From 94eafe59d2d064bc139d5295e8bef6f43fc1c018 Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Thu, 18 Mar 2021 19:01:44 +0100
Subject: [PATCH 1/6] hainich/nginx: remove rc3 cluster site

---
 hosts/hainich/services/nginx.nix | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix
index ad7f0ba..9a2f162 100644
--- a/hosts/hainich/services/nginx.nix
+++ b/hosts/hainich/services/nginx.nix
@@ -11,11 +11,6 @@
 # services.nginx.recommendedProxySettings = true;
 
   services.nginx.virtualHosts = let
-    rc3clustersite = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/";
-    };
   in {
     "hainich.hacc.space" = {
       enableACME = true;
@@ -26,8 +21,6 @@
         };
       };
     };
-    "freedom.rc3.io" = rc3clustersite;
-    "future.rc3.io" = rc3clustersite;
   };
 
   networking.firewall.allowedTCPPorts = [ 1935 ];

From 77c06c5509a05cfa60e47b1d7c02ecd7dc26330f Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Thu, 18 Mar 2021 19:04:00 +0100
Subject: [PATCH 2/6] hainich/nginx: let all empty subdomains 404

* make hainich.hacc.space the default virtualHost for nginx
if no host is running on that subdomain, this will be shown
* disable SSL, so no pesky SSL error for empty subdomains anymore
* remove lots of unneeded brackes and semicolons
---
 hosts/hainich/services/nginx.nix | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix
index 9a2f162..4dc2f53 100644
--- a/hosts/hainich/services/nginx.nix
+++ b/hosts/hainich/services/nginx.nix
@@ -12,14 +12,10 @@
 
   services.nginx.virtualHosts = let
   in {
+    # let all empty subdomains pointing to hainich return 404
     "hainich.hacc.space" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/" = {
-          return = "404";
-        };
-      };
+      default = true;
+      locations."/".return = "404";
     };
   };
 

From 233ffdd769b718ec977424d7edc9abc55a4d9c4d Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Thu, 18 Mar 2021 19:12:14 +0100
Subject: [PATCH 3/6] hainich/nginx: redirect hacc.space to hacc.earth

redirect was previously managed on libocerus
hacc.space now points to hainich
---
 hosts/hainich/services/nginx.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix
index 4dc2f53..56cf029 100644
--- a/hosts/hainich/services/nginx.nix
+++ b/hosts/hainich/services/nginx.nix
@@ -17,6 +17,11 @@
       default = true;
       locations."/".return = "404";
     };
+    "hacc.space" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".return = "301 https://hacc.earth";
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 1935 ];

From 071f135ef4eea6fc8b2cc04f6b9e1d8503b544dc Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Sat, 20 Mar 2021 16:56:56 +0100
Subject: [PATCH 4/6] hainich: Blacklist ip_tables and ip6_tables

Prevent **something** (docker) from loading the iptables kernel modules
and breaking nftables
---
 hosts/hainich/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix
index 5cc94e0..45c5a8e 100644
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@@ -25,6 +25,9 @@
   boot.loader.grub.device = "/dev/sda";
   boot.supportedFilesystems = [ "zfs" ];
 
+  # stop presumably docker form loading ip_tables and breaking nftables
+  boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" ]; 
+
   # networking
   networking.hostName = "hainich";
   networking.hostId = "8a58cb2f";

From 8377d27b875557fac1dac1ed31e187729d94b64c Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Fri, 19 Mar 2021 14:16:55 +0100
Subject: [PATCH 5/6] hainich: init minecraft server

this server replaces the vanilla minecraft server on libocedrus
---
 hosts/hainich/configuration.nix      |  1 +
 hosts/hainich/services/minecraft.nix | 49 ++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 hosts/hainich/services/minecraft.nix

diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix
index 45c5a8e..8e0bc9f 100644
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@@ -19,6 +19,7 @@
     ./services/syncthing.nix
     ./services/monitoring.nix
     ./services/workadventure.nix
+    ./services/minecraft.nix
   ];
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
diff --git a/hosts/hainich/services/minecraft.nix b/hosts/hainich/services/minecraft.nix
new file mode 100644
index 0000000..0c20943
--- /dev/null
+++ b/hosts/hainich/services/minecraft.nix
@@ -0,0 +1,49 @@
+{pkgs, lib, config, ...}:
+{
+  nixpkgs.config.allowUnfree = true;
+  networking.firewall.allowedTCPPorts = [ 25565 ];
+  services.minecraft-server = {
+    enable = true;
+    eula = true;
+    declarative = true;
+    jvmOpts = "-Xmx1536M -Xms512M";
+
+    serverProperties = {
+      server-port = "25565";
+      gamemode = "survival";
+      motd = "NixCraft4future";
+      max-players = "20";
+      whitelist = true;
+      force-gamemode = true;
+      difficulty = "easy";
+      allow-flight= false;
+      pvp = false;
+      enable-rcon = false;
+    };
+
+    whitelist = {
+      AaronPirt = "bbb8a319-a0fe-4b7a-bdcc-d7941a7fcfa8";
+      ACY2003 = "e6caedfb-95de-44b6-bea7-962e765f2b74";
+      Hexchen = "137ad280-856c-4f27-b258-b263d4e6863b";
+      laXDer = "98043845-8bac-4d38-a479-d116eea90356";
+      Naigh = "96dd9a77-2a65-415b-8d48-1f00e146dc42";
+      Schweby = "a5680c67-1a85-4a9b-81b6-a3a0b7b52467";
+      wolkenzebratopf = "34f47e5b-3f81-4639-ab6b-97be5e358054";
+      yan_min = "a2d1b6f2-1b58-4433-be67-f9872c4332f1";
+      Zauberberg = "4c59c4c3-f16b-4b7e-b707-9a176958e7cf";
+    };
+
+    package = let 
+      version = "16.5-558";
+      url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/558/downloads/paper-1.16.5-558.jar";
+      sha256 = "24d00dbb162ff5d9aeda0d4969c8050c88ae1e9386c855a98a0f68017e4508e8";
+    in (pkgs.minecraft-server.overrideAttrs (old: rec {
+      name = "minecraft-server-${version}";
+      inherit version;
+
+      src = pkgs.fetchurl {
+        inherit url sha256;
+      };      
+    }));
+  };
+}

From 99d534586aa9c25ca034bb2046ccfaadcc4e073f Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Sat, 20 Mar 2021 17:09:58 +0100
Subject: [PATCH 6/6] hainich/minecraft: update to paper 1.16.5-562

---
 hosts/hainich/services/minecraft.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/hainich/services/minecraft.nix b/hosts/hainich/services/minecraft.nix
index 0c20943..2e2c712 100644
--- a/hosts/hainich/services/minecraft.nix
+++ b/hosts/hainich/services/minecraft.nix
@@ -34,9 +34,9 @@
     };
 
     package = let 
-      version = "16.5-558";
-      url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/558/downloads/paper-1.16.5-558.jar";
-      sha256 = "24d00dbb162ff5d9aeda0d4969c8050c88ae1e9386c855a98a0f68017e4508e8";
+      version = "16.5-562";
+      url = "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/562/downloads/paper-1.16.5-562.jar";
+      sha256 = "6c9110cb096cf8015382c112c1cfaf61093fd41c807410b0f744bee5317a05fd";
     in (pkgs.minecraft-server.overrideAttrs (old: rec {
       name = "minecraft-server-${version}";
       inherit version;