paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Add agenix, spigot-server and ionos-dyndns to gilgamesh config
All checks were successful
Check / Lint Ansible Files (push) Successful in 3m1s
Details

Browse Source
This commit is contained in:
Paul Brinkmeier 2023-11-19 03:09:42 +01:00
parent e61a07f8d3
commit f2f12a2688
2 changed files with 43 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nix/gilgamesh/configuration.nix
View File

@ -1,9 +1,16 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ let
agenix = builtins.fetchTarball {
url = "https://github.com/ryantm/agenix/archive/daf42cb35b2dc614d1551e37f96406e4c4a2d3e4.tar.gz";
sha256 = "0gbn01hi8dh7s9rc66yawnmixcasadf20zci4ijzpd143ph492ad";
};
in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./spigot.nix "${agenix}/modules/age.nix"
../modules/spigot-server.nix
../modules/ionos-dyndns.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -77,13 +84,38 @@
nssmdns = true; nssmdns = true;
}; };
services.spigot = { services.spigot-server = {
enable = true; enable = true;
user = "spigot";
};
# Secrets management
age.secrets = {
ionos-prefix = {
file = ../secrets/ionos-prefix.age;
owner = "ionos-dyndns";
group = "ionos-dyndns";
};
ionos-secret = {
file = ../secrets/ionos-secret.age;
owner = "ionos-dyndns";
group = "ionos-dyndns";
};
}; };
# DynDNS stuff. IONOS has a (proprietary?) API for this, # DynDNS stuff. IONOS has a (proprietary?) API for this,
# so we're using a Python script from the interwebs :shrug: # so we're using a Python script from the interwebs :shrug:
# TODO: Config using agenix services.ionos-dyndns = {
enable = true;
# Must match the user owning the secrets below. See agenix config
# above for more details.
user = "ionos-dyndns";
apiPrefixPath = config.age.secrets.ionos-prefix.path;
apiSecretPath = config.age.secrets.ionos-secret.path;
aaaa = true;
fqdn = "blocks.beany.club";
interface = "enp0s25";
};
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 25565 ]; networking.firewall.allowedTCPPorts = [ 25565 ];

13
nix/gilgamesh/spigot.nix → nix/modules/spigot-server.nix
View File

@ -3,12 +3,11 @@ with lib;
let let
ionos-dyndns = pkgs.callPackage ../packages/ionos-dyndns.nix {}; ionos-dyndns = pkgs.callPackage ../packages/ionos-dyndns.nix {};
spigot-server = pkgs.callPackage ../packages/spigot-server.nix {}; spigot-server = pkgs.callPackage ../packages/spigot-server.nix {};
cfg = config.services.spigot; cfg = config.services.spigot-server;
name = "spigot";
StateDirectory = "spigot-server"; StateDirectory = "spigot-server";
in { in {
options = { options = {
services.spigot = { services.spigot-server = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -19,7 +18,7 @@ in {
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = name; default = "spigot-server";
description = '' description = ''
The user account and group that Spigot runs as. The user account and group that Spigot runs as.
''; '';
@ -29,14 +28,14 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = { users.users = {
${name} = { ${cfg.user} = {
isSystemUser = true; isSystemUser = true;
group = name; group = cfg.user;
description = "Spigot Minecraft server user"; description = "Spigot Minecraft server user";
}; };
}; };
users.groups = { users.groups = {
${name} = { ${cfg.user} = {
}; };
}; };