Move more things into their 'correct' place

This commit is contained in:
Jimbo 2024-09-04 20:22:13 -04:00
parent ce31f4355e
commit b69c9dbbbf
9 changed files with 109 additions and 58 deletions

View file

@ -35,6 +35,7 @@
./server/minecraft
./server/tandoor.nix
./server/vaultwarden.nix
./server/transmission.nix
./server/misc.nix
# Matrix

View file

@ -8,27 +8,13 @@
in {
firewall = {
allowPing = false;
allowedTCPPorts = [
80 443 # Nginx
25565 19132 5657 # Pufferpanel
2299 # Gitea SSH
3478 5349 # Coturn
];
allowedTCPPortRanges = [
{ from = 8100; to = 8150; } # Azuracast
];
allowedUDPPorts = [
25565 19132 # Minecraft Voicechat and Bedrock
3478 5349 # Coturn UDP
];
allowedUDPPortRanges = [
{ from = 49000; to = 50000; } # Coturn range
];
# Add extra input rules using nftables
extraInputRules = ''
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
'';
};

View file

@ -30,4 +30,7 @@
};
};
};
# Allow Gitea SSH to work
networking.firewall.allowedTCPPorts = [ 2299 ];
}

View file

@ -1,41 +1,65 @@
{pkgs, ...}: let
{pkgs, outputs, ...}: let
common = import ../common.nix { inherit pkgs; };
in {
services.minecraft-servers.servers.johnside = {
enable = true;
package = pkgs.paperServers.paper-1_20_6;
jvmOpts = "-Xmx4084M";
serverProperties = common.serverProperties // {
difficulty = 2;
server-port = 30009;
motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
services = {
minecraft-servers.servers.johnside = {
enable = true;
package = pkgs.paperServers.paper-1_20_6;
jvmOpts = "-Xmx4084M";
serverProperties = common.serverProperties // {
difficulty = 2;
server-port = 30009;
motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
};
whitelist = common.whitelist;
symlinks = common.symlinks // {
"plugins/BlueMap.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
};
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
};
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
};
"plugins/CustomDiscs.jar" = builtins.fetchurl {
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
};
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
};
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
};
};
};
whitelist = common.whitelist;
symlinks = common.symlinks // {
"plugins/BlueMap.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
};
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
};
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
};
"plugins/CustomDiscs.jar" = builtins.fetchurl {
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
};
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
};
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
# BlueMap webhost
nginx.virtualHosts."john.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:31010";
proxyWebsockets = true;
};
};
};
# Allow Nginx to read and write to paths
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
};
# Open HTTP and HTTPs ports
networking.firewall = {
allowedTCPPorts = [
80 443 # Nginx
];
};
}

View file

@ -36,4 +36,14 @@ in {
};
};
};
# Open ports for proxy
networking.firewall = {
allowedTCPPorts = [
25565 19132 5657 # Minecraft server info
];
allowedUDPPorts = [
25565 19132 # Minecraft server, VC, and Bedrock
];
};
}

View file

@ -40,16 +40,6 @@
};
};
};
# Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
"john.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:31010";
proxyWebsockets = true;
};
};
};
appendConfig = ''
rtmp {
@ -76,4 +66,11 @@
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
};
# Open HTTP and HTTPs ports
networking.firewall = {
allowedTCPPorts = [
80 443 # Nginx
];
};
}

View file

@ -121,4 +121,14 @@
};
};
};
# Open coturn ports
networking.firewall = {
allowedUDPPorts = [
3478 5349 # Coturn UDP
];
allowedUDPPortRanges = [
{ from = 49000; to = 50000; } # Coturn range
];
};
}

View file

@ -0,0 +1,20 @@
{pkgs, outputs, ...}: {
services = {
transmission = {
enable = true;
credentialsFile = pkgs.writeText "credentials" outputs.secrets.transmissionCredFile;
openPeerPorts = true;
settings = {
rpc-authentication-required = true;
};
};
nginx.virtualHosts."torrent.${outputs.secrets.jimDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9091";
proxyWebsockets = true;
};
};
};
}

Binary file not shown.