Move more things into their 'correct' place

nixos/server.nix

@@ -35,6 +35,7 @@
     ./server/minecraft
     ./server/tandoor.nix
     ./server/vaultwarden.nix
+    ./server/transmission.nix
     ./server/misc.nix
 
     # Matrix

nixos/server/firewall.nix

@@ -8,27 +8,13 @@
   in {
     firewall = {
       allowPing = false;
-      allowedTCPPorts = [
-        80 443 # Nginx
-        25565 19132 5657 # Pufferpanel
-        2299 # Gitea SSH
-        3478 5349 # Coturn
-      ];
       allowedTCPPortRanges = [
         { from = 8100; to = 8150; } # Azuracast
       ];
-      allowedUDPPorts = [
-        25565 19132 # Minecraft Voicechat and Bedrock
-        3478 5349 # Coturn UDP
-      ];
-      allowedUDPPortRanges = [
-        { from = 49000; to = 50000; } # Coturn range
-      ];
   
       # Add extra input rules using nftables
       extraInputRules = ''
         ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
-        ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
         ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
       '';
     };

nixos/server/gitea.nix

@@ -30,4 +30,7 @@
       };
     };
   };
+
+  # Allow Gitea SSH to work
+  networking.firewall.allowedTCPPorts = [ 2299 ];
 }

nixos/server/minecraft/servers/johnside.nix

@@ -1,41 +1,65 @@
-{pkgs, ...}: let
+{pkgs, outputs, ...}: let
   common = import ../common.nix { inherit pkgs; };
 in {
-  services.minecraft-servers.servers.johnside = {
-    enable = true;
-    package = pkgs.paperServers.paper-1_20_6;
-    jvmOpts = "-Xmx4084M";
-    serverProperties = common.serverProperties // {
-      difficulty = 2;
-      server-port = 30009;
-      motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
+  services = {
+    minecraft-servers.servers.johnside = {
+      enable = true;
+      package = pkgs.paperServers.paper-1_20_6;
+      jvmOpts = "-Xmx4084M";
+      serverProperties = common.serverProperties // {
+        difficulty = 2;
+        server-port = 30009;
+        motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
+      };
+      whitelist = common.whitelist;
+      symlinks = common.symlinks // {
+        "plugins/BlueMap.jar" = builtins.fetchurl {
+          url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
+          sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
+        };
+        "plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
+          url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
+          sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
+        };
+        "plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
+          url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
+          sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
+        };
+        "plugins/CustomDiscs.jar" = builtins.fetchurl {
+          url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
+          sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
+        };
+        "plugins/NotTooExpensive.jar" = builtins.fetchurl {
+          url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
+          sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
+        };
+        "plugins/SilkTouchHands.jar" = builtins.fetchurl {
+          url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
+          sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
+        };
+      };
     };
-    whitelist = common.whitelist;
-    symlinks = common.symlinks // {
-      "plugins/BlueMap.jar" = builtins.fetchurl {
-        url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
-        sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
-      };
-      "plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
-        url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
-        sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
-      };
-      "plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
-        url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
-        sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
-      };
-      "plugins/CustomDiscs.jar" = builtins.fetchurl {
-        url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
-        sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
-      };
-      "plugins/NotTooExpensive.jar" = builtins.fetchurl {
-        url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
-        sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
-      };
-      "plugins/SilkTouchHands.jar" = builtins.fetchurl {
-        url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
-        sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
+
+    # BlueMap webhost
+    nginx.virtualHosts."john.${outputs.secrets.jimDomain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:31010";
+        proxyWebsockets = true;
       };
     };
   };
+
+  # Allow Nginx to read and write to paths
+  systemd.services.nginx.serviceConfig = {
+    ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
+  };
+
+  # Open HTTP and HTTPs ports
+  networking.firewall = {
+    allowedTCPPorts = [
+      80 443 # Nginx
+    ];
+  };
 }

nixos/server/minecraft/servers/velocity.nix

@@ -36,4 +36,14 @@ in {
       };
     };
   };
+
+  # Open ports for proxy
+  networking.firewall = {
+    allowedTCPPorts = [
+      25565 19132 5657 # Minecraft server info
+    ];
+    allowedUDPPorts = [
+      25565 19132 # Minecraft server, VC, and Bedrock
+    ];
+  };
 }

nixos/server/nginx.nix

@@ -40,16 +40,6 @@
           };
         };
       };
-
-      # Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
-      "john.${outputs.secrets.jimDomain}" =  {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:31010";
-          proxyWebsockets = true;
-        };
-      };
     };
     appendConfig = ''
       rtmp {
@@ -76,4 +66,11 @@
   systemd.services.nginx.serviceConfig = {
     ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
   };
+
+  # Open HTTP and HTTPs ports
+  networking.firewall = {
+    allowedTCPPorts = [
+      80 443 # Nginx
+    ];
+  };
 }

nixos/server/synapse.nix

@@ -121,4 +121,14 @@
       };
     };
   };
+
+  # Open coturn ports
+  networking.firewall = {
+    allowedUDPPorts = [
+      3478 5349 # Coturn UDP
+    ];
+    allowedUDPPortRanges = [
+      { from = 49000; to = 50000; } # Coturn range
+    ];
+  };
 }

nixos/server/transmission.nix

@@ -0,0 +1,20 @@
+{pkgs, outputs, ...}: {
+  services = {
+    transmission = {
+      enable = true;
+      credentialsFile = pkgs.writeText "credentials" outputs.secrets.transmissionCredFile;
+      openPeerPorts = true;
+      settings = {
+        rpc-authentication-required = true;
+      };
+    };
+    nginx.virtualHosts."torrent.${outputs.secrets.jimDomain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:9091";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}