunnelId} = { credentialsFile = config.age.secrets.tunnelCreds.path; ingress = { "api.uku3lig.net" = "http://localhost:5000"; "bw.uku3lig.net" = "http://localhost:8222"; "maven.uku3lig.net" = "http://localhost:8080"; - "attic.uku3lig.net" = "http://localhost:6000"; - "m.uku.moe" = "http://localhost:80"; }; default = "http_status:404"; }; }; - - nginx = { - enable = true; - recommendedProxySettings = true; - - virtualHosts."m.uku.moe" = { - locations."=/.well-known/matrix/server" = let - filename = "server-well-known"; - content = builtins.toJSON {"m.server" = "m.uku.moe:443";}; - in { - alias = builtins.toString (pkgs.writeTextDir filename content) + "/"; - tryFiles = "${filename} =200"; - extraConfig = '' - default_type application/json; - ''; - }; - - locations."/" = { - proxyPass = "http://localhost:6167/"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - client_max_body_size 100M; - ''; - }; - }; - }; - }; - - virtualisation.oci-containers.containers = { - "minecraft" = { - image = "itzg/minecraft-server"; - ports = ["25565:25565"]; - volumes = [ - "/data/minecraft:/data" - "/data/downloads:/downloads" - ]; - environmentFiles = [ - config.age.secrets.minecraftEnv.path - ]; - environment = { - EULA = "true"; - MEMORY = "12G"; - USE_AIKAR_FLAGS = "true"; - TYPE = "AUTO_CURSEFORGE"; - CF_SLUG = "all-the-mods-8"; - CF_FILE_ID = "4962718"; - }; - }; - - "ragnamod7" = { - image = "itzg/minecraft-server"; - ports = ["25566:25565"]; - volumes = [ - "/data/ragnamod7:/data" - "/data/downloads:/downloads" - ]; - environmentFiles = [ - config.age.secrets.minecraftEnv.path - ]; - environment = { - EULA = "true"; - MEMORY = "12G"; - USE_AIKAR_FLAGS = "true"; - TYPE = "AUTO_CURSEFORGE"; - CF_SLUG = "ragnamod-vii"; - CF_FILE_ID = "5171286"; - }; - }; }; } diff --git a/systems/etna/matrix.nix b/systems/etna/matrix.nix new file mode 100644 index 0000000..8b7db40 --- /dev/null +++ b/systems/etna/matrix.nix @@ -0,0 +1,42 @@ +{pkgs, ...}: { + cfTunnels."m.uku.moe" = "http://localhost:80"; + + services = { + matrix-conduit = { + enable = true; + settings.global = { + server_name = "m.uku.moe"; + allow_registration = true; + port = 6167; + }; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + + virtualHosts."m.uku.moe" = { + locations."=/.well-known/matrix/server" = let + filename = "server-well-known"; + content = builtins.toJSON {"m.server" = "m.uku.moe:443";}; + in { + alias = builtins.toString (pkgs.writeTextDir filename content) + "/"; + tryFiles = "${filename} =200"; + extraConfig = '' + default_type application/json; + ''; + }; + + locations."/" = { + proxyPass = "http://localhost:6167/"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffering off; + client_max_body_size 100M; + ''; + }; + }; + }; + }; +} diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix new file mode 100644 index 0000000..f54ef58 --- /dev/null +++ b/systems/etna/minecraft.nix @@ -0,0 +1,70 @@ +{config, ...}: { + services = { + frp = { + enable = true; + role = "client"; + settings = { + common = { + server_addr = "49.13.148.129"; + server_port = 7000; + }; + + minecraft = { + type = "tcp"; + local_ip = "127.0.0.1"; + local_port = 25565; + remote_port = 6000; + }; + + ragnamod7 = { + type = "tcp"; + local_ip = "127.0.0.1"; + local_port = 25566; + remote_port = 6001; + }; + }; + }; + }; + + virtualisation.oci-containers.containers = { + "minecraft" = { + image = "itzg/minecraft-server"; + ports = ["25565:25565"]; + volumes = [ + "/data/minecraft:/data" + "/data/downloads:/downloads" + ]; + environmentFiles = [ + config.age.secrets.minecraftEnv.path + ]; + environment = { + EULA = "true"; + MEMORY = "12G"; + USE_AIKAR_FLAGS = "true"; + TYPE = "AUTO_CURSEFORGE"; + CF_SLUG = "all-the-mods-8"; + CF_FILE_ID = "4962718"; + }; + }; + + "ragnamod7" = { + image = "itzg/minecraft-server"; + ports = ["25566:25565"]; + volumes = [ + "/data/ragnamod7:/data" + "/data/downloads:/downloads" + ]; + environmentFiles = [ + config.age.secrets.minecraftEnv.path + ]; + environment = { + EULA = "true"; + MEMORY = "12G"; + USE_AIKAR_FLAGS = "true"; + TYPE = "AUTO_CURSEFORGE"; + CF_SLUG = "ragnamod-vii"; + CF_FILE_ID = "5171286"; + }; + }; + }; +}