diff --git a/.sops.yaml b/.sops.yaml index ad11aa8..1c7b15b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,10 +1,7 @@ keys: - - &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 - - &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu + - &server_kb-game-01 age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7 creation_rules: - - path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$ + - path_regex: modules/nixos/services/minecraft/secrets.yaml$ key_groups: - - pgp: - - *kbwork_yerukall - age: - - *kbwork_yerukall2 + - age: + - *server_kb-game-01 diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index 14b8d29..828093e 100644 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -42,6 +42,9 @@ in enable = true; eula = true; }; + + # Create Secrets + sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; }; }; } diff --git a/modules/nixos/services/minecraft/secrets.yaml b/modules/nixos/services/minecraft/secrets.yaml new file mode 100644 index 0000000..30a3e9c --- /dev/null +++ b/modules/nixos/services/minecraft/secrets.yaml @@ -0,0 +1,23 @@ +minecraft: + database: + luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK + Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl + UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1 + RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY + YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-17T14:22:01Z" + mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/modules/nixos/services/minecraft/velocity.nix b/modules/nixos/services/minecraft/velocity.nix index 253fb3f..1f373dc 100644 --- a/modules/nixos/services/minecraft/velocity.nix +++ b/modules/nixos/services/minecraft/velocity.nix @@ -44,12 +44,14 @@ in online-mode = false; player-info-forwarding-mode = "modern"; enable-player-address-logging = false; - servers.lobby = ""; - servers.survival = "localhost:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}"; + # servers.lobby = ""; + servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}"; + servers.lobby = "127.0.0.1:123"; servers.try = [ - "lobby" + #"lobby" "survival" ]; + forced-hosts."lobby.example.com" = [ "lobby" ]; advanced.tcp-fast-open = true; }; }; @@ -62,7 +64,7 @@ in data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}"; data.database = "luckperms"; data.username = "luckperms"; - data.password = ""; + data.password = builtins.readFile /run/secrets/minecraft/database/luckperms_password; }; services.mysql = { ensureDatabases = [ "luckperms" ];