diff --git a/applications/games.nix b/applications/games.nix new file mode 100644 index 0000000..970f13c --- /dev/null +++ b/applications/games.nix @@ -0,0 +1,63 @@ +{ ... }: { + imports = []; + + /* + backups = [ + "/etc/silver_satisfactory/config/" + "/etc/silver_valheim/config/" + ]; + */ + + # since this is going to be pulled into a machiene that has skynet_dns we dont need to import it above + # gonna use it to create sub-subdomains for each game server + skynet_dns.records = { + external = []; + cname = [ + # create a sub-subdomain for each game + "mc_compsoc.games CNAME games" + ]; + }; + + # arion is one way to use docker on nixos + virtualisation.arion = { + backend = "docker"; + projects = { + + mc_compsoc.settings = { + docker-compose.raw.networks.default.name = "mc_compsoc"; + + services.mc_compsoc = { + service.image = "nimmis/spigot:latest"; + # setting these here as they arent special + service.environment = { + # this is what it last ran on + SPIGOT_VER="1.18.2"; + }; + + service.volumes = [ + # figure out what this needs and use itt o get up and running + # /home/nimmis/mc-srv:/minecraft + #"/etc/games_satisfactory/config:/config" + ]; + service.ports = [ + "25565:25565/tcp" + ]; + }; + }; + + }; + }; + + /* + services = { + nginx.virtualHosts = { + "valhiem.brendan.ie" = { + forceSSL = true; + useACMEHost = "brendan"; + + locations."/".proxyPass = "http://localhost:2456"; + }; + }; + }; + */ +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 539c842..f0d78e1 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,48 @@ "type": "github" } }, + "arion": { + "inputs": { + "flake-parts": "flake-parts", + "haskell-flake": "haskell-flake", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1673629654, + "narHash": "sha256-Ou4//mR6h3F6024ZOm925XkkFBbpEVniIKRGRMVboC8=", + "owner": "hercules-ci", + "repo": "arion", + "rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "arion", + "rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1672877861, + "narHash": "sha256-ROnSmsk5grROL6gnHBnSdqlPPBrBJMApCeB7xzY567M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "7930f5b1c356270cec420d4f4cb43f4907206640", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -33,6 +75,21 @@ "type": "github" } }, + "haskell-flake": { + "locked": { + "lastModified": 1668167720, + "narHash": "sha256-5wDTR6xt9BB3BjgKR+YOjOkZgMyDXKaX79g42sStzDU=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "4fc511d93a55fedf815c1647ad146c26d7a2054e", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "haskell-flake", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1665732960, @@ -50,6 +107,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1673450908, + "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1673527292, "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", @@ -67,8 +140,9 @@ "root": { "inputs": { "agenix": "agenix", + "arion": "arion", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" } } }, diff --git a/flake.nix b/flake.nix index 0ae489d..18ce279 100644 --- a/flake.nix +++ b/flake.nix @@ -9,10 +9,12 @@ # utility stuff flake-utils.url = "github:numtide/flake-utils"; agenix.url = "github:ryantm/agenix"; + # this is the last stable hash that works for 22.11 + arion.url = "github:hercules-ci/arion/d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c"; }; - outputs = { self, nixpkgs, agenix, ... }: { + outputs = { self, nixpkgs, agenix, arion, ... }: { # https://github.com/zhaofengli/colmena colmena = { meta = { @@ -98,6 +100,14 @@ # icecast - ULFM galatea = import ./machines/galatea.nix; + # Game host + optimus = { + imports = [ + ./machines/optimus.nix + # for the docker + arion.nixosModules.arion + ]; + }; }; }; diff --git a/machines/optimus.nix b/machines/optimus.nix new file mode 100644 index 0000000..5c9e8c8 --- /dev/null +++ b/machines/optimus.nix @@ -0,0 +1,62 @@ +/* + + Name: https://en.wikipedia.org/wiki/Optimus_Prime + Why: Created to sell toys so this vm is for games + Type: VM + Hardware: - + From: 2023 + Role: Game host + Notes: + +*/ + +{ pkgs, lib, nodes, arion, ... }: +let + # name of the server, sets teh hostname and record for it + name = "optimus"; + ip_pub = "193.1.99.112"; + #ip_pub = "192.168.1.157"; + ip_priv = "172.20.20.7"; + # hostname = "${name}.skynet.ie"; + hostname = ip_pub; + +in { + imports = [ + # applications for this particular server + ../applications/firewall.nix + ../applications/dns.nix + ../applications/games.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = "root"; + }; + + # these two are to be able to add the rules for firewall and dns + # open the firewall for this + skynet_firewall.forward = [ + "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept" + "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept" + "ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept" + ]; + + skynet_dns.records = { + external = [ + "${name} A ${ip_pub}" + ]; + cname = [ + # the games are each going to have a subdomain on this + "games CNAME ${name}" + ]; + }; + + networking.firewall.allowedTCPPorts = [ + 22 + 80 + 443 + 25565 + ]; + +}