magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-29 11:36:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

More arma3 enablement

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-03-23 08:31:33 +01:00
parent a28d05e6c4
commit e0ec4be761
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
4 changed files with 129 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
nixos/systems/omen/arma3.nix Normal file
View file

@ -0,0 +1,113 @@
{
inputs',
pkgs,
...
}: {
ucontainers."arma3" = {
network = [
{
hostAddress = "10.99.99.1/24";
guestAddress = "10.99.99.2/24";
hostInterface = "arma3";
guestInterface = "eth0";
}
];
settings = {
ephemeral = true;
bind = [
"/etc/resolv.conf"
"/var/lib/arma3/steam:/home/steam/Steam"
"/var/lib/arma3/Steam:/home/steam/.local/share/Steam"
"/var/lib/arma3/steamapps:/var/lib/steam"
"/tmp/arma-secret/:/secret"
];
};
path =
(inputs'.nixng.nglib.makeSystem {
inherit (pkgs.stdenv) system;
inherit (inputs') nixpkgs;
name = "arma3";
config = let
inherit
(pkgs.lib)
getExe
getExe'
;
in {
dumb-init = {
enable = true;
type.services = {};
};
nixpkgs.pkgs = pkgs;
init.services.network = {
enabled = true;
script = pkgs.writeShellScript "network-start" ''
ip addr add "10.99.99.2/24" dev "eth0"
ip link set "eth0" up
ip route add "10.99.99.0/24" dev "eth0"
ip route add default via "10.99.99.1" dev "eth0"
touch /etc/hosts
exec sleep infinity
'';
};
users.users."steam" = {
uid = 1001;
home = "/home/steam";
group = "steam";
};
users.groups."steam" = {
gid = 1001;
};
init.services.steam-login = {
enabled = true;
script = pkgs.writeShellScript "steam-login-start" ''
mkdir -p /home/steam
chown steam:steam -R /home/steam
chown steam:steam -R /var/lib/steam
HOME=/home/steam USER=steam chpst -U steam:steam -u steam:steam ${getExe pkgs.steamcmd} \
+force_install_dir /var/lib/steam \
+login "$(cat /secret/user)" "$(cat /secret/password)" \
+app_update 233780 validate \
+quit
exec sleep infinity
'';
};
init.services.arma3 = {
dependencies = [
"steam-login"
];
enabled = true;
script = pkgs.writeShellScript "arma3-start" ''
sleep 15
cd /var/lib/steam
PATH=${pkgs.coreutils}/bin:$PATH LD_LIBRARY_PATH=${pkgs.stdenv.cc.cc.lib}/lib:$PWD exec \
chpst -u steam:steam \
${getExe' pkgs.glibc "ld.so"} ./arma3server_x64 \
-config=./server.cfg \
-mod=./mods/@ACE \
-mod=./mods/@Antistasi \
-mod=./mods/@CBA_A3 \
-mod=./mods/@RHSAFRF \
-mod=./mods/@RHSGREF \
-mod=./mods/@RHSSAF \
-mod=./mods/@RHSUSAF
'';
};
};
})
.config
.system
.build
.toplevel;
};
}

1
nixos/systems/omen/default.nix
View file

@ -51,6 +51,7 @@ in {
./nixpkgs.nix
./firewall.nix
./impermenance.nix
./arma3.nix
../../../overlays/ifstate/module.nix
# ./test-vm.nix

17
nixos/systems/omen/firewall.nix
View file

@ -73,6 +73,13 @@
add chain
[(is.eq ip.daddr (cidr "10.50.0.0/22")) accept];
input-arma3 =
add chain;
output-arma3 =
add chain
[(is.eq ip.daddr (cidr "10.99.99.0/24")) accept];
### wlan0
input-wlan0 =
add chain
@ -150,6 +157,7 @@
[(is.eq meta.iifname "lo") (jump "input-lo")]
[(is.eq meta.iifname "wg0") (jump "input-wg0")]
[(is.eq meta.iifname "uk3s0") (jump "input-uk3s")]
[(is.eq meta.iifname "arma3") (jump "input-arma3")]
[(is.eq ip.protocol (f: f.icmp)) accept]
(logRule "Input");
@ -167,6 +175,7 @@
[(is.eq meta.oifname "mvm0") (jump "output-mvm")]
[(is.eq meta.oifname "wg0") (jump "output-wg0")]
[(is.eq meta.oifname "uk3s0") (jump "output-uk3s")]
[(is.eq meta.oifname "arma3") (jump "output-arma3")]
(logRule "Output");
forward =
@ -189,8 +198,8 @@
[(is.eq meta.iifname "mvm0") (is.eq meta.oifname "wg0") (is.eq ip.protocol (f: with f; set [tcp udp])) (is.eq th.dport 53) (is.eq ip.saddr "10.80.1.2") (is.eq ip.daddr (secret.network.ips.blowhole.ip or "")) accept]
# accept TCP, UDP 53 from 10.80.1.2 to blowhole
[(is.eq meta.iifname "podman0") (is.eq meta.oifname "wg0") (is.eq ip.protocol (f: with f; set [tcp udp])) (is.eq th.dport 53) (is.eq ip.daddr (secret.network.ips.blowhole.ip or "")) accept]
[(is.eq meta.iifname "uk3s0") (is.eq meta.oifname "wg0") (is.eq ip.protocol (f: with f; set [tcp udp])) (is.eq th.dport 53) (is.eq ip.daddr (secret.network.ips.blowhole.ip or "")) accept]
[(is.eq meta.iifname "uk3s0") (is.eq meta.oifname (set ["wlan0" "eth0"])) accept]
[(is.eq meta.iifname (set ["uk3s0" "arma3"])) (is.eq meta.oifname "wg0") (is.eq ip.protocol (f: with f; set [tcp udp])) (is.eq th.dport 53) (is.eq ip.daddr (secret.network.ips.blowhole.ip or "")) accept]
[(is.eq meta.iifname (set ["uk3s0" "arma3"])) (is.eq meta.oifname (set ["wlan0" "eth0"])) accept]
(logRule "Forward");
prerouting =
@ -213,7 +222,9 @@
# masquarade from 10.80.1.2 heading to wg0
[(is.eq meta.iifname "mvm0") (is.eq meta.oifname "wg0") (is.eq ip.saddr (set ["10.80.1.2"])) masquerade]
[(is.eq meta.iifname "uk3s0") (is.eq meta.oifname "wg0") (is.eq ip.saddr (cidr "10.50.0.0/22")) masquerade]
[(is.eq meta.iifname "uk3s0") (is.eq meta.oifname (set ["wlan0" "eth0"])) (is.eq ip.saddr (cidr "10.50.0.0/22")) masquerade];
[(is.eq meta.iifname "uk3s0") (is.eq meta.oifname (set ["wlan0" "eth0"])) (is.eq ip.saddr (cidr "10.50.0.0/22")) masquerade]
[(is.eq meta.iifname "arma3") (is.eq meta.oifname "wg0") (is.eq ip.saddr (cidr "10.99.99.0/24")) masquerade]
[(is.eq meta.iifname "arma3") (is.eq meta.oifname (set ["wlan0" "eth0"])) (is.eq ip.saddr (cidr "10.99.99.0/24")) masquerade];
};
bridge-t = add table {family = f: f.bridge;} {

1
nixos/systems/omen/impermenance.nix
View file

@ -27,6 +27,7 @@ in {
"/var/lib/iwd"
"/var/lib/syncthing"
"/var/lib/containers"
"/var/lib/arma3"
];
files = [
"/etc/machine-id"