From 579c635521e2dacd0180aca3730a5494215bfe06 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Sun, 18 Aug 2024 00:20:27 -0400 Subject: [PATCH] use proxy instead of hosting on hetzner --- disko/{minecraft.nix => proxy.nix} | 2 +- hosts/gerg-desktop/services/ddns_script.sh | 1 + hosts/gerg-desktop/services/minecraft.nix | 52 ++++++------- hosts/minecraft/server.nix | 86 ---------------------- hosts/{minecraft => proxy}/main.nix | 14 +++- hosts/proxy/server.nix | 29 ++++++++ 6 files changed, 68 insertions(+), 116 deletions(-) rename disko/{minecraft.nix => proxy.nix} (90%) delete mode 100644 hosts/minecraft/server.nix rename hosts/{minecraft => proxy}/main.nix (87%) create mode 100644 hosts/proxy/server.nix diff --git a/disko/minecraft.nix b/disko/proxy.nix similarity index 90% rename from disko/minecraft.nix rename to disko/proxy.nix index 96d05b4..c3b8291 100644 --- a/disko/minecraft.nix +++ b/disko/proxy.nix @@ -1,7 +1,7 @@ _: { disk = { main = { - device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_51091227"; + device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_51127661"; type = "disk"; content = { type = "gpt"; diff --git a/hosts/gerg-desktop/services/ddns_script.sh b/hosts/gerg-desktop/services/ddns_script.sh index 7203609..c8ba210 100755 --- a/hosts/gerg-desktop/services/ddns_script.sh +++ b/hosts/gerg-desktop/services/ddns_script.sh @@ -52,6 +52,7 @@ func () { func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" func "gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false" +func "ipv6.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false" func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" diff --git a/hosts/gerg-desktop/services/minecraft.nix b/hosts/gerg-desktop/services/minecraft.nix index 7aa8ab9..135fc62 100644 --- a/hosts/gerg-desktop/services/minecraft.nix +++ b/hosts/gerg-desktop/services/minecraft.nix @@ -1,15 +1,16 @@ { lib, self' }: { # I manually switch this sometimes - config = lib.mkIf false { + config = lib.mkIf true { networking.firewall.allowedTCPPorts = [ 25565 25575 + 24454 ]; users = { users.minecraft = { - home = "/minecraft"; + home = "/persist/minecraft2"; createHome = true; isSystemUser = true; group = "minecraft"; @@ -22,34 +23,35 @@ wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; script = '' - ${lib.getExe self'.packages.papermc} \ - -Xms6G \ - -Xmx6G \ - -XX:+UseG1GC \ - -XX:+ParallelRefProcEnabled \ - -XX:MaxGCPauseMillis=200 \ - -XX:+UnlockExperimentalVMOptions \ - -XX:+DisableExplicitGC \ - -XX:+AlwaysPreTouch \ - -XX:G1NewSizePercent=30 \ - -XX:G1MaxNewSizePercent=40 \ - -XX:G1HeapRegionSize=8M \ - -XX:G1ReservePercent=20 \ - -XX:G1HeapWastePercent=5 \ - -XX:G1MixedGCCountTarget=4 \ - -XX:InitiatingHeapOccupancyPercent=15 \ - -XX:G1MixedGCLiveThresholdPercent=90 \ - -XX:G1RSetUpdatingPauseTimePercent=5 \ - -XX:SurvivorRatio=32 \ - -XX:+PerfDisableSharedMem \ - -XX:MaxTenuringThreshold=1 \ - -Dusing.aikars.flags=https://mcflags.emc.gs-Daikars.new.flags=true \ + ${lib.getExe self'.packages.fabric} \ + -Xms12G \ + -Xmx12G \ + -XX:+UnlockExperimentalVMOptions \ + -XX:+UnlockDiagnosticVMOptions \ + -XX:+AlwaysActAsServerClassMachine \ + -XX:+AlwaysPreTouch \ + -XX:+DisableExplicitGC \ + -XX:+UseNUMA \ + -XX:NmethodSweepActivity=1 \ + -XX:ReservedCodeCacheSize=400M \ + -XX:NonNMethodCodeHeapSize=12M \ + -XX:ProfiledCodeHeapSize=194M \ + -XX:NonProfiledCodeHeapSize=194M \ + -XX:-DontCompileHugeMethods \ + -XX:MaxNodeLimit=240000 \ + -XX:NodeLimitFudgeFactor=8000 \ + -XX:+UseVectorCmov \ + -XX:+PerfDisableSharedMem \ + -XX:+UseFastUnorderedTimeStamps \ + -XX:+UseCriticalJavaThreadPriority \ + -XX:ThreadPriorityPolicy=1 \ + -XX:AllocatePrefetchStyle=3 ''; serviceConfig = { Restart = "always"; User = "minecraft"; - WorkingDirectory = "/minecraft"; + WorkingDirectory = "/persist/minecraft2"; StandardInput = "journal"; StandardOutput = "journal"; diff --git a/hosts/minecraft/server.nix b/hosts/minecraft/server.nix deleted file mode 100644 index b6de3dc..0000000 --- a/hosts/minecraft/server.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, self' }: -{ - networking.firewall.allowedTCPPorts = [ - 25565 - 25575 - ]; - - users = { - users.minecraft = { - home = "/minecraft"; - createHome = true; - isSystemUser = true; - group = "minecraft"; - }; - groups.minecraft = { }; - }; - - systemd.services.minecraft-server = { - description = "Minecraft"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - script = '' - ${lib.getExe self'.packages.fabric} \ - -Xms10G \ - -Xmx10G \ - -XX:+UnlockExperimentalVMOptions \ - -XX:+UnlockDiagnosticVMOptions \ - -XX:+AlwaysActAsServerClassMachine \ - -XX:+AlwaysPreTouch \ - -XX:+DisableExplicitGC \ - -XX:+UseNUMA \ - -XX:NmethodSweepActivity=1 \ - -XX:ReservedCodeCacheSize=400M \ - -XX:NonNMethodCodeHeapSize=12M \ - -XX:ProfiledCodeHeapSize=194M \ - -XX:NonProfiledCodeHeapSize=194M \ - -XX:-DontCompileHugeMethods \ - -XX:MaxNodeLimit=240000 \ - -XX:NodeLimitFudgeFactor=8000 \ - -XX:+UseVectorCmov \ - -XX:+PerfDisableSharedMem \ - -XX:+UseFastUnorderedTimeStamps \ - -XX:+UseCriticalJavaThreadPriority \ - -XX:ThreadPriorityPolicy=1 \ - -XX:AllocatePrefetchStyle=3 - ''; - - serviceConfig = { - Restart = "always"; - User = "minecraft"; - WorkingDirectory = "/minecraft"; - - StandardInput = "journal"; - StandardOutput = "journal"; - StandardError = "journal"; - - # Hardening - CapabilityBoundingSet = [ "" ]; - DeviceAllow = [ "" ]; - LockPersonality = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - UMask = "0077"; - }; - preStart = '' - echo "eula=true" > eula.txt - ''; - }; -} diff --git a/hosts/minecraft/main.nix b/hosts/proxy/main.nix similarity index 87% rename from hosts/minecraft/main.nix rename to hosts/proxy/main.nix index 434df85..f08d75b 100644 --- a/hosts/minecraft/main.nix +++ b/hosts/proxy/main.nix @@ -21,7 +21,10 @@ services.qemuGuest.enable = true; - environment.systemPackages = [ pkgs.neovim ]; + environment.systemPackages = [ + pkgs.neovim + pkgs.rsync + ]; users = { mutableUsers = false; @@ -47,7 +50,7 @@ }; networking = { - hostName = "minecraft"; + hostName = "proxy"; useNetworkd = false; useDHCP = false; }; @@ -55,8 +58,11 @@ systemd.network = { enable = true; networks.default = { - DHCP = "yes"; name = "en*"; + DHCP = "ipv4"; + addresses = [ { Address = "2a01:4ff:f0:b7fd::/64"; } ]; + gateway = [ "fe80::1" ]; + linkConfig.RequiredForOnline = "routable"; }; }; @@ -66,7 +72,7 @@ canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; - systemd-boot = { + grub = { enable = true; configurationLimit = 10; }; diff --git a/hosts/proxy/server.nix b/hosts/proxy/server.nix new file mode 100644 index 0000000..0031e22 --- /dev/null +++ b/hosts/proxy/server.nix @@ -0,0 +1,29 @@ +{ + networking.firewall.allowedTCPPorts = [ + 25565 + 25575 + 24454 + ]; + services.nginx = { + enable = true; + config = '' + events { + worker_connections 5048; + } + + stream { + server { + listen 25565; + listen 25575; + listen 24454; + + resolver 8.8.8.8 ipv4=off; + resolver_timeout 15s; + + proxy_socket_keepalive on; + proxy_pass ipv6.gerg-l.com:$server_port; + } + } + ''; + }; +}