Ensure borgbackup cache / config is persisted

Add (now unused) Enshrouded server
2024-11-16 18:46:09 +00:00 · 2024-11-16 18:08:10 +00:00
9 changed files with 79 additions and 0 deletions
--- a/lib/constants.nix
+++ b/lib/constants.nix
@ -228,6 +228,17 @@ rec {
        proto = "udp";
      }

+      {
+        port = 15636;
+        dst = aa.enshrouded-oci.internal.ipv4.address;
+        proto = "udp";
+      }
+      {
+        port = 15637;
+        dst = aa.enshrouded-oci.internal.ipv4.address;
+        proto = "udp";
+      }
+
      {
        port = qclk.wgPort;
        dst = aa.qclk.internal.ipv4.address;
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@ -412,6 +412,7 @@ in
                      ip6 daddr ${aa.valheim-oci.internal.ipv6.address} udp dport { 2456-2457 } accept
                      ip6 daddr ${aa.waffletail.internal.ipv6.address} udp dport 41641 accept
                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} udp dport 25565 accept
+                      ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept
                      return
                    }
                    chain filter-routing {
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@ -153,6 +153,7 @@ in
            simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address}
            simpcraft-staging IN A ${assignments.internal.ipv4.address}
            simpcraft-staging IN AAAA ${allAssignments.simpcraft-staging-oci.internal.ipv6.address}
+            enshrouded IN A ${assignments.internal.ipv4.address}

            mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
            mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
--- a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
+++ b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
@ -99,6 +99,8 @@ in
            };

            borgbackup.jobs.vaultwarden = {
+              readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];
+
              paths = [ vwData ];
              repo = "zh2855@zh2855.rsync.net:borg/vaultwarden2";
              doInit = true;
--- a/nixos/boxes/colony/vms/whale2/default.nix
+++ b/nixos/boxes/colony/vms/whale2/default.nix
@ -52,6 +52,7 @@ in
      valheim-oci = 2;
      simpcraft-oci = 3;
      simpcraft-staging-oci = 4;
+      enshrouded-oci = 5;
    };

    configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@ -66,6 +67,7 @@ in

          ./valheim.nix
          ./minecraft
+          # ./enshrouded.nix
        ];

        config = mkMerge [
--- a/nixos/boxes/colony/vms/whale2/enshrouded.nix
+++ b/nixos/boxes/colony/vms/whale2/enshrouded.nix
@ -0,0 +1,35 @@
+{ lib, config, allAssignments, ... }:
+let
+  inherit (lib) concatStringsSep;
+  inherit (lib.my) dockerNetAssignment;
+in
+{
+  config = {
+    virtualisation.oci-containers.containers = {
+      enshrouded = {
+        image = "sknnr/enshrouded-dedicated-server@sha256:f163e8ba9caa2115d8a0a7b16c3696968242fb6fba82706d9a77a882df083497";
+
+        environment = {
+          SERVER_NAME = "UWUshrouded";
+          # SERVER_IP = "::"; # no IPv6?? :(
+          TZ = "Europe/Dublin";
+        };
+        environmentFiles = [ config.age.secrets."whale2/enshrouded.env".path ];
+
+        volumes = [
+          "enshrouded:/home/steam/enshrouded/savegame"
+        ];
+
+        extraOptions = [
+          ''--network=colony:${dockerNetAssignment allAssignments "enshrouded-oci"}''
+        ];
+      };
+    };
+
+    my = {
+      secrets.files = {
+        "whale2/enshrouded.env" = {};
+      };
+    };
+  };
+}
--- a/nixos/boxes/colony/vms/whale2/minecraft/default.nix
+++ b/nixos/boxes/colony/vms/whale2/minecraft/default.nix
@ -123,6 +123,7 @@ in
          within = "12H";
          hourly = 48;
        };
+        readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];

        # Avoid Minecraft poking the files while we back up
        preHook = rconCommand "save-off";
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@ -540,6 +540,20 @@ in
        ];
      })
      (persistSimpleSvc "octoprint")
+      (mkIf (config.services.borgbackup.jobs != { }) {
+        my.tmproot.persistence.config.directories = [
+          "/var/lib/borgbackup"
+          "/var/cache/borgbackup"
+        ];
+
+        services.borgbackup.package = pkgs.borgbackup.overrideAttrs (o: {
+          makeWrapperArgs = o.makeWrapperArgs ++ [
+            "--set-default BORG_BASE_DIR /var/lib/borgbackup"
+            "--set-default BORG_CONFIG_DIR /var/lib/borgbackup/config"
+            "--set-default BORG_CACHE_DIR /var/cache/borgbackup"
+          ];
+        });
+      })
    ]))
  ]);

--- a/secrets/whale2/enshrouded.env.age
+++ b/secrets/whale2/enshrouded.env.age
@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBQc3dL
+bkttTXJPWnZzYVJ6OUc2cjJvZWJLWHk2QXYvRU9TL3RBTmFmQ1dNClRtaUwvcDJa
+c3h6eXpPR3dKSVZDVHJzNjR4b0Y5K3Zadk5vTkZiZS9RYkEKLT4gWDI1NTE5IE9R
+Y0g2bEJsNmdLaVJteDJaakFMZEdxRU55N2pNbzhkakxuRVFmdVN0ajQKZXZrRHdu
+WFFwMUFkUmJQbm9ONlFRWGdMWmtsWHlOaWVjMGtMdVM1YmdoUQotPiAwIm5PWS1n
+cmVhc2UgUUosbyl4CkFIWDA4L3YwOFBYVUFMZnB6U3VkNFJQVFlEMThVeTV4bHlu
+QmF2TFBobmtJS1hERUtSZld2UEZyb29nNEdGdWEKenliMmhQL1VrY2dFS3VzSEZB
+dm1jT2xOQkxnbCtBV21WT3ZMVjl0WEpPWQotLS0gckNCZEp3VU56eTFFR1ZzbTc3
+WTRIcVZGY0Z1YlNUS3l0cWJ1TW5YUjF6SQoqTDq/up9Q3tQnNJdsnfiwYqA5LW6G
+nKJXGbpnt3dpXxv/1+KRgF6pVKVQtyNFncQW7SC6K4uFw7iv6A==
+-----END AGE ENCRYPTED FILE-----
Author	SHA1	Message	Date
Jack O'Sullivan	71d1c3f9c2	Ensure borgbackup cache / config is persisted All checks were successful CI / Check, build and cache Nix flake (push) Successful in 32m28s Details	2024-11-16 18:46:09 +00:00
Jack O'Sullivan	1453a755c3	Add (now unused) Enshrouded server	2024-11-16 18:08:10 +00:00