gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

use proxy instead of hosting on hetzner

Browse source
This commit is contained in:
Gerg-L 2024-08-18 00:20:27 -04:00
parent 3b5678a9ca
commit 579c635521
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
6 changed files with 68 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

2
disko/minecraft.nix → disko/proxy.nix
View file

@ -1,7 +1,7 @@
_: { _: {
disk = { disk = {
main = { main = {
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_51091227"; device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_51127661";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";

1
hosts/gerg-desktop/services/ddns_script.sh
View file

@ -52,6 +52,7 @@ func () {
func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
func "gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false" func "gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "ipv6.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"

52
hosts/gerg-desktop/services/minecraft.nix
View file

@ -1,15 +1,16 @@
{ lib, self' }: { lib, self' }:
{ {
# I manually switch this sometimes # I manually switch this sometimes
config = lib.mkIf false { config = lib.mkIf true {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25565 25565
25575 25575
24454
]; ];
users = { users = {
users.minecraft = { users.minecraft = {
home = "/minecraft"; home = "/persist/minecraft2";
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
group = "minecraft"; group = "minecraft";
@ -22,34 +23,35 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
script = '' script = ''
${lib.getExe self'.packages.papermc} \ ${lib.getExe self'.packages.fabric} \
-Xms6G \ -Xms12G \
-Xmx6G \ -Xmx12G \
-XX:+UseG1GC \ -XX:+UnlockExperimentalVMOptions \
-XX:+ParallelRefProcEnabled \ -XX:+UnlockDiagnosticVMOptions \
-XX:MaxGCPauseMillis=200 \ -XX:+AlwaysActAsServerClassMachine \
-XX:+UnlockExperimentalVMOptions \ -XX:+AlwaysPreTouch \
-XX:+DisableExplicitGC \ -XX:+DisableExplicitGC \
-XX:+AlwaysPreTouch \ -XX:+UseNUMA \
-XX:G1NewSizePercent=30 \ -XX:NmethodSweepActivity=1 \
-XX:G1MaxNewSizePercent=40 \ -XX:ReservedCodeCacheSize=400M \
-XX:G1HeapRegionSize=8M \ -XX:NonNMethodCodeHeapSize=12M \
-XX:G1ReservePercent=20 \ -XX:ProfiledCodeHeapSize=194M \
-XX:G1HeapWastePercent=5 \ -XX:NonProfiledCodeHeapSize=194M \
-XX:G1MixedGCCountTarget=4 \ -XX:-DontCompileHugeMethods \
-XX:InitiatingHeapOccupancyPercent=15 \ -XX:MaxNodeLimit=240000 \
-XX:G1MixedGCLiveThresholdPercent=90 \ -XX:NodeLimitFudgeFactor=8000 \
-XX:G1RSetUpdatingPauseTimePercent=5 \ -XX:+UseVectorCmov \
-XX:SurvivorRatio=32 \ -XX:+PerfDisableSharedMem \
-XX:+PerfDisableSharedMem \ -XX:+UseFastUnorderedTimeStamps \
-XX:MaxTenuringThreshold=1 \ -XX:+UseCriticalJavaThreadPriority \
-Dusing.aikars.flags=https://mcflags.emc.gs-Daikars.new.flags=true \ -XX:ThreadPriorityPolicy=1 \
-XX:AllocatePrefetchStyle=3
''; '';
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
User = "minecraft"; User = "minecraft";
WorkingDirectory = "/minecraft"; WorkingDirectory = "/persist/minecraft2";
StandardInput = "journal"; StandardInput = "journal";
StandardOutput = "journal"; StandardOutput = "journal";

86
hosts/minecraft/server.nix
View file

@ -1,86 +0,0 @@
{ lib, self' }:
{
networking.firewall.allowedTCPPorts = [
25565
25575
];
users = {
users.minecraft = {
home = "/minecraft";
createHome = true;
isSystemUser = true;
group = "minecraft";
};
groups.minecraft = { };
};
systemd.services.minecraft-server = {
description = "Minecraft";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${lib.getExe self'.packages.fabric} \
-Xms10G \
-Xmx10G \
-XX:+UnlockExperimentalVMOptions \
-XX:+UnlockDiagnosticVMOptions \
-XX:+AlwaysActAsServerClassMachine \
-XX:+AlwaysPreTouch \
-XX:+DisableExplicitGC \
-XX:+UseNUMA \
-XX:NmethodSweepActivity=1 \
-XX:ReservedCodeCacheSize=400M \
-XX:NonNMethodCodeHeapSize=12M \
-XX:ProfiledCodeHeapSize=194M \
-XX:NonProfiledCodeHeapSize=194M \
-XX:-DontCompileHugeMethods \
-XX:MaxNodeLimit=240000 \
-XX:NodeLimitFudgeFactor=8000 \
-XX:+UseVectorCmov \
-XX:+PerfDisableSharedMem \
-XX:+UseFastUnorderedTimeStamps \
-XX:+UseCriticalJavaThreadPriority \
-XX:ThreadPriorityPolicy=1 \
-XX:AllocatePrefetchStyle=3
'';
serviceConfig = {
Restart = "always";
User = "minecraft";
WorkingDirectory = "/minecraft";
StandardInput = "journal";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = ''
echo "eula=true" > eula.txt
'';
};
}

14
hosts/minecraft/main.nix → hosts/proxy/main.nix
View file

@ -21,7 +21,10 @@
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
environment.systemPackages = [ pkgs.neovim ]; environment.systemPackages = [
pkgs.neovim
pkgs.rsync
];
users = { users = {
mutableUsers = false; mutableUsers = false;
@ -47,7 +50,7 @@
}; };
networking = { networking = {
hostName = "minecraft"; hostName = "proxy";
useNetworkd = false; useNetworkd = false;
useDHCP = false; useDHCP = false;
}; };
@ -55,8 +58,11 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
networks.default = { networks.default = {
DHCP = "yes";
name = "en*"; name = "en*";
DHCP = "ipv4";
addresses = [ { Address = "2a01:4ff:f0:b7fd::/64"; } ];
gateway = [ "fe80::1" ];
linkConfig.RequiredForOnline = "routable";
}; };
}; };
@ -66,7 +72,7 @@
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
systemd-boot = { grub = {
enable = true; enable = true;
configurationLimit = 10; configurationLimit = 10;
}; };

29
hosts/proxy/server.nix Normal file
View file

@ -0,0 +1,29 @@
{
networking.firewall.allowedTCPPorts = [
25565
25575
24454
];
services.nginx = {
enable = true;
config = ''
events {
worker_connections 5048;
}
stream {
server {
listen 25565;
listen 25575;
listen 24454;
resolver 8.8.8.8 ipv4=off;
resolver_timeout 15s;
proxy_socket_keepalive on;
proxy_pass ipv6.gerg-l.com:$server_port;
}
}
'';
};
}