From 700ed7317b468c80f8c35f869cda3b5e69c04bcd Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Sun, 12 Dec 2021 22:31:33 +0100 Subject: [PATCH] Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB --- containers/camptules.nix | 18 ++++++-- containers/gitea.nix | 7 ++-- containers/hydra.nix | 21 ++++++---- containers/ingress.nix | 11 ++++- containers/jmusicbot.nix | 5 ++- containers/minecraft.nix | 32 ++++++++++++++ containers/website.nix | 5 ++- flake.lock | 24 ++++++++--- flake.nix | 23 ++++++---- infrastructure/ingress/nomad.hcl | 36 +++++++++++++++- infrastructure/minecraft/minecraft.hcl | 19 +++++++++ infrastructure/minecraft/nomad.hcl | 58 ++++++++++++++++++++++++++ 12 files changed, 224 insertions(+), 35 deletions(-) create mode 100644 containers/minecraft.nix create mode 100644 infrastructure/minecraft/minecraft.hcl create mode 100644 infrastructure/minecraft/nomad.hcl diff --git a/containers/camptules.nix b/containers/camptules.nix index 374d827..6de26e7 100644 --- a/containers/camptules.nix +++ b/containers/camptules.nix @@ -1,7 +1,8 @@ -nglib: camptules: -(nglib "x86_64-linux").makeSystem { +{ nglib, camptules, nixpkgs }: +nglib.makeSystem { system = "x86_64-linux"; name = "nixng-camptules"; + inherit nixpkgs; config = ({ pkgs, config, nglib, lib, ... }: { imports = [ @@ -16,7 +17,18 @@ nglib: camptules: services.camptules = { enable = true; - package = camptules.defaultPackage."x86_64-linux"; + package = + let + youtube-dlc = pkgs.writeShellScriptBin "youtube-dlc" + '' + ${pkgs.youtube-dl}/bin/youtube-dl "$@" + ''; + in + pkgs.writeShellScriptBin "camptules" + '' + export PATH=$PATH:${youtube-dlc}/bin:${pkgs.ffmpeg}/bin + ${lib.trace camptules.defaultPackage."x86_64-linux".outPath camptules.defaultPackage."x86_64-linux"}/bin/camptules + ''; }; }; }); diff --git a/containers/gitea.nix b/containers/gitea.nix index 8904a6c..ed84184 100644 --- a/containers/gitea.nix +++ b/containers/gitea.nix @@ -16,10 +16,11 @@ * along with this program. If not, see . */ -nglib: -((nglib "x86_64-linux").makeSystem { +{ nglib, nixpkgs }: +nglib.makeSystem { system = "x86_64-linux"; name = "nixng-gitea"; + inherit nixpkgs; config = ({ pkgs, ... }: { dumb-init = { @@ -148,4 +149,4 @@ nglib: }; } ); -}) +} diff --git a/containers/hydra.nix b/containers/hydra.nix index 7fce8b4..4bb8133 100644 --- a/containers/hydra.nix +++ b/containers/hydra.nix @@ -1,11 +1,9 @@ -nglib: -let - inherit (nglib "x86_64-linux") makeSystem; -in +{ nglib, nixpkgs }: { - postgresql = makeSystem { + postgresql = nglib.makeSystem { system = "x86_64-linux"; name = "nixng-hydra-postgresql"; + inherit nixpkgs; config = { pkgs, config, ... }: { config = { @@ -37,7 +35,7 @@ in }; }; - hydra = makeSystem { + hydra = nglib.makeSystem { system = "x86_64-linux"; name = "nixng-hydra"; config = { pkgs, config, lib, nglib, ... }: @@ -104,7 +102,7 @@ in let machines = pkgs.writeText "machines" '' - eu.nixbuild.net x86_64-linux 100 5 benchmark,big-parallel + eu.nixbuild.net x86_64-linux - 100 5 benchmark,big-parallel ''; in nglib.dag.dagEntryAnywhere @@ -135,6 +133,15 @@ in ln -s ${ssh_config} /etc/ssh/ssh_config ln -s ${ssh_known_hosts} /etc/ssh/ssh_known_hosts ''; + ssh-key = + nglib.dag.dagEntryAfter ["users"] + '' + export PATH=${pkgs.busybox}/bin + + cp /secrets/ssh-key /ssh-key + chmod 600 /ssh-key + chown hydra-queue-runner:root /ssh-key + ''; }; }; }; diff --git a/containers/ingress.nix b/containers/ingress.nix index 82b6875..07a181b 100644 --- a/containers/ingress.nix +++ b/containers/ingress.nix @@ -1,7 +1,8 @@ -nglib: -(nglib "x86_64-linux").makeSystem { +{ nglib, nixpkgs }: +nglib.makeSystem { system = "x86_64-linux"; name = "nixng-ingress"; + inherit nixpkgs; config = ({ pkgs, config, nglib, ... }: let ids = config.ids; @@ -79,6 +80,12 @@ nglib: pid = "/nginx.pid"; + stream."" = { + include = [ + [ "/local/streams.conf" ] + ]; + }; + http."" = { server_tokens = "off"; include = [ diff --git a/containers/jmusicbot.nix b/containers/jmusicbot.nix index 9a019c1..8fad1be 100644 --- a/containers/jmusicbot.nix +++ b/containers/jmusicbot.nix @@ -1,7 +1,8 @@ -nglib: -(nglib "x86_64-linux").makeSystem { +{ nglib, nixpkgs }: +nglib.makeSystem { system = "x86_64-linux"; name = "nixng-jmusicbot"; + inherit nixpkgs; config = ({ pkgs, config, nglib, ... }: { dumb-init = { diff --git a/containers/minecraft.nix b/containers/minecraft.nix new file mode 100644 index 0000000..f613c04 --- /dev/null +++ b/containers/minecraft.nix @@ -0,0 +1,32 @@ +{ nglib, nixpkgs }: +nglib.makeSystem { + system = "x86_64-linux"; + name = "nixng-minecraft"; + inherit nixpkgs; + config = ({ pkgs, config, nglib, ... }: + with pkgs.lib; + { + config = { + dumb-init = { + enable = true; + type.services = { }; + }; + init.services.minecraft = { + shutdownOnExit = true; + }; + + services.minecraft = { + enable = true; + eulaAccept = true; + + forgeZipFile = builtins.fetchurl { + url = "https://media.forgecdn.net/files/3551/162/SIMPLE-SERVER-FILES-1.8.12.zip"; + sha256 = "sha256:16w4874vbc8zab6czixmx62i5hxfv1zkjcbfz9djmhwwa8inw02l"; + }; + forgeFetchedHash = "sha256-58HAjgrbtVb62vJKdfzXTIJRSycP1cDnp4h5/mnIwtY="; + + forgeConfigOverrides = {}; + }; + }; + }); +} diff --git a/containers/website.nix b/containers/website.nix index d158ec3..8cdf99f 100644 --- a/containers/website.nix +++ b/containers/website.nix @@ -1,7 +1,8 @@ -website: nglib: -(nglib "x86_64-linux").makeSystem { +{ nglib, website, nixpkgs }: +nglib.makeSystem { system = "x86_64-linux"; name = "nixng-website"; + inherit nixpkgs; config = ({ pkgs, options, ... }: { dumb-init = { enable = true; diff --git a/flake.lock b/flake.lock index 0eddc12..c4e32c6 100644 --- a/flake.lock +++ b/flake.lock @@ -75,24 +75,23 @@ ] }, "locked": { - "lastModified": 1634508638, - "narHash": "sha256-WwuEo0JObE1f2YgXv0vmEXAiwQ/xFkDrHSN4It5tiic=", + "lastModified": 1638796503, + "narHash": "sha256-J5UjPK7kv41N79yku/gg3u7/vy5VN5W8DsH6AVcUuf0=", "owner": "MagicRB", "repo": "NixNG", - "rev": "2ba0bacb76c9e63265e2fb45c813a6661568c63f", + "rev": "990c82400885077b96491bb6f5d574e26daba917", "type": "github" }, "original": { "owner": "MagicRB", + "ref": "rework", "repo": "NixNG", "type": "github" } }, "nixng_2": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1619975252, @@ -123,6 +122,19 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1617271991, + "narHash": "sha256-VdzjIQaT1FtycNid0iPSVr44Jrstoox6QRLrwCY1uG0=", + "path": "/nix/store/p86a44r69akjvyg0nid33kh9mg15h9lq-source", + "rev": "da7f4c4842520167f65c20ad75ecdbd14e27ae91", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "org-thtml": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index bfef920..83e5dcc 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixng = { - url = "github:MagicRB/NixNG"; + url = "github:MagicRB/NixNG?ref=rework"; inputs.nixpkgs.follows = "nixpkgs"; }; website = { @@ -23,14 +23,19 @@ forAllSystems' = systems: fun: nixpkgs.lib.genAttrs systems fun; forAllSystems = forAllSystems' supportedSystems; - containers = { - hydra = (import ./containers/hydra.nix nixng.lib).hydra; - hydraPostgresql = (import ./containers/hydra.nix nixng.lib).postgresql; - ingress = (import ./containers/ingress.nix nixng.lib); - website = (import ./containers/website.nix inputs.website.website nixng.lib); - jmusicbot = (import ./containers/jmusicbot.nix nixng.lib); - camptules = (import ./containers/camptules.nix nixng.lib inputs.camptules); - }; + containers = + let base = { nglib = nixng.nglib nixpkgs.lib; inherit nixpkgs; }; + in + { + hydra = (import ./containers/hydra.nix base).hydra; + hydraPostgresql = (import ./containers/hydra.nix base).postgresql; + ingress = import ./containers/ingress.nix base; + website = import ./containers/website.nix (base // { inherit (inputs.website) website; }); + jmusicbot = import ./containers/jmusicbot.nix base; + camptules = (import ./containers/camptules.nix (base // { inherit (inputs) camptules; })); + gitea = import ./containers/gitea.nix base; + minecraft = import ./containers/minecraft.nix base; + }; in { ociImages = mapAttrs (n: v: v.config.system.build.ociImage) containers; diff --git a/infrastructure/ingress/nomad.hcl b/infrastructure/ingress/nomad.hcl index cec0949..6edbb90 100644 --- a/infrastructure/ingress/nomad.hcl +++ b/infrastructure/ingress/nomad.hcl @@ -32,6 +32,12 @@ job "ingress" { to = 443 host_network = "public" } + + port "minecraft" { + static = 25565 + to = 25565 + host_network = "public" + } } service { @@ -80,6 +86,16 @@ job "ingress" { mode = "local" } } + + upstreams { + destination_name = "minecraft" + local_bind_port = 2666 + datacenter = "homelab-1" + + mesh_gateway { + mode = "local" + } + } } } } @@ -102,7 +118,8 @@ job "ingress" { # load = "nixng-ingress.tar.gz" image = "nixng-ingress:local" - ports = ["http", "https"] + ports = ["http", "https", "minecraft"] + memory_hard_limit = 128 } resources { @@ -151,6 +168,23 @@ EOF change_signal = "SIGHUP" } + template { + data = <