From 7a4372dfe74e3c4839385df66696afb9ba3d9ec1 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Mon, 1 Jan 2024 16:28:04 +0000 Subject: [PATCH] nixos/whale2: Add Minecraft server --- lib/constants.nix | 4 ++ nixos/boxes/colony/vms/estuary/default.nix | 3 +- nixos/boxes/colony/vms/estuary/dns.nix | 2 + .../vms/shill/containers/middleman/vhosts.nix | 5 ++ nixos/boxes/colony/vms/whale2/default.nix | 2 + .../colony/vms/whale2/minecraft/default.nix | 51 ++++++++++++++++++ .../colony/vms/whale2/minecraft/icon.png | Bin 0 -> 5516 bytes nixos/modules/firewall.nix | 2 +- 8 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 nixos/boxes/colony/vms/whale2/minecraft/default.nix create mode 100644 nixos/boxes/colony/vms/whale2/minecraft/icon.png diff --git a/lib/constants.nix b/lib/constants.nix index 21aceec..7439c36 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -169,6 +169,10 @@ rec { port = 8448; dst = aa.middleman.internal.ipv4.address; } + { + port = 25565; + dst = aa.simpcraft-oci.internal.ipv4.address; + } { port = 2456; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index d86402c..f06973c 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -393,7 +393,8 @@ in # Safe enough to allow all SSH tcp dport ssh accept - ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"} + ip6 daddr ${aa.middleman.internal.ipv6.address} tcp dport { http, https, 8448 } accept + ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport 25565 accept return } chain routing-udp { diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index f213a66..7748158 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -148,6 +148,8 @@ in valheim IN A ${assignments.internal.ipv4.address} valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address} + simpcraft IN A ${assignments.internal.ipv4.address} + simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address} mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4} mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6} diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index bfef99a..77ee9b6 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -352,6 +352,11 @@ in locations."/".proxyPass = "http://git-vm.${domain}:3000"; useACMEHost = pubDomain; }; + + "mc-map.${pubDomain}" = { + locations."/".proxyPass = "http://simpcraft-oci.${domain}:8100"; + useACMEHost = pubDomain; + }; }; minio = diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix index 6901b95..dd6b157 100644 --- a/nixos/boxes/colony/vms/whale2/default.nix +++ b/nixos/boxes/colony/vms/whale2/default.nix @@ -50,6 +50,7 @@ in }; }) { valheim-oci = 2; + simpcraft-oci = 3; }; configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: @@ -63,6 +64,7 @@ in "${modulesPath}/profiles/qemu-guest.nix" ./valheim.nix + ./minecraft ]; config = mkMerge [ diff --git a/nixos/boxes/colony/vms/whale2/minecraft/default.nix b/nixos/boxes/colony/vms/whale2/minecraft/default.nix new file mode 100644 index 0000000..7b54d01 --- /dev/null +++ b/nixos/boxes/colony/vms/whale2/minecraft/default.nix @@ -0,0 +1,51 @@ +{ lib, config, allAssignments, ... }: +let + inherit (lib) concatStringsSep; + inherit (lib.my) dockerNetAssignment; + + # devplayer0 + op = "6d7d971b-ce10-435b-85c5-c99c0d8d288c"; +in +{ + config = { + virtualisation.oci-containers.containers = { + simpcraft = { + image = "ghcr.io/itzg/minecraft-server:2023.12.2-java17-alpine"; + + environment = { + TYPE = "paper"; + + EULA = "true"; + MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t §4§k-----"; + ICON = "/ext/icon.png"; + DIFFICULTY = "normal"; + + WHITELIST = concatStringsSep "," [ + op + "dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug + "fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_ + "1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras + "703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE + "f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq + "1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims + ]; + OPS = op; + + MAX_MEMORY = "4G"; + MODRINTH_PROJECTS = concatStringsSep "," [ ]; + + TZ = "Europe/Dublin"; + }; + + volumes = [ + "minecraft_data:/data" + "${./icon.png}:/ext/icon.png:ro" + ]; + + extraOptions = [ + ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-oci"}'' + ]; + }; + }; + }; +} diff --git a/nixos/boxes/colony/vms/whale2/minecraft/icon.png b/nixos/boxes/colony/vms/whale2/minecraft/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..19829c332381142bb1f4fb2d3acef0a88e0aa65b GIT binary patch literal 5516 zcmeAS@N?(olHy`uVBq!ia0y~yU~m9o4mJh`hEL2VnaaFUdi&e@Bzp_BV!d0OfPOSmjTV5r6x@4bmX~L2n7F_FC z+3Uqt^XZ-2WwnE==>dPo=H|(Zx~Ejc2W1F8=IyVUQ-1#8-ro!h0~2Rm6=gTMYj*i$ z%Z#&YyKL8UTrh8lbV*5*ES@x_DZln^u>RH9p7fvJ|3?1Jx|ihOpwef2cuS{w$8z)B z=FfJ8Gp43Y{V}KF&Jt!J`=Z#7KYEKVrZ%Rxo%N}jXW^qGW*zY|A;Znt6omg zPq7WN%rCsAWqQp@eSf0H`t>@+bHi9Xb&@!RTr^fJ?BU8e@?!nuBt_rfobvxWUQa)< zbi!&Lw?5X8g^p!^ALM_i-WHZvbjX`awc(xk@t+c`Rb`E7cMJFR%Py~EVwvBlz4z^U zvxb@emtN=URSh7wdz+J@Yi#dG0dRX5YIL_1mJB z!N_Fw72bjZjvi6X>buYH?VVfvd;421szhGqKXAtuK<^7(4fkCpwHKN2hKQ}iu zuY|$5C^fMpHASI3vm`^o-P1Q9ypd0wfk8OM)5S5Q;?~>Ql@nx+PCZty|N2ES-`Rz~ z9i$WsTUsVq>`_SOE1tn{n|ouz8Q&vr3C(9E9~!^;&?>&+tlo|8a&i4>1}%nhjB&{v zH?|ro7<8QGD9%zTSvb+Hxa|9vz|fh$-9yX6&nv1#MpTp=D=puZUbX5|?azDP5#@#9u(BR^1%x1EHSIt3q#&(V~m(>jV1wMFuYbxEjUyI?B{p|fdId<*3>D{Y0 zSv1|?(sA&#Safl*QQ&n&iDSkOGJRb8AIuIt_I%qL*4OiXJ1|e!zxuU-&d$IXOV>%$ z9&kNck+ID&h3T<-V?s~o0fw4hO=%xb>EMg~LNoN!^xxF|WM*}!a}Ad|T7D#S{^Ti} zJhYDR@`_KCV%R#-#p236_it_XkM0RHE<6}wGR0)s3g*Wz>kmC&ebaka_ix#TKV9ou zBmT6jTwOS6+k_=d(XZOBr`dN^&P)j5JtpnL!@?txd%%3gq+>lSGbY7#KU?$0_3rC$ z(hNVR#-0xR<8|qp%E<^1C&i5x;-*^9vK@S6m`o2R&q*kGQ_8SxjbST8@Riyh&wAb* zy<1;#pFtw-=2a!Hn|Jy7XZ$&)AXs4+=2Y3O_s-&q*N1G+=*W|9$5#JZbG;|raPibD z?k0kqLV}5+Jy~T24g#&MW~BmLj(rW2H;I?8zp2jfB>dcb#%D?oN*)+2SZTH9fbrj{ zf_wK}kX~b)`j>OLZ)(tGA(iF3BRoy7eTd@dVM;2Im~l}hqV%uEzfzu#7h5@%1U@k? z6L@o=AmrPkcfHlT4s}oes2SX6(__E${ns8oo~3)1#Ta(zsw}rkN!zi)MOh$7^#DhQ zp+e6i24U~k#5d+reg<4Ei;g|1@iB}DKKa&W+uN?h{4Wt}?{+*rdfd?Sa^pgBilopAlL^bO>~WKl z_3-4FlAp#A_H;KtpZ!L6xe4)>|1}KynRFFnnp9MLlKmp~ba&6?sau)*FeU30LoA)bAE@1Z82`sBO`wPU{HlO?X;^8Te%7oXB zvf-7p%TF_Z(%zlM+|QiL;SscOR!+z@w;-`e0#lS1D)u!$e%6{Kc;^I)MW%SEZ>auT+_h6`L?$yY7jePoFk_tHn3^}l9^gmmclee}Hh-?dS-+U=+l@0N*^p6y!yt>F0HT9#W^DplP!EpmuyY;m&e?5@t=XmwAR zA$6%9^R)2Z@Uv!M|=rrdhH^v<4}o>5V) zzr&tZyx3o?GU>vtl!=~^ynU)}2iRjj8JpXM{Ce4rMAnjL~cu8Z4iee@U>TuN%@JtbyTyhvoH`Pr896>oc$%KxmHAAWrr z;|$Zw&;A%kTjWKW)$B_*u$+JDo8$e{U$>UWz2;}W@%YXsBM#5?&%S9H?VGmkk*0T& zM)>u2LUBhMIM|wZD0XJapYdq06?$MEov>ibVRhTnceC{cRAn|996cL9`&?UZ>Mrvs zH!r@Pd^W0g2$@z9Fdaiu5Rn=DI_Ne){5Xv+whM{2b52{Nc!D*1Vs`N^Z?k z7U)Uvc@deCd#0g1^uiC%R)(pK49l&Os~@u}%{cM6Bfe92%M^uetOogubUr9D+*z@! zd-@u$8~2`X{?%&3eAv;YtylE6a{tw__;Mdlk&y59FZ(0d5Yz_<( z)>Uy+sIS_6!lB;cMx)(X-utf?hOFX`(^Q_Jc1IgMhPkHZ6MrzV zZ2M|vSMk@X|LXat$zK@N=S)zXDU#+>Z29+z*uKweSL(z}Shf7z47CPb#fw~femXVE z|J~5P{F=yzWI4h7_50$U7>DOQe82w2nOoP7uZq>*XLKkvJm=Xa?QI+Ck}H{fH%?of zz0S;v*UVJMbEzOlL$KfJ4Jm=MX6LIAxU4bZXy^>Vvm3iFZ%u!BDuRK*&vN0+zOvc!_cu=Fz1#b`gOxj0Z~v0H&d=4I zE7xevKYm1HG4HMz#t3^shQA3$J%^o7E_t-+v-LME|LNw>HS?tuYEOhr$u(W!pms}o zLf6XG@$+VWi1QX-zVq+2$edeIiRtktyyxbcZC4P5Cs%uIG%OW8Y5rrUU_-jqIxRkbmIJRPlq^^4 z*} zg*?kHxv4H8p(t_T278SAt9-xXb2m!_K71Qr^DlB=-P4;UmRd1#){D7+1}+TyYEjAm zm|6HToBQe`%k<{6v(;CyycP9U`eysUpP}J|vBcv*L%zn9`q{k)-)m2@`sEmM+N5b= z?u!`vWBN)jP5id?9+{+RA-h??TvofES+4rW^_usmrzdSWAHbm8xGGnzr&ITG#LrHj z4W3f7KVEdZp7Qa=)ew_==jJy2+44B6{&|bsguMl^cKbKI_Ix~BxHny3`z}Vob&Ia$ z%ctDCv)IEoe#7ekgSOKAy$55<{}`{9kGq&KrRYjTS>LT$;cfDoZ^)hBTP5iuI zol5S+z6&eZu7@T*N_;52XRc+*(g2p%Z3gasGE5BLg=Yx+dL~Z_Efrt$j3s~Vo(bz~ zs}z{*|Z041Ps!$dj`D{g`RO-iq4%y434hk7pM98ggu9R24YT zvrb1oZrbyc;-?DlIoz;Seg45YxOcXcpyNVb#)4NXZ~j^r9Mt=e?Yd~6wO02G&Yt`m zV%!?JHR5llZfh>}dv1DghtL+=#tRkP1?wa)dYp0*Dz5nZ#q#Z%x|gwA?tShm_;~2b zjJ>wOocFiOZ)xxr%WS%nHb;%yT&;g*;B#gUpPb2C=5eh)_F8cMCF}Q#ymuxZv|9Xl zR>EbyD_=M2Ru_KXd|>giMHgEaJX^+MP`>MQ>HJLj?`fXe2d8%XKX6x{clxb*ZC5t` ze~sME37_rDirQAb^-J#h#2ezIvi6+crC9c$m;9w1!ZSAfo;dx-MMVyKttqRj;+I$n z*P2Oa1;43dk3IFZ$!h20Sr2~3`gZN@-e1dj*mIdcgj%5J-@|)qA6@kQ!q4{S$-9GA zlNSB>)oyp}k7sFtRa%P0idrN4f0rlEDPPvPv3N^=Jf}5Bn7j3(TTA#XIO;#}>bU!E zu(x*yRda=a8!HjfV9ih38)FxE1|BF3vLX!@Yw44(F%;-~AvjzkGDM+@x~4-{XSON_(4w3l~d%=24S( zh)ga$cW9i&>-F8% ziJAM4FFQP4z%I?JYM$J;z*BtX6+MnR7GH0qiOEbzIJ%0_Zpy4!_tLI@Yv~O-chb1a z@5PiXY+bNjdh&bTSZkXrB30+NWS07s#%yYr^~?Jjtdf4?;lr*UjGY;^`CfMS92oP{ z^_K;)Rj^zUw_1O3y+i8#xk9Jczp#>e$jK6JB(~}(pSiSdrp3pH&zCtRT3PY4SWY^9 zYs2zw$DGu?3V%BO(UtySzPDL3Yl~UMN;9>&e*}-L(z3KW`gOMEo-aZxXYz#wCGKH} z{ldYe`e&g`Rf@$G{RyE8+son>U*D7eoaM9jZavnzCWT4cCOkV-~H;Q*}={J6juGt9@w!U%c)aFMHI#W9>`hMNbu8aJ}Gi&c3$a?!)Tvy60Pd zo>x=nx4lp})qIb>|K_(36<4l%-6+l2D!OXdB);t(p+$V1t#1_>9=SMJgqZOKR#hpV zJLEU1-Oo+vTV75@)`h16Een#`;%^t0pYQ*-B`T+G_k-u}_iVk-(BWVq{i9q#g!S!* zln%LV8<(9`-CE*xms`iYro}8|*KbYR{jAk#+?}q$8>1%gW>Dy0_@J=DA;7HpeD3be z@9*{MYkSujzE8h<`@1xQqT#vu?KA3`{nlJ%yvd_t{lQ#1=yZCLe>Sh9#8x+sUv3(E zFEvZ*OtP$f_(N{t-Y5=%mhi{ZwQq;#?#WF#`{4D=$Y@rn6+)`GfN=ZA$N7d9O{OPUbx&PVd zXu6po&(t!*&vFkrx$JlKu`1quswb@a*)D*AL1e!Czf%|H&VHx4?@Is2*KHBLVk;Lf zzw~EibKx_S$KQGSXBEnx-6hTxV7l*G^9J{MiRmfJF6a2Z`+dyjH#6&jDfN-B`ST=q z9f+R4JN3sr-YNIx8V+O|oS8RC!Epal!)@6v;ih)aSktzMvp6VpTKcUvU(-};m^Zuj zhFX2iuP<*5C+nH-Tl6KW@nQAv0`aYn%eF4Ml=tRC+?(GHrBjV(y-Zjm-oxY+$>a0) zpVj9^W`!G3S;q6G3td+&tq@+Rx;EsVZg9+AR-NuI8!ro7&$9@RiGFqUk&V%|v_023 zTE6w}&wc;u-*?%DYp<`b(LEFU&mqh6vii|N2cCC4;^k>tRvs_fqfZs?y?w;yz>8l# z$4?r3yCwgnoW=6th${-&~X_N4Yyu^sG71dcEII9u?ek3m+oI$z() z^ZWFE==0bF{PH-y{hm(E14f1yKi@E&4qI6q;uiZ@&r9~D+>AprAN2_{845f~yl{a1 z*G(^dd4HMzpZfmplDL)Kza#0Rk>Jh{-%aOA`F+bQ*mqdWEn8uB-Qj|vKgZq!@A*$v zx!jlHd9i-!|GeDH`2N@W|IS{VcV6z%jYo4-l+ryX&q+JKE&Zk}*U5&WL$YbH7u>|Z zy#5zf9B&}-C;Ru=?EAI*k8Qrc-)8UQF4xNdFnGH9xvX