diff --git a/.gitattributes b/.gitattributes index 990b820..f0bd4f3 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1 @@ -nixos/modules/secrets.nix filter=git-crypt diff=git-crypt +secrets.nix filter=git-crypt diff=git-crypt diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index c20294a..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "nixos/server/webpages/Jimbo-Landing-Page"] - path = nixos/server/webpages/Jimbo-Landing-Page - url = ssh://gitea@git.jimbosfiles.com:2299/Jimbo/Jimbo-Landing-Page.git diff --git a/flake.nix b/flake.nix index 9d6ca33..26d2c7b 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ mail.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz"; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + nix-minecraft.url = "github:JimmJam/nix-minecraft"; # NixOS utils hardware.url = "github:nixos/nixos-hardware/master"; @@ -47,6 +47,9 @@ # Your custom packages and modifications, exported as overlays overlays = import ./overlays {inherit inputs;}; + # Secrets defined so they can be accessed globally + secrets = import ./secrets.nix; + # NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { JimDesktop = nixpkgs.lib.nixosSystem { diff --git a/home-manager/jimbo_server.nix b/home-manager/jimbo_server.nix index 4acfca8..ec037fb 100644 --- a/home-manager/jimbo_server.nix +++ b/home-manager/jimbo_server.nix @@ -13,7 +13,7 @@ in { sysdate = "${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimServer"; homedate = "home-manager switch --flake /etc/nixos/.#jimbo@JimServer"; - nixdate = "sysdate; homedate; notify-send 'NixOS switch done.'"; + nixdate = "sysdate; homedate"; }; }; } diff --git a/nixos/base.nix b/nixos/base.nix index 626277c..679f70a 100644 --- a/nixos/base.nix +++ b/nixos/base.nix @@ -1,18 +1,10 @@ # This is your system's configuration file. # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: { +{inputs, outputs, lib, config, pkgs, ...}: { # You can import other NixOS modules here imports = [ ./modules/networking.nix ./modules/gpg.nix - inputs.nix-minecraft.nixosModules.minecraft-servers ]; nixpkgs = { @@ -63,9 +55,7 @@ }; # Set timezone - time.timeZone = let - secrets = import ./modules/secrets.nix; - in secrets.timeZone; + time.timeZone = outputs.secrets.timeZone; # Select a terminal font console = { diff --git a/nixos/groups/nfs-share.nix b/nixos/groups/nfs-share.nix deleted file mode 100644 index 962d0f3..0000000 --- a/nixos/groups/nfs-share.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - # Define group for NFS access - users.groups = { - nfsShare = {}; - }; -} diff --git a/nixos/server.nix b/nixos/server.nix index 2cbc79e..73bc845 100644 --- a/nixos/server.nix +++ b/nixos/server.nix @@ -32,6 +32,7 @@ ./server/nginx.nix ./server/owncast.nix ./server/pufferpanel.nix + ./server/minecraft ./server/tandoor.nix ./server/vaultwarden.nix ./server/misc.nix diff --git a/nixos/server/acme.nix b/nixos/server/acme.nix index 316c3b5..1f978c7 100644 --- a/nixos/server/acme.nix +++ b/nixos/server/acme.nix @@ -1,11 +1,9 @@ -{ - security.acme = let - secrets = import ../modules/secrets.nix; - in { +{outputs, ...}: { + security.acme = { acceptTerms = true; - defaults.email = secrets.jimEmail; + defaults.email = outputs.secrets.jimEmail; certs = { - "turn.${secrets.jimDomain}" = { + "turn.${outputs.secrets.jimDomain}" = { group = "turnserver"; postRun = "systemctl restart coturn.service"; }; diff --git a/nixos/server/ddclient.nix b/nixos/server/ddclient.nix index 75d4c44..b86fddd 100644 --- a/nixos/server/ddclient.nix +++ b/nixos/server/ddclient.nix @@ -1,24 +1,22 @@ -{pkgs, ...}: { +{pkgs, outputs, ...}: { # DDClient for Dynamic IPs - services.ddclient = let - secrets = import ../modules/secrets.nix; - in { + services.ddclient = { enable = true; protocol = "cloudflare"; use = "web, web=https://ipinfo.io/ip"; - zone = "${secrets.jimDomain}"; + zone = "${outputs.secrets.jimDomain}"; username = "token"; - passwordFile = "${pkgs.writeText "cloudflareapikey" secrets.flareApiKey}"; + passwordFile = "${pkgs.writeText "cloudflareapikey" outputs.secrets.flareApiKey}"; domains = [ - "${secrets.jimDomain}" - "*.${secrets.jimDomain}" - "beta.${secrets.jimDomain}" - "git.${secrets.jimDomain}" - "john.${secrets.jimDomain}" - "mc.${secrets.jimDomain}" - "mx.${secrets.jimDomain}" - "panel.${secrets.jimDomain}" - "rtmp.${secrets.jimDomain}" + "${outputs.secrets.jimDomain}" + "*.${outputs.secrets.jimDomain}" + "beta.${outputs.secrets.jimDomain}" + "git.${outputs.secrets.jimDomain}" + "john.${outputs.secrets.jimDomain}" + "mc.${outputs.secrets.jimDomain}" + "mx.${outputs.secrets.jimDomain}" + "panel.${outputs.secrets.jimDomain}" + "rtmp.${outputs.secrets.jimDomain}" ]; }; } diff --git a/nixos/server/docker.nix b/nixos/server/docker.nix index 9eb21a7..d45b21b 100644 --- a/nixos/server/docker.nix +++ b/nixos/server/docker.nix @@ -1,13 +1,11 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { virtualisation.docker = { enable = true; daemon.settings.log-driver = "json-file"; }; # Azuracast Nginx: TODO, get a better solution than docker lmao - services.nginx.virtualHosts."radio.${secrets.jimDomain}" = { + services.nginx.virtualHosts."radio.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/element.nix b/nixos/server/element.nix index fa1d2fe..3543b83 100644 --- a/nixos/server/element.nix +++ b/nixos/server/element.nix @@ -1,20 +1,18 @@ -{pkgs, ...}: let - secrets = import ../modules/secrets.nix; -in { +{pkgs, outputs, ...}: { # Configure the Element web server nixpkgs.config.element-web.conf = { default_server_config = { "m.homeserver" = { - base_url = "https://matrix.${secrets.jimDomain}"; - server_name = "matrix.${secrets.jimDomain}"; + base_url = "https://matrix.${outputs.secrets.jimDomain}"; + server_name = "matrix.${outputs.secrets.jimDomain}"; }; }; branding = { - #welcome_background_url = "https://staging.${secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; - #auth_header_logo_url = "https://staging.${secrets.jimDomain}/images/logos/bloxelcom.png"; + #welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; + #auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png"; }; embedded_pages = { - home_url = "https://www.${secrets.jimDomain}/"; + home_url = "https://www.${outputs.secrets.jimDomain}/"; }; disable_custom_urls = true; disable_guests = true; @@ -22,7 +20,7 @@ in { }; # Serve the Element page over Nginx - services.nginx.virtualHosts."chat.${secrets.jimDomain}" = { + services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index 2744e3b..a28ee4a 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -1,11 +1,10 @@ -{ +{outputs, ...}: { # Allow forwarding boot.kernel.sysctl."net.ipv4.ip_forward" = 1; # Configure firewall networking = let ips = import ../modules/ips.nix; - secrets = import ../modules/secrets.nix; in { firewall = { allowPing = false; @@ -30,7 +29,7 @@ extraInputRules = '' ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS" ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS" - ip saddr { ${ips.pc}, ${secrets.lunaIP}, ${secrets.cornIP}, ${secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" + ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ''; }; @@ -52,8 +51,8 @@ tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM" udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM" - ip saddr ${secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM" - ip saddr ${secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM" + ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM" + ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM" } chain POSTROUTING { type nat hook postrouting priority 100; policy accept; diff --git a/nixos/server/gitea.nix b/nixos/server/gitea.nix index 2159208..323801f 100644 --- a/nixos/server/gitea.nix +++ b/nixos/server/gitea.nix @@ -1,29 +1,27 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services = { gitea = { enable = true; settings = { server = { - DOMAIN = "git.${secrets.jimDomain}"; - ROOT_URL = "https://git.${secrets.jimDomain}:443"; + DOMAIN = "git.${outputs.secrets.jimDomain}"; + ROOT_URL = "https://git.${outputs.secrets.jimDomain}:443"; HTTP_PORT = 3110; SSH_PORT = 2299; START_SSH_SERVER = true; }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${secrets.jimDomain}"; - FROM = "Jimbo's Git "; - USER = "noreply@${secrets.jimDomain}"; - PASSWD = secrets.noreplyPassword; + SMTP_ADDR = "mx.${outputs.secrets.jimDomain}"; + FROM = "Jimbo's Git "; + USER = "noreply@${outputs.secrets.jimDomain}"; + PASSWD = outputs.secrets.noreplyPassword; PROTOCOL = "smtps"; }; service.REGISTER_EMAIL_CONFIRM = true; }; }; - nginx.virtualHosts."git.${secrets.jimDomain}" = { + nginx.virtualHosts."git.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/icecast.nix b/nixos/server/icecast.nix index e3d81f0..1a2f5cc 100644 --- a/nixos/server/icecast.nix +++ b/nixos/server/icecast.nix @@ -1,18 +1,16 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { # Icecast, replacing Azuracast maybe services = { icecast = { enable = true; listen.port = 265; - hostname = "icecast.${secrets.jimDomain}"; + hostname = "icecast.${outputs.secrets.jimDomain}"; admin = { user = "jimbo"; - password = "${secrets.castPass}"; + password = "${outputs.secrets.castPass}"; }; }; - nginx.virtualHosts."icecast.${secrets.jimDomain}" = { + nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/lemmy.nix b/nixos/server/lemmy.nix index fd8a7fb..09a2829 100644 --- a/nixos/server/lemmy.nix +++ b/nixos/server/lemmy.nix @@ -1,25 +1,23 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services = { lemmy = { enable = true; nginx.enable = true; database.createLocally = true; settings = { - hostname = "lemmy.${secrets.jimDomain}"; + hostname = "lemmy.${outputs.secrets.jimDomain}"; email = { - smtp_server = "mx.${secrets.jimDomain}:587"; - smtp_login = "noreply@${secrets.jimDomain}"; - smtp_from_address = "Jimbo's Lemmy "; - smtp_password = secrets.noreplyPassword; + smtp_server = "mx.${outputs.secrets.jimDomain}:587"; + smtp_login = "noreply@${outputs.secrets.jimDomain}"; + smtp_from_address = "Jimbo's Lemmy "; + smtp_password = outputs.secrets.noreplyPassword; tls_type = "starttls"; }; }; }; # Add SSL to webpage - nginx.virtualHosts."lemmy.${secrets.jimDomain}" = { + nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; }; diff --git a/nixos/server/mailserver.nix b/nixos/server/mailserver.nix index 30e8fb0..0b43647 100644 --- a/nixos/server/mailserver.nix +++ b/nixos/server/mailserver.nix @@ -1,36 +1,34 @@ -{pkgs, ...}: let - secrets = import ../modules/secrets.nix; -in rec { +{pkgs, outputs, ...}: rec { # Mail server mailserver = rec { enable = true; enableManageSieve = true; - domains = [ "${secrets.jimDomain}" ]; - fqdn = "mx.${secrets.jimDomain}"; + domains = [ "${outputs.secrets.jimDomain}" ]; + fqdn = "mx.${outputs.secrets.jimDomain}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@${secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash; + "noreply@${outputs.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash; sendOnly = true; }; - "jimbo@${secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash; - aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; + "jimbo@${outputs.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash; + aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; - "lunamoonlight@${secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash; - aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; + "lunamoonlight@${outputs.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash; + aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; - "freecorn1854@${secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash; - aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; + "freecorn1854@${outputs.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash; + aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; }; - "tinyattack09@${secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash; + "tinyattack09@${outputs.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash; }; }; }; @@ -40,7 +38,7 @@ in rec { # Roundcube mail server roundcube = { enable = true; - hostName = "mail.${secrets.jimDomain}"; + hostName = "mail.${outputs.secrets.jimDomain}"; extraConfig = '' $config['smtp_server'] = "tls://${mailserver.fqdn}"; $config['smtp_user'] = "%u"; @@ -52,7 +50,7 @@ in rec { redis.servers.rspamd.port = 1515; # The hostname mail ports use - nginx.virtualHosts."mx.${secrets.jimDomain}" = { + nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/mastodon.nix b/nixos/server/mastodon.nix index 381d85e..77f0ff3 100644 --- a/nixos/server/mastodon.nix +++ b/nixos/server/mastodon.nix @@ -1,19 +1,17 @@ -{pkgs, ...}: { - services.mastodon = let - secrets = import ../modules/secrets.nix; - in { +{pkgs, outputs, ...}: { + services.mastodon = { enable = true; - localDomain = "social.${secrets.jimDomain}"; + localDomain = "social.${outputs.secrets.jimDomain}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.${secrets.jimDomain}"; + host = "mx.${outputs.secrets.jimDomain}"; port = 587; authenticate = true; - fromAddress = "Jimbo's Mastodon "; - user = "noreply@${secrets.jimDomain}"; - passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword; + fromAddress = "Jimbo's Mastodon "; + user = "noreply@${outputs.secrets.jimDomain}"; + passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword; }; }; } diff --git a/nixos/server/matrix-discord.nix b/nixos/server/matrix-discord.nix index 344af0e..d201dbb 100644 --- a/nixos/server/matrix-discord.nix +++ b/nixos/server/matrix-discord.nix @@ -1,17 +1,15 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services.matrix-appservice-discord = { enable = true; settings = { auth = { - clientID = "${secrets.discordBotID}"; - botToken = "${secrets.discordBotToken}"; + clientID = "${outputs.secrets.discordBotID}"; + botToken = "${outputs.secrets.discordBotToken}"; usePrivilegedIntents = true; }; bridge = { - domain = "${secrets.jimDomain}"; - homeserverUrl = "https://matrix.${secrets.jimDomain}"; + domain = "${outputs.secrets.jimDomain}"; + homeserverUrl = "https://matrix.${outputs.secrets.jimDomain}"; }; }; }; diff --git a/nixos/server/minecraft/common.nix b/nixos/server/minecraft/common.nix new file mode 100644 index 0000000..fec913a --- /dev/null +++ b/nixos/server/minecraft/common.nix @@ -0,0 +1,66 @@ +{pkgs, ...}: { + # Common properties + serverProperties = { + enforce-secure-profile = false; + max-players = 20; + online-mode = false; + spawn-protection = 0; + view-distance = 10; + simulation-distance = 10; + white-list = true; + }; + + # Common whitelist + whitelist = { + K5G = "8656dc10-6050-4a17-b29e-88c4babbc54c"; + K5U = "f583f591-ad9b-4a30-8d91-514881b31394"; + JimmJam = "2f7affee-e10b-450f-a5e2-44c79a14a109"; + DewDemolisher = "9205524f-3886-483d-b471-82bb9905671a"; + Freecorn1854 = "8299cd8d-3cd4-4779-8180-0d9db6dc12a9"; + Tinyattack09 = "aaa8e9e2-4e51-4925-b9df-8a9504aec5d5"; + Ankha3000 = "dd65a277-f618-411e-812c-900c9c7e82d9"; + catoiico = "01f10cdf-c146-437e-99b1-2278b5dbe420"; + Sp0ok7 = "016c3daa-3dd5-4631-ae79-3a6f48d7cbe6"; + PooxterMooxter = "c973f4b5-ab50-45e3-b3eb-36286a6f66aa"; + }; + + # Common plugins + symlinks = { + "plugins/Backuper.jar" = builtins.fetchurl { + url = "https://cdn.modrinth.com/data/7cMAqMND/versions/nkcNIvUw/Backuper-3.0.1.jar"; + sha256 = "081hvs7khd9s8598i59ai8n0idp85rgc89m9hpfajwym9rmy7il4"; + }; + "plugins/BungeeGuard.jar" = builtins.fetchurl { + url = "https://github.com/lucko/BungeeGuard/releases/download/v1.3.3/BungeeGuard.jar"; + sha256 = "0cackavwk7kl71hn1i78hcvkdp7q81srq35nranpvysbmm8v34vk"; + }; + "plugins/EssentialsX.jar" = builtins.fetchurl { + url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsX-2.21.0-dev+111-b54c8c1.jar"; + sha256 = "0kcsgz5kcfbjc3nbdlgp549y497m4v90dnjqkv30sd1bfyzs9i5z"; + }; + "plugins/EssentialsXChat.jar" = builtins.fetchurl { + url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.21.0-dev+111-b54c8c1.jar"; + sha256 = "0nraiclvnpl69gigs7h6vq55iksfd47clbzp7n3rsjmgvrbl1wil"; + }; + "plugins/LuckPerms.jar" = builtins.fetchurl { + url = "https://download.luckperms.net/1556/bukkit/loader/LuckPerms-Bukkit-5.4.141.jar"; + sha256 = "02ad0dl34vdk6b1wyflqa6wq440xrh5w7yf3z3w1x1g089myddw4"; + }; + "plugins/ProtocolLib.jar" = builtins.fetchurl { + url = "https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar"; + sha256 = "16krc7pyav4khnaxkyg27i5yxsgcdkildrn4nm5bhzh1f0ngqv2s"; + }; + "plugins/Vault.jar" = builtins.fetchurl { + url = "https://github.com/MilkBowl/Vault/releases/download/1.7.3/Vault.jar"; + sha256 = "07fhfz7ycdlbmxsri11z02ywkby54g6wi9q0myxzap1syjbyvdd6"; + }; + "plugins/VoiceChat.jar" = builtins.fetchurl { + url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/nS19YToN/voicechat-bukkit-2.5.20.jar"; + sha256 = "023wjx0zxf9rc2x9vsqg398wapz0nlwfs5g6c8pci3qx75i5s4jx"; + }; + + # Config files + "plugins/Essentials/config.yml" = ./essentialsconfig.yml; + "plugins/voicechat/voicechat-server.properties" = ./vcserver.properties; + }; +} diff --git a/nixos/server/minecraft/default.nix b/nixos/server/minecraft/default.nix new file mode 100644 index 0000000..680e62c --- /dev/null +++ b/nixos/server/minecraft/default.nix @@ -0,0 +1,17 @@ +{inputs, ...}: { + imports = [ + inputs.nix-minecraft.nixosModules.minecraft-servers + ./servers/velocity.nix + #./servers/viaproxy.nix + ./servers/dewdemolisher.nix + ./servers/johnside.nix + ./servers/blockworld.nix + #./servers/beta.nix + ]; + nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; + + services.minecraft-servers = { + enable = true; + eula = true; + }; +} diff --git a/nixos/server/minecraft/essentialsconfig.yml b/nixos/server/minecraft/essentialsconfig.yml new file mode 100644 index 0000000..05633d5 --- /dev/null +++ b/nixos/server/minecraft/essentialsconfig.yml @@ -0,0 +1,1210 @@ + +############################################################ +# +------------------------------------------------------+ # +# | Notes | # +# +------------------------------------------------------+ # +############################################################ + +# This is the config file for EssentialsX. +# This config was generated for version 2.21.0-dev+107-7b02d22. + +# If you want to use special characters in this document, such as accented letters, you MUST save the file as UTF-8, not ANSI. +# If you receive an error when Essentials loads, ensure that: +# - No tabs are present: YAML only allows spaces +# - Indents are correct: YAML hierarchy is based entirely on indentation +# - You have "escaped" all apostrophes in your text: If you want to write "don't", for example, write "don''t" instead (note the doubled apostrophe) +# - Text with symbols is enclosed in single or double quotation marks + +# If you need help, you can join the EssentialsX community: https://essentialsx.net/community.html + +############################################################ +# +------------------------------------------------------+ # +# | Essentials (Global) | # +# +------------------------------------------------------+ # +############################################################ + +# A color code between 0-9 or a-f. Set to 'none' to disable. +# In 1.16+ you can use hex color codes here as well. (For example, #613e1d is brown). +ops-name-color: 'none' + +# The character(s) to prefix all nicknames, so that you know they are not true usernames. +# Users with essentials.nick.hideprefix will not be prefixed with the character(s) +nickname-prefix: '~' + +# The maximum length allowed in nicknames. The nickname prefix is not included in this. +max-nick-length: 15 + +# A list of phrases that cannot be used in nicknames. You can include regular expressions here. +# Users with essentials.nick.blacklist.bypass will be able to bypass this filter. +nick-blacklist: +#- Notch +#- '^Dinnerbone' + +# When this option is enabled, nickname length checking will exclude color codes in player names. +# ie: "&6Notch" has 7 characters (2 are part of a color code), a length of 5 is used when this option is set to true +ignore-colors-in-max-nick-length: false + +# When this option is enabled, display names for hidden users will not be shown. This prevents players from being +# able to see that they are online while vanished. +hide-displayname-in-vanish: true + +# Disable this if you have any other plugin, that modifies the displayname of a user. +change-displayname: true + +# This option will cause Essentials to show players' displaynames instead of usernames when tab completing Essentials commands. +change-tab-complete-name: false + +# When this option is enabled, the (tab) player list will be updated with the displayname. +# The value of change-displayname (above) has to be true. +change-playerlist: true + +# When EssentialsChat.jar isn't used, force essentials to add the prefix and suffix from permission plugins to displayname. +# This setting is ignored if EssentialsChat.jar is used, and defaults to 'true'. +# The value of change-displayname (above) has to be true. +# Do not edit this setting unless you know what you are doing! +#add-prefix-suffix: false + +# When this option is enabled, player prefixes will be shown in the playerlist. +# This feature only works for Minecraft version 1.8 and higher. +# This value of change-playerlist has to be true +add-prefix-in-playerlist: true + +# When this option is enabled, player suffixes will be shown in the playerlist. +# This feature only works for Minecraft version 1.8 and higher. +# This value of change-playerlist has to be true +add-suffix-in-playerlist: true + +# If the teleport destination is unsafe, should players be teleported to the nearest safe location? +# If this is set to true, Essentials will attempt to teleport players close to the intended destination. +# If this is set to false, attempted teleports to unsafe locations will be cancelled with a warning. +teleport-safety: true + +# This forcefully disables teleport safety checks without a warning if attempting to teleport to unsafe locations. +# teleport-safety and this option need to be set to true to force teleportation to dangerous locations. +force-disable-teleport-safety: false + +# If a player is teleporting to an unsafe location in creative, adventure, or god mode; they will not be teleported to a +# safe location. If you'd like players to be teleported to a safe location all of the time, set this option to true. +force-safe-teleport-location: false + +# If a player has any passengers, the teleport will fail. Should their passengers be dismounted before they are teleported? +# If this is set to true, Essentials will dismount the player's passengers before teleporting. +# If this is set to false, attempted teleports will be canceled with a warning. +teleport-passenger-dismount: true + +# The delay, in seconds, required between /home, /tp, etc. +teleport-cooldown: 0 + +# The delay, in seconds, before a user actually teleports. If the user moves or gets attacked in this timeframe, the teleport is cancelled. +teleport-delay: 0 + +# The delay, in seconds, a player can't be attacked by other players after they have been teleported by a command. +# This will also prevent the player attacking other players. +teleport-invulnerability: 4 + +# Whether to make all teleportations go to the center of the block; where the x and z coordinates decimal become .5 +teleport-to-center: true + +# The delay, in seconds, required between /heal or /feed attempts. +heal-cooldown: 60 + +# Do you want to remove potion effects when healing a player? +remove-effects-on-heal: true + +# Near Radius +# The default radius with /near +# Used to use chat radius but we are going to make it separate. +near-radius: 200 + +# What to prevent from /item and /give. +# e.g item-spawn-blacklist: 10,11,46 +item-spawn-blacklist: + +# Set this to true if you want permission based item spawn rules. +# Note: The blacklist above will be ignored then. +# Example permissions (these go in your permissions manager): +# - essentials.itemspawn.item-all +# - essentials.itemspawn.item-[itemname] +# - essentials.itemspawn.item-[itemid] +# - essentials.give.item-all +# - essentials.give.item-[itemname] +# - essentials.give.item-[itemid] +# - essentials.unlimited.item-all +# - essentials.unlimited.item-[itemname] +# - essentials.unlimited.item-[itemid] +# - essentials.unlimited.item-bucket # Unlimited liquid placing +# +# For more information, visit http://wiki.ess3.net/wiki/Command_Reference/ICheat#Item.2FGive +permission-based-item-spawn: false + +# Mob limit on the /spawnmob command per execution. +spawnmob-limit: 10 + +# Shall we notify users when using /lightning? +warn-on-smite: true + +# Shall we drop items instead of adding to inventory if the target inventory is full? +drop-items-if-full: false + +# Essentials Mail Notification +# Should we notify players if they have no new mail? +notify-no-new-mail: true + +# Specifies the duration (in seconds) between each time a player is notified of mail they have. +# Useful for servers with a lot of mail traffic. +notify-player-of-mail-cooldown: 60 + +# The motd and rules are now configured in the files motd.txt and rules.txt. + +# When a command conflicts with another plugin, by default, Essentials will try to force the OTHER plugin to take priority. +# Commands in this list, will tell Essentials to 'not give up' the command to other plugins. +# In this state, which plugin 'wins' appears to be almost random. +# +# If you have two plugin with the same command and you wish to force Essentials to take over, you need an alias. +# To force essentials to take 'god' alias 'god' to 'egod'. +# See https://bukkit.fandom.com/wiki/Commands.yml#aliases for more information. + +overridden-commands: +# - god +# - info + +# Disabling commands here will prevent Essentials handling the command, this will not affect command conflicts. +# You should not have to disable commands used in other plugins, they will automatically get priority. +# See https://bukkit.fandom.com/wiki/Commands.yml#aliases to map commands to other plugins. +disabled-commands: +# - nick +# - clear + +# Whether or not Essentials should show detailed command usages. +# If set to false, Essentials will collapse all usages in to one single usage message. +verbose-command-usages: true + +# These commands will be shown to players with socialSpy enabled. +# You can add commands from other plugins you may want to track or +# remove commands that are used for something you dont want to spy on. +# Set - '*' in order to listen on all possible commands. +socialspy-commands: + - msg + - w + - r + - mail + - m + - t + - whisper + - emsg + - tell + - er + - reply + - ereply + - email + - action + - describe + - eme + - eaction + - edescribe + - etell + - ewhisper + - pm + +# Whether the private and public messages from muted players should appear in the social spy. +# If so, they will be differentiated from those sent by normal players. +socialspy-listen-muted-players: true + +# Whether social spy should spy on private messages or just the commands from the list above. +# If false, social spy will only monitor commands from the list above. +socialspy-messages: true + +# Whether social spy should use formatted display names which may include color. +# If false, social spy will use only the actual player names. +socialspy-uses-displaynames: true + +# The following settings listen for when a player changes worlds. +# If you use another plugin to control speed and flight, you should change these to false. + +# When a player changes world, should EssentialsX reset their flight? +# This will disable flight if the player does not have essentials.fly. +world-change-fly-reset: true + +# When a player changes world, should we reset their speed according to their permissions? +# This resets the player's speed to the default if they don't have essentials.speed. +# If the player doesn't have essentials.speed.bypass, this resets their speed to the maximum specified above. +world-change-speed-reset: true + +# Mute Commands +# These commands will be disabled when a player is muted. +# Use '*' to disable every command. +# Essentials already disabled Essentials messaging commands by default. +# It only cares about the root command, not args after that (it sees /f chat the same as /f) +mute-commands: + - f + - kittycannon + # - '*' + +# If you do not wish to use a permission system, you can define a list of 'player perms' below. +# This list has no effect if you are using a supported permissions system. +# If you are using an unsupported permissions system, simply delete this section. +# Whitelist the commands and permissions you wish to give players by default (everything else is op only). +# These are the permissions without the "essentials." part. +# +# To enable this feature, please set use-bukkit-permissions to false. +player-commands: + - afk + - afk.auto + - back + - back.ondeath + - balance + - balance.others + - balancetop + - build + - chat.color + - chat.format + - chat.shout + - chat.question + - clearinventory + - compass + - depth + - delhome + - getpos + - geoip.show + - help + - helpop + - home + - home.others + - ignore + - info + - itemdb + - kit + - kits.tools + - list + - mail + - mail.send + - me + - motd + - msg + - msg.color + - nick + - near + - pay + - ping + - protect + - r + - rules + - renamehome + - realname + - seen + - sell + - sethome + - setxmpp + - signs.create.protection + - signs.create.trade + - signs.break.protection + - signs.break.trade + - signs.use.balance + - signs.use.buy + - signs.use.disposal + - signs.use.enchant + - signs.use.free + - signs.use.gamemode + - signs.use.heal + - signs.use.info + - signs.use.kit + - signs.use.mail + - signs.use.protection + - signs.use.repair + - signs.use.sell + - signs.use.time + - signs.use.trade + - signs.use.warp + - signs.use.weather + - spawn + - suicide + - time + - tpa + - tpaccept + - tpahere + - tpdeny + - warp + - warp.list + - world + - worth + - xmpp + +# Use this option to force superperms-based permissions handler regardless of detected installed perms plugin. +# This is useful if you want superperms-based permissions (with wildcards) for custom permissions plugins. +# If you wish to use EssentialsX's built-in permissions using the `player-commands` section above, set this to false. +# Default is true. +use-bukkit-permissions: true + +# When this option is enabled, one-time use kits (ie. delay < 0) will be +# removed from the /kit list when a player can no longer use it +skip-used-one-time-kits-from-kit-list: false + +# When enabled, armor from kits will automatically be equipped as long as the player's armor slots are empty. +kit-auto-equip: false + +# Determines the functionality of the /createkit command. +# If this is true, /createkit will give the user a link with the kit code. +# If this is false, /createkit will add the kit to the kits.yml config file directly. +# Default is false. +pastebin-createkit: false + +# Determines if /createkit will generate kits using NBT item serialization. +# If this is true, /createkit will store items as NBT; otherwise, it will use Essentials' human-readable item format. +# By using NBT serialization, /createkit can store items with complex metadata such as shulker boxes and weapons with custom attributes. +# WARNING: This option only works on 1.15.2+ Paper servers, and it will bypass any custom serializers from other plugins such as Magic. +# WARNING: When creating kits via /createkit with this option enabled, you will not be able to downgrade your server with these kit items. +# This option only affects /createkit - you can still create kits by hand in `kits.yml` using Essentials' human-readable item format. +# Default is false. +use-nbt-serialization-in-createkit: false + +# Essentials Sign Control +# See http://wiki.ess3.net/wiki/Sign_Tutorial for instructions on how to use these. +# To enable signs, remove # symbol. To disable all signs, comment/remove each sign. +# Essentials colored sign support will be enabled when any sign types are enabled. +# Color is not an actual sign, it's for enabling using color codes on signs, when the correct permissions are given. + +enabledSigns: + #- color + #- balance + #- buy + #- sell + #- trade + #- free + #- warp + #- kit + #- mail + #- enchant + #- gamemode + #- heal + #- info + #- spawnmob + #- repair + #- time + #- weather + #- anvil + #- cartography + #- disposal + #- grindstone + #- loom + #- smithing + #- workbench + +# How many times per second can Essentials signs be interacted with per player. +# Values should be between 1-20, 20 being virtually no lag protection. +# Lower numbers will reduce the possibility of lag, but may annoy players. +sign-use-per-second: 4 + +# Allow item IDs on pre-existing signs on 1.13 and above. +# You cannot use item IDs on new signs, but this will allow players to interact with signs that +# were placed before 1.13. +allow-old-id-signs: false + +# List of sign names Essentials should not protect. This feature is especially useful when +# another plugin provides a sign that EssentialsX provides, but Essentials overrides. +# For example, if a plugin provides a [kit] sign, and you wish to use theirs instead of +# Essentials's, then simply add kit below and Essentials will not protect it. +# +# See https://github.com/drtshock/Essentials/pull/699 for more information. +unprotected-sign-names: + #- kit + +# Backup runs a custom batch/bash command at a specified interval. +# The server will save the world before executing the backup command, and disable +# saving during the backup to prevent world corruption or other conflicts. +# Backups can also be triggered manually with /backup. +backup: + # Interval in minutes. + interval: 30 + # If true, the backup task will run even if there are no players online. + always-run: false + # Unless you add a valid backup command or script here, this feature will be useless. + # Use 'save-all' to simply force regular world saving without backup. + # The example command below utilizes rdiff-backup: https://rdiff-backup.net/ + #command: 'rdiff-backup World1 backups/World1' + +# Set this true to enable permission per warp. +per-warp-permission: false + +# Sort output of /list command by groups. +# You can hide and merge the groups displayed in /list by defining the desired behaviour here. +# Detailed instructions and examples can be found on the wiki: http://wiki.ess3.net/wiki/List +list: + # To merge groups, list the groups you wish to merge + #Staff: owner admin moderator + Admins: owner admin + # To limit groups, set a max user limit + #builder: 20 + # To hide groups, set the group as hidden + #default: hidden + # Uncomment the line below to simply list all players with no grouping + #Players: '*' + +# Displays real names in /list next to players who are using a nickname. +real-names-on-list: false + +# More output to the console. +debug: false + +# Set the locale for all messages. +# If you don't set this, the default locale of the server will be used. +# For example, to set language to English, set locale to en, to use the file "messages_en.properties". +# Don't forget to remove the # in front of the line. +# For more information, visit https://essentialsx.net/wiki/Locale.html +#locale: en + +# Should EssentialsX use player's language instead of the server's when sending messages? +# This is useful if you want to use a different language for your server than for your players. +# For example, if you have your server set to English and a player who speaks French, you can set this to true +# and EssentialsX will send messages in French to the player and messages in the console as English. +# If a player's language is not known, the server's language (or one defined above) will be used. +per-player-locale: false + +# Change the default primary and secondary colours used in EssentialsX messages. +# Some messages may use custom colours, which will need to be edited in the appropriate message files. +# For more information on customising messages, see https://essentialsx.net/wiki/Locale.html +message-colors: + primary: '#ffaa00' + secondary: '#ff5555' + +# Turn off god mode when people leave the server. +remove-god-on-disconnect: false + +# Auto-AFK +# After this timeout in seconds, the user will be set as AFK. +# This feature requires the player to have essentials.afk.auto node. +# Set to -1 for no timeout. +auto-afk: 300 + +# Auto-AFK Kick +# After this timeout in seconds, the user will be kicked from the server. +# essentials.afk.kickexempt node overrides this feature. +# Set to -1 for no timeout. +auto-afk-kick: -1 + +# Set this to true, if you want to freeze the player, if the player is AFK. +# Other players or monsters can't push the player out of AFK mode then. +# This will also enable temporary god mode for the AFK player. +# The player has to use the command /afk to leave the AFK mode. +freeze-afk-players: false + +# When the player is AFK, should he be able to pickup items? +# Enable this, when you don't want people idling in mob traps. +disable-item-pickup-while-afk: false + +# This setting controls if a player is marked as active on interaction. +# When this setting is false, the player would need to manually un-AFK using the /afk command. +cancel-afk-on-interact: true + +# Should we automatically remove afk status when a player moves? +# Player will be removed from AFK on chat/command regardless of this setting. +# Disable this to reduce server lag. +cancel-afk-on-move: true + +# Should we automatically remove afk status when a player sends a chat message? +cancel-afk-on-chat: true + +# Should AFK players be ignored when other players are trying to sleep? +# When this setting is false, players won't be able to skip the night if some players are AFK. +# Users with the permission node essentials.sleepingignored will always be ignored. +sleep-ignores-afk-players: true + +# Should vanished players be ignored when other players are trying to sleep? +# When this setting is false, player's won't be able to skip the night if vanished players are not sleeping. +# Users with the permission node essentials.sleepingignored will always be ignored. +sleep-ignores-vanished-player: true + +# Set the player's list name when they are AFK. This is none by default which specifies that Essentials +# should not interfere with the AFK player's list name. +# You may use color codes, use {USERNAME} the player's name or {PLAYER} for the player's displayname. +afk-list-name: "none" + +# When a player enters or exits AFK mode, should the AFK notification be broadcast +# to the entire server, or just to the player? +# When this setting is false, only the player will be notified upon changing their AFK state. +broadcast-afk-message: true + +# You can disable the death messages of Minecraft here. +death-messages: true + +# How should essentials handle players with the essentials.keepinv permission who have items with +# curse of vanishing when they die? +# You can set this to "keep" (to keep the item), "drop" (to drop the item), or "delete" (to delete the item). +# Defaults to "keep" +vanishing-items-policy: keep + +# How should essentials handle players with the essentials.keepinv permission who have items with +# curse of binding when they die? +# You can set this to "keep" (to keep the item), "drop" (to drop the item), or "delete" (to delete the item). +# Defaults to "keep" +binding-items-policy: keep + +# When players die, should they receive the coordinates they died at? +send-info-after-death: false + +# Should players with permissions be able to join and part silently? +# You can control this with essentials.silentjoin and essentials.silentquit permissions if it is enabled. +# In addition, people with essentials.silentjoin.vanish will be vanished on join. +allow-silent-join-quit: false + +# You can set custom join and quit messages here. Set this to "none" to use the default Minecraft message, +# or set this to "" to hide the message entirely. + +# Available placeholders: +# {PLAYER} - The player's displayname. +# {USERNAME} - The player's username. +# {PREFIX} - The player's prefix. +# {SUFFIX} - The player's suffix. +# {ONLINE} - The number of players online. +# {UNIQUE} - The number of unique players to join the server. +# {UPTIME} - The amount of time the server has been online. +custom-join-message: "none" +custom-quit-message: "none" + +# You can set a custom join message for users who join with a new username here. +# This message will only be used if a user has joined before and have since changed their username. +# This will be displayed INSTEAD OF custom-join-message, so if you intend to keep them similar, make sure they match. +# Set this to "none" to use the the "custom-join-message" above for every join. + +# Available placeholders: +# {PLAYER} - The player's displayname. +# {USERNAME} - The player's username. +# {OLDUSERNAME} - The player's old username. +# {PREFIX} - The player's prefix. +# {SUFFIX} - The player's suffix. +# {ONLINE} - The number of players online. +# {UNIQUE} - The number of unique players to join the server. +# {UPTIME} - The amount of time the server has been online. +custom-new-username-message: "none" + +# Should Essentials override the vanilla "Server Full" message with its own from the language file? +# Set to false to keep the vanilla message. +use-custom-server-full-message: true + +# You can disable join and quit messages when the player count reaches a certain limit. +# When the player count is below this number, join/quit messages will always be shown. +# Set this to -1 to always show join and quit messages regardless of player count. +hide-join-quit-messages-above: -1 + +# Add worlds to this list, if you want to automatically disable god mode there. +no-god-in-worlds: +# - world_nether + +# Set to true to enable per-world permissions for teleporting between worlds with essentials commands. +# This applies to /world, /back, /tp[a|o][here|all], but not warps. +# Give someone permission to teleport to a world with essentials.worlds. +# This does not affect the /home command, there is a separate toggle below for this. +world-teleport-permissions: false + +# The number of items given if the quantity parameter is left out in /item or /give. +# If this number is below 1, the maximum stack size size is given. If over-sized stacks. +# are not enabled, any number higher than the maximum stack size results in more than one stack. +default-stack-size: -1 + +# Over-sized stacks are stacks that ignore the normal max stack size. +# They can be obtained using /give and /item, if the player has essentials.oversizedstacks permission. +# How many items should be in an over-sized stack? +oversized-stacksize: 64 + +# Allow repair of enchanted weapons and armor. +# If you set this to false, you can still allow it for certain players using the permission. +# essentials.repair.enchanted +repair-enchanted: true + +# Allow 'unsafe' enchantments in kits and item spawning. +# Warning: Mixing and overleveling some enchantments can cause issues with clients, servers and plugins. +unsafe-enchantments: false + +# The maximum range from the player that the /tree and /bigtree commands can spawn trees. +tree-command-range-limit: 300 + +#Do you want Essentials to keep track of previous location for /back in the teleport listener? +#If you set this to true any plugin that uses teleport will have the previous location registered. +register-back-in-listener: false + +#Delay to wait before people can cause attack damage after logging in. +login-attack-delay: 5 + +#Set the max fly speed, values range from 0.1 to 1.0 +max-fly-speed: 0.8 + +#Set the max walk speed, values range from 0.1 to 1.0 +max-walk-speed: 0.8 + +#Set the maximum amount of mail that can be sent within a minute. +mails-per-minute: 1000 + +# Set the maximum time /mute can be used for in seconds. +# Set to -1 to disable, and essentials.mute.unlimited can be used to override. +max-mute-time: -1 + +# Set the maximum time /tempban can be used for in seconds. +# Set to -1 to disable, and essentials.tempban.unlimited can be used to override. +max-tempban-time: -1 + +# Changes the default /reply functionality. This can be changed on a per-player basis using /rtoggle. +# If true, /r goes to the person you messaged last, otherwise the first person that messaged you. +# If false, /r goes to the last person that messaged you. +last-message-reply-recipient: true + +# If last-message-reply-recipient is enabled for a particular player, +# this specifies the duration, in seconds, that would need to elapse for the +# reply-recipient to update when receiving a message. +# Default is 180 (3 minutes) +last-message-reply-recipient-timeout: 180 + +# Changes the default /reply functionality. +# If true, /reply will not check if the person you're replying to has vanished. +# If false, players will not be able to /reply to players who they can no longer see due to vanish. +last-message-reply-vanished: false + +# Toggles whether or not left clicking mobs with a milk bucket turns them into a baby. +milk-bucket-easter-egg: true + +# Toggles whether or not the fly status message should be sent to players on join +send-fly-enable-on-join: true + +# Set to true to enable per-world permissions for setting time for individual worlds with essentials commands. +# This applies to /time, /day, /eday, /night, /enight, /etime. +# Give someone permission to teleport to a world with essentials.time.world.. +world-time-permissions: false + +# Specify cooldown for both Essentials commands and external commands as well. +# All commands do not start with a Forward Slash (/). Instead of /msg, write msg +# +# Wildcards are supported. E.g. +# - '*i*': 50 +# adds a 50 second cooldown to all commands that include the letter i +# +# EssentialsX supports regex by starting the command with a caret ^ +# For example, to target commands starting with ban and not banip the following would be used: +# '^ban([^ip])( .*)?': 60 # 60 seconds /ban cooldown. +# Note: If you have a command that starts with ^, then you can escape it using backslash (\). e.g. \^command: 123 +command-cooldowns: +# feed: 100 # 100 second cooldown on /feed command +# '*': 5 # 5 Second cooldown on all commands + +# Whether command cooldowns should be persistent past server shutdowns +command-cooldown-persistence: true + +# Whether NPC balances should be listed in balance ranking features such as /balancetop. +# NPC balances can include features like factions from FactionsUUID plugin. +npcs-in-balance-ranking: false + +# Allow bulk buying and selling signs when the player is sneaking. +# This is useful when a sign sells or buys one item at a time and the player wants to sell a bunch at once. +allow-bulk-buy-sell: true + +# Allow selling of items with custom names with the /sell command. +# This may be useful to prevent players accidentally selling named items. +allow-selling-named-items: false + +# Delay for the MOTD display for players on join, in milliseconds. +# This has no effect if the MOTD command or permission are disabled. +# This can also be set to -1 to completely disable the join MOTD all together. +delay-motd: 0 + +# A list of commands that should have their complementary confirm commands enabled by default. +# This is empty by default, for the latest list of valid commands see the latest source config.yml. +default-enabled-confirm-commands: +#- pay +#- clearinventory + +# Where should Essentials teleport players when they are freed from jail? +# You can set to "back" to have them teleported to where they were before they were jailed, "spawn" to have them +# teleport to spawn, or "off" to not have them teleport. +teleport-when-freed: back + +# Whether or not jail time should only be counted while the user is online. +# If true, a jailed player's time will only decrement when they are online. +jail-online-time: false + +# Set the timeout, in seconds for players to accept a tpa before the request is cancelled. +# Set to 0 for no timeout. +tpa-accept-cancellation: 120 + +# The maximum number of simultaneous tpa requests that can be pending for any player. +# Once past this threshold, old requests will instantly time out. +# Defaults to 5. +tpa-max-requests: 5 + +# Allow players to set hats by clicking on their helmet slot. +allow-direct-hat: true + +# Allow in-game players to specify a world when running /broadcastworld. +# If false, running /broadcastworld in-game will always send a message to the player's current world. +# This doesn't affect running the command from the console, where a world is always required. +allow-world-in-broadcastworld: true + +# Consider water blocks as "safe," therefore allowing players to teleport +# using commands such as /home or /spawn to a location that is occupied +# by water blocks +is-water-safe: false + +# Should the usermap try to sanitise usernames before saving them? +# You should only change this to false if you use Minecraft China. +safe-usermap-names: true + +# Should Essentials output logs when a command block executes a command? +# Example: CommandBlock at ,, issued server command: / +log-command-block-commands: true + +# Set the maximum speed for projectiles spawned with /fireball. +max-projectile-speed: 8 + +# Set the maximum amount of lore lines a user can set with the /itemlore command. +# Users with the essentials.itemlore.bypass permission will be able to bypass this limit. +max-itemlore-lines: 10 + +# Should EssentialsX check for updates? +# If set to true, EssentialsX will show notifications when a new version is available. +# This uses the public GitHub API and no identifying information is sent or stored. +update-check: true + +############################################################ +# +------------------------------------------------------+ # +# | Homes | # +# +------------------------------------------------------+ # +############################################################ + +# Allows people to set their bed during the day. +# This setting has no effect in Minecraft 1.15+, as Minecraft will always allow the player to set their bed location during the day. +update-bed-at-daytime: true + +# Set to true to enable per-world permissions for using homes to teleport between worlds. +# This applies to the /home command only. +# Give someone permission to teleport to a world with essentials.worlds. +world-home-permissions: false + +# Allow players to have multiple homes. +# Players need essentials.sethome.multiple before they can have more than 1 home. +# You can set the default number of multiple homes using the 'default' rank below. +# To remove the home limit entirely, give people 'essentials.sethome.multiple.unlimited'. +# To grant different home amounts to different people, you need to define a 'home-rank' below. +# Create the 'home-rank' below, and give the matching permission: essentials.sethome.multiple. +# For more information, visit http://wiki.ess3.net/wiki/Multihome +sethome-multiple: + default: 3 + vip: 5 + staff: 10 + +# In this example someone with 'essentials.sethome.multiple' and 'essentials.sethome.multiple.vip' will have 5 homes. +# Remember, they MUST have both permission nodes in order to be able to set multiple homes. + +# Controls whether players need the permission "essentials.home.compass" in order to point +# the player's compass at their first home. +# +# Leaving this as false will retain Essentials' original behaviour, which is to always +# change the compass' direction to point towards their first home. +compass-towards-home-perm: false + +# If no home is set, would you like to send the player to spawn? +# If set to false, players will not be teleported when they run /home without setting a home first. +spawn-if-no-home: true + +# Should players be asked to provide confirmation for homes which they attempt to overwrite? +confirm-home-overwrite: false + +############################################################ +# +------------------------------------------------------+ # +# | Economy | # +# +------------------------------------------------------+ # +############################################################ + +# For more information, visit http://wiki.ess3.net/wiki/Essentials_Economy + +# You can control the values of items that are sold to the server by using the /setworth command. + +# Defines the balance with which new players begin. Defaults to 0. +starting-balance: 0 + +# Defines the cost to use the given commands PER USE. +# Some commands like /repair have sub-costs, check the wiki for more information. +command-costs: + # /example costs $1000 PER USE + #example: 1000 + # /kit tools costs $1500 PER USE + #kit-tools: 1500 + +# Set this to a currency symbol you want to use. +# Remember, if you want to use special characters in this document, +# such as accented letters, you MUST save the file as UTF-8, not ANSI. +currency-symbol: '$' + +# Enable this to make the currency symbol appear at the end of the amount rather than at the start. +# For example, the euro symbol typically appears after the current amount. +currency-symbol-suffix: false + +# Set the maximum amount of money a player can have. +# The amount is always limited to 10 trillion because of the limitations of a java double. +max-money: 10000000000000 + +# Set the minimum amount of money a player can have (must be above the negative of max-money). +# Setting this to 0, will disable overdrafts/loans completely. Users need 'essentials.eco.loan' perm to go below 0. +min-money: -10000 + +# Enable this to log all interactions with trade/buy/sell signs and sell command. +economy-log-enabled: false + +# Enable this to also log all transactions from other plugins through Vault. +# This can cause the economy log to fill up quickly so should only be enabled for testing purposes! +economy-log-update-enabled: false + +# Minimum acceptable amount to be used in /pay. +minimum-pay-amount: 0.001 + +# Enable this to block users who try to /pay another user which ignore them. +pay-excludes-ignore-list: false + +# Whether or not users with a balance less than or equal to $0 should be shown in balance-top. +# Setting to false will not show people with balances <= 0 in balance-top. +# NOTE: After reloading the config, you must also run '/baltop force' for this to appear +show-zero-baltop: true + +# The format of currency, excluding symbols. See currency-symbol-format-locale for symbol configuration. +# +# "#,##0.00" is how the majority of countries display currency. +#currency-format: "#,##0.00" + +# Format currency symbols. Some locales use , and . interchangeably. +# Some formats do not display properly in-game due to faulty Minecraft font rendering. +# +# For 1.234,50 use de-DE +# For 1,234.50 use en-US +# For 1'234,50 use fr-ch +#currency-symbol-format-locale: en-US + +############################################################ +# +------------------------------------------------------+ # +# | Help | # +# +------------------------------------------------------+ # +############################################################ + +# Show other plugins commands in help. +non-ess-in-help: true + +# Hide plugins which do not give a permission. +# You can override a true value here for a single plugin by adding a permission to a user/group. +# The individual permission is: essentials.help., anyone with essentials.* or '*' will see all help regardless. +# You can use negative permissions to remove access to just a single plugins help if the following is enabled. +hide-permissionless-help: true + +############################################################ +# +------------------------------------------------------+ # +# | EssentialsX Chat | # +# +------------------------------------------------------+ # +############################################################ + +# You need to install EssentialsX Chat for this section to work. +# See https://essentialsx.net/wiki/Module-Breakdown.html for more information. + +chat: + + # If EssentialsX Chat is installed, this will define how far a player's voice travels, in blocks. Set to 0 to make all chat global. + # Note that users with the "essentials.chat.spy" permission will hear everything, regardless of this setting. + # Users with essentials.chat.shout can override this by prefixing their message with an exclamation mark (!) + # Users with essentials.chat.question can override this by prefixing their message with a question mark (?) + # You can add command costs for shout/question by adding chat-shout and chat-question to the command costs section. + radius: 0 + + # Chat formatting can be done in two ways, you can either define a standard format for all chat. + # Or you can give a group specific chat format, to give some extra variation. + # For more information of chat formatting, check out the wiki: http://wiki.ess3.net/wiki/Chat_Formatting + # Note: Using the {PREFIX} and {SUFFIX} placeholders along with {DISPLAYNAME} may cause double prefixes/suffixes to be shown in chat unless add-prefix-suffix is uncommented and set to false. + + # Available placeholders: + # {MESSAGE} - The content of the chat message. + # {USERNAME} - The sender's username. + # {DISPLAYNAME} - The sender's display name. + # {NICKNAME} - The sender's Essentials nickname. If the sender has no nickname, the username is shown. + # {PREFIX} - The sender's prefix, supplied by a permissions plugin. + # {SUFFIX} - The sender's suffix, supplied by a permissions plugin. + # {GROUP} - The sender's primary group name, supplied by a permissions plugin. + # {WORLD} - The world alias of the sender's current world. See the world-aliases section below for details. + # {WORLDNAME} - The full name of the sender's current world. + # {SHORTWORLDNAME} - The first character of the sender's current world. + # {TEAMNAME} - The sender's scoreboard team name. + # {TEAMPREFIX} - The sender's scoreboard team prefix. + # {TEAMSUFFIX} - The sender's scoreboard team suffix. + + format: '{DISPLAYNAME}: {MESSAGE}' + #format: '&7[{GROUP}]&r {DISPLAYNAME}&7:&r {MESSAGE}' + #format: '&7{PREFIX}&r {DISPLAYNAME}&r &7{SUFFIX}&r: {MESSAGE}' + + group-formats: + # default: '{WORLDNAME} {DISPLAYNAME}&7:&r {MESSAGE}' + # admins: '{WORLDNAME} &c[{GROUP}]&r {DISPLAYNAME}&7:&c {MESSAGE}' + + # If you are using group formats make sure to remove the '#' to allow the setting to be read. + # Note: Group names are case-sensitive so you must match them up with your permission plugin. + + # You can use permissions to control whether players can use formatting codes in their chat messages. + # See https://essentialsx.net/wiki/Color-Permissions.html for more information. + + # World aliases allow you to replace the world name with something different in the chat format. + # If you are using world aliases, make sure to remove the '#' at the start to allow the setting to be read. + world-aliases: + # plots: "&dP&r" + # creative: "&eC&r" + + # Whether players should be placed into shout mode by default. + shout-default: false + + # Whether a player's shout mode should persist restarts. + persist-shout: false + + # Whether chat questions should be enabled or not. + question-enabled: true + +############################################################ +# +------------------------------------------------------+ # +# | EssentialsX Protect | # +# +------------------------------------------------------+ # +############################################################ + +# You need to install EssentialsX Protect for this section to work. +# See https://essentialsx.net/wiki/Module-Breakdown.html for more information. + +protect: + + # General physics/behavior modifications. Set these to true to disable behaviours. + prevent: + lava-flow: false + water-flow: false + water-bucket-flow: false + fire-spread: true + lava-fire-spread: true + lava-itemdamage: false + flint-fire: false + lightning-fire-spread: true + portal-creation: false + tnt-explosion: false + tnt-playerdamage: false + tnt-itemdamage: false + tnt-minecart-explosion: false + tnt-minecart-playerdamage: false + tnt-minecart-itemdamage: false + fireball-explosion: false + fireball-fire: false + fireball-playerdamage: false + fireball-itemdamage: false + witherskull-explosion: false + witherskull-playerdamage: false + witherskull-itemdamage: false + wither-spawnexplosion: false + wither-blockreplace: false + creeper-explosion: false + creeper-playerdamage: false + creeper-itemdamage: false + creeper-blockdamage: false + ender-crystal-explosion: false + enderdragon-blockdamage: true + enderman-pickup: false + villager-death: false + bed-explosion: false + respawn-anchor-explosion: false + # Monsters won't follow players. + # permission essentials.protect.entitytarget.bypass disables this. + entitytarget: false + # Prevents zombies from breaking down doors + zombie-door-break: false + # Prevents Ravagers from stealing blocks + ravager-thief: false + # Prevents sheep from turning grass to dirt + sheep-eat-grass: false + # Prevent certain transformations. + transformation: + # Prevent creepers becoming charged when struck by lightning. + charged-creeper: false + # Prevent villagers becoming zombie villagers. + zombie-villager: false + # Prevent zombie villagers being cured. + villager: false + # Prevent villagers becoming witches when struck by lightning. + witch: false + # Prevent pigs becoming zombie pigmen when struck by lightning. + zombie-pigman: false + # Prevent zombies turning into drowneds, and husks turning into zombies. + drowned: false + # Prevent mooshrooms changing colour when struck by lightning. + mooshroom: false + # Prevent the spawning of creatures. If a creature is missing, you can add it following the format below. + spawn: + creeper: false + skeleton: false + spider: false + giant: false + zombie: false + slime: false + ghast: false + pig_zombie: false + enderman: false + cave_spider: false + silverfish: false + blaze: false + magma_cube: false + ender_dragon: false + pig: false + sheep: false + cow: false + chicken: false + squid: false + wolf: false + mushroom_cow: false + snowman: false + ocelot: false + iron_golem: false + villager: false + wither: false + bat: false + witch: false + horse: false + phantom: false + + # Maximum height the creeper should explode. -1 allows them to explode everywhere. + # Set prevent.creeper-explosion to true, if you want to disable creeper explosions. + creeper: + max-height: -1 + + # Disable various default physics and behaviors. + disable: + # Should fall damage be disabled? + fall: false + + # Users with the essentials.protect.pvp permission will still be able to attack each other if this is set to true. + # They will be unable to attack users without that same permission node. + pvp: false + + # Should drowning damage be disabled? + # (Split into two behaviors; generally, you want both set to the same value.) + drown: false + suffocate: false + + # Should damage via lava be disabled? Items that fall into lava will still burn to a crisp. ;) + lavadmg: false + + # Should arrow damage be disabled? + projectiles: false + + # This will disable damage from touching cacti. + contactdmg: false + + # Burn, baby, burn! Should fire damage be disabled? + firedmg: false + + # Should the damage after hit by a lightning be disabled? + lightning: false + + # Should Wither damage be disabled? + wither: false + + # Disable weather options? + weather: + storm: false + thunder: false + lightning: false + +############################################################ +# +------------------------------------------------------+ # +# | EssentialsX AntiBuild | # +# +------------------------------------------------------+ # +############################################################ + + # You need to install EssentialsX AntiBuild for this section to work. + # See https://essentialsx.net/wiki/Module-Breakdown.html and http://wiki.ess3.net/wiki/AntiBuild for more information. + + # Should people without the essentials.build permission be allowed to build? + # Set true to disable building for those people. + # Setting to false means EssentialsAntiBuild will never prevent you from building. + build: true + + # Should people without the essentials.build permission be allowed to use items? + # Set true to disable using for those people. + # Setting to false means EssentialsAntiBuild will never prevent you from using items. + use: true + + # Should we warn people when they are not allowed to build? + warn-on-build-disallow: true + + # For which block types would you like to be alerted? + # You can find a list of items at https://hub.spigotmc.org/javadocs/spigot/org/bukkit/Material.html. + alert: + on-placement: LAVA,TNT,LAVA_BUCKET + on-use: LAVA_BUCKET + on-break: + + blacklist: + + # Which blocks should people be prevented from placing? + placement: LAVA,TNT,LAVA_BUCKET + + # Which items should people be prevented from using? + usage: LAVA_BUCKET + + # Which blocks should people be prevented from breaking? + break: + + # Which blocks should not be moved by pistons? + piston: + + # Which blocks should not be dispensed by dispensers + dispenser: + +############################################################ +# +------------------------------------------------------+ # +# | EssentialsX Spawn + New Players | # +# +------------------------------------------------------+ # +############################################################ + +# You need to install EssentialsX Spawn for this section to work. +# See https://essentialsx.net/wiki/Module-Breakdown.html for more information. + +newbies: + # Should we announce to the server when someone logs in for the first time? + # If so, use this format, replacing {DISPLAYNAME} with the player name. + # If not, set to '' + #announce-format: '' + announce-format: '&dWelcome {DISPLAYNAME}&d to the server!' + + # When we spawn for the first time, which spawnpoint do we use? + # Set to "none" if you want to use the spawn point of the world. + spawnpoint: newbies + + # Do we want to give users anything on first join? Set to '' to disable + # This kit will be given regardless of cost and permissions, and will not trigger the kit delay. + #kit: '' + kit: tools + +# What priority should we use for handling respawns? +# Set this to none, if you want vanilla respawning behaviour. +# Set this to lowest, if you want Multiverse to handle the respawning. +# Set this to high, if you want EssentialsSpawn to handle the respawning. +# Set this to highest, if you want to force EssentialsSpawn to handle the respawning. +# Note: Changes will not apply until after the server is restarted. +respawn-listener-priority: high + +# What priority should we use for handling spawning on joining the server? +# See respawn-listener-priority for possible values. +# Note: Changing this may impact or break spawn-on-join functionality. +# Note: Changes will not apply until after the server is restarted. +spawn-join-listener-priority: high + +# When users die, should they respawn at their first home or bed, instead of the spawnpoint? +respawn-at-home: false + +# When users die, should they respawn at their bed instead of the spawnpoint? +# The value of respawn-at-home (above) has to be true. +respawn-at-home-bed: true + +# When users die, should EssentialsSpawn respect users' respawn anchors? +respawn-at-anchor: false + +# Teleport all joining players to the spawnpoint +spawn-on-join: false +# The following value of `guests` states that all players in group `guests` will be teleported to spawn when joining. +#spawn-on-join: guests +# The following list value states that all players in group `guests` and `admin` are to be teleported to spawn when joining. +#spawn-on-join: +#- guests +#- admin + +# End of file <-- No seriously, you're done with configuration. diff --git a/nixos/server/minecraft/servers/blockworld.nix b/nixos/server/minecraft/servers/blockworld.nix new file mode 100644 index 0000000..117972b --- /dev/null +++ b/nixos/server/minecraft/servers/blockworld.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: let + common = import ../common.nix { inherit pkgs; }; +in { + services.minecraft-servers.servers.blockworld = { + enable = true; + autoStart = false; + package = pkgs.paperServers.paper-1_21_1; + jvmOpts = "-Xmx4084M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30012; + motd = "§fArchival §l§n§cBloxelcom §r§fMinecraft server."; + }; + whitelist = common.whitelist; + symlinks = common.symlinks; + }; +} diff --git a/nixos/server/minecraft/servers/dewdemolisher.nix b/nixos/server/minecraft/servers/dewdemolisher.nix new file mode 100644 index 0000000..45891a1 --- /dev/null +++ b/nixos/server/minecraft/servers/dewdemolisher.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: let + common = import ../common.nix { inherit pkgs; }; +in { + services.minecraft-servers.servers.dewdemolisher = { + enable = true; + package = pkgs.paperServers.paper-1_21_1; + jvmOpts = "-Xmx4084M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30010; + motd = "§l§aDew Demolisher is here."; + }; + whitelist = common.whitelist; + symlinks = common.symlinks; + }; +} diff --git a/nixos/server/minecraft/servers/johnside.nix b/nixos/server/minecraft/servers/johnside.nix new file mode 100644 index 0000000..a8d2d1c --- /dev/null +++ b/nixos/server/minecraft/servers/johnside.nix @@ -0,0 +1,41 @@ +{pkgs, ...}: let + common = import ../common.nix { inherit pkgs; }; +in { + services.minecraft-servers.servers.johnside = { + enable = true; + package = pkgs.paperServers.paper-1_20_6; + jvmOpts = "-Xmx4084M"; + serverProperties = common.serverProperties // { + difficulty = 2; + server-port = 30009; + motd = "§l§aJohnside SMP§r §l§fworld for §4John lovers only."; + }; + whitelist = common.whitelist; + symlinks = common.symlinks // { + "plugins/BlueMap.jar" = builtins.fetchurl { + url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar"; + sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw"; + }; + "plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl { + url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar"; + sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr"; + }; + "plugins/BlueMapMarkerManager.jar" = builtins.fetchurl { + url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar"; + sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d"; + }; + "plugins/CustomDiscs.jar" = builtins.fetchurl { + url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar"; + sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d"; + }; + "plugins/NotTooExpensive.jar" = builtins.fetchurl { + url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar"; + sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d"; + }; + "plugins/SilkTouchHands.jar" = builtins.fetchurl { + url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar"; + sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w"; + }; + }; + }; +} diff --git a/nixos/server/minecraft/servers/velocity.nix b/nixos/server/minecraft/servers/velocity.nix new file mode 100644 index 0000000..732428e --- /dev/null +++ b/nixos/server/minecraft/servers/velocity.nix @@ -0,0 +1,39 @@ +{pkgs, ...}: let + common = import ../common.nix { inherit pkgs; }; +in { + services.minecraft-servers.servers.velocity = { + enable = true; + package = pkgs.velocityServers.velocity; + jvmOpts = "-Xmx512M"; + symlinks = { + "plugins/Geyser.jar" = builtins.fetchurl { + url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity"; + sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2"; + }; + "plugins/Floodgate.jar" = builtins.fetchurl { + url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity"; + sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c"; + }; + "plugins/LuckPerms.jar" = builtins.fetchurl { + url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar"; + sha256 = "0j5f7r3g8h4f8z8ppakwfk96hijp3slr0vxyj9v8x4h8w5rcl9d1"; + }; + "plugins/SkinsRestorer.jar" = builtins.fetchurl { + url = "https://github.com/SkinsRestorer/SkinsRestorer/releases/download/15.4.2/SkinsRestorer.jar"; + sha256 = "14nl9mi958bfqwqz9182cxj7m6l15kalq3wjmjqzy50s52si35wf"; + }; + "plugins/ViaVersion.jar" = builtins.fetchurl { + url = "https://github.com/ViaVersion/ViaVersion/releases/download/5.0.3/ViaVersion-5.0.3.jar"; + sha256 = "02gf91ysialgvbl0w8awa0dsi1yb33ac7clmz0wika1xigk9z10r"; + }; + "plugins/ViaBackwards.jar" = builtins.fetchurl { + url = "https://github.com/ViaVersion/ViaBackwards/releases/download/5.0.3/ViaBackwards-5.0.3.jar"; + sha256 = "1wqk68pjrzl1zhajb9lxa1s6wzj85rb0c2riycv9yysr5bcxssqi"; + }; + "plugins/Voicechat.jar" = builtins.fetchurl { + url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/svvcJhgC/voicechat-velocity-2.5.20.jar"; + sha256 = "0nw85x24qa9skbhfgbhsjl2r7d9xshr9f04nnq490zbgz7716lqq"; + }; + }; + }; +} diff --git a/nixos/server/minecraft/vcserver.properties b/nixos/server/minecraft/vcserver.properties new file mode 100644 index 0000000..2014455 --- /dev/null +++ b/nixos/server/minecraft/vcserver.properties @@ -0,0 +1,45 @@ +# Simple Voice Chat server config v2.5.16 + +# The port of the voice chat server +# Setting this to "-1" sets the port to the Minecraft servers port (Not recommended) +port=-1 +# The IP address to bind the voice chat server on +# Leave empty to use 'server-ip' of server.properties +# To bind to the wildcard address, use '*' +bind_address= +# The distance to where the voice can be heard +max_voice_distance=48.0 +# The multiplier the voice distance will be reduced by when sneaking +crouch_distance_multiplier=1.0 +# The multiplier the voice distance will be reduced by when whispering +whisper_distance_multiplier=0.5 +# The opus codec +codec=VOIP +# The maximum size in bytes in a voice packet +# Set this to a lower value if your voice packets don't arrive +mtu_size=1024 +# The frequency in which keep alive packets are sent +# Setting this to a higher value may result in timeouts +keep_alive=1000 +# If group chats are allowed +enable_groups=true +# The host name that clients should use to connect to the voice chat +# This may also include a port, e.g. 'example.com:24454' +# Don't change this value if you don't know what you are doing +voice_host= +# If players are allowed to record the voice chat +allow_recording=true +# If spectators are allowed to talk to other players +spectator_interaction=false +# If spectators can talk to players they are spectating +spectator_player_possession=false +# If players without the mod should get kicked from the server +force_voice_chat=false +# The amount of milliseconds, the server should wait to check if the player has the mod installed +# Only active when force_voice_chat is set to true +login_timeout=10000 +# The range where the voice chat should broadcast audio to +# A value <0 means 'max_voice_distance' +broadcast_range=-1.0 +# If the voice chat server should reply to pings +allow_pings=true diff --git a/nixos/server/minecraft/velocity.toml b/nixos/server/minecraft/velocity.toml new file mode 100644 index 0000000..1ed7d6d --- /dev/null +++ b/nixos/server/minecraft/velocity.toml @@ -0,0 +1,133 @@ +# Config version. Do not change this +config-version = "2.7" + +# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577. +bind = "0.0.0.0:25565" + +# What should be the MOTD? +motd = "<#09add3>A Velocity Server" + +# What should we display for the maximum number of players? +show-max-players = 500 + +# Should we authenticate players with Mojang? By default, this is on. +online-mode = true + +# Should the proxy enforce the new public key security standard? By default, this is on. +force-key-authentication = true + +# If client's ISP/AS sent from this proxy is different from the one from Mojang's +# authentication server, the player is kicked. This disallows some VPN and proxy +# connections but is a weak form of protection. +prevent-client-proxy-connections = false + +# Should we forward IP addresses and other data to backend servers? +# - "none": No forwarding will be done. All players will appear to be connecting from the proxy and will have offline-mode UUIDs. +# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use if you run servers using Minecraft 1.12 or lower. +# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard plugin. Use if you run servers using Minecraft 1.12 or lower, or if they don't support modern. +# - "modern": Forward player IPs and UUIDs as part of the login process using Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher. +player-info-forwarding-mode = "bungeeguard" + +# If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here. +# The file is expected to be UTF-8 encoded and not empty. +forwarding-secret-file = "forwarding.secret" + +# Announce whether or not your server supports Forge. If you run a modded server, we +# suggest turning this on. +# +# If your network runs one modpack consistently, use ping-passthrough = "mods" instead for a nicer display in the server list. +announce-forge = false + +# If enabled and the proxy is in online mode, Velocity will kick +# any existing player who is online if a duplicate connection attempt is made. +kick-existing-players = false + +# Should Velocity pass server list ping requests to a backend server? +# - "disabled": No pass-through will be done. The velocity.toml and server-icon.png will determine the initial server list ping response. +# - "mods": Passes only the mod list from your backend server into the response. The first server in your try list with a mod list will be used. +# - "description": Uses the description and mod list from the backend server. The first server in the try list that responds is used for the description and mod list. +# - "all": Uses the backend server's response as the proxy response. Velocity configuration is used as fallback. +ping-passthrough = "all" + +# If not enabled (default is true) player IP addresses will be replaced by in logs +enable-player-address-logging = true + +[servers] +dewdemolisher = "127.0.0.1:30010" +johnside = "127.0.0.1:30009" +bloxelcom = "127.0.0.1:30012" +beta = "127.0.0.1:30011" + +# In what order we should try servers when a player logs in or is kicked from a server. +try = [ + "dewdemolisher" +] + +[forced-hosts] +# Configure your forced hosts here. +"mc.jimbosfiles.com" = [ + "dewdemolisher" +] +"john.jimbosfiles.com" = [ + "johnside" +] +"blox.jimbosfiles.com" = [ + "bloxelcom" +] +"beta.jimbosfiles.com" = [ + "beta" +] + +[advanced] +# How large a Minecraft packet has to be before we compress it. +compression-threshold = 256 + +# How much compression should be done (from 0-9). The default is -1, which uses the default level of 6. +compression-level = -1 + +# How fast (in milliseconds) are clients allowed to connect after the last connection? By default, this is three seconds. Disable this by setting this to 0. +login-ratelimit = 3000 + +# Specify a custom timeout for connection timeouts here. The default is five seconds. +connection-timeout = 5000 + +# Specify a read timeout for connections here. The default is 30 seconds. +read-timeout = 30000 + +# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then don't enable it. +haproxy-protocol = false + +# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux. +tcp-fast-open = false + +# Enables BungeeCord plugin messaging channel support on Velocity. +bungee-plugin-message-channel = true + +# Shows ping requests to the proxy from clients. +show-ping-requests = false + +# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly +# loses connection to the server without an explicit disconnect message by attempting to fall the +# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You +# can disable this setting to use the BungeeCord behavior. +failover-on-unexpected-server-disconnect = true + +# Declares the proxy commands to 1.13+ clients. +announce-proxy-commands = true + +# Enables the logging of commands +log-command-executions = false + +# Enables logging of player connections when connecting to the proxy, switching servers +# and disconnecting from the proxy. +log-player-connections = true + +# Allows players transferred from other hosts via the +# Transfer packet (Minecraft 1.20.5) to be received. +accepts-transfers = false + +[query] +enabled = false +port = 25577 +map = "Velocity" +show-plugins = false diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index f8f2116..644bcb2 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -1,11 +1,9 @@ -{pkgs, ...}: let - secrets = import ../modules/secrets.nix; -in { +{pkgs, outputs, ...}: { services = { nextcloud = { enable = true; package = pkgs.nextcloud29; - hostName = "cloud.${secrets.jimDomain}"; + hostName = "cloud.${outputs.secrets.jimDomain}"; datadir = "/mnt/nextcloud"; https = true; config = { @@ -14,21 +12,21 @@ in { }; settings = { trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${secrets.jimDomain}" ]; + trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ]; overwriteprotocol = "https"; # Mailserver settings - mail_smtphost = "mx.${secrets.jimDomain}"; - mail_domain = "${secrets.jimDomain}"; + mail_smtphost = "mx.${outputs.secrets.jimDomain}"; + mail_domain = "${outputs.secrets.jimDomain}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${secrets.jimDomain}"; - mail_smtppassword = secrets.noreplyPassword; + mail_smtpname = "noreply@${outputs.secrets.jimDomain}"; + mail_smtppassword = outputs.secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; }; }; - nginx.virtualHosts."cloud.${secrets.jimDomain}" = { + nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" = { enableACME = true; addSSL = true; locations."/" = { diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index 0033fe0..c867a58 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -1,7 +1,5 @@ -{pkgs, ...}: { - services.nginx = let - secrets = import ../modules/secrets.nix; - in { +{pkgs, outputs, ...}: { + services.nginx = { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; @@ -12,10 +10,10 @@ recommendedProxySettings = true; virtualHosts = { # Landing page - "${secrets.jimDomain}" = { + "${outputs.secrets.jimDomain}" = { enableACME = true; addSSL = true; - root = "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page"; + root = "/var/www/Jimbo-Landing-Page"; locations = { "/.well-known/matrix/client" = { extraConfig = '' @@ -23,13 +21,13 @@ return 200 ' { "m.homeserver": { - "base_url": "https://matrix.${secrets.jimDomain}" + "base_url": "https://matrix.${outputs.secrets.jimDomain}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { - "url": "https://matrix.${secrets.jimDomain}" + "url": "https://matrix.${outputs.secrets.jimDomain}" } }'; ''; @@ -37,14 +35,14 @@ "/.well-known/matrix/server" = { extraConfig = '' default_type application/json; - return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; + return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}'; ''; }; }; }; # Bluemap Proxy, TODO, move this into the nix-minecraft flake configs - "bluemap.${secrets.jimDomain}" = { + "john.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { @@ -62,11 +60,11 @@ application stream { record off; live on; - allow play all; + allow play all; hls on; - hls_path /var/www/jimweb/streams/hls; - hls_fragment_naming system; - hls_fragment 3; + hls_path /var/www/Jimbo-Landing-Page/streams/hls/; + hls_fragment_naming system; + hls_fragment 3; hls_playlist_length 40; } } @@ -76,6 +74,6 @@ # Allow Nginx to read and write to paths systemd.services.nginx.serviceConfig = { - ReadWritePaths = [ "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page" ]; + ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; }; } diff --git a/nixos/server/owncast.nix b/nixos/server/owncast.nix index ebe5dc5..332917c 100644 --- a/nixos/server/owncast.nix +++ b/nixos/server/owncast.nix @@ -1,6 +1,4 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services = { owncast = { enable = true; @@ -8,7 +6,7 @@ in { rtmp-port = 1945; listen = "0.0.0.0"; }; - nginx.virtualHosts."live.${secrets.jimDomain}" = { + nginx.virtualHosts."live.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/pufferpanel.nix b/nixos/server/pufferpanel.nix index 290375e..b9ff0df 100644 --- a/nixos/server/pufferpanel.nix +++ b/nixos/server/pufferpanel.nix @@ -1,17 +1,15 @@ -{pkgs, lib, ...}: let - secrets = import ../modules/secrets.nix; -in { +{pkgs, outputs, lib, ...}: { services = { pufferpanel = { enable = true; environment = { PUFFER_WEB_HOST = ":5010"; - PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}"; + PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${outputs.secrets.jimDomain}"; PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; - PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587"; - PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}"; - PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}"; - PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword; + PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587"; + PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}"; + PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword; }; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; package = pkgs.buildFHSEnv { @@ -21,7 +19,7 @@ in { targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; }; }; - nginx.virtualHosts."panel.${secrets.jimDomain}" = { + nginx.virtualHosts."panel.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index 515c763..ea26672 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -1,13 +1,11 @@ -{pkgs, config, ...}: let - secrets = import ../modules/secrets.nix; -in { +{pkgs, outputs, config, ...}: { services = { # Synapse Matrix server matrix-synapse = with config.services.coturn; { enable = true; settings = { - server_name = "${secrets.jimDomain}"; - public_baseurl = "https://matrix.${secrets.jimDomain}"; + server_name = "${outputs.secrets.jimDomain}"; + public_baseurl = "https://matrix.${outputs.secrets.jimDomain}"; suppress_key_server_warning = true; # Set the network config @@ -23,10 +21,10 @@ in { # Enable smtp for password resets email = { - notif_from = "Jimbo's Matrix "; - smtp_host = "mx.${secrets.jimDomain}"; - smtp_user = "noreply@${secrets.jimDomain}"; - smtp_pass = secrets.noreplyPassword; + notif_from = "Jimbo's Matrix "; + smtp_host = "mx.${outputs.secrets.jimDomain}"; + smtp_user = "noreply@${outputs.secrets.jimDomain}"; + smtp_pass = outputs.secrets.noreplyPassword; enable_tls = true; smtp_port = 587; require_transport_security = true; @@ -61,8 +59,8 @@ in { # Turn settings turn_uris = [ - "turn:turn.${secrets.jimDomain}:3478?transport=udp" - "turn:turn.${secrets.jimDomain}:3478?transport=tcp" + "turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp" + "turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp" ]; turn_shared_secret = static-auth-secret; turn_user_lifetime = "1h"; @@ -75,12 +73,12 @@ in { # Sliding sync proxy for Matrix matrix-sliding-sync = let matrixSecretFile = pkgs.writeText "matrixsecret" '' - SYNCV3_SECRET=${secrets.matrixSecret} + SYNCV3_SECRET=${outputs.secrets.matrixSecret} ''; in { enable = true; settings = { - SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}"; + SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}"; SYNCV3_BINDADDR = "0.0.0.0:8009"; }; environmentFile = "${matrixSecretFile}"; @@ -95,14 +93,14 @@ in { max-port = 50000; use-auth-secret = true; static-auth-secret = "will be world readable for local users :("; - realm = "turn.${secrets.jimDomain}"; - cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem"; - pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem"; + realm = "turn.${outputs.secrets.jimDomain}"; + cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem"; }; # Nginx nginx.virtualHosts = { - "matrix.${secrets.jimDomain}" = { + "matrix.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations = { @@ -113,7 +111,7 @@ in { "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; }; - "turn.${secrets.jimDomain}" = { + "turn.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; listen = [ diff --git a/nixos/server/tandoor.nix b/nixos/server/tandoor.nix index afa3d46..b0c3576 100644 --- a/nixos/server/tandoor.nix +++ b/nixos/server/tandoor.nix @@ -1,12 +1,10 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services = { tandoor-recipes = { enable = true; port = 5030; }; - nginx.virtualHosts."recipes.${secrets.jimDomain}" = { + nginx.virtualHosts."recipes.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/vaultwarden.nix b/nixos/server/vaultwarden.nix index 34c5000..fd1b859 100644 --- a/nixos/server/vaultwarden.nix +++ b/nixos/server/vaultwarden.nix @@ -1,28 +1,26 @@ -let - secrets = import ../modules/secrets.nix; -in { +{outputs, ...}: { services = { vaultwarden = { enable = true; config = { - DOMAIN = "https://warden.${secrets.jimDomain}"; + DOMAIN = "https://warden.${outputs.secrets.jimDomain}"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; # Smtp email - SMTP_HOST = "mx.${secrets.jimDomain}"; - SMTP_FROM = "Jimbo's Vaultwarden "; + SMTP_HOST = "mx.${outputs.secrets.jimDomain}"; + SMTP_FROM = "Jimbo's Vaultwarden "; SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${secrets.jimDomain}"; - SMTP_PASSWORD = secrets.noreplyPassword; + SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}"; + SMTP_PASSWORD = outputs.secrets.noreplyPassword; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; SMTP_TIMEOUT = 15; }; }; - nginx.virtualHosts."warden.${secrets.jimDomain}" = { + nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixos/server/webpages/Jimbo-Landing-Page b/nixos/server/webpages/Jimbo-Landing-Page deleted file mode 160000 index 4822d4c..0000000 --- a/nixos/server/webpages/Jimbo-Landing-Page +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 4822d4c9f78f245ec2b4b68baba271c0a32225bf diff --git a/nixos/users/jimbo.nix b/nixos/users/jimbo.nix index 352b022..e173672 100644 --- a/nixos/users/jimbo.nix +++ b/nixos/users/jimbo.nix @@ -1,12 +1,10 @@ -{pkgs, ...}: { +{pkgs, outputs, ...}: { users.users = { - jimbo = let - secrets = import ../modules/secrets.nix; - in { + jimbo = { description = "Jimbo"; - hashedPassword = secrets.jimboAccPass; + hashedPassword = outputs.secrets.jimboAccPass; isNormalUser = true; - openssh.authorizedKeys.keys = secrets.jimKeys; + openssh.authorizedKeys.keys = outputs.secrets.jimKeys; extraGroups = [ "wheel" "audio" @@ -21,6 +19,7 @@ "qemu-libvirtd" "docker" "nginx" + "minecraft" "nfsShare" ]; uid = 1000; diff --git a/nixos/modules/secrets.nix b/secrets.nix similarity index 100% rename from nixos/modules/secrets.nix rename to secrets.nix