nixos/whale2: Add Valheim server 😳

lib/default.nix

@@ -198,6 +198,8 @@ rec {
   };
 
   pubDomain = "nul.ie";
+  dockerNetAssignment =
+    assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
   colony = rec {
     domain = "fra1.int.${pubDomain}";
     start = {

nixos/boxes/colony/vms/estuary/default.nix

@@ -192,6 +192,17 @@
                       port = 8448;
                       dst = allAssignments.middleman.internal.ipv4.address + ":8448";
                     }
+
+                    {
+                      port = 2456;
+                      dst = allAssignments.valheim-oci.internal.ipv4.address + ":2456";
+                      proto = "udp";
+                    }
+                    {
+                      port = 2457;
+                      dst = allAssignments.valheim-oci.internal.ipv4.address + ":2457";
+                      proto = "udp";
+                    }
                   ];
                 };
                 extraRules =
@@ -209,6 +220,7 @@
                       tcp dport ssh accept
 
                       ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"}
+                      ${matchInet "udp dport { 2456-2457 } accept" "valheim-oci"}
 
                       return
                     }

nixos/boxes/colony/vms/estuary/dns.nix

@@ -203,9 +203,13 @@ in
             ns IN ALIAS ${config.networking.fqdn}.
 
             @ IN ALIAS ${config.networking.fqdn}.
+
             http IN A ${assignments.internal.ipv4.address}
             http IN AAAA ${allAssignments.middleman.internal.ipv6.address}
 
+            valheim IN A ${assignments.internal.ipv4.address}
+            valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address}
+
             $TTL 3
             _acme-challenge IN LUA TXT @@FILE@@
 

nixos/boxes/colony/vms/whale2/default.nix

@@ -1,4 +1,8 @@
-{ lib, ... }: {
+{ lib, ... }:
+let
+  inherit (builtins) mapAttrs;
+in
+{
   nixos.systems.whale2 = {
     system = "x86_64-linux";
     nixpkgs = "mine";
@@ -25,9 +29,20 @@
       };
     };
 
+    extraAssignments = mapAttrs (n: i: {
+      internal = {
+        name = n;
+        domain = lib.my.colony.domain;
+        ipv4.address = "${lib.my.colony.start.oci.v4}${toString i}";
+        ipv6.address = "${lib.my.colony.start.oci.v6}${toString i}";
+      };
+    }) {
+      valheim-oci = 2;
+    };
+
     configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
       let
-        inherit (builtins) mapAttrs toJSON;
+        inherit (builtins) toJSON;
         inherit (lib) mkIf mkMerge mkForce;
         inherit (lib.my) networkdAssignment;
       in
@@ -35,7 +50,7 @@
         imports = [
           "${modulesPath}/profiles/qemu-guest.nix"
 
-
+          ./valheim.nix
         ];
 
         config = mkMerge [
@@ -75,6 +90,9 @@
               podman = {
                 enable = true;
               };
+              oci-containers = {
+                backend = "podman";
+              };
             };
 
             environment = {

nixos/boxes/colony/vms/whale2/valheim.nix

@@ -0,0 +1,38 @@
+{ lib, config, allAssignments, ... }:
+let
+  inherit (lib.my) dockerNetAssignment;
+in
+{
+  config = {
+    virtualisation.oci-containers.containers = {
+      valheim = {
+        image = "lloesche/valheim-server@sha256:8d910b15e3ab645a31c85799338d3dc043cabe891a34b43cbd574a1453837205";
+
+        environment = {
+          SERVER_NAME = "amogus sus";
+          SERVER_PUBLIC = "true";
+          WORLD_NAME = "simpland2";
+          ADMINLIST_IDS = "76561198049818986";
+          TZ = "Europe/Dublin";
+        };
+        environmentFiles = [ config.age.secrets."whale2/valheim.env".path ];
+
+        volumes = [
+          "data:/config"
+          "server:/opt/valheim"
+        ];
+
+        extraOptions = [
+          ''--network=colony:${dockerNetAssignment allAssignments "valheim-oci"}''
+          "--cap-add=SYS_NICE"
+        ];
+      };
+    };
+
+    my = {
+      secrets.files = {
+        "whale2/valheim.env" = {};
+      };
+    };
+  };
+}

nixos/default.nix

@@ -2,13 +2,13 @@
 let
   inherit (builtins) attrValues mapAttrs;
   inherit (lib)
-    substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType;
+    substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType foldAttrs mapAttrsToList;
   inherit (lib.my)
     naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates;
 
   cfg = config.nixos;
 
-  allAssignments = mapAttrs (_: c: c.assignments) cfg.systems;
+  allAssignments = (mapAttrs (_: c: c.assignments) cfg.systems) // (foldAttrs (c: all: all // c) { } (mapAttrsToList (_: c: c.extraAssignments) cfg.systems));
 
   mkSystem =
     {
@@ -131,6 +131,8 @@ let
       assignments = mkOpt' (attrsOf (submoduleWith {
         modules = [ assignmentOpts { _module.args.name = mkForce name; } ];
       })) { } "Network assignments.";
+      # TODO: Getting the default name for the extra assignment is currently fucked for the same reason as above
+      extraAssignments = mkOpt' (attrsOf (attrsOf (submodule assignmentOpts))) { } "Extra network assignments.";
 
       configuration = mkOption {
         description = "NixOS configuration module.";

secrets/whale2/valheim.env.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 /EJXvg b3pIwQhBXVof+e+HdCC16M5tc0VuUvvKF+Fj2pytlEE
+NwnBuKXpj9eP1k7D+U2J7Ms7q5kbB4E2zpH34Sx7MzY
+-> X25519 w3Wk4YORf+FrC94zpv8TqrwEWDJpuC8IE2YWn6TWRns
+xWF9B4SfS2Gun3xMJodwU0WRtd1GmC3NpyW0xb/K2Sw
+-> IuQD#-grease gEpQSQM`
+fjTI1cPFEs0gIqaF5NDOQcqNmfLDStGXaBUjEYa/JjAV7MCTRjpdUU/5DtkH33av
+Ji1k8hfgxQ
+--- UTwjr4FXUeSfijgp5VAZIIGmV/lsfxGwHFUHkC9jHrg
+•=!‹béó&W\0Op([ÙË[ÏŸÔ]­_4¹J8¾ö‹A‡Œi9’‰ì3®@°»<C2B0>~I÷§–‰5