gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

use proxy instead of hosting on hetzner

Browse source
This commit is contained in:
Gerg-L 2024-08-18 00:20:27 -04:00
parent 3b5678a9ca
commit 579c635521
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
6 changed files with 68 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/gerg-desktop/services/ddns_script.sh
View file

@ -52,6 +52,7 @@ func () {
func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
func "gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "ipv6.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"

52
hosts/gerg-desktop/services/minecraft.nix
View file

@ -1,15 +1,16 @@
{ lib, self' }:
{
# I manually switch this sometimes
config = lib.mkIf false {
config = lib.mkIf true {
networking.firewall.allowedTCPPorts = [
25565
25575
24454
];
users = {
users.minecraft = {
home = "/minecraft";
home = "/persist/minecraft2";
createHome = true;
isSystemUser = true;
group = "minecraft";
@ -22,34 +23,35 @@
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${lib.getExe self'.packages.papermc} \
-Xms6G \
-Xmx6G \
-XX:+UseG1GC \
-XX:+ParallelRefProcEnabled \
-XX:MaxGCPauseMillis=200 \
-XX:+UnlockExperimentalVMOptions \
-XX:+DisableExplicitGC \
-XX:+AlwaysPreTouch \
-XX:G1NewSizePercent=30 \
-XX:G1MaxNewSizePercent=40 \
-XX:G1HeapRegionSize=8M \
-XX:G1ReservePercent=20 \
-XX:G1HeapWastePercent=5 \
-XX:G1MixedGCCountTarget=4 \
-XX:InitiatingHeapOccupancyPercent=15 \
-XX:G1MixedGCLiveThresholdPercent=90 \
-XX:G1RSetUpdatingPauseTimePercent=5 \
-XX:SurvivorRatio=32 \
-XX:+PerfDisableSharedMem \
-XX:MaxTenuringThreshold=1 \
-Dusing.aikars.flags=https://mcflags.emc.gs-Daikars.new.flags=true \
${lib.getExe self'.packages.fabric} \
-Xms12G \
-Xmx12G \
-XX:+UnlockExperimentalVMOptions \
-XX:+UnlockDiagnosticVMOptions \
-XX:+AlwaysActAsServerClassMachine \
-XX:+AlwaysPreTouch \
-XX:+DisableExplicitGC \
-XX:+UseNUMA \
-XX:NmethodSweepActivity=1 \
-XX:ReservedCodeCacheSize=400M \
-XX:NonNMethodCodeHeapSize=12M \
-XX:ProfiledCodeHeapSize=194M \
-XX:NonProfiledCodeHeapSize=194M \
-XX:-DontCompileHugeMethods \
-XX:MaxNodeLimit=240000 \
-XX:NodeLimitFudgeFactor=8000 \
-XX:+UseVectorCmov \
-XX:+PerfDisableSharedMem \
-XX:+UseFastUnorderedTimeStamps \
-XX:+UseCriticalJavaThreadPriority \
-XX:ThreadPriorityPolicy=1 \
-XX:AllocatePrefetchStyle=3
'';
serviceConfig = {
Restart = "always";
User = "minecraft";
WorkingDirectory = "/minecraft";
WorkingDirectory = "/persist/minecraft2";
StandardInput = "journal";
StandardOutput = "journal";

86
hosts/minecraft/server.nix
View file

@ -1,86 +0,0 @@
{ lib, self' }:
{
networking.firewall.allowedTCPPorts = [
25565
25575
];
users = {
users.minecraft = {
home = "/minecraft";
createHome = true;
isSystemUser = true;
group = "minecraft";
};
groups.minecraft = { };
};
systemd.services.minecraft-server = {
description = "Minecraft";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${lib.getExe self'.packages.fabric} \
-Xms10G \
-Xmx10G \
-XX:+UnlockExperimentalVMOptions \
-XX:+UnlockDiagnosticVMOptions \
-XX:+AlwaysActAsServerClassMachine \
-XX:+AlwaysPreTouch \
-XX:+DisableExplicitGC \
-XX:+UseNUMA \
-XX:NmethodSweepActivity=1 \
-XX:ReservedCodeCacheSize=400M \
-XX:NonNMethodCodeHeapSize=12M \
-XX:ProfiledCodeHeapSize=194M \
-XX:NonProfiledCodeHeapSize=194M \
-XX:-DontCompileHugeMethods \
-XX:MaxNodeLimit=240000 \
-XX:NodeLimitFudgeFactor=8000 \
-XX:+UseVectorCmov \
-XX:+PerfDisableSharedMem \
-XX:+UseFastUnorderedTimeStamps \
-XX:+UseCriticalJavaThreadPriority \
-XX:ThreadPriorityPolicy=1 \
-XX:AllocatePrefetchStyle=3
'';
serviceConfig = {
Restart = "always";
User = "minecraft";
WorkingDirectory = "/minecraft";
StandardInput = "journal";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = ''
echo "eula=true" > eula.txt
'';
};
}

14
hosts/minecraft/main.nix → hosts/proxy/main.nix
View file

@ -21,7 +21,10 @@
services.qemuGuest.enable = true;
environment.systemPackages = [ pkgs.neovim ];
environment.systemPackages = [
pkgs.neovim
pkgs.rsync
];
users = {
mutableUsers = false;
@ -47,7 +50,7 @@
};
networking = {
hostName = "minecraft";
hostName = "proxy";
useNetworkd = false;
useDHCP = false;
};
@ -55,8 +58,11 @@
systemd.network = {
enable = true;
networks.default = {
DHCP = "yes";
name = "en*";
DHCP = "ipv4";
addresses = [ { Address = "2a01:4ff:f0:b7fd::/64"; } ];
gateway = [ "fe80::1" ];
linkConfig.RequiredForOnline = "routable";
};
};
@ -66,7 +72,7 @@
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot = {
grub = {
enable = true;
configurationLimit = 10;
};

29
hosts/proxy/server.nix Normal file
View file

@ -0,0 +1,29 @@
{
networking.firewall.allowedTCPPorts = [
25565
25575
24454
];
services.nginx = {
enable = true;
config = ''
events {
worker_connections 5048;
}
stream {
server {
listen 25565;
listen 25575;
listen 24454;
resolver 8.8.8.8 ipv4=off;
resolver_timeout 15s;
proxy_socket_keepalive on;
proxy_pass ipv6.gerg-l.com:$server_port;
}
}
'';
};
}