From 941aebe60d842829684f5b3f606e8a87e9af76d6 Mon Sep 17 00:00:00 2001 From: "Gustavo \"Guz\" L de Mello" Date: Thu, 14 May 2026 19:44:06 -0300 Subject: [PATCH] feat(services): minecraft servers setup --- flake.lock | 271 +++++++++++++++++++++++++++-- flake.nix | 15 +- secrets.nix | 4 +- secrets.yaml | 13 +- services/adguard.nix | 90 ++++++++++ services/capytal/gitea.nix | 193 ++++++++++++++++++++ services/capytal/matrix.nix | 309 +++++++++++++++++++++++++++++++++ services/minecraft-servers.nix | 246 ++++++++++++++++++++++++++ 8 files changed, 1122 insertions(+), 19 deletions(-) create mode 100644 services/adguard.nix create mode 100644 services/capytal/gitea.nix create mode 100644 services/capytal/matrix.nix create mode 100644 services/minecraft-servers.nix diff --git a/flake.lock b/flake.lock index 2f2da93..88ad296 100644 --- a/flake.lock +++ b/flake.lock @@ -89,6 +89,22 @@ "type": "github" } }, + "favelasmp": { + "inputs": { + "nix-minecraft": "nix-minecraft", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1778446878, + "narHash": "sha256-RQ5PD4RvIMfDzYgmpYuCBTM19d6kxOPL0+IleReLwRY=", + "path": "/home/guz/Projects/heart-favelasmp", + "type": "path" + }, + "original": { + "path": "/home/guz/Projects/heart-favelasmp", + "type": "path" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -105,6 +121,54 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -126,6 +190,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -177,6 +259,25 @@ "url": "https://code.capytal.cc/dot013/godotdev.nvim" } }, + "heart-modpack": { + "inputs": { + "nix-minecraft": "nix-minecraft_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1762728338, + "narHash": "sha256-TybTNtKAdrsv4r7/oHedacHjILXKeMwDiHVansh7Lus=", + "ref": "refs/heads/main", + "rev": "36e7a038351c6ce8d80eb77f47d4c44accb40b02", + "revCount": 33, + "type": "git", + "url": "file:///home/guz/Projects/heart-modpack" + }, + "original": { + "type": "git", + "url": "file:///home/guz/Projects/heart-modpack" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -237,7 +338,7 @@ "inputs": { "godotdev": "godotdev", "mdfmt": "mdfmt", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_3", "nvim-treesitter-main": "nvim-treesitter-main" }, "locked": { @@ -269,13 +370,81 @@ "type": "github" } }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "favelasmp", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1778039471, + "narHash": "sha256-Arjg44jFcpSqOKK05EIxbKIjhfjou/EGF12COFU+9QA=", + "owner": "infinidoge", + "repo": "nix-minecraft", + "rev": "87611ef4788116de05f851920c5958f0c37d5b05", + "type": "github" + }, + "original": { + "owner": "infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nix-minecraft_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils", + "nixpkgs": [ + "heart-modpack", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762653944, + "narHash": "sha256-zAgyqF6bPFGCe9WcZdskvxS3qmMPOh15TBF6yxbai78=", + "owner": "infinidoge", + "repo": "nix-minecraft", + "rev": "8fa3e5e2763f7dfc7ab665609167a4e6796518f4", + "type": "github" + }, + "original": { + "owner": "infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nix-minecraft_3": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1777608106, + "narHash": "sha256-wiBYCs2swNJefX1xH7tiyZLAw9ZmHZQ5DRo8VeFW6fg=", + "owner": "infinidoge", + "repo": "nix-minecraft", + "rev": "6643116cd25bd53641a9724db8a530e36899484d", + "type": "github" + }, + "original": { + "owner": "infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1767892417, - "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "type": "github" }, "original": { @@ -302,6 +471,38 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1767379071, "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", @@ -317,7 +518,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_5": { "locked": { "lastModified": 1774244481, "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=", @@ -377,7 +578,7 @@ }, "nvim-treesitter-main": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_4", "nvim-treesitter": "nvim-treesitter", "nvim-treesitter-textobjects": "nvim-treesitter-textobjects" }, @@ -415,11 +616,14 @@ "root": { "inputs": { "disko": "disko", + "favelasmp": "favelasmp", + "heart-modpack": "heart-modpack", "home-manager": "home-manager", "impermanence": "impermanence", "neovim": "neovim", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_3", + "nix-minecraft": "nix-minecraft_3", + "nixpkgs": "nixpkgs_5", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", "stylix": "stylix", @@ -459,7 +663,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -496,6 +700,51 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -587,11 +836,11 @@ ] }, "locked": { - "lastModified": 1774352774, - "narHash": "sha256-gibUM0pSnLxEeuFrYA8T1oEaixk+fjQpqXbYaxcEX/4=", + "lastModified": 1774455577, + "narHash": "sha256-lDZB7bb5nrxqlmCI8Ga03ZQZeOnC1zeXtJbUsr43JqI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "a0f3d47dbd8f8618a1920d5a5ca09b7993415895", + "rev": "0aa993a5bd3734e147b40344336983b141f3aac0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 738d2ae..a2fbf0b 100644 --- a/flake.nix +++ b/flake.nix @@ -33,11 +33,15 @@ # url = "git+ssh://gitea@spacestation/heart/modpack.git"; # # url = "git+file:///home/guz/.projects/heart-modpack"; # }; - # - # nix-minecraft = { - # url = "github:infinidoge/nix-minecraft"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + favelasmp = { + # url = "path:///home/guz/Projects/heart-favelasmp"; + url = "git+file:///home/guz/Projects/heart-favelasmp"; + }; + + nix-minecraft = { + url = "github:infinidoge/nix-minecraft"; + inputs.nixpkgs.follows = "nixpkgs"; + }; neovim = { url = "git+https://code.capytal.cc/dot013/nvim"; @@ -195,6 +199,7 @@ playit = ./modules/playit.nix; services = { cloudflared = ./services/cloudflared.nix; + minecraft-servers = ./services/minecraft-servers.nix; }; }; diff --git a/secrets.nix b/secrets.nix index 81977f4..98819ec 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,9 +1,11 @@ { config, + lib, inputs, pkgs, ... -}: { +}: +with lib; { imports = [ inputs.sops-nix.nixosModules.sops ]; diff --git a/secrets.yaml b/secrets.yaml index 509d08a..66bf76e 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -4,6 +4,15 @@ services: guzone-cred: ENC[AES256_GCM,data:UVsBMQMB2yrS2TnzyqSh57Hyr13ONfC81gJO2iT5EDkUu1XoocJcd1G0TEhSODmMvTfx6FrI5GSGRbHX0Z/AK1IBIeLBBQ9zDqhvL/2i+0EltBaIw/HMDusWvFLQMBBQiJ0uDqpBTEUAidUEe/qX248bGdL3d9EfYcxp7ivplMOZ5ocNJhDXqF0M1odfcia6J5xvehBeBeO6B8t5tDoDIIpA39bHge5IgMvQ9GwB4tE=,iv:YFbB8Wmgnzwdw0BZjWIrkP5FQ09iKeiW/eIIbBdNEgk=,tag:v7u6cAf8JM2KT/jxxb0tYg==,type:str] minio: credentialsFile: ENC[AES256_GCM,data:b3ZS3dJOjUMTFNY0vnCr+u5SZaUtf2DR4zCIGH/OpZWWjJIxjRPKp6aPM5ok/XnYu8cv/4FHwMM=,iv:ZnzLCTI0cEVHGy7mMUNGiQlseOXxvNgWrD1mkthwkNE=,tag:8Ii6fNg2syJcyxNAww+6SQ==,type:str] + minecraft: + playit-secret: ENC[AES256_GCM,data:dXy11fLDMTYg+aeoHOVVsNxXHry5OvKixWwtF/FWQULQ/KyOH8eshVznSXBazx3MFTO0qm6c5jJecGiN/0Ry0WdtRqzZ7mFqjMnpTck7xDU=,iv:y9PAcD86PlnK8mxjMAS1FMBNW3ZT8uLAFPnxxUaEgm4=,tag:NtnVnknzWDwqzg+4hC65UQ==,type:str] + proxy-allowed-users: ENC[AES256_GCM,data:nP9qx1xHS8mTXttAEfwX,iv:3afr3MFL7pUqNrq0iLFvs7Rif1Nfxp+/clFsMysawKo=,tag:I8P5SHwAt6n7qszAbeHCRA==,type:str] + proxy-geyser-config: ENC[AES256_GCM,data:zUtasSljIpn3pya0QmyyckY6xlIexk/j9KjTlGFU5u9Onvrgr2B+ggnsc6tkvgGFoMTk5TF/T6I5CAzoOg0sTkJqGlx8zxfjYpi5ZnW2kLwdrwpzidzTGpl68pA5KMxYAtAmMkv8g10T+DSYvrVpk4o4wU3h5Ud9,iv:DNVOZwND/pS9RmbCDVi1oXqYSZqO/GwoNkUOJJOh5tY=,tag:E7V24sVn78MWD2RYDz2Rgg==,type:str] + proxy-voicechat-properties: ENC[AES256_GCM,data:khVSVyXsCR6ig+ugQPmsMxYHnlCee5C4GBZLrzzoKuel5l/ieDOaGXw+abcm5RBELy+cOQWd/xD2cq3PM712hkksLpSYUw9gSSlx,iv:Gdc/bCdW6e1ZNFK5FXQGVmLQ1kv0Hklm3hvl79Er55k=,tag:O28pa0cIEDH7H0tuUGXo6Q==,type:str] + proxy-secret: ENC[AES256_GCM,data:K5GMlzDMD31YKjrJ,iv:1jSAFuPri5DS7foMBSw0rzXimmg3IPN6JXm0WVXqNwI=,tag:X1InctFVT53Ne/b23crnTg==,type:str] + favelasmp-ops: ENC[AES256_GCM,data:9ewCJum/8Luwre7PPvWsehAW+kY7xPMUmLYax0OCAdlM7LqNxiZOWJlm3KjUMwkAZtwqFPw0aAwwBRadew0xyrBD2SZRdsN3SI8yAV/FK9nPyTq0c7BTU9NHD12YC4qh48rI9Z806pTjnUBfbRd9uiT78olqm4qq6J/GX8tvofPYFm8IGe871shrR8fIP4K78uAv0hXTgku0kk34qjlKIMp8ciREE/O2kBlUCdthE/M6tcEAmgBSkT8yYeOfGiSHY3zY6c/6fptzUG/WUjb3VWlOLL4Jx4G8BCXS720xFz0v8hkB/eCecuOh+2ZaffP0WqL4v8YyFTKy/CZIxtD2b1AqLa6AIR0hkjvtPE4b,iv:WaGnq9ziEx2MT8SZymKi1Ws1f3m4Z5kE0JWZ3C2qL58=,tag:q3deUM+/Gm6iA+V3hGj5vQ==,type:str] + favelasmp-whitelist: ENC[AES256_GCM,data:rmv+LFKMqsRgVCJX7tGNqXVHztU2u1z+QbDYaDw9NImsB526+vpCogXb2ZK71PbZFC+gwX+tw2tqsLDaZmOw8WR9V4e+mkmxjzO255foPdX3X5sLi4zkTP5LGU8kpeLn+FziuMMWCI25GBYUEfNELQigizvfABxiI2WFKMh062YR2aQSxB6pVThJzr3UAyr4pcgH+663iHT9LHW9dZxAu/su1zYI1rh7EE1zfFueiNjujFS1OYuwLRPIPwccPUb/Lk9jB30v6M+lVzWo5DU+RjwQL5HNQOAWyHVf0kcDLQkX082du2tiWGqsmNDzciYKiEMIbJHiRoQtWHfs31HrBt+vGT70EeR9Y0uDAkgID6riHOtLq5plUpGLL4m9gMMdS9V5q68ovvQwBcfMZx93hMMH2VxuZZw+bM/gwhsHoBQAVxw95Hlz2oduLvDQPu/S081NuB99xRLPd3rpMqJY6YZL27fnOXFutQYN3seO+yLiR0xgX83I/CcSgsg8GxDupNYd6bawqEsIzbt+2MALa6eKg/QRi+d5dITTmajSgrkhX3mJx3sSj6T3ItKuHHh6Q7EowGBDqg/JnqaZoa8eWbLjJSxQw6y/voc5xba3/yCb99R3JvbwB9vtWXmOkEtsh/DxkdX8mgEuAMQdtpCf6H0i0wnJtdkZ2pmzh443Dik/8Mztx2rrgDrhd1hr3bzErwY7mMkmNAFJ4UbcaNW+MiRrBB8bIZX02Ev/se1zgE3MVA/1Xxop0YIgS3PrsfCOlDig4Fy6xXHPsgWbYVDm4EDi3s30WZuByxkIwtYkjKeLAmHbDY9E6lMVhP+j7HiwatFSSiKeZcEmqPpctlTYC1FDYZyv40dFHbOUL/lK0fltYsnjjc8019tfIzVe9U3byDCZ+MMPJ9va0dzfwzdwhJQAlenKQDymjiVkeD3S7rByiJRxWOj9QBQMHSRybGHtLMq854DX7iPZcD+WxAl99xmgvhZ1iGZzbpYfnLZfOXfbq7Eh27N6eOHXU5y85CyJwfiIHWigYMvQhTgpeGybAX1osdXz14eG5xzDsrTvZtLXS8+1AeEYhabZXZuOtDNQxiz2Del0YvA/bNsczXlzgZpW+m2QPNEH83IQ6CoGQev/JHdRi+nB0eTv1CljN5ItQNY7hCpj/EizSpqCBoEv+8vB8EtjLV/EgSSsPEQ=,iv:cH7MpF0/VrrdYTU5XJxzXa9n2RA84uWgTcv5wSIHzsc=,tag:S3tlFRkgpj8YhUkedTihBQ==,type:str] + favelasmp-pack-manager: ENC[AES256_GCM,data:nemrsTABt6wceqcDkhYYX5oo3NkR11xxOn+9CWlHz9s8rWOTSPfU9mpxlyAQWYj7Tk2GoILfQWQi2t0imdHMAqN17MW+d7hu/Bql7CEYWvmAkcFrSz2kCd/B0kBMCJbJ0AzVWx/4Qsl12sCOb/oS9yHkpguP3ONP5HD83aMvbRX/4JM8WBK7g6vIOptJ8my/5GQMS2UASkMyt9wKfTZddGuLmNiCuDpE9X1EP4pjO2oxUxNCUyyJKVJ4qos7kwhdOszv0ZxI+Ll8whLf9aAFCfYaLugZIZTxRMQTJdauU1c5/lFTKGkKUQLdCbU8MOrss9thhiLGEohQpSw4FNzELdu2+ou73CFT9S7sBaeMn918HjJpV5lQMgqRLAxTiwMcB4lWlOqVVCbI+9g7fKT1ekXA2oO/6bim1WRibx1uBjuXGzSvGPdRFw6zChnuULLNP3s2CGTBrnxM5A9ajaFv319YRP4HKIn/BP3UhI9SGN1dvjxyMf+bjAupZyBEC6o0t8AZ7Q+d+4jtOX9R9VQiON0C7juWmP4+H9IJqXyhgVgM6GA0KBlYfjXSgHtf3vn4Lk0wnDwqHILlCVBi3uIlt6DA6tCOrvo9nCE25xxZW/kw2ZBBo/SSa2lsYDNZyDOcYcd0pfGMltpw00hkqYj6JY2YzcivNnMCsnn3v8Ndrdxudp5YjX/botyxKzhkbuXcgUmhnvwmq8rQaCpy/DXNuFibw40IxtEvHmSu728UUUAeu0hrmjp13b1OxA1cXYhuLsSz9ngoQDsSSGJOmone2sTNpC68H+blyi1OxUEwo//Bn42P6lRcJS10f8QQ2GHQ3yOAiBNrPDGhQOGmnE2io9OY4Ne2aVbr6oSUGo69cErj+ZBpSPhsQEhxQo06FVtBn7xEsOD20yRtUzpKdBVpEJKZJ2I7isDB9yJGjjMmj3t1KagWimM62hGZW/CNWAhMvuyXNjrafcm+klw7qQzzMKmuczUDPtxnFq4B28uSyxv1Uzy88B7W5EXqYBMZEyEB9514i2Xu/+fpF9Ap2yzcUOyVtDnG4MStqI2YyiKG62JzQWZpN2LoJpeTQ3gRTKpLXA65bCZ7kepaoWqshGG4KMIY0OrWDLx1HF1d/WHaY04FqqJlVbNUSKAahKuoEcs2U9m/JyKL/AsRCuTTXmichlLjHDJKB5/xagBeQOqEcsG5DFl11jddxJuKVkRNOM1EEx/hyf1EF87I8DD/zAJDFEMBo5Ul1GbEYjpuFspOy870SlTyo9Q50aDW3dVbGwKMpkBYPBQxacS1GROyb+2ThLzFoIOKvAIxjPo0pIHUQ4fWm+OBmwtQRp7zi0H+jNk81TsnVRtpYJUOicXcaTPsOoZItrvbATYLi7BuHk+TvNm7+Lzk1WmiJQvfCT68Tzbw9OatUwpLcpQtenyhfyA984dDufXhr5biYrVePk+W0XOnhLEDNJ9fHtxSr2Ont+cFIVmIqGzayu1VRPwGsHkWQTPW7XQ0lfgrhz98TGVEFmyfuP2xowbki3jH+ZcwwYQ4hUD4SVMAKZbUs7V5FsEMd0xKCBqHgMW4bkzu4oupmBhse463yroO8vUK0Wm1nTd2Oe3Hr+vbE0sMS8X5Sfb1t+lUkkztCvZKr31+9QmdLsmjd/PRFE5DQ5B9Hhj3MWkc/ufYqo4L/7CelMGhsmC3e+cVlukJ9rXJSHv4jUq4Jm7AJaCNTR4GtQG5IhfowUZkyNQCGOE5yG3wgPAHBQYbAJSrCIRHH9ANPVGV/SN1/6UDzw==,iv:eiSrXVkgoofKhkTqbTDLFXbo6bS/aPVUaqAUdO5V2hQ=,tag:zeuQPoKpkIbxyStV0Pf20w==,type:str] guz: password: ENC[AES256_GCM,data:0D9a5w==,iv:+ahN7Y5rsJGCB6/sLgA11yt6YjPDIs1Q7qyTSBqp/No=,tag:pqnd/zAKu4ZFSsrInPPO5g==,type:str] git-envs: ENC[AES256_GCM,data:ze7jgpqZ9WFzd6rQds3dTa5FQniZsx31f8qLr1IQ9VpMuEqGlFBLD5vMxeW49XCYQyNJdR0wjLA9QuW6hDN9VXdIm8D4k1GNC7S2Uac2ROslf5sITHjByIM5mKCtt5pttM+Z+MysrvHT6TKiQLdIpSfxYzmLkbEE23/qhBCZ+uK3kqHCJJwCuS19e0s1eTCgvI6gYQXAYU5NI2plSeq7VJc3esug3X3+W4TMn9pveknmjTrJZfXavlCQ5y6yyDIA+aFB5gKJjFWMfKn78GDrMhaw3F8xRt5AOWLh4R5TlZbGnsVLrJK7GK3BwPRB+vS46Di+Je9vog98TXX7ZHRtT8516qnE6J+pYDuh2vRo2gSri/AywSqYKYp8b5iMV+lVvWZBVGUee6USp0ufVUlC1H5qOd2eKysIRXFz2axfRVDu4m17tbjG0XrwjUEo+XkeW5XqRqcQ0V3EmxrUmy2e4RT39394UZUG1Ab2qvowgIYFzmOIRUUPZ4b6IOeKFwnHCbRt2WYFVQto1D8RRRPZO/hU8hc5k/NFBwTxIg8ulr8dCLZPHarkZGaVSTwiHCSOppKlVYlvhgzniaCkJIAYwfaVnjsxGbWKHRuquB3S6YbskUy8qxohAX/0oIjWLihFbqmzBnNmp36cqPC7tFgfJKxCLnlwsveyDVK0AaADBMHhkpcHW7CWb0s9ZwpHrqgIq4XJ37ncieOvQFDgSZ1F8G8/6/avQo42WbeoMkPcbAWrfR/6ZMsps6MK99PeYfju+AbUwfq6m3hcIBIRiko4sn2GsbkkTfmrzOGeMSO/YT4SLJrnYqq67NzQGlh985+8nqPb98LSBxsRQ5umiJyGdytWn5I+Hw1AYXo7WIl4jrV+vhvv4viH0QMZFmIHwTYqCnT7C1zBZwkz1X6j8ZpUHF6vG36U7dxcZcogjhUa5ITqvIe/96OmJ7uGtIQ94ZeuJbrFFAYncRs0Zql8x1bksJkmZ9HX+m09/h6cl3NZ8KPk36cha1MIkQtuOPPwmuVm6fE9jG7gKjNK1Gk/LXR/or9gzX3YWwt5KAfPKRiWz2Bf2y5RmJOCkrN7kSy7iV5yFsUgd64vWQ3jRKwfHsHHJX0XyIGfNYyY2af8kr/iJdzmTqLSilEw5Fs16irHj/yWti7UJR4miDQJydoxfTguv9kLHzoPKpy40iwnZeJS1cnQFQuY6Qf+HyKBWOU141J9kd/w7px1Muu0SN4q+WxdXTGuHYJJqqJsPxkgtpWYdrklaHfd+9XEHqjIZDuqZJ9M5ctptiPvJgJP1n7AzKlnwClEI/RqrLomZMW4JfD63gsIxFFK13BGwggzcOEz7VKRmo08CUFWpnAeOzQDwax6+o6X1jPxQdv2+oFPZRmqyrV9QjvXogG03uOjaO+zMfhj5Ykoom3IQv803hW3xrToshcyg2+qyamfj0c7DAI+h5VPohH+iiBRWiQJCmUJSkPmAgSLFwkuPNfFJ/0CKjWhFVNaXgx4HRQnH0evpHPFFN0JCrgROh14vf0J4bjIMi+v1gerhwBvBjuTNM41ZsTncFnRGMgaaRIp+UwGGSB9aZf7DdXVzcsvFdqRIUgsLSWJApmkvA6W3gyME3Pugp0K6QsADPbg/fJV3HukElC3RIPX89QYLENCFqutTtH0DqEoQKiNhY1TXorS3g==,iv:6vBiIpZvLjWb1X2mQRf/IGDvU60NtJ8TaYPtKA5GepA=,tag:f4sW9OAO4BA3gHwLuaR/rw==,type:str] @@ -18,7 +27,7 @@ sops: TUIyZG5rVC9PM21RR1ZtaXhKUytyL2sKH49RFJJi94RFtbyJMYM2oLETQ3sgpXkJ BFyQJClKlbE5In6XnvJ0PjXForr8tYFIZ2YG7/Y2jf/hXMtIHO/02g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-19T18:35:22Z" - mac: ENC[AES256_GCM,data:bdIcXGeKdA/HIAbQEe+pnCOZMhB8y5M0K9FLzJ36ruRIlR7wyhYznzTm4fLVjfjlkPh72Z3Myrgmbjx/BBoW7ptILTRcYbq4RLgJAdQJLlqU67jQ3ce+jeDSjt/AjkY2Q+JvB3cZ4yA0z0EJDSndMJxLMa4fdls2wt2kxk/i1l4=,iv:Q1CmeyyfX6dtkmQ0biasCgWikmUsOzWwOo7bnGqKnkE=,tag:OJZ5EE7BLifCdoQlRIXaTg==,type:str] + lastmodified: "2026-05-14T23:23:39Z" + mac: ENC[AES256_GCM,data:xcY9DUboKM8nrm0f0PAH30bi5SH00qZ2cAe6634roC+P6LEdaqlg+FxIvlb6zeF8PxBY5iGGPZ5xke/t9WJ2g1GXIO9z1xV2Xk4eiQcxQOd/maq7HKlovOG4bob3O+Hw4FlpavkfWEzH2Rc6+UbNe/50JDtOlTeh9KWGL1bV7kc=,iv:5+oBpOaF6a7Vbdj1R6PTniNbN1cRpefh5yOuxT31hhg=,tag:Z9zvojzvzXyFDqV+NKR64w==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/services/adguard.nix b/services/adguard.nix new file mode 100644 index 0000000..85a6053 --- /dev/null +++ b/services/adguard.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.services.adguardhome; +in { + services.adguardhome = rec { + enable = true; + openFirewall = true; + port = 8753; + mutableSettings = false; + settings = { + http = {address = "127.0.0.1:${toString port}";}; + users = mapAttrsToList (name: password: {inherit name password;}) { + "admin" = "$2y$10$8KrO4gmaUUNsJ8q92A0GsOhLgkP2CyAhC4Tc6KSLAxk.S5BLhKGlm"; + }; + theme = "dark"; + dns = { + bootstrap_dns = [ + "1.1.1.1" + "8.8.8.8" + "9.9.9.9" + ]; + bind_hosts = [ + "0.0.0.0" + ]; + upstram_dns = [ + "9.9.9.9" + ]; + fallback_dns = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; + filtering = { + rewrites = mkIf config.services.caddy.enable (pipe config.services.caddy.virtualHosts [ + (filterAttrs (n: v: hasSuffix ".local" n)) + # (mapAttrsToList (domain: _: { + # domain = removePrefix "https://" (removePrefix "http://" domain); + # answer = "100.86.139.22"; + # enabled = true; + # })) + ]); + parental_enabled = false; + protection_enabled = true; + filtering_enabled = true; + safe_search.enabled = false; + safebrowsing_enabled = false; + }; + filters = + imap (id: url: { + enabled = true; + inherit id url; + }) [ + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/hoster.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/doh-vpn-proxy-bypass.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/dyndns.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.lgwebos.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/hosts/native.tiktok.extended.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.winoffice.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt" + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt" + ]; + user_rules = [ + "@@||bearblog.dev^$important" + "@@||blogspot.com^$important" + "@@||neocities.org^$important" + "@@||tailscale.com^$important" + "@@||torproject.org^$important" + "@@||tumblr.com^$important" + "@@||wordpress.com^$important" + ]; + }; + }; + + services.caddy.virtualHosts."adguard.local" = { + extraConfig = '' + reverse_proxy http://localhost:${toString cfg.port} + tls internal + ''; + }; + + # Ports needed to access the DNS resolver + networking.firewall.allowedTCPPorts = [53]; + networking.firewall.allowedUDPPorts = [53 51820]; +} diff --git a/services/capytal/gitea.nix b/services/capytal/gitea.nix new file mode 100644 index 0000000..b8ffed4 --- /dev/null +++ b/services/capytal/gitea.nix @@ -0,0 +1,193 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: let + cfg = config.services.gitea; +in { + services.gitea = { + enable = true; + package = inputs.lored-gitea.packages.${pkgs.stdenv.hostPlatform.system}.default; + lfs.enable = true; + settings = with lib; let + initList = l: (concatStringsSep "," l); + in rec { + DEFAULT = { + APP_NAME = "Capytal Code"; + }; + repository = { + DEFAULT_REPO_UNITS = initList [ + "repo.code" + "repo.issues" + "repo.pulls" + ]; + DEFAULT_TEMPLATE_REPO_UNITS = repository.DEFAULT_REPO_UNITS; + }; + "repository.pull-request" = { + CLOSE_KEYWORDS = initList [ + # en-US + "close" + "closes" + "closed" + "fix" + "fixes" + "fixed" + "resolve" + "resolves" + "resolved" + # pt-BR + "corrige" + "completa" + "fecha" + "implementa" + "resolve" + "termina" + ]; + }; + "repository.signing" = { + DEFAULT_TRUST_MODEL = "committer"; + }; + "ui.meta" = { + AUTHOR = "Capytal"; + DESCRIPTION = replaceString "\n" " " '' + Software forge dedicated for hosting official projects from Capytal and it's members. + Explore and discover the source-code of our commercial user-facing products, internal + developer-focused libraries, and infraestructure setups. + ''; + KEYWORDS = initList [ + "capytal" + "capytal code" + "capytal-code" + "git" + "gitea" + "projects" + "development" + "open source" + "open-source" + ]; + }; + server = { + DOMAIN = "code.capytal.cc"; + ROOT_URL = "https://${server.DOMAIN}"; + PUBLIC_URL_DETECTION = "auto"; + HTTP_PORT = 9964; + }; + database = { + DB_TYPE = "sqlite3"; + NAME = "gitea"; + USER = "gitea"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security = { + INSTALL_LOCK = true; + COOKIE_REMEMBER_NAME = "__Host-capytal_code_forge_incredible"; + PASSWORD_COMPLEXITY = initList ["lower" "upper" "digit" "spec"]; + PASSWORD_CHECK_PWN = true; + }; + qos = { + ENABLED = true; # For endpoints not protected by Anubis and protect from overload in general. + }; + cache = { + ADAPTER = "twoqueue"; + HOST = builtins.toJSON { + size = 1000; + recent_ratio = 0.25; + ghost_ratio = 0.5; + }; + }; + session = { + COOKIE_SECURE = true; + COOKIE_NAME = "__Host-i_like_capytal_code_forge"; + SAME_SITE = "strict"; + }; + picture = { + DISABLE_GRAVATAR = true; # Deprecated + ENABLE_FEDERATED_AVATAR = false; # Deprecated + }; + "cron.delete_repo_archives" = { + ENABLED = true; + }; + "cron.git_gc_repos" = { + ENABLED = true; + }; + oauth2 = { + ENABLED = true; + }; + federation = { + ENABLED = true; + }; + lfs = {}; + storage = { + STORAGE_TYPE = "minio"; + MINIO_USE_SSL = false; + MINIO_ENDPOINT = "localhost:3461"; + MINIO_BUCKET = "gitea"; + MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region; + }; + "storage.repo-archive" = {}; + "repo-archive" = {}; + actions = { + ENABLE = true; + DEFAULT_ACTIONS_URL = "self"; + }; + }; + secrets = { + server = { + LFS_JWT_SECRET = config.sops.secrets."gitea/server/lfs_jwt_secret".path; + }; + security = { + SECRET_KEY = config.sops.secrets."gitea/security/secret_key".path; + INTERNAL_TOKEN = config.sops.secrets."gitea/security/internal_token".path; + }; + oauth2 = { + JWT_SECRET = config.sops.secrets."gitea/oauth2/jwt_secret".path; + }; + storage = { + MINIO_ACCESS_KEY_ID = config.sops.secrets."gitea/storage/access_key_id".path; + MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/storage/secret_access_key".path; + }; + }; + }; + + services.gitea-actions-runner.instances = { + "gitea-runner" = { + enable = true; + name = "Gitea Runner (${config.networking.hostName}) 1"; + url = cfg.settings.server.ROOT_URL; + tokenFile = config.sops.secrets."gitea/actions/token".path; + labels = ["nix-latest:docker://code.capytal.cc/images/nix:2.31.3"]; + }; + }; + + services.anubis.instances."gitea".settings = { + BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}"; + BIND_NETWORK = "tcp"; + METRICS_BIND = ":${toString (cfg.settings.server.HTTP_PORT + 3)}"; + METRICS_BIND_NETWORK = "tcp"; + SERVE_ROBOTS_TXT = true; + TARGET = "http://localhost:${toString cfg.settings.server.HTTP_PORT}"; + ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/gitea/hex_file".path; + }; + + services.caddy.virtualHosts = let + redir = { + extraConfig = '' + redir https://code.capytal.cc{uri} permanent + ''; + }; + in { + ":${toString (cfg.settings.server.HTTP_PORT + 1)}" = { + extraConfig = '' + request_body { + max_size 1GiB + } + reverse_proxy http://localhost:${toString cfg.settings.server.HTTP_PORT} + ''; + }; + # Old ports used by legacy https://forge.capytal.company + ":9961" = redir; + ":9962" = redir; + }; +} diff --git a/services/capytal/matrix.nix b/services/capytal/matrix.nix new file mode 100644 index 0000000..6af5c16 --- /dev/null +++ b/services/capytal/matrix.nix @@ -0,0 +1,309 @@ +{config, ...}: { + services.matrix-continuwuity = { + enable = true; + settings = { + global = { + server_name = "capytal.cc"; + + allow_registration = true; + registration_token = "abaduh"; + + allow_encryption = true; + allow_federation = false; + trusted_servers = ["matrix.org"]; + + address = null; + port = [9802]; + + well_known = { + client = "https://capytal.cc"; + server = "capytal.cc"; + + support_role = "m.role.admin"; + support_email = "admin@capytal.cc"; + support_mxid = "@admin:capytal.cc"; + + rtc_focus_server_urls = [ + { + type = "livekit"; + livekit_service_url = "https://livekit.capytal.cc"; + } + ]; + }; + }; + }; + }; + + services.mautrix-discord = let + cfg = config.services.mautrix-discord; + continuwuity = config.services.matrix-continuwuity.settings.global; + in { + enable = true; + settings = { + homeserver = { + address = "http://localhost:${toString + (builtins.elemAt continuwuity.port 0)}"; + domain = continuwuity.server_name; + }; + appservice = rec { + address = "http://localhost:${toString port}"; + hostname = "0.0.0.0"; + port = 9402; + + database = { + type = "sqlite3"; + uri = "file:${cfg.dataDir}/mautrix-discord.db?_txlock=immediate"; + max_open_conns = 20; + max_idle_conns = 2; + max_conn_idle_time = null; + max_conn_lifetime = null; + }; + id = "discord"; + bot = { + username = "discord"; + displayname = "Discord bridge bot"; + avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC"; + }; + ephemeral_events = true; + async_transactions = false; + }; + bridge = { + permissions = { + "*" = "relay"; + "${continuwuity.server_name}" = "user"; + "${continuwuity.well_known.support_mxid}" = "admin"; + }; + backfill = { + forward_limits.initial.dm = 50; + forward_limits.initial.channel = 50; + forward_limits.initial.thread = 50; + + forward_limits.missed.dm = -1; + forward_limits.missed.channel = 1000; + forward_limits.missed.thread = 1000; + }; + start_private_channel_create_limit = 10; + double_puppet_server_map = { + ${continuwuity.server_name} = continuwuity.server_name; + }; + login_shared_secret_map = { + ${continuwuity.server_name} = "$MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET"; + }; + # direct_media = { + # enable = false; + # server_name = "discord-matrix.capytal.cc"; + # }; + encryption = { + allow = true; + default = true; + + allow_key_sharing = true; + + delete_keys = { + # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security + delete_outbound_on_ack = false; + dont_store_outbound = true; + ratchet_on_decrypt = true; + delete_fully_used_on_decrypt = true; + delete_prev_on_new_session = true; + delete_on_device_delete = true; + periodically_delete_expired = true; + delete_outdated_inbound = true; + }; + }; + }; + }; + environmentFile = config.sops.secrets."mautrix_discord/env_file".path; + }; + + services.mautrix-meta.instances."default" = let + continuwuity = config.services.matrix-continuwuity.settings.global; + in { + enable = true; + settings = { + network = { + max_initial_conversations = 10; + mode = "instagram"; + }; + homeserver = { + address = "http://localhost:${toString + (builtins.elemAt continuwuity.port 0)}"; + domain = continuwuity.server_name; + }; + appservice = rec { + address = "http://localhost:${toString port}"; + hostname = "0.0.0.0"; + port = 9404; + + as_token = "$MAUTRIX_META_APPSERVICE_AS_TOKEN"; + hs_token = "$MAUTRIX_META_APPSERVICE_HS_TOKEN"; + + id = "meta"; + bot = { + username = "meta"; + displayname = "Meta bridge bot"; + }; + }; + bridge = { + permissions = { + "*" = "relay"; + "${continuwuity.server_name}" = "user"; + "${continuwuity.well_known.support_mxid}" = "admin"; + }; + }; + backfill.enabled = true; + database = { + type = "sqlite3-fk-wal"; + uri = "file:/var/lib/${config.services.mautrix-meta.instances."default".dataDir}/mautrix-meta.db?_txlock=immediate"; + }; + encryption = { + allow = true; + default = true; + + allow_key_sharing = true; + + pickle_key = "$ENCRYPTION_PICKLE_KEY"; + + delete_keys = { + # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security + delete_outbound_on_ack = false; + dont_store_outbound = true; + ratchet_on_decrypt = true; + delete_fully_used_on_decrypt = true; + delete_prev_on_new_session = true; + delete_on_device_delete = true; + periodically_delete_expired = true; + delete_outdated_inbound = true; + }; + }; + }; + environmentFile = config.sops.secrets."mautrix_meta/env_file".path; + }; + + services.mautrix-whatsapp = let + continuwuity = config.services.matrix-continuwuity.settings.global; + in { + enable = true; + settings = { + network = { + max_initial_conversations = 10; + }; + homeserver = { + address = "http://localhost:${toString + (builtins.elemAt continuwuity.port 0)}"; + domain = continuwuity.server_name; + }; + appservice = rec { + address = "http://localhost:${toString port}"; + hostname = "0.0.0.0"; + port = 9403; + + id = "whatsapp"; + bot = { + username = "whatsapp"; + displayname = "WhatsApp bridge bot"; + }; + }; + bridge = { + permissions = { + "*" = "relay"; + "${continuwuity.server_name}" = "user"; + "${continuwuity.well_known.support_mxid}" = "admin"; + }; + }; + + backfill.enabled = true; + + database = { + type = "sqlite3-fk-wal"; + uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; + }; + + encryption = { + allow = true; + default = true; + + allow_key_sharing = true; + + pickle_key = "$ENCRYPTION_PICKLE_KEY"; + + delete_keys = { + # https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html#additional-security + delete_outbound_on_ack = false; + dont_store_outbound = true; + ratchet_on_decrypt = true; + delete_fully_used_on_decrypt = true; + delete_prev_on_new_session = true; + delete_on_device_delete = true; + periodically_delete_expired = true; + delete_outdated_inbound = true; + }; + }; + }; + environmentFile = config.sops.secrets."mautrix_whatsapp/env_file".path; + }; + + services.caddy.virtualHosts = { + ":${toString (config.services.capytalcc.web.port + 1)}".extraConfig = '' + # Matrix configuration --------------------------------------------------- + + # Homeserver (Continuwuity) + + @continuwuity { + path /_matrix /_matrix/* + path /_conduwuit /_conduwuit/* + path /.well-known/matrix /.well-known/matrix/* + } + + handle @continuwuity { + header { + Strict-Transport-Security "max-age=63072000;" + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "no-referrer" + Permissions-Policy "interest-cohort=()" + } + + reverse_proxy http://localhost:${ + toString (builtins.elemAt config.services.matrix-continuwuity.settings.global.port 0) + } { + header_up Host {upstream_hostport} + } + } + + # Site ------------------------------------------------------------------- + + handle / { + respond `Hello, world` 200 + } + handle /* { + respond "Not Found" 404 + } + ''; + }; + + services.livekit = { + enable = true; + settings = { + port = 9410; + bind_addresses = ["0.0.0.0"]; + rtc = { + tcp_port = 9411; + port_range_start = 50100; + port_range_end = 50200; + use_external_ip = true; + enable_loopback_candidate = false; + }; + }; + keyFile = config.sops.secrets."livekit/key_file".path; + }; + + services.lk-jwt-service = { + enable = true; + port = 9412; + keyFile = config.sops.secrets."livekit/key_file".path; + livekitUrl = "wss://livekit.capytal.cc"; + }; + + nixpkgs.config.permittedInsecurePackages = ["olm-3.2.16"]; +} diff --git a/services/minecraft-servers.nix b/services/minecraft-servers.nix new file mode 100644 index 0000000..be93009 --- /dev/null +++ b/services/minecraft-servers.nix @@ -0,0 +1,246 @@ +{ + config, + inputs, + lib, + pkgs, + self, + ... +}: +with lib; let + cfg = config.services.minecraft-servers; + inherit (inputs.nix-minecraft.lib) collectFilesAt; +in { + imports = [ + self.nixosModules.playit + self.nixosModules.services.cloudflared + inputs.nix-minecraft.nixosModules.minecraft-servers + ]; + + services.playit.enable = true; + services.playit.secretPath = config.sops.secrets."services/minecraft/playit-secret".path; + + services.minecraft-servers.enable = true; + services.minecraft-servers.eula = true; + services.minecraft-servers.dataDir = "/var/lib/minecraft-servers"; + services.minecraft-servers.managementSystem = { + tmux.enable = false; + systemd-socket.enable = true; + }; + services.minecraft-servers.openFirewall = true; + + services.minecraft-servers.servers = let + velocityToml = cfg.servers."proxy".files."velocity.toml".value; + in { + "proxy" = { + enable = true; + enableReload = true; + autoStart = true; + files = { + "velocity.toml".value = + (importTOML (pkgs.fetchurl { + url = "https://github.com/PaperMC/Velocity/raw/refs/heads/dev/3.0.0/proxy/src/main/resources/default-velocity.toml"; + hash = "sha256-bymzTBLn4rRajUWg74NE7i0nVY2ezTqzBaDq+iaQPR4="; + })) + // { + bind = "0.0.0.0:25565"; + online-mode = true; + player-info-forwarding-mode = "modern"; + forced-hosts = {}; + servers = { + favelasmp = "127.0.0.1:30066"; + try = ["favelasmp"]; + }; + }; + }; + symlinks = { + "forwarding.secret" = + config.sops.secrets."services/minecraft/proxy-secret".path; + "plugins/global-whitelist-1.0.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/aKrMZ5cC/versions/5GDSLhSp/global-whitelist-1.0.jar"; + sha512 = "908599f3674a93bc15b47caba3a22ffc12c0ecaa82b07ea3bc348a9466383b42af77dba9d23ec0af32f0639c3bcc061d366edb3d51eb2df58d95f9107fe4bc0c"; + }; + "plugins/global-whitelist/whitelist.json" = + config.sops.secrets."services/minecraft/favelasmp-whitelist".path; + "plugins/limited-offline-mode-1.2.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/cyWe0UpE/versions/39AVRi1e/limited-offline-mode-1.2.jar"; + sha512 = "bef617152931885b8a23c8e668e6a179d21c28fc27ecae1212ea6fbfcfc583db4c62f4f3bdd5c523dae6c5a12d18e4e709a24eadb8ac088979def530f8f824f3"; + }; + "plugins/limited-offline-mode/allowed-users.txt" = + config.sops.secrets."services/minecraft/proxy-allowed-users".path; + "plugins/Geyser-Velocity.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/wKkoqHrH/versions/x7XpMAYg/Geyser-Velocity.jar"; + sha512 = "f497488eb730202d492a3a80788dfb1389b1a75459df4c258e1620f0655cef85dc58ce589b41cb9ff5b937cda18a2b1416348ce4bb59db2089b539a306289223"; + }; + "plugins/Geyser-Velocity/config.yml" = + config.sops.secrets."services/minecraft/proxy-geyser-config".path; + "plugins/floodgate-velocity.jar" = pkgs.fetchurl { + url = "https://download.geysermc.org/v2/projects/floodgate/versions/latest/builds/latest/downloads/velocity"; + hash = "sha256-8liZUEOkhpy28e9gURCsHZBmpbHhsxZJWiWwavoMEGA="; + }; + "plugins/ViaVersion-5.9.2-SNAPSHOT.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/P1OZGk5p/versions/LXloXgE7/ViaVersion-5.9.2-SNAPSHOT.jar"; + sha512 = "55f6095de22481a0230e1cc419f333349156322924b9d5476cb4d4becc919cc6c522312ad325906a7e724fe45d68dee4cb938622285cf6d9ba5645e486f0b3ea"; + }; + "plugins/ViaBackwards-5.9.2-SNAPSHOT.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/NpvuJQoq/versions/an2egx81/ViaBackwards-5.9.2-SNAPSHOT.jar"; + sha512 = "94d0960df54cf351cfe20efb05d540b6600a53dc07456425199034f2228c59d7a97216f7a562202915ee08cc1c86d751e3ca8e98696b989fcbca985478de933c"; + }; + "plugins/ViaRewind-4.1.1.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/TbHIxhx5/versions/cOg14EE7/ViaRewind-4.1.1.jar"; + sha512 = "1c1f4db775d9dfbe288776bdbd2e0b2f4910643b9034607d813ee509da25fc45e84cfb0183cdfc30560b2632f24c75dcc51a4a9bb0de8ff29ac9e24bd89efc94"; + }; + "plugins/voicechat-velocity-2.6.13.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/5SU8XYFw/voicechat-velocity-2.6.13.jar"; + sha512 = "1096d733949b5743ba4af83fd8648caa738ebbeeb9427427f46949c7f33f812aeb914422268f96a1f4c5cccd9e9187426015db6ea000c472a71d237555c17e28"; + }; + "plugins/voicechat/voicechat-proxy.properties" = + config.sops.secrets."services/minecraft/proxy-voicechat-properties".path; + }; + jvmOpts = join " " [ + "-Xms1G" + "-Xmx1G" + "-XX:+UseG1GC" + "-XX:G1HeapRegionSize=4M" + "-XX:+UnlockExperimentalVMOptions" + "-XX:+ParallelRefProcEnabled" + "-XX:+AlwaysPreTouch" + "-XX:MaxInlineLevel=15" + ]; + package = pkgs.velocityServers.velocity.override { + url = "https://fill-data.papermc.io/v1/objects/88bc3a05a10f1031e007969d78f7b4f8c78722bb0c4633425e823e1e11928b04/velocity-3.5.0-SNAPSHOT-595.jar"; + sha256 = "88bc3a05a10f1031e007969d78f7b4f8c78722bb0c4633425e823e1e11928b04"; + jre_headless = pkgs.jdk25_headless; + }; + }; + "favelasmp" = let + modpack = inputs.favelasmp.packages.${pkgs.stdenv.hostPlatform.system}.modpack; + mcVersion = modpack.manifest.versions.minecraft; + fabricVersion = modpack.manifest.versions.fabric; + in rec { + enable = true; + enableReload = true; + autoStart = true; + jvmOpts = join " " [ + "-Xms4G" + "-Xmx4G" + "-XX:+UseG1GC" + "-XX:+UnlockExperimentalVMOptions" + "-XX:MaxGCPauseMillis=100" + "-XX:+DisableExplicitGC" + "-XX:TargetSurvivorRatio=90" + "-XX:G1NewSizePercent=50" + "-XX:G1MaxNewSizePercent=80" + "-XX:G1MixedGCLiveThresholdPercent=50" + "-XX:+AlwaysPreTouch" + ]; + package = pkgs.fabricServers."fabric-${replaceStrings ["."] ["_"] mcVersion}".override { + jre_headless = pkgs.jdk25_headless; + loaderVersion = fabricVersion; + }; + symlinks = + collectFilesAt modpack "mods" + // { + "whitelist.json" = + config.sops.secrets."services/minecraft/favelasmp-whitelist".path; + "ops.json" = + config.sops.secrets."services/minecraft/favelasmp-ops".path; + "mods/FabricProxy-Lite-2.12.0.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/8dI2tmqs/versions/CsEpiziv/FabricProxy-Lite-2.12.0.jar"; + sha512 = "b479c3ed1fe83929cad40e5c925ae2702da879b88a0271a24266cd21ecc037953f347cbe61ac7b7334e087544ee2ce5bf1f041fc3e64f50474404ad564c146f7"; + }; + "mods/Floodgate-Fabric-2.2.6-b63.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/bWrNNfkb/versions/fD4J9lnX/Floodgate-Fabric-2.2.6-b63.jar"; + sha512 = "54874033236df688da15fd4dd7d2d99d002e8955cb2d788d5ba409d753eb17629f53a6e976992de8cca8c8dd3663c70b283da88b5a12d72cef9647d09e04ae62"; + }; + "mods/git-pack-manager-fabric-26.1-5.2.1+fabric+26.1.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/PV38O99l/versions/LmejPXPp/git-pack-manager-fabric-26.1-5.2.1%2Bfabric%2B26.1.jar"; + sha512 = "d87dadc0e6cff7126ea79acbcaf7df623c04c50edb7611672ad0e4802bae70e6046b428c87dce82c850354029887510c9e308a546df88cbc69567ca13b2a588f"; + }; + "mods/mesh-lib-fabric-26.1-2.0.4+fabric+26.1.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/6HncyfPB/versions/wIXK3aQp/mesh-lib-fabric-26.1-2.0.4%2Bfabric%2B26.1.jar"; + sha512 = "55f180f4a2f2663d91a5286a4105657437ff884cf46bcc10f8d183173cc10dce3c8a7b8eb0c71d21d4d89a917b751f8a2901ddae6d061d7f53307bd6d2d2a4aa"; + }; + "mods/monkeylib538-fabric-26.1-4.0.1+fabric+26.1.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/gYap5A8T/versions/nRrNqvwM/monkeylib538-fabric-26.1-4.0.1%2Bfabric%2B26.1.jar"; + sha512 = "f86874822ca5aeb6c237acbe9cb54ecac78c4240204a5e632efad964f4343d94c4516ee5e45f8618593e2bce605238d75b9b3c4b3cadf012e3ad71efb91b9c91"; + }; + "mods/placeholder-api-3.0.0+26.1.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/eXts2L7r/versions/b3IPAHgB/placeholder-api-3.0.0%2B26.1.jar"; + sha512 = "b559da0f13fef17967f2aff1d06b00995c7db21d9d5b7b580ab6eafdf2365e4ac86a7d094c2b481160a942f291bc2595f2cb8c91ce5e169f1c2f461782ecd2a8"; + }; + "mods/fabric-api-0.149.0+26.1.2.jar" = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/Sy2Bq7Xc/fabric-api-0.149.0%2B26.1.2.jar"; + sha512 = "c7589aa4deeaa6dbefc13247eb5e0d4e257c152ef039937f54d6ee28282d3c84ccc96483d9c3950286fed6e3dcc546709898c8a446ab143d1663bc7d49649c54"; + }; + }; + files = + collectFilesAt modpack "config" + // { + "config/voicechat/voicechat-server.properties".value = { + port = 24455; + }; + "config/FabricProxy-Lite.toml".value = { + hackOnlineMode = true; + }; + "config/git-pack-manager/main.json" = + config.sops.secrets."services/minecraft/favelasmp-pack-manager".path; + "config/mesh-lib/main.json".value = { + httpPort = serverProperties.server-port + 100; + exposedPort = 443; + }; + }; + environment = { + FABRIC_PROXY_SECRET_FILE = config.sops.secrets."services/minecraft/proxy-secret".path; + }; + serverProperties = { + broadcast-console-to-opts = true; + enforce-whitelist = true; + enforce-secure-profile = false; + gamemode = "survival"; + online-mode = true; + maxPlayers = 13; + motd = "§k0§r Bem vindo a §6§lFavelaSMP! §r§k0§r"; + require-resource-pack = true; + resource-pack-prompt = "O servidor usa uma §6resourcepack§r customizada para cosméticos e datapacks que foram adicionados no servidor. §cSem ela você não terá uma experiência completa e haverá bugs!§r"; + view-distance = 12; + server-ip = elemAt (splitString ":" velocityToml.servers.favelasmp) 0; + server-port = toInt (elemAt (splitString ":" velocityToml.servers.favelasmp) 1); + }; + }; + }; + + services.cloudflared.tunnels."9ed8b48f-9585-4a67-9895-114b162172fb" = let + meshLib = cfg.servers."favelasmp".files."config/mesh-lib/main.json".value; + in { + ingress = { + "favelasmp.guz.one" = { + service = "http://localhost:${toString meshLib.httpPort}"; + path = "^/git-pack-manager.*$"; + }; + }; + }; + + environment.persistence."/persist".directories = [ + cfg.dataDir + ]; + + nixpkgs.overlays = [ + inputs.nix-minecraft.overlay + ]; + nixpkgs.config.allowUnfree = true; + nix.allowUnfreeList = [ + "minecraft-server" + "minecraft-server-21.1.2" + ]; + + sops.secrets = { + "services/minecraft/playit-secret" = {}; + "services/minecraft/proxy-allowed-users".owner = config.services.minecraft-servers.user; + "services/minecraft/proxy-geyser-config".owner = config.services.minecraft-servers.user; + "services/minecraft/proxy-voicechat-properties".owner = config.services.minecraft-servers.user; + "services/minecraft/proxy-secret".owner = config.services.minecraft-servers.user; + "services/minecraft/favelasmp-whitelist".owner = config.services.minecraft-servers.user; + "services/minecraft/favelasmp-pack-manager".owner = config.services.minecraft-servers.user; + "services/minecraft/favelasmp-ops".owner = config.services.minecraft-servers.user; + }; +}