tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

treewide: Reformat project with alejandra

Browse source
This commit is contained in:
Tristan Daniël Maat 2022-10-10 13:03:08 +01:00
parent 58e52dd119
commit 046a88905d
Signed by: tlater
GPG key ID: 49670FD774E43268
17 changed files with 405 additions and 353 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
configuration/default.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
./services/gitea.nix ./services/gitea.nix
./services/minecraft.nix ./services/minecraft.nix
@ -18,7 +21,7 @@
''; '';
# Enable remote builds from tlater # Enable remote builds from tlater
trustedUsers = [ "@wheel" ]; trustedUsers = ["@wheel"];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
@ -26,10 +29,10 @@
sops = { sops = {
defaultSopsFile = ../keys/external.yaml; defaultSopsFile = ../keys/external.yaml;
secrets.steam = { }; secrets.steam = {};
}; };
boot.kernelParams = [ "highres=off" "nohz=off" ]; boot.kernelParams = ["highres=off" "nohz=off"];
networking = { networking = {
hostName = "tlaternet"; hostName = "tlaternet";
@ -38,15 +41,15 @@
useDHCP = false; useDHCP = false;
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 21025 ]; firewall.allowedTCPPorts = [80 443 2222 2221 25565 21025];
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
users.users.tlater = { users.users.tlater = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = ["wheel"];
openssh.authorizedKeys.keyFiles = [ ../keys/tlater.pub ]; openssh.authorizedKeys.keyFiles = [../keys/tlater.pub];
}; };
services.openssh = { services.openssh = {
@ -54,7 +57,7 @@
allowSFTP = false; allowSFTP = false;
passwordAuthentication = false; passwordAuthentication = false;
permitRootLogin = "no"; permitRootLogin = "no";
ports = [ 2222 ]; ports = [2222];
startWhenNeeded = true; startWhenNeeded = true;
gatewayPorts = "yes"; gatewayPorts = "yes";
}; };
@ -77,12 +80,13 @@
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
''; '';
} extra; }
extra;
domain = config.services.nginx.domain; domain = config.services.nginx.domain;
in { in {
"${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; }; "${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
"gitea.${domain}" = host 3000 { }; "gitea.${domain}" = host 3000 {};
"nextcloud.${domain}" = host 3001 { }; "nextcloud.${domain}" = host 3001 {};
}; };
}; };

4
configuration/ids.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
ids.uids = { ids.uids = {
# System user ids start at 400 (see nixos/modules/programs/shadow.nix) # System user ids start at 400 (see nixos/modules/programs/shadow.nix)
webserver = 400; webserver = 400;

9
configuration/linode.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
# Required for the lish console # Required for the lish console
boot.kernelParams = [ "console=ttyS0,19200n8" ]; boot.kernelParams = ["console=ttyS0,19200n8"];
boot.loader = { boot.loader = {
# Timeout to allow lish to connect # Timeout to allow lish to connect

14
configuration/services/gitea.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
users = { users = {
extraUsers.gitea = { extraUsers.gitea = {
uid = config.ids.uids.git; uid = config.ids.uids.git;
@ -8,19 +6,19 @@
description = "Gitea Service"; description = "Gitea Service";
group = config.users.extraGroups.gitea.name; group = config.users.extraGroups.gitea.name;
}; };
extraGroups.gitea = { gid = config.ids.gids.git; }; extraGroups.gitea = {gid = config.ids.gids.git;};
}; };
virtualisation.pods.gitea = { virtualisation.pods.gitea = {
hostname = "gitea.tlater.net"; hostname = "gitea.tlater.net";
publish = [ "3000:3000" "2221:2221" ]; publish = ["3000:3000" "2221:2221"];
network = "slirp4netns"; network = "slirp4netns";
containers = { containers = {
gitea = { gitea = {
image = "gitea/gitea:latest"; image = "gitea/gitea:latest";
volumes = [ "gitea:/data:Z" "/etc/localtime:/etc/localtime:ro" ]; volumes = ["gitea:/data:Z" "/etc/localtime:/etc/localtime:ro"];
dependsOn = [ "postgres" ]; dependsOn = ["postgres"];
environment = { environment = {
DB_TYPE = "postgres"; DB_TYPE = "postgres";
@ -43,7 +41,7 @@
POSTGRES_DB = "gitea"; POSTGRES_DB = "gitea";
POSTGRES_USER = "gitea"; POSTGRES_USER = "gitea";
}; };
volumes = [ "gitea-postgres-14:/var/lib/postgresql/data" ]; volumes = ["gitea-postgres-14:/var/lib/postgresql/data"];
}; };
}; };
}; };

45
configuration/services/minecraft.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
let pkgs,
lib,
...
}: let
minecraft-server-args = [ minecraft-server-args = [
"-Xms2G" "-Xms2G"
"-Xmx2G" "-Xmx2G"
@ -24,12 +27,14 @@ let
"-XX:+PerfDisableSharedMem" "-XX:+PerfDisableSharedMem"
"-XX:MaxTenuringThreshold=1" "-XX:MaxTenuringThreshold=1"
]; ];
ops = pkgs.writeText "ops.json" (builtins.toJSON [{ ops = pkgs.writeText "ops.json" (builtins.toJSON [
uuid = "140d177a-966f-41b8-a4c0-e305babd291b"; {
name = "TLATER"; uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
level = 4; name = "TLATER";
bypassesPlayerLimit = true; level = 4;
}]); bypassesPlayerLimit = true;
}
]);
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [ whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
{ {
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c"; uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
@ -49,7 +54,6 @@ let
} }
]); ]);
eula = pkgs.writeText "eula.txt" "eula=true"; eula = pkgs.writeText "eula.txt" "eula=true";
in { in {
users = { users = {
extraUsers.minecraft = { extraUsers.minecraft = {
@ -58,7 +62,7 @@ in {
isSystemUser = true; isSystemUser = true;
description = "Minecraft server user"; description = "Minecraft server user";
}; };
extraGroups.minecraft = { gid = config.ids.gids.minecraft; }; extraGroups.minecraft = {gid = config.ids.gids.minecraft;};
}; };
virtualisation.oci-containers.containers.minecraft-voor-kia = let virtualisation.oci-containers.containers.minecraft-voor-kia = let
@ -83,22 +87,22 @@ in {
uid = toString config.users.extraUsers.minecraft.uid; uid = toString config.users.extraUsers.minecraft.uid;
gid = toString config.users.extraGroups.minecraft.gid; gid = toString config.users.extraGroups.minecraft.gid;
in { in {
Cmd = [ "forge-server" ] ++ minecraft-server-args; Cmd = ["forge-server"] ++ minecraft-server-args;
WorkingDir = "/var/lib/minecraft"; WorkingDir = "/var/lib/minecraft";
Volumes = { Volumes = {
"/var/lib/minecraft" = { }; "/var/lib/minecraft" = {};
# Required because some things will try to write to /tmp, # Required because some things will try to write to /tmp,
# which doesn't exist if it's not defined as a volume. # which doesn't exist if it's not defined as a volume.
"/tmp" = { }; "/tmp" = {};
}; };
ExposedPorts = { "25565" = { }; }; ExposedPorts = {"25565" = {};};
User = "${uid}:${gid}"; User = "${uid}:${gid}";
}; };
}; };
extraOptions = [ "--cpus=1.0" ]; extraOptions = ["--cpus=1.0"];
autoStart = false; autoStart = false;
ports = [ "25565:25565" ]; ports = ["25565:25565"];
volumes = [ volumes = [
"minecraft:/var/lib/minecraft" "minecraft:/var/lib/minecraft"
"${eula}:/var/lib/minecraft/eula.txt:ro" "${eula}:/var/lib/minecraft/eula.txt:ro"
@ -111,7 +115,7 @@ in {
systemd.timers.podman-minecraft-voor-kia-off = { systemd.timers.podman-minecraft-voor-kia-off = {
description = "Turns off the minecraft server every day at 4 am"; description = "Turns off the minecraft server every day at 4 am";
wantedBy = [ "podman-minecraft-voor-kia.service" ]; wantedBy = ["podman-minecraft-voor-kia.service"];
timerConfig = { timerConfig = {
Unit = "podman-minecraft-voor-kia-starter@stop.service"; Unit = "podman-minecraft-voor-kia-starter@stop.service";
OnCalendar = "04:00:00"; OnCalendar = "04:00:00";
@ -120,7 +124,7 @@ in {
systemd.timers.podman-minecraft-voor-kia-on = { systemd.timers.podman-minecraft-voor-kia-on = {
description = "Turns on the minecraft server every day at 2 pm"; description = "Turns on the minecraft server every day at 2 pm";
wantedBy = [ "podman-minecraft-voor-kia.service" ]; wantedBy = ["podman-minecraft-voor-kia.service"];
timerConfig = { timerConfig = {
Unit = "podman-minecraft-voor-kia-starter@start.service"; Unit = "podman-minecraft-voor-kia-starter@start.service";
OnCalendar = "14:00:00"; OnCalendar = "14:00:00";
@ -130,8 +134,7 @@ in {
systemd.services."podman-minecraft-voor-kia-starter@" = { systemd.services."podman-minecraft-voor-kia-starter@" = {
description = "Unit to stop/start the minecraft server"; description = "Unit to stop/start the minecraft server";
serviceConfig = { serviceConfig = {
ExecStart = ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
Type = "oneshot"; Type = "oneshot";
}; };
}; };

18
configuration/services/nextcloud.nix
View file

@ -1,15 +1,13 @@
{ config, ... }: {config, ...}: {
{
virtualisation.pods.nextcloud = { virtualisation.pods.nextcloud = {
hostname = "nextcloud.tlater.net"; hostname = "nextcloud.tlater.net";
publish = [ "3001:80" ]; publish = ["3001:80"];
network = "slirp4netns"; network = "slirp4netns";
containers = { containers = {
nextcloud = { nextcloud = {
image = "nextcloud:fpm-alpine"; image = "nextcloud:fpm-alpine";
dependsOn = [ "postgres" ]; dependsOn = ["postgres"];
volumes = [ volumes = [
"nextcloud-root:/var/www/html" "nextcloud-root:/var/www/html"
"nextcloud-apps:/var/www/html/custom_apps" "nextcloud-apps:/var/www/html/custom_apps"
@ -28,18 +26,18 @@
cron = { cron = {
image = "nextcloud:fpm-alpine"; image = "nextcloud:fpm-alpine";
entrypoint = "/cron.sh"; entrypoint = "/cron.sh";
dependsOn = [ "postgres" "nextcloud" ]; dependsOn = ["postgres" "nextcloud"];
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ]; extraOptions = ["--volumes-from=nextcloud-nextcloud"];
}; };
nginx = { nginx = {
image = "nginx:alpine"; image = "nginx:alpine";
dependsOn = [ "nextcloud" ]; dependsOn = ["nextcloud"];
volumes = [ volumes = [
"nextcloud-root:/var/www/html:ro" "nextcloud-root:/var/www/html:ro"
"${./configs/nginx-nextcloud.conf}:/etc/nginx/nginx.conf:ro" "${./configs/nginx-nextcloud.conf}:/etc/nginx/nginx.conf:ro"
]; ];
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ]; extraOptions = ["--volumes-from=nextcloud-nextcloud"];
}; };
postgres = { postgres = {
@ -48,7 +46,7 @@
POSTGRES_DB = "nextcloud"; POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud"; POSTGRES_USER = "nextcloud";
}; };
volumes = [ "nextcloud-postgres-14:/var/lib/postgresql/data" ]; volumes = ["nextcloud-postgres-14:/var/lib/postgresql/data"];
}; };
}; };
}; };

18
configuration/services/webserver.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
users = { users = {
extraUsers.webserver = { extraUsers.webserver = {
uid = config.ids.uids.webserver; uid = config.ids.uids.webserver;
@ -8,7 +10,7 @@
isSystemUser = true; isSystemUser = true;
description = "tlater.net web server user"; description = "tlater.net web server user";
}; };
extraGroups.webserver = { gid = config.ids.gids.webserver; }; extraGroups.webserver = {gid = config.ids.gids.webserver;};
}; };
virtualisation.oci-containers.containers.webserver = { virtualisation.oci-containers.containers.webserver = {
@ -23,19 +25,19 @@
uid = toString config.users.extraUsers.webserver.uid; uid = toString config.users.extraUsers.webserver.uid;
gid = toString config.users.extraGroups.webserver.gid; gid = toString config.users.extraGroups.webserver.gid;
in { in {
Cmd = [ "tlaternet-webserver" ]; Cmd = ["tlaternet-webserver"];
Volumes = { "/srv/mail" = { }; }; Volumes = {"/srv/mail" = {};};
Env = [ Env = [
"ROCKET_PORT=3002" "ROCKET_PORT=3002"
"ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/" "ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/"
]; ];
ExposedPorts = { "3002" = { }; }; ExposedPorts = {"3002" = {};};
User = "${uid}:${gid}"; User = "${uid}:${gid}";
}; };
}; };
ports = [ "3002:3002" ]; ports = ["3002:3002"];
volumes = [ "tlaternet-mail:/srv/mail" ]; volumes = ["tlaternet-mail:/srv/mail"];
extraOptions = [ extraOptions = [
"--hostname=tlater.net" "--hostname=tlater.net"
# Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible. # Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.

277
flake.nix
View file

@ -26,144 +26,155 @@
}; };
}; };
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix outputs = {
, tlaternet-webserver, tlaternet-templates, ... }@inputs: self,
let nixpkgs,
overlays = [ nixos-hardware,
(final: prev: { flake-utils,
tlaternet-webserver = sops-nix,
tlaternet-webserver.legacyPackages.${prev.system}.packages; tlaternet-webserver,
tlaternet-templates = tlaternet-templates,
tlaternet-templates.legacyPackages.${prev.system}.packages; ...
local = import ./pkgs { } @ inputs: let
pkgs = prev; overlays = [
local-lib = self.lib.${prev.system}; (final: prev: {
}; tlaternet-webserver =
}) tlaternet-webserver.legacyPackages.${prev.system}.packages;
]; tlaternet-templates =
tlaternet-templates.legacyPackages.${prev.system}.packages;
in { local = import ./pkgs {
pkgs = prev;
local-lib = self.lib.${prev.system};
};
})
];
in
{
nixosConfigurations = { nixosConfigurations = {
tlaternet = let system = "x86_64-linux"; tlaternet = let
in nixpkgs.lib.nixosSystem { system = "x86_64-linux";
inherit system; in
nixpkgs.lib.nixosSystem {
inherit system;
modules = [ modules = [
({ modulesPath, ... }: { ({modulesPath, ...}: {
imports = [ (modulesPath + "/profiles/headless.nix") ]; imports = [(modulesPath + "/profiles/headless.nix")];
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
}) })
(import ./modules) (import ./modules)
(import ./configuration) (import ./configuration)
(import ./configuration/linode.nix) (import ./configuration/linode.nix)
(import ./configuration/hardware-configuration.nix) (import ./configuration/hardware-configuration.nix)
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
];
};
vm = let system = "x86_64-linux";
in nixpkgs.lib.nixosSystem {
inherit system;
modules = [
({ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/headless.nix") ];
nixpkgs.overlays = overlays;
})
(import ./modules)
(import ./configuration)
sops-nix.nixosModules.sops
({ lib, ... }: {
users.users.tlater.password = "insecure";
# Disable graphical tty so -curses works
boot.kernelParams = [ "nomodeset" ];
# Sets the base domain for nginx to localhost so that we
# can easily test locally with the VM.
services.nginx.domain = lib.mkOverride 99 "localhost";
# # Set up VM settings to match real VPS
# virtualisation.memorySize = 3941;
# virtualisation.cores = 2;
})
];
};
};
} // flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system overlays; };
sops-pkgs = sops-nix.packages.${system};
in {
devShell =
pkgs.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = with sops-pkgs; [
sops-import-keys-hook
]; ];
buildInputs = with pkgs; with sops-pkgs; [
nixfmt
git-lfs
sops-init-gpg-key
# For the minecraft mod update script
(python3.withPackages (pypkgs:
with pypkgs; [
dateutil
requests
ipython
python3.withPackages (ppkgs:
with pkgs; [
python-lsp-server
python-lsp-black
pyls-isort
pyls-mypy
rope
pyflakes
mccabe
pycodestyle
pydocstyle
])
]))
];
shellHook = let
inherit (pkgs.lib.attrsets) mapAttrsToList;
inherit (pkgs.lib.strings) concatStringsSep;
ports = {
"3022" = "2222";
"3080" = "80";
"3443" = "443";
"3021" = "2221";
"25565" = "25565";
"21025" = "21025"; # Starbound
};
QEMU_NET_OPTS =
concatStringsSep ","
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
ports);
in
''
export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
# Work around sudo requiring a full terminal
export NIX_SSHOPTS="-t"
'';
}; };
packages = import ./pkgs { vm = let
inherit pkgs; system = "x86_64-linux";
local-lib = self.lib.${system}; in
}; nixpkgs.lib.nixosSystem {
inherit system;
lib = import ./lib { modules = [
inherit pkgs inputs; ({modulesPath, ...}: {
lib = nixpkgs.lib; imports = [(modulesPath + "/profiles/headless.nix")];
}; nixpkgs.overlays = overlays;
}); })
(import ./modules)
(import ./configuration)
sops-nix.nixosModules.sops
({lib, ...}: {
users.users.tlater.password = "insecure";
# Disable graphical tty so -curses works
boot.kernelParams = ["nomodeset"];
# Sets the base domain for nginx to localhost so that we
# can easily test locally with the VM.
services.nginx.domain = lib.mkOverride 99 "localhost";
# # Set up VM settings to match real VPS
# virtualisation.memorySize = 3941;
# virtualisation.cores = 2;
})
];
};
};
}
// flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {inherit system overlays;};
sops-pkgs = sops-nix.packages.${system};
in {
devShell = pkgs.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = with sops-pkgs; [
sops-import-keys-hook
];
buildInputs = with pkgs;
with sops-pkgs; [
nixfmt
git-lfs
sops-init-gpg-key
# For the minecraft mod update script
(python3.withPackages (pypkgs:
with pypkgs; [
dateutil
requests
ipython
python3.withPackages
(ppkgs:
with pkgs; [
python-lsp-server
python-lsp-black
pyls-isort
pyls-mypy
rope
pyflakes
mccabe
pycodestyle
pydocstyle
])
]))
];
shellHook = let
inherit (pkgs.lib.attrsets) mapAttrsToList;
inherit (pkgs.lib.strings) concatStringsSep;
ports = {
"3022" = "2222";
"3080" = "80";
"3443" = "443";
"3021" = "2221";
"25565" = "25565";
"21025" = "21025"; # Starbound
};
QEMU_NET_OPTS =
concatStringsSep ","
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
ports);
in ''
export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
# Work around sudo requiring a full terminal
export NIX_SSHOPTS="-t"
'';
};
packages = import ./pkgs {
inherit pkgs;
local-lib = self.lib.${system};
};
lib = import ./lib {
inherit pkgs inputs;
lib = nixpkgs.lib;
};
});
} }

18
lib/default.nix
View file

@ -1,8 +1,12 @@
{ inputs, lib, pkgs, ... }: {
inputs,
let lib,
pkgs,
...
}: let
inherit (lib) makeExtensible foldr attrValues; inherit (lib) makeExtensible foldr attrValues;
tlater-lib = makeExtensible (self: tlater-lib = makeExtensible (self: let
let callLibs = file: import file { inherit self lib pkgs inputs; }; callLibs = file: import file {inherit self lib pkgs inputs;};
in { minecraft = callLibs ./minecraft.nix; }); in {minecraft = callLibs ./minecraft.nix;});
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super)) in
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))

20
lib/minecraft.nix
View file

@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{ {
lib,
pkgs,
...
}: {
# Make a modpack given its mod inputs. # Make a modpack given its mod inputs.
# #
# Mods should be attrsets in this format: # Mods should be attrsets in this format:
@ -13,7 +15,11 @@
# #
# This may be nice to read from a json ;) # This may be nice to read from a json ;)
# #
mkModpack = { name, version, mods }: mkModpack = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
inherit name version; inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods; srcs = map pkgs.local.fetchFromCurseForge mods;
@ -28,7 +34,11 @@
''; '';
}; };
mkModpackZip = { name, version, mods }: mkModpackZip = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
inherit name version; inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods; srcs = map pkgs.local.fetchFromCurseForge mods;
@ -37,7 +47,7 @@
preUnpack = "mkdir -p src/"; preUnpack = "mkdir -p src/";
unpackCmd = "cp $curSrc src/"; unpackCmd = "cp $curSrc src/";
buildInputs = [ pkgs.zip]; buildInputs = [pkgs.zip];
buildPhase = '' buildPhase = ''
zip voor-kia-mods.zip *.jar zip voor-kia-mods.zip *.jar

9
modules/default.nix
View file

@ -1,9 +1,6 @@
{ lib, ... }: {lib, ...}:
with lib; {
with lib; imports = [./virtualisation/pods.nix];
{
imports = [ ./virtualisation/pods.nix ];
options.services.nginx.domain = mkOption { options.services.nginx.domain = mkOption {
type = types.str; type = types.str;

80
modules/virtualisation/pods.nix
View file

@ -1,20 +1,21 @@
{ lib, config, options, ... }: {
lib,
with lib; config,
options,
let ...
}:
with lib; let
cfg = config.virtualisation.pods; cfg = config.virtualisation.pods;
list-to-args = arg: list: list-to-args = arg: list:
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list); concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
possibly-unset-arg = arg: val: possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
mkPod = name: pod: rec { mkPod = name: pod: rec {
path = [ config.virtualisation.podman.package ]; path = [config.virtualisation.podman.package];
wants = [ "network.target" ]; wants = ["network.target"];
after = [ "network-online.target" ]; after = ["network-online.target"];
wantedBy = [ "multi-user.target" "default.target" ]; wantedBy = ["multi-user.target" "default.target"];
environment.PODMAN_SYSTEMD_UNIT = "%n"; environment.PODMAN_SYSTEMD_UNIT = "%n";
@ -55,7 +56,6 @@ let
PIDFile = "/run/podman/pods/${name}.pid"; PIDFile = "/run/podman/pods/${name}.pid";
}; };
}; };
in { in {
options.virtualisation.pods = mkOption { options.virtualisation.pods = mkOption {
type = with types; type = with types;
@ -63,9 +63,8 @@ in {
options = { options = {
added-hosts = mkOption { added-hosts = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = description = "Additional hosts to add to /etc/hosts for each container.";
"Additional hosts to add to /etc/hosts for each container.";
example = literalExample '' example = literalExample ''
[ "database:10.0.0.1" ] [ "database:10.0.0.1" ]
''; '';
@ -74,25 +73,24 @@ in {
cgroup-parent = mkOption { cgroup-parent = mkOption {
type = nullOr str; type = nullOr str;
default = null; default = null;
description = description = "The cgroups path under which the pod cgroup will be created.";
"The cgroups path under which the pod cgroup will be created.";
}; };
dns = mkOption { dns = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = "The dns servers to set in /etc/resolv.conf."; description = "The dns servers to set in /etc/resolv.conf.";
}; };
dns-opt = mkOption { dns-opt = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = "dns options to set in /etc/resolv.conf."; description = "dns options to set in /etc/resolv.conf.";
}; };
dns-search = mkOption { dns-search = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = "Search domains to set in /etc/resolv.conf."; description = "Search domains to set in /etc/resolv.conf.";
}; };
@ -156,20 +154,20 @@ in {
publish = mkOption { publish = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = "List of ports to publish from the pod."; description = "List of ports to publish from the pod.";
}; };
share = mkOption { share = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [];
description = "List of kernel namespaces to share."; description = "List of kernel namespaces to share.";
}; };
containers = options.virtualisation.oci-containers.containers; containers = options.virtualisation.oci-containers.containers;
}; };
}); });
default = { }; default = {};
description = "Podman pods to run as systemd services."; description = "Podman pods to run as systemd services.";
}; };
@ -178,7 +176,7 @@ in {
# #
# TODO: See if there's a generic version for this somewhere in the # TODO: See if there's a generic version for this somewhere in the
# pkgs lib? # pkgs lib?
mergeAttrs = attrList: foldr (a: b: a // b) { } attrList; mergeAttrs = attrList: foldr (a: b: a // b) {} attrList;
# Create services for all defined pods # Create services for all defined pods
pod-services = mapAttrs' (n: v: nameValuePair "pod-${n}" (mkPod n v)) cfg; pod-services = mapAttrs' (n: v: nameValuePair "pod-${n}" (mkPod n v)) cfg;
@ -190,31 +188,35 @@ in {
pod-container-services = mergeAttrs (mapAttrsToList (pname: pod: pod-container-services = mergeAttrs (mapAttrsToList (pname: pod:
mapAttrs' (cname: container: mapAttrs' (cname: container:
nameValuePair "podman-${pname}-${cname}" rec { nameValuePair "podman-${pname}-${cname}" rec {
after = [ "pod-${pname}.service" ]; after = ["pod-${pname}.service"];
requires = after; requires = after;
}) pod.containers) cfg); })
pod.containers)
cfg);
# Override the oci-container settings for containers defined in pods. # Override the oci-container settings for containers defined in pods.
# #
# I.e., set the --pod=podname setting, and update the dependsOn so # I.e., set the --pod=podname setting, and update the dependsOn so
# it points to containers in the same pod. # it points to containers in the same pod.
podifyContainer = container: podname: podifyContainer = container: podname:
container // { container
// {
dependsOn = dependsOn =
map (dependency: "${podname}-${dependency}") container.dependsOn; map (dependency: "${podname}-${dependency}") container.dependsOn;
extraOptions = container.extraOptions ++ [ "--pod=${podname}" ]; extraOptions = container.extraOptions ++ ["--pod=${podname}"];
}; };
in
lib.mkIf (cfg != {}) {
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
in lib.mkIf (cfg != { }) { systemd.services = pod-services // pod-container-services;
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
systemd.services = pod-services // pod-container-services; virtualisation.oci-containers.containers = mergeAttrs (mapAttrsToList
(pname: pod:
virtualisation.oci-containers.containers = mergeAttrs (mapAttrsToList mapAttrs' (cname: container:
(pname: pod: nameValuePair "${pname}-${cname}" (podifyContainer container pname))
mapAttrs' (cname: container: pod.containers)
nameValuePair "${pname}-${cname}" (podifyContainer container pname)) cfg);
pod.containers) cfg); };
};
} }

53
pkgs/build-support/fetchFromCurseForge.nix
View file

@ -1,26 +1,31 @@
{ lib, fetchurl }: {
lib,
fetchurl,
}:
with builtins; with builtins;
{
project,
id,
filename,
...
} @ args: let
# I think this is supposed to be some weak automation
# protection. This split "id" is simply part of the download URL.
#
# Note that if it's zero-prefixed we need to remove the zeroes. It's
# really an odd one...
a = head (match "0*([[:digit:]]+)" (substring 0 4 (toString id)));
b = head (match "0*([[:digit:]]+)" (substring 4 7 (toString id)));
encoded-filename = replaceStrings [" "] ["%20"] filename;
{ project, id, filename, ... }@args: url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
let in
# I think this is supposed to be some weak automation fetchurl (otherArgs
# protection. This split "id" is simply part of the download URL. // {
# inherit url;
# Note that if it's zero-prefixed we need to remove the zeroes. It's # Rename files to avoid names incompatible with the nix store
# really an odd one... name = "${project}.jar";
a = head (match "0*([[:digit:]]+)" (substring 0 4 (toString id))); # Avoid accidental URL globbing
b = head (match "0*([[:digit:]]+)" (substring 4 7 (toString id))); curlOpts = "--globoff";
encoded-filename = replaceStrings [ " " ] [ "%20" ] filename; })
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
otherArgs = removeAttrs args [ "project" "project_id" "id" "filename" ];
in fetchurl (otherArgs // {
inherit url;
# Rename files to avoid names incompatible with the nix store
name = "${project}.jar";
# Avoid accidental URL globbing
curlOpts = "--globoff";
})

20
pkgs/default.nix
View file

@ -1,19 +1,21 @@
{ pkgs, local-lib, ... }: {
pkgs,
let local-lib,
...
}: let
inherit (pkgs.lib) callPackageWith; inherit (pkgs.lib) callPackageWith;
callPackage = callPackageWith (pkgs // { inherit local-lib; }); callPackage = callPackageWith (pkgs // {inherit local-lib;});
in { in {
# Forge # Forge
forge-server = callPackage ./minecraft/forge-server.nix { }; forge-server = callPackage ./minecraft/forge-server.nix {};
# Build support # Build support
fetchFromCurseForge = callPackage ./build-support/fetchFromCurseForge.nix { }; fetchFromCurseForge = callPackage ./build-support/fetchFromCurseForge.nix {};
# Minecraft modpacks # Minecraft modpacks
voor-kia = callPackage ./minecraft/voor-kia.nix { }; voor-kia = callPackage ./minecraft/voor-kia.nix {};
voor-kia-client = callPackage ./minecraft/voor-kia-client.nix { }; voor-kia-client = callPackage ./minecraft/voor-kia-client.nix {};
# Starbound # Starbound
starbound = callPackage ./starbound { }; starbound = callPackage ./starbound {};
} }

126
pkgs/minecraft/forge-server.nix
View file

@ -1,7 +1,15 @@
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell {
, mods ? null, modConfig ? null, defaultconfigs ? null }: lib,
stdenv,
let fetchurl,
busybox,
coreutils,
jre_headless,
runtimeShell,
mods ? null,
modConfig ? null,
defaultconfigs ? null,
}: let
name = "forge-server"; name = "forge-server";
version = "1.16.5-36.2.2"; version = "1.16.5-36.2.2";
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge"; mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
@ -14,7 +22,7 @@ let
unpackCmd = "mkdir -p src; cp $curSrc src/forge-${version}-installer.jar"; unpackCmd = "mkdir -p src; cp $curSrc src/forge-${version}-installer.jar";
nativeBuildInputs = [ jre_headless ]; nativeBuildInputs = [jre_headless];
# Somewhat evil pre-install step to run through the network # Somewhat evil pre-install step to run through the network
# dependency resolution forge needs. This is also common for gradle # dependency resolution forge needs. This is also common for gradle
@ -43,70 +51,70 @@ let
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig="; outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
}; };
in
stdenv.mkDerivation rec {
inherit name version src unpackCmd nativeBuildInputs;
in stdenv.mkDerivation rec { buildPhase = ''
inherit name version src unpackCmd nativeBuildInputs; mkdir -p installation
buildPhase = '' # Take the input deps and patch the Minecraft server jar into our
mkdir -p installation # libraries to create the package.
cp -rv ${deps}/* installation/
chmod -R +w installation/
java -jar forge-${version}-installer.jar --offline --installServer installation/
'';
# Take the input deps and patch the Minecraft server jar into our installPhase = ''
# libraries to create the package. mkdir -p $out/{bin,lib/forge}
cp -rv ${deps}/* installation/
chmod -R +w installation/
java -jar forge-${version}-installer.jar --offline --installServer installation/
'';
installPhase = '' cp -r installation/{forge-${version}.jar,libraries} $out/lib/forge/
mkdir -p $out/{bin,lib/forge}
cp -r installation/{forge-${version}.jar,libraries} $out/lib/forge/ cat > $out/bin/forge-server << EOF
#!${runtimeShell}
set -eu
cat > $out/bin/forge-server << EOF # Delete any previous mods directory so that it can be updated
#!${runtimeShell} ${busybox}/bin/rm -fr mods
set -eu
# Delete any previous mods directory so that it can be updated ${lib.optionalString (mods != null) ''
${busybox}/bin/rm -fr mods # Copy the specified mods into the directory. Note that, sadly,
# forge doesn't support symlinks here.
${busybox}/bin/mkdir -p mods
${busybox}/bin/cp -r '${mods}/mods/'*.jar mods
''}
${lib.optionalString (mods != null) '' # Delete any previous config directories so that they can be updated
# Copy the specified mods into the directory. Note that, sadly, ${busybox}/bin/rm -fr config defaultconfigs
# forge doesn't support symlinks here.
${busybox}/bin/mkdir -p mods
${busybox}/bin/cp -r '${mods}/mods/'*.jar mods
''}
# Delete any previous config directories so that they can be updated ${lib.optionalString (modConfig != null) ''
${busybox}/bin/rm -fr config defaultconfigs # Copy the specified configs into the directory. Forge (and
# mods) will try to write here, so we cannot symlink.
${busybox}/bin/mkdir -p config
${busybox}/bin/cp -r '${modConfig}'/* config
${busybox}/bin/chmod -R u+w config
''}
${lib.optionalString (modConfig != null) '' ${lib.optionalString (defaultconfigs != null) ''
# Copy the specified configs into the directory. Forge (and # Copy the specified configs into the directory. Forge (and
# mods) will try to write here, so we cannot symlink. # mods) will try to write here, so we cannot symlink.
${busybox}/bin/mkdir -p config ${busybox}/bin/mkdir -p defaultconfigs
${busybox}/bin/cp -r '${modConfig}'/* config ${busybox}/bin/cp -r '${defaultconfigs}'/* defaultconfigs
${busybox}/bin/chmod -R u+w config ${busybox}/bin/chmod -R u+w defaultconfigs
''} ''}
${lib.optionalString (defaultconfigs != null) '' exec ${jre_headless}/bin/java \$@ -jar $out'/lib/forge/forge-${version}.jar' nogui
# Copy the specified configs into the directory. Forge (and EOF
# mods) will try to write here, so we cannot symlink.
${busybox}/bin/mkdir -p defaultconfigs
${busybox}/bin/cp -r '${defaultconfigs}'/* defaultconfigs
${busybox}/bin/chmod -R u+w defaultconfigs
''}
exec ${jre_headless}/bin/java \$@ -jar $out'/lib/forge/forge-${version}.jar' nogui chmod +x $out/bin/forge-server
EOF '';
chmod +x $out/bin/forge-server meta = with lib; {
''; description = "Forge Minecraft Server";
homepage = "https://files.minecraftforge.net/";
meta = with lib; { # Forge itself is open source, but this package pulls in
description = "Forge Minecraft Server"; # minecraft.
homepage = "https://files.minecraftforge.net/"; license = licenses.unfreeRedistributable;
# Forge itself is open source, but this package pulls in platforms = platforms.unix;
# minecraft. };
license = licenses.unfreeRedistributable; }
platforms = platforms.unix;
};
}

10
pkgs/minecraft/voor-kia-client.nix
View file

@ -1,8 +1,12 @@
{ lib, local-lib, stdenv }: {
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpackZip { local-lib.minecraft.mkModpackZip {
name = "voor-kia-client"; name = "voor-kia-client";
version = "1.1"; version = "1.1";
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json)) mods =
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json)); ++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
} }

7
pkgs/minecraft/voor-kia.nix
View file

@ -1,5 +1,8 @@
{ lib, local-lib, stdenv }: {
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpack { local-lib.minecraft.mkModpack {
name = "voor-kia"; name = "voor-kia";
version = "1.0"; version = "1.0";