Move more things into their 'correct' place
This commit is contained in:
parent
ce31f4355e
commit
b69c9dbbbf
|
@ -35,6 +35,7 @@
|
|||
./server/minecraft
|
||||
./server/tandoor.nix
|
||||
./server/vaultwarden.nix
|
||||
./server/transmission.nix
|
||||
./server/misc.nix
|
||||
|
||||
# Matrix
|
||||
|
|
|
@ -8,27 +8,13 @@
|
|||
in {
|
||||
firewall = {
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
80 443 # Nginx
|
||||
25565 19132 5657 # Pufferpanel
|
||||
2299 # Gitea SSH
|
||||
3478 5349 # Coturn
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 8100; to = 8150; } # Azuracast
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
25565 19132 # Minecraft Voicechat and Bedrock
|
||||
3478 5349 # Coturn UDP
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 49000; to = 50000; } # Coturn range
|
||||
];
|
||||
|
||||
# Add extra input rules using nftables
|
||||
extraInputRules = ''
|
||||
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
|
||||
ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
|
||||
ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -30,4 +30,7 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Allow Gitea SSH to work
|
||||
networking.firewall.allowedTCPPorts = [ 2299 ];
|
||||
}
|
||||
|
|
|
@ -1,41 +1,65 @@
|
|||
{pkgs, ...}: let
|
||||
{pkgs, outputs, ...}: let
|
||||
common = import ../common.nix { inherit pkgs; };
|
||||
in {
|
||||
services.minecraft-servers.servers.johnside = {
|
||||
enable = true;
|
||||
package = pkgs.paperServers.paper-1_20_6;
|
||||
jvmOpts = "-Xmx4084M";
|
||||
serverProperties = common.serverProperties // {
|
||||
difficulty = 2;
|
||||
server-port = 30009;
|
||||
motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
|
||||
services = {
|
||||
minecraft-servers.servers.johnside = {
|
||||
enable = true;
|
||||
package = pkgs.paperServers.paper-1_20_6;
|
||||
jvmOpts = "-Xmx4084M";
|
||||
serverProperties = common.serverProperties // {
|
||||
difficulty = 2;
|
||||
server-port = 30009;
|
||||
motd = "§l§9Johnside SMP§r §l§fworld for §4John lovers only.";
|
||||
};
|
||||
whitelist = common.whitelist;
|
||||
symlinks = common.symlinks // {
|
||||
"plugins/BlueMap.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
|
||||
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
|
||||
};
|
||||
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
|
||||
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
|
||||
};
|
||||
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
|
||||
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
|
||||
};
|
||||
"plugins/CustomDiscs.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
|
||||
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
|
||||
};
|
||||
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
|
||||
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
|
||||
};
|
||||
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
|
||||
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
|
||||
};
|
||||
};
|
||||
};
|
||||
whitelist = common.whitelist;
|
||||
symlinks = common.symlinks // {
|
||||
"plugins/BlueMap.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
|
||||
sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
|
||||
};
|
||||
"plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
|
||||
sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
|
||||
};
|
||||
"plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
|
||||
url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
|
||||
sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
|
||||
};
|
||||
"plugins/CustomDiscs.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
|
||||
sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
|
||||
};
|
||||
"plugins/NotTooExpensive.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
|
||||
sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
|
||||
};
|
||||
"plugins/SilkTouchHands.jar" = builtins.fetchurl {
|
||||
url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
|
||||
sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
|
||||
|
||||
# BlueMap webhost
|
||||
nginx.virtualHosts."john.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:31010";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Allow Nginx to read and write to paths
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
};
|
||||
|
||||
# Open HTTP and HTTPs ports
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
80 443 # Nginx
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -36,4 +36,14 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Open ports for proxy
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
25565 19132 5657 # Minecraft server info
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
25565 19132 # Minecraft server, VC, and Bedrock
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -40,16 +40,6 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
|
||||
"john.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:31010";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
appendConfig = ''
|
||||
rtmp {
|
||||
|
@ -76,4 +66,11 @@
|
|||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
};
|
||||
|
||||
# Open HTTP and HTTPs ports
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
80 443 # Nginx
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -121,4 +121,14 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Open coturn ports
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [
|
||||
3478 5349 # Coturn UDP
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 49000; to = 50000; } # Coturn range
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
20
nixos/server/transmission.nix
Normal file
20
nixos/server/transmission.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{pkgs, outputs, ...}: {
|
||||
services = {
|
||||
transmission = {
|
||||
enable = true;
|
||||
credentialsFile = pkgs.writeText "credentials" outputs.secrets.transmissionCredFile;
|
||||
openPeerPorts = true;
|
||||
settings = {
|
||||
rpc-authentication-required = true;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."torrent.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:9091";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
BIN
secrets.nix
BIN
secrets.nix
Binary file not shown.
Loading…
Reference in a new issue