Server: add minecraft
This commit is contained in:
parent
ccebf381b0
commit
8fdeb93bc5
2 changed files with 100 additions and 0 deletions
|
|
@ -21,5 +21,6 @@
|
||||||
./copyparty.nix
|
./copyparty.nix
|
||||||
./beets.nix
|
./beets.nix
|
||||||
./navidrome.nix
|
./navidrome.nix
|
||||||
|
./minecraft.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
99
roles/server/minecraft.nix
Normal file
99
roles/server/minecraft.nix
Normal file
|
|
@ -0,0 +1,99 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
stopScript = pkgs.writeShellScript "minecraft-server-stop" ''
|
||||||
|
echo stop > ${config.systemd.sockets.minecraft-server-sf5.socketConfig.ListenFIFO}
|
||||||
|
|
||||||
|
# Wait for the PID of the minecraft server to disappear before
|
||||||
|
# returning, so systemd doesn't attempt to SIGKILL it.
|
||||||
|
while kill -0 "$1" 2> /dev/null; do
|
||||||
|
sleep 1s
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
fileSystems = {
|
||||||
|
"/var/lib/minecraft" = {
|
||||||
|
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@minecraft"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
users.users.sf5 = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "sf5";
|
||||||
|
};
|
||||||
|
users.groups.sf5 = {};
|
||||||
|
systemd.tmpfiles.settings = {
|
||||||
|
music."/var/lib/minecraft/sf5" = {
|
||||||
|
d = {
|
||||||
|
age = "-";
|
||||||
|
user = "sf5";
|
||||||
|
group = "sf5";
|
||||||
|
mode = "0755";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [25565];
|
||||||
|
systemd.sockets.minecraft-server-sf5 = {
|
||||||
|
bindsTo = ["minecraft-server-sf5.service"];
|
||||||
|
socketConfig = {
|
||||||
|
ListenFIFO = "/run/minecraft-server-sf5.stdin";
|
||||||
|
SocketMode = "0660";
|
||||||
|
SocketUser = "sf5";
|
||||||
|
SocketGroup = "sf5";
|
||||||
|
RemoveOnStop = true;
|
||||||
|
FlushPending = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.minecraft-server-sf5 = {
|
||||||
|
description = "Minecraft Server (Sky Factory 5)";
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
requires = ["minecraft-server-sf5.socket"];
|
||||||
|
after = [
|
||||||
|
"network.target"
|
||||||
|
"minecraft-server-sf5.socket"
|
||||||
|
];
|
||||||
|
|
||||||
|
path = [pkgs.jdk17 pkgs.bash];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "/var/lib/minecraft/sf5/run.sh";
|
||||||
|
ExecStop = "${stopScript} $MAINPID";
|
||||||
|
Restart = "always";
|
||||||
|
User = "sf5";
|
||||||
|
WorkingDirectory = "/var/lib/minecraft/sf5";
|
||||||
|
|
||||||
|
StandardInput = "socket";
|
||||||
|
StandardOutput = "journal";
|
||||||
|
StandardError = "journal";
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
CapabilityBoundingSet = [""];
|
||||||
|
DeviceAllow = [""];
|
||||||
|
LockPersonality = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
RestrictAddressFamilies = [
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
];
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
UMask = "0077";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
programs.rust-motd.settings.service_status."Minecraft (SkyFactory 5)"= "minecraft-server-sf5";
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue