diff --git a/lib/default.nix b/lib/default.nix index c1f455a..1c42c97 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -198,6 +198,8 @@ rec { }; pubDomain = "nul.ie"; + dockerNetAssignment = + assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}"; colony = rec { domain = "fra1.int.${pubDomain}"; start = { diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index e98a3e1..786db77 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -192,6 +192,17 @@ port = 8448; dst = allAssignments.middleman.internal.ipv4.address + ":8448"; } + + { + port = 2456; + dst = allAssignments.valheim-oci.internal.ipv4.address + ":2456"; + proto = "udp"; + } + { + port = 2457; + dst = allAssignments.valheim-oci.internal.ipv4.address + ":2457"; + proto = "udp"; + } ]; }; extraRules = @@ -209,6 +220,7 @@ tcp dport ssh accept ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"} + ${matchInet "udp dport { 2456-2457 } accept" "valheim-oci"} return } diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index d69a407..34c9bd8 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -203,9 +203,13 @@ in ns IN ALIAS ${config.networking.fqdn}. @ IN ALIAS ${config.networking.fqdn}. + http IN A ${assignments.internal.ipv4.address} http IN AAAA ${allAssignments.middleman.internal.ipv6.address} + valheim IN A ${assignments.internal.ipv4.address} + valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address} + $TTL 3 _acme-challenge IN LUA TXT @@FILE@@ diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix index 526bca9..3ba1e8a 100644 --- a/nixos/boxes/colony/vms/whale2/default.nix +++ b/nixos/boxes/colony/vms/whale2/default.nix @@ -1,4 +1,8 @@ -{ lib, ... }: { +{ lib, ... }: +let + inherit (builtins) mapAttrs; +in +{ nixos.systems.whale2 = { system = "x86_64-linux"; nixpkgs = "mine"; @@ -25,9 +29,20 @@ }; }; + extraAssignments = mapAttrs (n: i: { + internal = { + name = n; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.oci.v4}${toString i}"; + ipv6.address = "${lib.my.colony.start.oci.v6}${toString i}"; + }; + }) { + valheim-oci = 2; + }; + configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: let - inherit (builtins) mapAttrs toJSON; + inherit (builtins) toJSON; inherit (lib) mkIf mkMerge mkForce; inherit (lib.my) networkdAssignment; in @@ -35,7 +50,7 @@ imports = [ "${modulesPath}/profiles/qemu-guest.nix" - + ./valheim.nix ]; config = mkMerge [ @@ -75,6 +90,9 @@ podman = { enable = true; }; + oci-containers = { + backend = "podman"; + }; }; environment = { diff --git a/nixos/boxes/colony/vms/whale2/valheim.nix b/nixos/boxes/colony/vms/whale2/valheim.nix new file mode 100644 index 0000000..f00cf23 --- /dev/null +++ b/nixos/boxes/colony/vms/whale2/valheim.nix @@ -0,0 +1,38 @@ +{ lib, config, allAssignments, ... }: +let + inherit (lib.my) dockerNetAssignment; +in +{ + config = { + virtualisation.oci-containers.containers = { + valheim = { + image = "lloesche/valheim-server@sha256:8d910b15e3ab645a31c85799338d3dc043cabe891a34b43cbd574a1453837205"; + + environment = { + SERVER_NAME = "amogus sus"; + SERVER_PUBLIC = "true"; + WORLD_NAME = "simpland2"; + ADMINLIST_IDS = "76561198049818986"; + TZ = "Europe/Dublin"; + }; + environmentFiles = [ config.age.secrets."whale2/valheim.env".path ]; + + volumes = [ + "data:/config" + "server:/opt/valheim" + ]; + + extraOptions = [ + ''--network=colony:${dockerNetAssignment allAssignments "valheim-oci"}'' + "--cap-add=SYS_NICE" + ]; + }; + }; + + my = { + secrets.files = { + "whale2/valheim.env" = {}; + }; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix index 331fb8c..22f1722 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -2,13 +2,13 @@ let inherit (builtins) attrValues mapAttrs; inherit (lib) - substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType; + substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType foldAttrs mapAttrsToList; inherit (lib.my) naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates; cfg = config.nixos; - allAssignments = mapAttrs (_: c: c.assignments) cfg.systems; + allAssignments = (mapAttrs (_: c: c.assignments) cfg.systems) // (foldAttrs (c: all: all // c) { } (mapAttrsToList (_: c: c.extraAssignments) cfg.systems)); mkSystem = { @@ -131,6 +131,8 @@ let assignments = mkOpt' (attrsOf (submoduleWith { modules = [ assignmentOpts { _module.args.name = mkForce name; } ]; })) { } "Network assignments."; + # TODO: Getting the default name for the extra assignment is currently fucked for the same reason as above + extraAssignments = mkOpt' (attrsOf (attrsOf (submodule assignmentOpts))) { } "Extra network assignments."; configuration = mkOption { description = "NixOS configuration module."; diff --git a/secrets/whale2/valheim.env.age b/secrets/whale2/valheim.env.age new file mode 100644 index 0000000..afda126 --- /dev/null +++ b/secrets/whale2/valheim.env.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 /EJXvg b3pIwQhBXVof+e+HdCC16M5tc0VuUvvKF+Fj2pytlEE +NwnBuKXpj9eP1k7D+U2J7Ms7q5kbB4E2zpH34Sx7MzY +-> X25519 w3Wk4YORf+FrC94zpv8TqrwEWDJpuC8IE2YWn6TWRns +xWF9B4SfS2Gun3xMJodwU0WRtd1GmC3NpyW0xb/K2Sw +-> IuQD#-grease gEpQSQM` +fjTI1cPFEs0gIqaF5NDOQcqNmfLDStGXaBUjEYa/JjAV7MCTRjpdUU/5DtkH33av +Ji1k8hfgxQ +--- UTwjr4FXUeSfijgp5VAZIIGmV/lsfxGwHFUHkC9jHrg +=!b&W\0Op([[ϟ]_4J8Ai93@~I‰5 \ No newline at end of file