diff --git a/flake.lock b/flake.lock index 73755af..2d6ca68 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "lastModified": 1762286984, + "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1764627417, + "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", "type": "github" }, "original": { @@ -73,11 +73,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -91,11 +91,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1757786467, - "narHash": "sha256-gx3THVUlpycVrUFC9vGhAtYRLI7dJtHyo67Zdq5Hadc=", + "lastModified": 1764578815, + "narHash": "sha256-WZ8+pH/cLjv3geonV3VFwtfa8IuTkPHb60a1ACQpOmc=", "owner": "reckenrode", "repo": "nix-foundryvtt", - "rev": "1bbc26a28d320fb336d94e9f3cc6b92c035fab20", + "rev": "1b875fb942c4ef926fd7aade7db327be363f7179", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -168,17 +168,17 @@ "type": "github" } }, - "nixpkgs-25_05": { + "nixpkgs-old": { "locked": { - "lastModified": 1747610100, - "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", - "owner": "NixOS", + "lastModified": 1764939437, + "narHash": "sha256-4TLFHUwXraw9Df5mXC/vCrJgb50CRr3CzUzF0Mn3CII=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", + "rev": "00d2457e2f608b4be6fe8b470b0a36816324b0ae", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" @@ -186,11 +186,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1764950072, + "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "f61125a668a320878494449750330ca58b78c557", "type": "github" }, "original": { @@ -234,32 +234,32 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1759281824, - "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=", + "lastModified": 1764983851, + "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5b5be50345d4113d04ba58c444348849f5585b4a", + "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { "locked": { - "lastModified": 1747179050, - "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", + "lastModified": 1764020296, + "narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", + "rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.11-small", "repo": "nixpkgs", "type": "github" } @@ -270,6 +270,7 @@ "disko": "disko", "foundryvtt": "foundryvtt", "nixpkgs": "nixpkgs_4", + "nixpkgs-old": "nixpkgs-old", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" @@ -280,20 +281,19 @@ "blobs": "blobs", "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_5", - "nixpkgs-25_05": "nixpkgs-25_05" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1755110674, - "narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=", + "lastModified": 1764185122, + "narHash": "sha256-+HUOwSIFLoyett2cvRjuFIbhobpHallfP9J2cia1apo=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f5936247dbdb8501221978562ab0b302dd75456c", + "rev": "a14fe3b293ec2720e5b7fc72ad136d22967e12ba", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixos-mailserver", "type": "gitlab" } @@ -305,11 +305,11 @@ ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1765079830, + "narHash": "sha256-i9GMbBLkeZ7MVvy7+aAuErXkBkdRylHofrAjtpUPKt8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "aeb517262102f13683d7a191c7e496b34df8d24c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5c38181..b6d78b5 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,13 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs-old.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; disko.url = "github:nix-community/disko"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; foundryvtt.url = "github:reckenrode/nix-foundryvtt"; }; @@ -14,6 +15,7 @@ inputs@{ self, nixpkgs, + nixpkgs-old, nixpkgs-unstable, disko, deploy-rs, @@ -28,6 +30,7 @@ defaultModuleArgs = { pkgs, ... }: { + _module.args.pkgs-old = import nixpkgs-old { system = "x86_64-linux"; }; _module.args.pkgs-unstable = import nixpkgs-unstable { system = "x86_64-linux"; config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ]; diff --git a/modules/default.nix b/modules/default.nix index c590769..d7a43a6 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -11,6 +11,7 @@ ./jellyfin.nix ./stb.nix ./monero.nix + ./minecraft-server.nix ./torrents.nix ./jitsi.nix ./binary-cache.nix diff --git a/modules/headscale.nix b/modules/headscale.nix index 08e92c4..4592bc2 100644 --- a/modules/headscale.nix +++ b/modules/headscale.nix @@ -27,6 +27,10 @@ in dns = { base_domain = "ts.net"; nameservers = { + global = [ + "9.9.9.10" + "149.112.112.10" + ]; split = { "foyer.cloud" = "10.33.0.100"; "foyer.lu" = "10.33.0.100"; diff --git a/modules/jellyfin.nix b/modules/jellyfin.nix index e97f601..a052489 100644 --- a/modules/jellyfin.nix +++ b/modules/jellyfin.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs-old, + ... +}: let cfg = config.custom.services.jellyfin; in @@ -10,6 +15,8 @@ in config = lib.mkIf cfg.enable { services.jellyfin = { enable = true; + # Downgrade because of https://github.com/jellyfin/jellyfin/issues/15388 + package = pkgs-old.jellyfin; dataDir = "/nix/var/data/jellyfin"; }; diff --git a/modules/jitsi.nix b/modules/jitsi.nix index 75bbaf5..67bb764 100644 --- a/modules/jitsi.nix +++ b/modules/jitsi.nix @@ -12,7 +12,7 @@ in }; config = lib.mkIf cfg.enable { - nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" ]; + nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8792" ]; services.jitsi-meet = { enable = true; hostName = "jitsi.froidmont.org"; diff --git a/modules/minecraft-server.nix b/modules/minecraft-server.nix new file mode 100644 index 0000000..8c16078 --- /dev/null +++ b/modules/minecraft-server.nix @@ -0,0 +1,55 @@ +{ + config, + lib, + pkgs, + pkgs-unstable, + ... +}: +let + cfg = config.custom.services.minecraft-server; +in +{ + options.custom.services.minecraft-server = { + enable = lib.mkEnableOption "minecraft server"; + }; + + config = lib.mkIf cfg.enable { + services.minecraft-server = { + enable = true; + package = pkgs-unstable.minecraft-server; + eula = true; + openFirewall = true; + declarative = true; + serverProperties = { + enable-rcon = true; + "rcon.port" = 25575; + "rcon.password" = "password"; + server-port = 23363; + online-mode = true; + force-gamemode = true; + white-list = true; + diffuculty = "hard"; + }; + whitelist = { + paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953"; + Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d"; + denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07"; + }; + dataDir = "/nix/var/data/minecraft"; + }; + + services.bluemap = { + enable = true; + eula = true; + defaultWorld = "${config.services.minecraft-server.dataDir}/world"; + host = "mcmap.${config.networking.domain}"; + enableNginx = true; + enableRender = true; + }; + + services.nginx.virtualHosts."mcmap.${config.networking.domain}" = { + forceSSL = true; + enableACME = true; + }; + }; +} diff --git a/modules/torrents.nix b/modules/torrents.nix index 1babec0..f35a718 100644 --- a/modules/torrents.nix +++ b/modules/torrents.nix @@ -161,6 +161,7 @@ in services.transmission = { enable = true; + package = pkgs-unstable.transmission_4; openRPCPort = true; user = config.users.users.www-data.name; group = config.users.groups.www-data.name; diff --git a/profiles/hel.nix b/profiles/hel.nix index a721a04..39aaed5 100644 --- a/profiles/hel.nix +++ b/profiles/hel.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + pkgs-unstable, + ... +}: { imports = [ ../environment.nix @@ -230,10 +235,11 @@ roundcube.enable = true; monero.enable = true; grafana.enable = true; - monitoring-exporters.enable = true; - immich.enable = true; - forgejo.enable = true; headscale.enable = true; + immich.enable = true; + minecraft-server.enable = true; + monitoring-exporters.enable = true; + forgejo.enable = true; backup-job = { enable = true; @@ -374,30 +380,6 @@ }; }; - # services.minecraft-server = { - # enable = false; - # package = pkgs-unstable.minecraft-server; - # eula = true; - # openFirewall = false; - # declarative = true; - # serverProperties = { - # enable-rcon = true; - # "rcon.port" = 25575; - # "rcon.password" = "password"; - # server-port = 23363; - # online-mode = true; - # force-gamemode = true; - # white-list = true; - # diffuculty = "hard"; - # }; - # whitelist = { - # paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953"; - # Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d"; - # denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07"; - # }; - # dataDir = "/nix/var/data/minecraft"; - # }; - # virtualisation.oci-containers.containers = { # "minecraft" = { # image = "itzg/minecraft-server"; @@ -496,6 +478,8 @@ }; certificateScheme = "acme-nginx"; + + stateVersion = 3; }; services.rspamd.extraConfig = '' diff --git a/terraform/dns.tf b/terraform/dns.tf index 309d129..18ac033 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -28,6 +28,14 @@ resource "hetznerdns_record" "banditlair_hcloud_a" { ttl = 600 } +resource "hetznerdns_record" "banditlair_mcmap_a" { + zone_id = data.hetznerdns_zone.banditlair_zone.id + name = "mcmap" + value = local.hel1_ip + type = "A" + ttl = 600 +} + resource "hetznerdns_record" "webmail_a" { zone_id = data.hetznerdns_zone.banditlair_zone.id name = "webmail"