[cornu-aspersum] Finish ccqcraft setup

2021-12-20 21:31:48 +01:00 · 2021-12-20 21:31:48 +01:00 · fd1fd2a382
parent 8fa692070a
commit fd1fd2a382
3 changed files with 54 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -155,6 +155,7 @@
            ./hosts/cornu-aspersum.nix
            ./hardware/netcup-rs-2000-g9.nix
            ./modules/nginx-reverse-proxy.nix
+            ./modules/ccqcraft.nix
            #./modules/radicale.nix
            #./modules/grafana.nix
          ];
@ -233,7 +234,7 @@
        # Make sure that I can log in
        users.users.root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
        # Basic packages
-        environment.systemPackages = with pkgs; [ git sops ];
+        environment.systemPackages = with pkgs; [ git sops htop ];
        # Enable mosh for some SSH superpower
        programs.mosh.enable = pkgs.lib.mkDefault true;
        services.openssh.enable = pkgs.lib.mkDefault true;
--- a/modules/ccqcraft.nix
+++ b/modules/ccqcraft.nix
@ -0,0 +1,49 @@
+{ pkgs, ... }:
+
+let
+  ports = {
+    minecraft = 25565;
+    rcon = 24738;
+    voicechat = 24454;
+    dynmap = 8123;
+  };
+
+in {
+  virtualisation.docker.enable = true;
+
+  users.users.ccqcraft = {
+    isNormalUser = true;
+    extraGroups = [ "docker" ];
+    hashedPassword =
+      "$6$D69mzkGZAitfCQOL$oL/7SmSqGwRhZgyiOEgp6N5NkZ/NpdzggomtPFa4XB33Kb3aZMBiLWQS3VSHZhRo2y9mPgXy3mFPSvtvCzoKz/";
+  };
+
+  environment.systemPackages = with pkgs; [ git docker-compose megatools unzip ];
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      ports.minecraft ports.rcon
+    ];
+    allowedUDPPorts = [
+      # Port used for Voicechat plugin
+      ports.voicechat
+    ];
+  };
+
+  # Expose dynmap map through nginx
+  services.nginx.virtualHosts."map.ccqcraft.de" = {
+    serverAliases = [ "ccqcraft.de" ];
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://[::1]:${builtins.toString ports.dynmap}";
+      #proxyWebsockets = true; # needed if you need to use WebSocket
+      #extraConfig =
+      # required when the target is also TLS server with multiple hosts
+      #"proxy_ssl_server_name on;" +
+      # required when the server wants to use HTTP Authentication
+      #"proxy_pass_header Authorization;";
+    };
+  };
+
+}
--- a/secrets/achatina-fulica/secrets.yaml
+++ b/secrets/achatina-fulica/secrets.yaml
@ -1,4 +1,4 @@
-gladosEnv: ENC[AES256_GCM,data:8oERIdzNnfx56FoUN3V8E5a6ngD9d9xhokPXIWFbr0mOsjs4LlgRs3u5k3ov6iohLkiKV8+T+llmmU/Cp55NP6+9ISr20rVM07XmE8jdhmhdgllMkMwk3wC6MvvQEEFh/VclqvvhKrkA5nUS6BTp5w0kK6ZVG6YtQOjDKEXiHIkjAeLUTJCtOPfLG85D+yR4jozWUCh7iZrChoOYyNI9vi1sqBcptg/CqiIw0S/snGyxLfmS3EvGEIC5CCDCXKflWnv0DdRD9VhWomopybjs51InbJAjV5YG5bSv1q8aWlXtoeAFdpFnqjHhmAaIH4J1y416DR1zbZ+piLkUKVGtE12Pw+3b065i0zmHcX0E9C1+b8pexTRBoWpCGeeMW8ewB/n7gkVchHenmdgySHlelwpVzKT+l5fnfVz2dsauBJURqQOCiopjetohfqVfSD1J8H2qDjDhP1hc3xy+EnMOnoeBGNVYsnf+3kGoJobFVZ4RaLIM/7HGbTt5lltqnV/tLs88fEmjR/ILYPeEcybOIyDxCmSoigOuyKSRmNcwMyHftAgtQFHewwM3I/luTyooN/aMX2ocmZcJaGCM,iv:9DjzSjgS3B0bChJr+KhD11RO+iteF5BuE7BnGR/myBQ=,tag:oXdW3IIQj9cM6bMph35d3w==,type:str]
+gladosEnv: ENC[AES256_GCM,data:ID7S6P//KrD/eprgNNRV/P2NwIwJu0h6blZX89ovgg9YexYgqSUdIxc9S9WCSKHWQjX4JUUMjQmDMg5pnFx9cCDtECz7r536fhuDrl1CAqtR2MbsD6a78rysDMGuJvZiyoRcaFwwUDMXN3Hw+aSTogUDlEg0CojZ3qFpW4Cp5W5yojSR8wZC2w+tjb53MeeTXxNJL78zKJ7sMOdHEk5lEHO8/hI/pb48vHBMS7wn4/bWHo2KRX4v2XxqAT0XHB0/nAYO7YIIk96ObZc9G85SnRCCXb+YlSQ5Y64Ffb2CxV+FfWDjmUvVBXPPP1qBRcbcea/7KXrRQG/LarFPJqg+uypLcO+1OL3R0609MRfCgtUk3WMVJ5d+emHPv4i0faxI3GNYf3IaIkSeZhhBtSwu79ihNfm8B14WpJOMVRQ7pU6uXpmcTRv3NYO4v/MLw87QHEQh+de52s4J8FPm3+IMxqocAIQVmnwAqlIRhh/+nPhmndhl2p7wyO4TcYMldKeepJ+KxjZMwoEYfi90f/xwqF5voUKViDw7wI1Y9x1qdWJnZr8cKckruGYrZDHeAxAaFgHG1WvpMVw=,iv:uxQ+P1355lbJhD0BZecjcUfjBVf0Pysddyu+MnaY59o=,tag:yZziizbPBy4nmb2gIQJBVw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -14,8 +14,8 @@ sops:
            WXhMUmY4cUUrcWMxSVRBaVZhZ1lMMk0KGnODEBERnEJVZ2jwd/JITnaQfHdVOAFg
            Nvlu1LvTNBN/fYtDhsj1T0JWqRRSZ8DbYfLxKCKwWgu/z7++rOR1/g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-12-09T16:27:42Z"
-    mac: ENC[AES256_GCM,data:jMcc42yA145sYARTWAsQ94ID/Lhl43414vSvRXkqd8lUaSZwPvJ81cTyN0r3s6M10/BuANitnmdu+v98/gu2ccbw0VcTP1VlaaHMfdSZUaIjc8MfZ9o7yTl6x4UITJpt0WPDuldJLzBICJa3swTpnu0x/IcuNbrCemycrNGzq2I=,iv:y9dnGbz7gCwVizMaSYZibV9D7AHmt0PHcALpBpvvigQ=,tag:KqhjDW03p2FNdRJpJfVvZQ==,type:str]
+    lastmodified: "2021-12-20T20:29:34Z"
+    mac: ENC[AES256_GCM,data:QLfAQ/KhZQj/uLk7HiNDhR8W33LTioree9CSw4k1p0lMPLxzFmcbB0DFrO24kezcG+jvr9dYEajMmK7SUyFL1H+DVNo1tJNBLaEzRlu2KEok56pcXTiuGdZ0wCNnQvvnZP4Oe/tQZR/yeDTJpvRufVUAXP7F8j+qyvZEhER0gf8=,iv:O9SUXhquji2BUjpm+I4NSMvGoAGKXqwARSDUqMgjOOk=,tag:UD6vTIVb04L6IMmo/mTlEw==,type:str]
    pgp:
        - created_at: "2021-12-06T08:25:13Z"
          enc: |