From 779b3e7cb67a1165aa159ac840329028d63c625e Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Fri, 16 Aug 2024 15:07:55 -0400 Subject: [PATCH] hosts/minecraft: init --- disko/minecraft.nix | 34 +++++++++++++ hosts/minecraft/main.nix | 99 ++++++++++++++++++++++++++++++++++++ hosts/minecraft/server.nix | 85 +++++++++++++++++++++++++++++++ modules/misc.nix | 7 ++- outputs.nix | 2 + packages/fabric/package.nix | 32 ++++++++++++ packages/papermc/package.nix | 4 +- 7 files changed, 260 insertions(+), 3 deletions(-) create mode 100644 disko/minecraft.nix create mode 100644 hosts/minecraft/main.nix create mode 100644 hosts/minecraft/server.nix create mode 100644 packages/fabric/package.nix diff --git a/disko/minecraft.nix b/disko/minecraft.nix new file mode 100644 index 0000000..b2212bb --- /dev/null +++ b/disko/minecraft.nix @@ -0,0 +1,34 @@ +_: { + disk = { + main = { + device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_51056934"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/minecraft/main.nix b/hosts/minecraft/main.nix new file mode 100644 index 0000000..ef25888 --- /dev/null +++ b/hosts/minecraft/main.nix @@ -0,0 +1,99 @@ +{ + modulesPath, + pkgs, + lib, + ... +}: +{ + local = { + hardware = { + gpuAcceleration.disable = true; + sound.disable = true; + }; + bootConfig.disable = true; + sops.disable = true; + }; + imports = [ + "${modulesPath}/profiles/qemu-guest.nix" + "${modulesPath}/profiles/minimal.nix" + ]; + environment.noXlibs = false; + + services.qemuGuest.enable = true; + + environment.systemPackages = [ pkgs.neovim ]; + + users = { + mutableUsers = false; + users.root = { + hashedPassword = "!"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8" + ]; + }; + }; + + services.openssh = { + enable = true; + hostKeys = lib.mkForce [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + settings.PermitRootLogin = "prohibit-password"; + }; + + networking = { + hostName = "minecraft"; + useNetworkd = false; + useDHCP = false; + }; + + systemd.network = { + enable = true; + networks.default = { + DHCP = "yes"; + name = "en*"; + }; + }; + + boot = { + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; # ← use the same mount point here. + }; + grub = { + enable = true; + configurationLimit = 10; + }; + }; + kernelPackages = pkgs.linuxPackages_latest; + initrd = { + systemd.enable = true; + availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + }; + }; + + ### + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "America/New_York"; + ### + documentation.info.enable = false; + documentation.nixos.enable = false; + programs.command-not-found.enable = false; + programs.nano.enable = false; + ### + nixpkgs.hostPlatform = "x86_64-linux"; + system.stateVersion = "24.11"; +} diff --git a/hosts/minecraft/server.nix b/hosts/minecraft/server.nix new file mode 100644 index 0000000..da25575 --- /dev/null +++ b/hosts/minecraft/server.nix @@ -0,0 +1,85 @@ +{ lib, self' }: +{ + networking.firewall.allowedTCPPorts = [ + 25565 + 25575 + ]; + + users = { + users.minecraft = { + home = "/minecraft"; + createHome = true; + isSystemUser = true; + group = "minecraft"; + }; + groups.minecraft = { }; + }; + + systemd.services.minecraft-server = { + description = "Minecraft"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + script = '' + ${lib.getExe self'.packages.fabric} \ + -Xms6G \ + -Xmx6G \ + -XX:+UseG1GC \ + -XX:+ParallelRefProcEnabled \ + -XX:MaxGCPauseMillis=200 \ + -XX:+UnlockExperimentalVMOptions \ + -XX:+DisableExplicitGC \ + -XX:+AlwaysPreTouch \ + -XX:G1NewSizePercent=30 \ + -XX:G1MaxNewSizePercent=40 \ + -XX:G1HeapRegionSize=8M \ + -XX:G1ReservePercent=20 \ + -XX:G1HeapWastePercent=5 \ + -XX:G1MixedGCCountTarget=4 \ + -XX:InitiatingHeapOccupancyPercent=15 \ + -XX:G1MixedGCLiveThresholdPercent=90 \ + -XX:G1RSetUpdatingPauseTimePercent=5 \ + -XX:SurvivorRatio=32 \ + -XX:+PerfDisableSharedMem \ + -XX:MaxTenuringThreshold=1 \ + -Dusing.aikars.flags=https://mcflags.emc.gs-Daikars.new.flags=true \ + ''; + + serviceConfig = { + Restart = "always"; + User = "minecraft"; + WorkingDirectory = "/minecraft"; + + StandardInput = "journal"; + StandardOutput = "journal"; + StandardError = "journal"; + + # Hardening + CapabilityBoundingSet = [ "" ]; + DeviceAllow = [ "" ]; + LockPersonality = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + UMask = "0077"; + }; + preStart = '' + echo "eula=true" > eula.txt + ''; + }; +} diff --git a/modules/misc.nix b/modules/misc.nix index 4a04686..e4f6bec 100644 --- a/modules/misc.nix +++ b/modules/misc.nix @@ -40,7 +40,12 @@ programs.mtr.enable = true; # ping and traceroute services.openssh = { enable = true; - hostKeys = lib.mkForce [ ]; + hostKeys = lib.mkForce [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; settings = { PermitRootLogin = lib.mkDefault "no"; PasswordAuthentication = false; diff --git a/outputs.nix b/outputs.nix index c2f9b06..5cb4a6c 100644 --- a/outputs.nix +++ b/outputs.nix @@ -8,6 +8,7 @@ lib.gerg-utils (s: unstable.legacyPackages.${s}) { "gerg-desktop" "media-laptop" "iso" + "minecraft" ]; nixosModules = lib.mkModules "${self}/modules"; @@ -15,6 +16,7 @@ lib.gerg-utils (s: unstable.legacyPackages.${s}) { diskoConfigurations = lib.mkDisko [ "gerg-desktop" "media-laptop" + "minecraft" ]; formatter = pkgs: inputs.self.packages.${pkgs.stdenv.system}.lint; diff --git a/packages/fabric/package.nix b/packages/fabric/package.nix new file mode 100644 index 0000000..87fb382 --- /dev/null +++ b/packages/fabric/package.nix @@ -0,0 +1,32 @@ +{ + lib, + stdenvNoCC, + fetchurl, + makeBinaryWrapper, + jre, +}: +stdenvNoCC.mkDerivation { + name = "fabric"; + + src = fetchurl { + url = "https://meta.fabricmc.net/v2/versions/loader/1.20.1/0.16.2/1.0.1/server/jar"; + hash = "sha256-1Qk7qDdC70lkeduCyzhPcKfoSrcCmTbVD1Yi9lEDjEk="; + }; + + dontUnpack = true; + + installPhase = '' + runHook preInstall + + install -D $src $out/share/papermc/papermc.jar + + makeWrapper ${lib.getExe jre} "$out/bin/fabric" \ + --append-flags "-jar $out/share/papermc/papermc.jar nogui" + + runHook postInstall + ''; + + nativeBuildInputs = [ makeBinaryWrapper ]; + + meta.mainProgram = "fabric"; +} diff --git a/packages/papermc/package.nix b/packages/papermc/package.nix index c0580d6..c587096 100644 --- a/packages/papermc/package.nix +++ b/packages/papermc/package.nix @@ -8,7 +8,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "papermc"; - version = "1.20.1.83"; + version = "1.20.1.196"; src = let @@ -17,7 +17,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { in fetchurl { url = "https://papermc.io/api/v2/projects/paper/versions/${mcVersion}/builds/${buildNum}/downloads/paper-${mcVersion}-${buildNum}.jar"; - hash = "sha256-HQpc3MOXa1wkXqgm9ciQj04FUIyuupnYiu+2RZ/sXE4="; + hash = "sha256-I0qbMgmBAMb8EWZk1k42zNtYtbZJrw+AvMywiwJV6uo="; }; installPhase = ''