From cc2036d95e9126c203911afa56ad5b75d9b07236 Mon Sep 17 00:00:00 2001 From: Jet Pham Date: Wed, 18 Feb 2026 19:09:21 -0800 Subject: [PATCH] feat: remove minecraft and add grafana secret --- .gitignore | 4 +- README.md | 1 - configuration.nix | 9 ++- flake.lock | 60 +------------------ flake.nix | 7 +-- modules/minecraft.nix | 33 ---------- modules/monitoring.nix | 3 + {modules => secrets}/secrets-scheme.nix | 9 +-- .../secrets.nix.example | 0 system | 1 + 10 files changed, 21 insertions(+), 106 deletions(-) delete mode 100644 modules/minecraft.nix rename {modules => secrets}/secrets-scheme.nix (87%) rename secrets.nix.example => secrets/secrets.nix.example (100%) create mode 120000 system diff --git a/.gitignore b/.gitignore index abe153a..d0dad26 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ result result-* # Secrets (Untracked) -secrets.nix +secrets/secrets.nix # Only track the example file -!secrets.nix.example +!secrets/secrets.nix.example diff --git a/README.md b/README.md index 06566af..a386736 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ services: - stalwart (mail.extremist.software) - searxng (search.extremist.software) - conduit (matrix.extremist.software) -- minecraft (extremist.software) - caddy (reverse proxy) - grafana/prometheus (status.extremist.software) diff --git a/configuration.nix b/configuration.nix index 0dd41cd..cb21b82 100644 --- a/configuration.nix +++ b/configuration.nix @@ -7,11 +7,11 @@ ./modules/mail.nix ./modules/searx.nix ./modules/matrix.nix - ./modules/minecraft.nix + ./modules/matrix.nix ./modules/monitoring.nix - ./modules/secrets-scheme.nix + ./secrets/secrets-scheme.nix # Impure Secrets - ./secrets.nix + ./secrets/secrets.nix ]; # ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports) @@ -24,8 +24,7 @@ # Networking networking.hostName = "extremist-software"; - networking.firewall.allowedTCPPorts = [ 80 443 25565 ]; # HTTP, HTTPS, Minecraft - networking.firewall.allowedUDPPorts = [ 25565 ]; # Minecraft + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS # Tailscale services.tailscale.enable = true; diff --git a/flake.lock b/flake.lock index 80c8381..25350a6 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771355198, - "narHash": "sha256-89m5VKxIs8QNiIvLsxHu5NpyhDsoXTtoN801IAurnW4=", + "lastModified": 1771469470, + "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", "owner": "nix-community", "repo": "disko", - "rev": "92fceb111901a6f13e81199be4fab95fce86a5c9", + "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", "type": "github" }, "original": { @@ -20,44 +20,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "nix-minecraft": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1771383026, - "narHash": "sha256-WfsTqpMhZFxNPH8MZq8quXYp+3IlmiEiEcWHJOuoRRA=", - "owner": "Infinidoge", - "repo": "nix-minecraft", - "rev": "ca486548e1dab12bb6c3fb731f528fae608a3489", - "type": "github" - }, - "original": { - "owner": "Infinidoge", - "repo": "nix-minecraft", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1771369470, @@ -77,24 +39,8 @@ "root": { "inputs": { "disko": "disko", - "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fda60e5..2308773 100644 --- a/flake.nix +++ b/flake.nix @@ -7,17 +7,16 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; + }; - outputs = { self, nixpkgs, disko, nix-minecraft, ... }@inputs: { + outputs = { self, nixpkgs, disko, ... }@inputs: { nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ disko.nixosModules.disko - nix-minecraft.nixosModules.minecraft-servers + ./disk-config.nix ./configuration.nix ]; diff --git a/modules/minecraft.nix b/modules/minecraft.nix deleted file mode 100644 index 6d0e6c3..0000000 --- a/modules/minecraft.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, inputs, ... }: - -{ - imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ]; - - nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; - - services.minecraft-servers = { - enable = true; - eula = true; - - servers = { - fabric = { - enable = true; - # Use fetchPackwizModpack to get the server with mods - package = pkgs.fetchPackwizModpack { - url = "https://raw.githubusercontent.com/Fabulously-Optimized/fabulously-optimized/main/Packwiz/1.20.1/pack.toml"; - packHash = "sha256-eoaJQtlb6BfCFVG8iUYxVQD5woLq+kecJj6GvBA1IqQ="; # User must update this hash! - }; - serverProperties = { - motd = "Extremist Software Minecraft Server"; - difficulty = "hard"; - view-distance = 10; - simulation-distance = 10; - max-players = 5; - enable-rcon = true; - "rcon.password" = config.mySecrets.minecraftRcon; - }; - jvmOpts = "-Xms2G -Xmx2500M -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true"; - }; - }; - }; -} diff --git a/modules/monitoring.nix b/modules/monitoring.nix index 84c231b..e7e2260 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -30,6 +30,9 @@ http_addr = "127.0.0.1"; domain = "status.extremist.software"; }; + security = { + secret_key = config.mySecrets.grafanaSecret; + }; }; }; } diff --git a/modules/secrets-scheme.nix b/secrets/secrets-scheme.nix similarity index 87% rename from modules/secrets-scheme.nix rename to secrets/secrets-scheme.nix index fbc3281..25a43c4 100644 --- a/modules/secrets-scheme.nix +++ b/secrets/secrets-scheme.nix @@ -16,10 +16,7 @@ with lib; type = types.str; description = "Searx Secret Key"; }; - minecraftRcon = mkOption { - type = types.str; - description = "Minecraft RCON Password"; - }; + tailscaleKey = mkOption { type = types.str; description = "Tailscale Auth Key"; @@ -28,5 +25,9 @@ with lib; type = types.str; description = "SSH Public Key for Root User"; }; + grafanaSecret = mkOption { + type = types.str; + description = "Grafana Secret Key for security"; + }; }; } diff --git a/secrets.nix.example b/secrets/secrets.nix.example similarity index 100% rename from secrets.nix.example rename to secrets/secrets.nix.example diff --git a/system b/system new file mode 120000 index 0000000..5b3054d --- /dev/null +++ b/system @@ -0,0 +1 @@ +/nix/store/4yqza1r8m2ds7nr52838iysp0nx742np-nixos-system-extremist-software-26.05.20260217.0182a36 \ No newline at end of file