mirror of
https://github.com/Gerg-L/nixos.git
synced 2025-12-10 08:53:56 -05:00
treewide reformat
This commit is contained in:
parent
de7683556e
commit
fc21bf9436
SSH key fingerprint:
SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
42 changed files with 1012 additions and 876 deletions
|
|
@ -1,11 +1,9 @@
|
|||
{self, ...}: {
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
{ self, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
# I manually switch this sometimes
|
||||
config = lib.mkIf false {
|
||||
networking.firewall.allowedTCPPorts = [25565];
|
||||
networking.firewall.allowedTCPPorts = [ 25565 ];
|
||||
|
||||
users.users.minecraft = {
|
||||
description = "Minecraft server service user";
|
||||
|
|
@ -14,10 +12,10 @@
|
|||
isSystemUser = true;
|
||||
group = "minecraft";
|
||||
};
|
||||
users.groups.minecraft = {};
|
||||
users.groups.minecraft = { };
|
||||
|
||||
systemd.sockets.minecraft-server = {
|
||||
bindsTo = ["minecraft-server.service"];
|
||||
bindsTo = [ "minecraft-server.service" ];
|
||||
socketConfig = {
|
||||
ListenFIFO = "/run/minecraft-server.stdin";
|
||||
SocketMode = "0660";
|
||||
|
|
@ -31,10 +29,13 @@
|
|||
systemd.services.minecraft-server = {
|
||||
enable = true;
|
||||
description = "Minecraft Server Service";
|
||||
wantedBy = ["multi-user.target"];
|
||||
requires = ["minecraft-server.socket"];
|
||||
after = ["network.target" "minecraft-server.socket"];
|
||||
path = [self.packages.${pkgs.system}.papermc];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "minecraft-server.socket" ];
|
||||
after = [
|
||||
"network.target"
|
||||
"minecraft-server.socket"
|
||||
];
|
||||
path = [ self.packages.${pkgs.system}.papermc ];
|
||||
script = ''
|
||||
minecraft-server \
|
||||
-Xms8G \
|
||||
|
|
@ -70,8 +71,8 @@
|
|||
StandardError = "journal";
|
||||
|
||||
# Hardening
|
||||
CapabilityBoundingSet = [""];
|
||||
DeviceAllow = [""];
|
||||
CapabilityBoundingSet = [ "" ];
|
||||
DeviceAllow = [ "" ];
|
||||
LockPersonality = true;
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
|
|
@ -84,7 +85,10 @@
|
|||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue