feat: remove minecraft and add grafana secret

2026-02-18 19:09:21 -08:00 · 2026-02-18 19:09:21 -08:00 · cc2036d95e
commit cc2036d95e
parent ce89f2fcda
10 changed files with 21 additions and 106 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,7 @@ result
 result-*

 # Secrets (Untracked)
-secrets.nix
+secrets/secrets.nix

 # Only track the example file
-!secrets.nix.example
+!secrets/secrets.nix.example
--- a/README.md
+++ b/README.md
@ -7,7 +7,6 @@ services:
 - stalwart (mail.extremist.software)
 - searxng (search.extremist.software)
 - conduit (matrix.extremist.software)
- minecraft (extremist.software)
 - caddy (reverse proxy)
 - grafana/prometheus (status.extremist.software)

--- a/configuration.nix
+++ b/configuration.nix
@ -7,11 +7,11 @@
    ./modules/mail.nix
    ./modules/searx.nix
    ./modules/matrix.nix
-    ./modules/minecraft.nix
+    ./modules/matrix.nix
    ./modules/monitoring.nix
-    ./modules/secrets-scheme.nix
+    ./secrets/secrets-scheme.nix
    # Impure Secrets
-    ./secrets.nix
+    ./secrets/secrets.nix
  ];

  # ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports)
@ -24,8 +24,7 @@

  # Networking
  networking.hostName = "extremist-software";
-  networking.firewall.allowedTCPPorts = [ 80 443 25565 ]; # HTTP, HTTPS, Minecraft
-  networking.firewall.allowedUDPPorts = [ 25565 ];      # Minecraft
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS

  # Tailscale
  services.tailscale.enable = true;
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1771355198,
-        "narHash": "sha256-89m5VKxIs8QNiIvLsxHu5NpyhDsoXTtoN801IAurnW4=",
+        "lastModified": 1771469470,
+        "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "92fceb111901a6f13e81199be4fab95fce86a5c9",
+        "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13",
        "type": "github"
      },
      "original": {
@ -20,44 +20,6 @@
        "type": "github"
      }
    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "nix-minecraft": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1771383026,
-        "narHash": "sha256-WfsTqpMhZFxNPH8MZq8quXYp+3IlmiEiEcWHJOuoRRA=",
-        "owner": "Infinidoge",
-        "repo": "nix-minecraft",
-        "rev": "ca486548e1dab12bb6c3fb731f528fae608a3489",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Infinidoge",
-        "repo": "nix-minecraft",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1771369470,
@ -77,24 +39,8 @@
    "root": {
      "inputs": {
        "disko": "disko",
-        "nix-minecraft": "nix-minecraft",
        "nixpkgs": "nixpkgs"
      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -7,17 +7,16 @@
    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";

-    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
-    nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
+
  };

-  outputs = { self, nixpkgs, disko, nix-minecraft, ... }@inputs: {
+  outputs = { self, nixpkgs, disko, ... }@inputs: {
    nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = { inherit inputs; };
      modules = [
        disko.nixosModules.disko
-        nix-minecraft.nixosModules.minecraft-servers
+
        ./disk-config.nix
        ./configuration.nix
      ];
--- a/modules/minecraft.nix
+++ b/modules/minecraft.nix
@ -1,33 +0,0 @@
-{ config, pkgs, inputs, ... }:
-
-{
-  imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
-
-  nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
-
-  services.minecraft-servers = {
-    enable = true;
-    eula = true;
-
-    servers = {
-      fabric = {
-        enable = true;
-        # Use fetchPackwizModpack to get the server with mods
-        package = pkgs.fetchPackwizModpack {
-          url = "https://raw.githubusercontent.com/Fabulously-Optimized/fabulously-optimized/main/Packwiz/1.20.1/pack.toml";
-          packHash = "sha256-eoaJQtlb6BfCFVG8iUYxVQD5woLq+kecJj6GvBA1IqQ="; # User must update this hash!
-        };
-        serverProperties = {
-          motd = "Extremist Software Minecraft Server";
-          difficulty = "hard";
-          view-distance = 10;
-          simulation-distance = 10;
-          max-players = 5;
-          enable-rcon = true;
-          "rcon.password" = config.mySecrets.minecraftRcon; 
-        };
-        jvmOpts = "-Xms2G -Xmx2500M -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true";
-      };
-    };
-  };
-}
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -30,6 +30,9 @@
        http_addr = "127.0.0.1";
        domain = "status.extremist.software";
      };
+      security = {
+        secret_key = config.mySecrets.grafanaSecret;
+      };
    };
  };
 }
--- a/secrets/secrets-scheme.nix
+++ b/secrets/secrets-scheme.nix
@ -16,10 +16,7 @@ with lib;
      type = types.str;
      description = "Searx Secret Key";
    };
-    minecraftRcon = mkOption {
-      type = types.str;
-      description = "Minecraft RCON Password";
-    };
+
    tailscaleKey = mkOption {
      type = types.str;
      description = "Tailscale Auth Key";
@ -28,5 +25,9 @@ with lib;
      type = types.str;
      description = "SSH Public Key for Root User";
    };
+    grafanaSecret = mkOption {
+      type = types.str;
+      description = "Grafana Secret Key for security";
+    };
  };
 }
--- a/secrets/secrets.nix.example
+++ b/secrets/secrets.nix.example
--- a/1
+++ b/1
@ -0,0 +1 @@
+/nix/store/4yqza1r8m2ds7nr52838iysp0nx742np-nixos-system-extremist-software-26.05.20260217.0182a36
				`@ -0,0 +1 @@`
				`/nix/store/4yqza1r8m2ds7nr52838iysp0nx742np-nixos-system-extremist-software-26.05.20260217.0182a36`