minced raft server · eeep.ee/nixos@bb8f3ca

+3

flake.nix

··· 14 14 15 15 outputs = { self, nixpkgs, nixpkgs-master, nixos-hardware, home-manager, ... }: { 16 16 nixosModules = { 17 + minecraft = ./modules/minecraft.nix; 18 + 17 19 declarativeHome = { ... }: { 18 20 # big thank you to https://determinate.systems/posts/declarative-gnome-configuration-with-nixos !!! 19 21 imports = [ home-manager.nixosModules.home-manager ]; ··· 52 54 overlays defaults 53 55 ./machines/fovps 54 56 declarativeHome ./users/chfour 57 + minecraft 55 58 ]; 56 59 }; 57 60 };

+1

machines/fovps/services/default.nix

··· 4 4 imports = [ 5 5 ./caddy 6 6 ./cloudlog.nix 7 + ./minecraft.nix 7 8 ]; 8 9 }

+30

machines/fovps/services/minecraft.nix

··· 1 + { pkgs, ... }: 2 + 3 + { 4 + services.minecraft-ex.enable = true; 5 + services.minecraft-ex = { 6 + eula = true; 7 + declarative = true; 8 + dataDir = "/var/lib/minecraft"; 9 + openFirewall = true; 10 + jvmOpts = "-Xmx4096M -Xms2048M"; 11 + package = pkgs.papermc.overrideAttrs (old: rec { 12 + version = "1.20.6-36"; 13 + src = pkgs.fetchurl { 14 + url = "https://api.papermc.io/v2/projects/paper/versions/1.20.6/builds/36/downloads/paper-${version}.jar"; 15 + hash = "sha256-QvmH9nIyfnG6silRZsMjp0nByl4E4dQqTFskKq0gJEY="; 16 + }; 17 + }); 18 + serverProperties = { 19 + motd = "bajo jajo"; 20 + difficulty = 2; 21 + gamemode = 0; 22 + online-mode = false; 23 + white-list = true; 24 + view-distance = 20; 25 + 26 + enable-rcon = true; 27 + "rcon.password" = "hunter2"; 28 + }; 29 + }; 30 + }

+254

modules/minecraft.nix

··· 1 + # nixpkgs/nixos/modules/services/games/minecraft-server.nix modified 2 + { config, lib, pkgs, ... }: 3 + 4 + with lib; 5 + 6 + let 7 + cfg = config.services.minecraft-ex; 8 + 9 + # We don't allow eula=false anyways 10 + eulaFile = builtins.toFile "eula.txt" '' 11 + # eula.txt managed by NixOS Configuration 12 + eula=true 13 + ''; 14 + 15 + cfgToString = v: if builtins.isBool v then boolToString v else toString v; 16 + 17 + serverPropertiesFile = pkgs.writeText "server.properties" ('' 18 + # server.properties managed by NixOS configuration 19 + '' + concatStringsSep "\n" (mapAttrsToList 20 + (n: v: "${n}=${cfgToString v}") cfg.serverProperties)); 21 + 22 + stopScript = pkgs.writeShellScript "minecraft-ex-stop" '' 23 + echo stop > ${config.systemd.sockets.minecraft-ex.socketConfig.ListenFIFO} 24 + 25 + # Wait for the PID of the minecraft server to disappear before 26 + # returning, so systemd doesn't attempt to SIGKILL it. 27 + while kill -0 "$1" 2> /dev/null; do 28 + sleep 1s 29 + done 30 + ''; 31 + 32 + # To be able to open the firewall, we need to read out port values in the 33 + # server properties, but fall back to the defaults when those don't exist. 34 + # These defaults are from https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 35 + defaultServerPort = 25565; 36 + 37 + serverPort = cfg.serverProperties.server-port or defaultServerPort; 38 + 39 + rconPort = if cfg.serverProperties.enable-rcon or false 40 + then cfg.serverProperties."rcon.port" or 25575 41 + else null; 42 + 43 + queryPort = if cfg.serverProperties.enable-query or false 44 + then cfg.serverProperties."query.port" or 25565 45 + else null; 46 + 47 + in { 48 + options = { 49 + services.minecraft-ex = { 50 + 51 + enable = mkOption { 52 + type = types.bool; 53 + default = false; 54 + description = lib.mdDoc '' 55 + If enabled, start a Minecraft Server. The server 56 + data will be loaded from and saved to 57 + {option}`services.minecraft-ex.dataDir`. 58 + ''; 59 + }; 60 + 61 + declarative = mkOption { 62 + type = types.bool; 63 + default = false; 64 + description = lib.mdDoc '' 65 + Whether to use a declarative Minecraft server configuration. 66 + Only if set to `true`, the options 67 + {option}`services.minecraft-ex.whitelist` and 68 + {option}`services.minecraft-ex.serverProperties` will be 69 + applied. 70 + ''; 71 + }; 72 + 73 + eula = mkOption { 74 + type = types.bool; 75 + default = false; 76 + description = lib.mdDoc '' 77 + Whether you agree to 78 + [ 79 + Mojangs EULA](https://account.mojang.com/documents/minecraft_eula). This option must be set to 80 + `true` to run Minecraft server. 81 + ''; 82 + }; 83 + 84 + dataDir = mkOption { 85 + type = types.path; 86 + default = "/var/lib/minecraft"; 87 + description = lib.mdDoc '' 88 + Directory to store Minecraft database and other state/data files. 89 + ''; 90 + }; 91 + 92 + openFirewall = mkOption { 93 + type = types.bool; 94 + default = false; 95 + description = lib.mdDoc '' 96 + Whether to open ports in the firewall for the server. 97 + ''; 98 + }; 99 + 100 + serverProperties = mkOption { 101 + type = with types; attrsOf (oneOf [ bool int str ]); 102 + default = {}; 103 + example = literalExpression '' 104 + { 105 + server-port = 43000; 106 + difficulty = 3; 107 + gamemode = 1; 108 + max-players = 5; 109 + motd = "NixOS Minecraft server!"; 110 + white-list = true; 111 + enable-rcon = true; 112 + "rcon.password" = "hunter2"; 113 + } 114 + ''; 115 + description = lib.mdDoc '' 116 + Minecraft server properties for the server.properties file. Only has 117 + an effect when {option}`services.minecraft-ex.declarative` 118 + is set to `true`. See 119 + <https://minecraft.gamepedia.com/Server.properties#Java_Edition_3> 120 + for documentation on these values. 121 + ''; 122 + }; 123 + 124 + package = mkOption { 125 + type = types.package; 126 + default = pkgs.minecraft-server; 127 + defaultText = literalExpression "pkgs.minecraft-server"; 128 + example = literalExpression "pkgs.minecraft-server_1_12_2"; 129 + description = lib.mdDoc "Version of minecraft-server to run."; 130 + }; 131 + 132 + jvmOpts = mkOption { 133 + type = types.separatedString " "; 134 + default = "-Xmx2048M -Xms2048M"; 135 + # Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script 136 + example = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing " 137 + + "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 " 138 + + "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; 139 + description = lib.mdDoc "JVM options for the Minecraft server."; 140 + }; 141 + }; 142 + }; 143 + 144 + config = mkIf cfg.enable { 145 + 146 + users.users.minecraft = { 147 + description = "Minecraft server service user"; 148 + home = cfg.dataDir; 149 + createHome = true; 150 + isSystemUser = true; 151 + group = "minecraft"; 152 + }; 153 + users.groups.minecraft = {}; 154 + 155 + systemd.sockets.minecraft-ex = { 156 + bindsTo = [ "minecraft-ex.service" ]; 157 + socketConfig = { 158 + ListenFIFO = "/run/minecraft-ex.stdin"; 159 + SocketMode = "0660"; 160 + SocketUser = "minecraft"; 161 + SocketGroup = "minecraft"; 162 + RemoveOnStop = true; 163 + FlushPending = true; 164 + }; 165 + }; 166 + 167 + systemd.services.minecraft-ex = { 168 + description = "Minecraft Server Service"; 169 + wantedBy = [ "multi-user.target" ]; 170 + requires = [ "minecraft-ex.socket" ]; 171 + after = [ "network.target" "minecraft-ex.socket" ]; 172 + 173 + serviceConfig = { 174 + ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}"; 175 + ExecStop = "${stopScript} $MAINPID"; 176 + Restart = "always"; 177 + User = "minecraft"; 178 + WorkingDirectory = cfg.dataDir; 179 + 180 + StandardInput = "socket"; 181 + StandardOutput = "journal"; 182 + StandardError = "journal"; 183 + 184 + # Hardening 185 + CapabilityBoundingSet = [ "" ]; 186 + DeviceAllow = [ "" ]; 187 + LockPersonality = true; 188 + PrivateDevices = true; 189 + PrivateTmp = true; 190 + PrivateUsers = true; 191 + ProtectClock = true; 192 + ProtectControlGroups = true; 193 + ProtectHome = true; 194 + ProtectHostname = true; 195 + ProtectKernelLogs = true; 196 + ProtectKernelModules = true; 197 + ProtectKernelTunables = true; 198 + ProtectProc = "invisible"; 199 + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; 200 + RestrictNamespaces = true; 201 + RestrictRealtime = true; 202 + RestrictSUIDSGID = true; 203 + SystemCallArchitectures = "native"; 204 + UMask = "0077"; 205 + }; 206 + 207 + preStart = '' 208 + ln -sf ${eulaFile} eula.txt 209 + '' + (if cfg.declarative then '' 210 + 211 + if [ -e .declarative ]; then 212 + 213 + # Was declarative before, no need to back up anything 214 + cp -f ${serverPropertiesFile} server.properties 215 + 216 + else 217 + 218 + # Declarative for the first time, backup stateful files 219 + cp -b --suffix=.stateful ${serverPropertiesFile} server.properties 220 + 221 + # server.properties must have write permissions, because every time 222 + # the server starts it first parses the file and then regenerates it.. 223 + chmod +w server.properties 224 + echo "Autogenerated file that signifies that this server configuration is managed declaratively by NixOS" \ 225 + > .declarative 226 + 227 + fi 228 + '' else '' 229 + if [ -e .declarative ]; then 230 + rm .declarative 231 + fi 232 + ''); 233 + }; 234 + 235 + networking.firewall = mkIf cfg.openFirewall (if cfg.declarative then { 236 + allowedUDPPorts = [ serverPort ]; 237 + allowedTCPPorts = [ serverPort ] 238 + ++ optional (queryPort != null) queryPort; 239 + # ++ optional (rconPort != null) rconPort; 240 + } else { 241 + allowedUDPPorts = [ defaultServerPort ]; 242 + allowedTCPPorts = [ defaultServerPort ]; 243 + }); 244 + 245 + assertions = [ 246 + { assertion = cfg.eula; 247 + message = "You must agree to Mojangs EULA to run minecraft-ex." 248 + + " Read https://account.mojang.com/documents/minecraft_eula and" 249 + + " set `services.minecraft-ex.eula` to `true` if you agree."; 250 + } 251 + ]; 252 + 253 + }; 254 + }

Configure Feed

Configure Feed