chore(etna): refactor and split into different files
this also disables the matrix server (conduit) and removes an unused open firewall port
This commit is contained in:
parent
05c057f0ea
commit
26480457ff
4 changed files with 156 additions and 147 deletions
32
systems/etna/attic.nix
Normal file
32
systems/etna/attic.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{config, ...}: {
|
||||
cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
|
||||
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.age.secrets.atticEnv.path;
|
||||
|
||||
settings = {
|
||||
listen = "[::]:6000";
|
||||
api-endpoint = "https://attic.uku3lig.net/";
|
||||
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "/data/attic";
|
||||
};
|
||||
|
||||
chunking = {
|
||||
nar-size-threshold = 65536; # 64 KiB
|
||||
min-size = 16384; # 16 KiB
|
||||
avg-size = 65536; # 64 KiB
|
||||
max-size = 262144; # 256 KiB
|
||||
};
|
||||
|
||||
compression.type = "zstd";
|
||||
|
||||
garbage-collection = {
|
||||
interval = "1 day";
|
||||
default-retention-period = "6 weeks";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,8 +1,17 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
}: let
|
||||
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
|
||||
in {
|
||||
imports = [
|
||||
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
||||
|
||||
./minecraft.nix
|
||||
./attic.nix
|
||||
];
|
||||
|
||||
age.secrets = let
|
||||
path = ../../secrets/etna;
|
||||
in {
|
||||
|
@ -21,8 +30,6 @@
|
|||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [4040];
|
||||
|
||||
services = {
|
||||
api-rs = {
|
||||
enable = true;
|
||||
|
@ -49,161 +56,19 @@
|
|||
};
|
||||
};
|
||||
|
||||
cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
"0 3 * * * systemctl restart podman-minecraft.service >> /data/minecraft/cronout 2>&1"
|
||||
];
|
||||
};
|
||||
|
||||
matrix-conduit = {
|
||||
enable = true;
|
||||
settings.global = {
|
||||
server_name = "m.uku.moe";
|
||||
allow_registration = true;
|
||||
port = 6167;
|
||||
};
|
||||
};
|
||||
|
||||
frp = {
|
||||
enable = true;
|
||||
role = "client";
|
||||
settings = {
|
||||
common = {
|
||||
server_addr = "49.13.148.129";
|
||||
server_port = 7000;
|
||||
};
|
||||
|
||||
minecraft = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 25565;
|
||||
remote_port = 6000;
|
||||
};
|
||||
|
||||
ragnamod7 = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 25566;
|
||||
remote_port = 6001;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.age.secrets.atticEnv.path;
|
||||
|
||||
settings = {
|
||||
listen = "[::]:6000";
|
||||
api-endpoint = "https://attic.uku3lig.net/";
|
||||
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "/data/attic";
|
||||
};
|
||||
|
||||
chunking = {
|
||||
nar-size-threshold = 65536; # 64 KiB
|
||||
min-size = 16384; # 16 KiB
|
||||
avg-size = 65536; # 64 KiB
|
||||
max-size = 262144; # 256 KiB
|
||||
};
|
||||
|
||||
compression.type = "zstd";
|
||||
|
||||
garbage-collection = {
|
||||
interval = "1 day";
|
||||
default-retention-period = "6 weeks";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
cloudflared = {
|
||||
enable = true;
|
||||
tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = {
|
||||
tunnels.${tunnelId} = {
|
||||
credentialsFile = config.age.secrets.tunnelCreds.path;
|
||||
|
||||
ingress = {
|
||||
"api.uku3lig.net" = "http://localhost:5000";
|
||||
"bw.uku3lig.net" = "http://localhost:8222";
|
||||
"maven.uku3lig.net" = "http://localhost:8080";
|
||||
"attic.uku3lig.net" = "http://localhost:6000";
|
||||
"m.uku.moe" = "http://localhost:80";
|
||||
};
|
||||
|
||||
default = "http_status:404";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts."m.uku.moe" = {
|
||||
locations."=/.well-known/matrix/server" = let
|
||||
filename = "server-well-known";
|
||||
content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
|
||||
in {
|
||||
alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
|
||||
tryFiles = "${filename} =200";
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:6167/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_buffering off;
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
"minecraft" = {
|
||||
image = "itzg/minecraft-server";
|
||||
ports = ["25565:25565"];
|
||||
volumes = [
|
||||
"/data/minecraft:/data"
|
||||
"/data/downloads:/downloads"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.minecraftEnv.path
|
||||
];
|
||||
environment = {
|
||||
EULA = "true";
|
||||
MEMORY = "12G";
|
||||
USE_AIKAR_FLAGS = "true";
|
||||
TYPE = "AUTO_CURSEFORGE";
|
||||
CF_SLUG = "all-the-mods-8";
|
||||
CF_FILE_ID = "4962718";
|
||||
};
|
||||
};
|
||||
|
||||
"ragnamod7" = {
|
||||
image = "itzg/minecraft-server";
|
||||
ports = ["25566:25565"];
|
||||
volumes = [
|
||||
"/data/ragnamod7:/data"
|
||||
"/data/downloads:/downloads"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.minecraftEnv.path
|
||||
];
|
||||
environment = {
|
||||
EULA = "true";
|
||||
MEMORY = "12G";
|
||||
USE_AIKAR_FLAGS = "true";
|
||||
TYPE = "AUTO_CURSEFORGE";
|
||||
CF_SLUG = "ragnamod-vii";
|
||||
CF_FILE_ID = "5171286";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
42
systems/etna/matrix.nix
Normal file
42
systems/etna/matrix.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{pkgs, ...}: {
|
||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
||||
|
||||
services = {
|
||||
matrix-conduit = {
|
||||
enable = true;
|
||||
settings.global = {
|
||||
server_name = "m.uku.moe";
|
||||
allow_registration = true;
|
||||
port = 6167;
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts."m.uku.moe" = {
|
||||
locations."=/.well-known/matrix/server" = let
|
||||
filename = "server-well-known";
|
||||
content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
|
||||
in {
|
||||
alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
|
||||
tryFiles = "${filename} =200";
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:6167/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_buffering off;
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
70
systems/etna/minecraft.nix
Normal file
70
systems/etna/minecraft.nix
Normal file
|
@ -0,0 +1,70 @@
|
|||
{config, ...}: {
|
||||
services = {
|
||||
frp = {
|
||||
enable = true;
|
||||
role = "client";
|
||||
settings = {
|
||||
common = {
|
||||
server_addr = "49.13.148.129";
|
||||
server_port = 7000;
|
||||
};
|
||||
|
||||
minecraft = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 25565;
|
||||
remote_port = 6000;
|
||||
};
|
||||
|
||||
ragnamod7 = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 25566;
|
||||
remote_port = 6001;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
"minecraft" = {
|
||||
image = "itzg/minecraft-server";
|
||||
ports = ["25565:25565"];
|
||||
volumes = [
|
||||
"/data/minecraft:/data"
|
||||
"/data/downloads:/downloads"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.minecraftEnv.path
|
||||
];
|
||||
environment = {
|
||||
EULA = "true";
|
||||
MEMORY = "12G";
|
||||
USE_AIKAR_FLAGS = "true";
|
||||
TYPE = "AUTO_CURSEFORGE";
|
||||
CF_SLUG = "all-the-mods-8";
|
||||
CF_FILE_ID = "4962718";
|
||||
};
|
||||
};
|
||||
|
||||
"ragnamod7" = {
|
||||
image = "itzg/minecraft-server";
|
||||
ports = ["25566:25565"];
|
||||
volumes = [
|
||||
"/data/ragnamod7:/data"
|
||||
"/data/downloads:/downloads"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.minecraftEnv.path
|
||||
];
|
||||
environment = {
|
||||
EULA = "true";
|
||||
MEMORY = "12G";
|
||||
USE_AIKAR_FLAGS = "true";
|
||||
TYPE = "AUTO_CURSEFORGE";
|
||||
CF_SLUG = "ragnamod-vii";
|
||||
CF_FILE_ID = "5171286";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue