jet/compsigh-minecraft
jet/compsigh-minecraft
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add bootstrap config for initial ssh configuation

Browse source
This commit is contained in:
Jet Pham 2026-03-14 14:28:27 -07:00 committed by Jet
parent 7576c1636e
commit a4ae929c4e
2 changed files with 32 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

10
configuration.nix
View file

@ -42,16 +42,6 @@
htop htop
tmux tmux
rsync rsync
(writeShellScriptBin "mc-whitelist" ''
docker exec minecraft rcon-cli whitelist add "$1"
'')
(writeShellScriptBin "mc-cmd" ''
docker exec minecraft rcon-cli "$@"
'')
(writeShellScriptBin "mc-logs" ''
docker logs --tail "''${1:-100}" -f minecraft
'')
]; ];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [

45
flake.nix
View file

@ -17,19 +17,25 @@
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
serverHost = "root@compsigh-minecraft";
deploy = pkgs.writeShellScriptBin "nhs" '' deploy = pkgs.writeShellScriptBin "nhs" ''
nh os switch --hostname compsigh-minecraft --target-host root@compsigh-minecraft path:. "$@" nh os switch --hostname compsigh-minecraft --target-host root@compsigh-minecraft path:. "$@"
''; '';
mcWhitelist = pkgs.writeShellScriptBin "mc-whitelist" ''
ssh ${serverHost} "docker exec minecraft rcon-cli whitelist add $1"
'';
mcCmd = pkgs.writeShellScriptBin "mc-cmd" ''
ssh ${serverHost} "docker exec minecraft rcon-cli $*"
'';
mcLogs = pkgs.writeShellScriptBin "mc-logs" '' mcLogs = pkgs.writeShellScriptBin "mc-logs" ''
ssh ${serverHost} "docker logs --tail ''${1:-100} -f minecraft" ssh root@compsigh-minecraft "docker logs --tail ''${1:-100} -f minecraft"
'';
bootstrap = pkgs.writeShellScriptBin "mc-bootstrap" ''
set -euo pipefail
IP="''${1:?Usage: mc-bootstrap <server-ip>}"
echo "==> Installing NixOS (bootstrap config with port 22 open)..."
nix run github:nix-community/nixos-anywhere -- --flake path:.#compsigh-minecraft-bootstrap "root@$IP"
echo ""
echo "==> Removing old host key..."
ssh-keygen -R "$IP"
echo ""
echo "==> Fetching new server host key..."
echo "Run: ssh root@$IP cat /etc/ssh/ssh_host_ed25519_key.pub"
echo "Then update secrets/secrets.nix with the new key and run: agenix -r"
echo "Then run: nhs"
''; '';
in in
{ {
@ -44,11 +50,25 @@
]; ];
}; };
# Bootstrap config: opens port 22 on public interface for initial setup
nixosConfigurations.compsigh-minecraft-bootstrap = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
disko.nixosModules.disko
inputs.agenix.nixosModules.default
./disk-config.nix
./configuration.nix
{
networking.firewall.allowedTCPPorts = [ 22 ];
}
];
};
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = [ packages = [
deploy deploy
mcWhitelist bootstrap
mcCmd
mcLogs mcLogs
pkgs.nh pkgs.nh
inputs.agenix.packages.${system}.default inputs.agenix.packages.${system}.default
@ -56,9 +76,8 @@
shellHook = '' shellHook = ''
echo "compsigh minecraft server" echo "compsigh minecraft server"
echo " mc-bootstrap first-time install (mc-bootstrap <ip>)"
echo " nhs deploy to server" echo " nhs deploy to server"
echo " mc-whitelist add a player (mc-whitelist PlayerName)"
echo " mc-cmd run rcon command (mc-cmd whitelist list)"
echo " mc-logs tail server logs" echo " mc-logs tail server logs"
echo " agenix manage secrets" echo " agenix manage secrets"
''; '';