jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: remove minecraft and add grafana secret

Browse source
This commit is contained in:
Jet Pham 2026-02-18 19:09:21 -08:00
parent ce89f2fcda
commit cc2036d95e
No known key found for this signature in database
10 changed files with 21 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -3,7 +3,7 @@ result
result-* result-*
# Secrets (Untracked) # Secrets (Untracked)
secrets.nix secrets/secrets.nix
# Only track the example file # Only track the example file
!secrets.nix.example !secrets/secrets.nix.example

1
README.md
View file

@ -7,7 +7,6 @@ services:
- stalwart (mail.extremist.software) - stalwart (mail.extremist.software)
- searxng (search.extremist.software) - searxng (search.extremist.software)
- conduit (matrix.extremist.software) - conduit (matrix.extremist.software)
- minecraft (extremist.software)
- caddy (reverse proxy) - caddy (reverse proxy)
- grafana/prometheus (status.extremist.software) - grafana/prometheus (status.extremist.software)

9
configuration.nix
View file

@ -7,11 +7,11 @@
./modules/mail.nix ./modules/mail.nix
./modules/searx.nix ./modules/searx.nix
./modules/matrix.nix ./modules/matrix.nix
./modules/minecraft.nix ./modules/matrix.nix
./modules/monitoring.nix ./modules/monitoring.nix
./modules/secrets-scheme.nix ./secrets/secrets-scheme.nix
# Impure Secrets # Impure Secrets
./secrets.nix ./secrets/secrets.nix
]; ];
# ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports) # ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports)
@ -24,8 +24,7 @@
# Networking # Networking
networking.hostName = "extremist-software"; networking.hostName = "extremist-software";
networking.firewall.allowedTCPPorts = [ 80 443 25565 ]; # HTTP, HTTPS, Minecraft networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
networking.firewall.allowedUDPPorts = [ 25565 ]; # Minecraft
# Tailscale # Tailscale
services.tailscale.enable = true; services.tailscale.enable = true;

60
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771355198, "lastModified": 1771469470,
"narHash": "sha256-89m5VKxIs8QNiIvLsxHu5NpyhDsoXTtoN801IAurnW4=", "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "92fceb111901a6f13e81199be4fab95fce86a5c9", "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -20,44 +20,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1771383026,
"narHash": "sha256-WfsTqpMhZFxNPH8MZq8quXYp+3IlmiEiEcWHJOuoRRA=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "ca486548e1dab12bb6c3fb731f528fae608a3489",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1771369470, "lastModified": 1771369470,
@ -77,24 +39,8 @@
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

7
flake.nix
View file

@ -7,17 +7,16 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, disko, nix-minecraft, ... }@inputs: { outputs = { self, nixpkgs, disko, ... }@inputs: {
nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem { nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
disko.nixosModules.disko disko.nixosModules.disko
nix-minecraft.nixosModules.minecraft-servers
./disk-config.nix ./disk-config.nix
./configuration.nix ./configuration.nix
]; ];

33
modules/minecraft.nix
View file

@ -1,33 +0,0 @@
{ config, pkgs, inputs, ... }:
{
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
servers = {
fabric = {
enable = true;
# Use fetchPackwizModpack to get the server with mods
package = pkgs.fetchPackwizModpack {
url = "https://raw.githubusercontent.com/Fabulously-Optimized/fabulously-optimized/main/Packwiz/1.20.1/pack.toml";
packHash = "sha256-eoaJQtlb6BfCFVG8iUYxVQD5woLq+kecJj6GvBA1IqQ="; # User must update this hash!
};
serverProperties = {
motd = "Extremist Software Minecraft Server";
difficulty = "hard";
view-distance = 10;
simulation-distance = 10;
max-players = 5;
enable-rcon = true;
"rcon.password" = config.mySecrets.minecraftRcon;
};
jvmOpts = "-Xms2G -Xmx2500M -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true";
};
};
};
}

3
modules/monitoring.nix
View file

@ -30,6 +30,9 @@
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
domain = "status.extremist.software"; domain = "status.extremist.software";
}; };
security = {
secret_key = config.mySecrets.grafanaSecret;
};
}; };
}; };
} }

9
modules/secrets-scheme.nix → secrets/secrets-scheme.nix
View file

@ -16,10 +16,7 @@ with lib;
type = types.str; type = types.str;
description = "Searx Secret Key"; description = "Searx Secret Key";
}; };
minecraftRcon = mkOption {
type = types.str;
description = "Minecraft RCON Password";
};
tailscaleKey = mkOption { tailscaleKey = mkOption {
type = types.str; type = types.str;
description = "Tailscale Auth Key"; description = "Tailscale Auth Key";
@ -28,5 +25,9 @@ with lib;
type = types.str; type = types.str;
description = "SSH Public Key for Root User"; description = "SSH Public Key for Root User";
}; };
grafanaSecret = mkOption {
type = types.str;
description = "Grafana Secret Key for security";
};
}; };
} }

0
secrets.nix.example → secrets/secrets.nix.example
View file

1
system Symbolic link
View file

@ -0,0 +1 @@
/nix/store/4yqza1r8m2ds7nr52838iysp0nx742np-nixos-system-extremist-software-26.05.20260217.0182a36