From 94eafe59d2d064bc139d5295e8bef6f43fc1c018 Mon Sep 17 00:00:00 2001 From: schweby Date: Thu, 18 Mar 2021 19:01:44 +0100 Subject: [PATCH 1/6] hainich/nginx: remove rc3 cluster site --- hosts/hainich/services/nginx.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix index ad7f0ba..9a2f162 100644 --- a/hosts/hainich/services/nginx.nix +++ b/hosts/hainich/services/nginx.nix @@ -11,11 +11,6 @@ # services.nginx.recommendedProxySettings = true; services.nginx.virtualHosts = let - rc3clustersite = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/"; - }; in { "hainich.hacc.space" = { enableACME = true; @@ -26,8 +21,6 @@ }; }; }; - "freedom.rc3.io" = rc3clustersite; - "future.rc3.io" = rc3clustersite; }; networking.firewall.allowedTCPPorts = [ 1935 ]; From 77c06c5509a05cfa60e47b1d7c02ecd7dc26330f Mon Sep 17 00:00:00 2001 From: schweby Date: Thu, 18 Mar 2021 19:04:00 +0100 Subject: [PATCH 2/6] hainich/nginx: let all empty subdomains 404 * make hainich.hacc.space the default virtualHost for nginx if no host is running on that subdomain, this will be shown * disable SSL, so no pesky SSL error for empty subdomains anymore * remove lots of unneeded brackes and semicolons --- hosts/hainich/services/nginx.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix index 9a2f162..4dc2f53 100644 --- a/hosts/hainich/services/nginx.nix +++ b/hosts/hainich/services/nginx.nix @@ -12,14 +12,10 @@ services.nginx.virtualHosts = let in { + # let all empty subdomains pointing to hainich return 404 "hainich.hacc.space" = { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - return = "404"; - }; - }; + default = true; + locations."/".return = "404"; }; }; From 233ffdd769b718ec977424d7edc9abc55a4d9c4d Mon Sep 17 00:00:00 2001 From: schweby Date: Thu, 18 Mar 2021 19:12:14 +0100 Subject: [PATCH 3/6] hainich/nginx: redirect hacc.space to hacc.earth redirect was previously managed on libocerus hacc.space now points to hainich --- hosts/hainich/services/nginx.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix index 4dc2f53..56cf029 100644 --- a/hosts/hainich/services/nginx.nix +++ b/hosts/hainich/services/nginx.nix @@ -17,6 +17,11 @@ default = true; locations."/".return = "404"; }; + "hacc.space" = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 https://hacc.earth"; + }; }; networking.firewall.allowedTCPPorts = [ 1935 ]; From 071f135ef4eea6fc8b2cc04f6b9e1d8503b544dc Mon Sep 17 00:00:00 2001 From: schweby Date: Sat, 20 Mar 2021 16:56:56 +0100 Subject: [PATCH 4/6] hainich: Blacklist ip_tables and ip6_tables Prevent **something** (docker) from loading the iptables kernel modules and breaking nftables --- hosts/hainich/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix index 5cc94e0..45c5a8e 100644 --- a/hosts/hainich/configuration.nix +++ b/hosts/hainich/configuration.nix @@ -25,6 +25,9 @@ boot.loader.grub.device = "/dev/sda"; boot.supportedFilesystems = [ "zfs" ]; + # stop presumably docker form loading ip_tables and breaking nftables + boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" ]; + # networking networking.hostName = "hainich"; networking.hostId = "8a58cb2f"; From 8377d27b875557fac1dac1ed31e187729d94b64c Mon Sep 17 00:00:00 2001 From: schweby Date: Fri, 19 Mar 2021 14:16:55 +0100 Subject: [PATCH 5/6] hainich: init minecraft server this server replaces the vanilla minecraft server on libocedrus --- hosts/hainich/configuration.nix | 1 + hosts/hainich/services/minecraft.nix | 49 ++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 hosts/hainich/services/minecraft.nix diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix index 45c5a8e..8e0bc9f 100644 --- a/hosts/hainich/configuration.nix +++ b/hosts/hainich/configuration.nix @@ -19,6 +19,7 @@ ./services/syncthing.nix ./services/monitoring.nix ./services/workadventure.nix + ./services/minecraft.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/hosts/hainich/services/minecraft.nix b/hosts/hainich/services/minecraft.nix new file mode 100644 index 0000000..0c20943 --- /dev/null +++ b/hosts/hainich/services/minecraft.nix @@ -0,0 +1,49 @@ +{pkgs, lib, config, ...}: +{ + nixpkgs.config.allowUnfree = true; + networking.firewall.allowedTCPPorts = [ 25565 ]; + services.minecraft-server = { + enable = true; + eula = true; + declarative = true; + jvmOpts = "-Xmx1536M -Xms512M"; + + serverProperties = { + server-port = "25565"; + gamemode = "survival"; + motd = "NixCraft4future"; + max-players = "20"; + whitelist = true; + force-gamemode = true; + difficulty = "easy"; + allow-flight= false; + pvp = false; + enable-rcon = false; + }; + + whitelist = { + AaronPirt = "bbb8a319-a0fe-4b7a-bdcc-d7941a7fcfa8"; + ACY2003 = "e6caedfb-95de-44b6-bea7-962e765f2b74"; + Hexchen = "137ad280-856c-4f27-b258-b263d4e6863b"; + laXDer = "98043845-8bac-4d38-a479-d116eea90356"; + Naigh = "96dd9a77-2a65-415b-8d48-1f00e146dc42"; + Schweby = "a5680c67-1a85-4a9b-81b6-a3a0b7b52467"; + wolkenzebratopf = "34f47e5b-3f81-4639-ab6b-97be5e358054"; + yan_min = "a2d1b6f2-1b58-4433-be67-f9872c4332f1"; + Zauberberg = "4c59c4c3-f16b-4b7e-b707-9a176958e7cf"; + }; + + package = let + version = "16.5-558"; + url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/558/downloads/paper-1.16.5-558.jar"; + sha256 = "24d00dbb162ff5d9aeda0d4969c8050c88ae1e9386c855a98a0f68017e4508e8"; + in (pkgs.minecraft-server.overrideAttrs (old: rec { + name = "minecraft-server-${version}"; + inherit version; + + src = pkgs.fetchurl { + inherit url sha256; + }; + })); + }; +} From 99d534586aa9c25ca034bb2046ccfaadcc4e073f Mon Sep 17 00:00:00 2001 From: schweby Date: Sat, 20 Mar 2021 17:09:58 +0100 Subject: [PATCH 6/6] hainich/minecraft: update to paper 1.16.5-562 --- hosts/hainich/services/minecraft.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/hainich/services/minecraft.nix b/hosts/hainich/services/minecraft.nix index 0c20943..2e2c712 100644 --- a/hosts/hainich/services/minecraft.nix +++ b/hosts/hainich/services/minecraft.nix @@ -34,9 +34,9 @@ }; package = let - version = "16.5-558"; - url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/558/downloads/paper-1.16.5-558.jar"; - sha256 = "24d00dbb162ff5d9aeda0d4969c8050c88ae1e9386c855a98a0f68017e4508e8"; + version = "16.5-562"; + url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/562/downloads/paper-1.16.5-562.jar"; + sha256 = "6c9110cb096cf8015382c112c1cfaf61093fd41c807410b0f744bee5317a05fd"; in (pkgs.minecraft-server.overrideAttrs (old: rec { name = "minecraft-server-${version}"; inherit version;