kb01/aux-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Setup SOPS for Minecraft-Server Plugin Config. --impure is now needed

Browse source
This commit is contained in:
Kaybee 2025-01-26 02:43:21 +01:00
parent 168d1d6933
commit 97637d0650
Signed by: kb01
SSH key fingerprint: SHA256:kF6CmkcOkKRzXK9JFMTQPK6b5gf5tHcJR1n2IS/Bj7M
4 changed files with 36 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml
View file

@ -1,10 +1,7 @@
keys: keys:
- &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 - &server_kb-game-01 age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
- &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
creation_rules: creation_rules:
- path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$ - path_regex: modules/nixos/services/minecraft/secrets.yaml$
key_groups: key_groups:
- pgp: - age:
- *kbwork_yerukall - *server_kb-game-01
age:
- *kbwork_yerukall2

3
modules/nixos/services/minecraft/default.nix
View file

@ -42,6 +42,9 @@ in
enable = true; enable = true;
eula = true; eula = true;
}; };
# Create Secrets
sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; };
}; };
} }

23
modules/nixos/services/minecraft/secrets.yaml Normal file
View file

@ -0,0 +1,23 @@
minecraft:
database:
luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK
Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl
UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1
RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY
YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-17T14:22:01Z"
mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

10
modules/nixos/services/minecraft/velocity.nix
View file

@ -44,12 +44,14 @@ in
online-mode = false; online-mode = false;
player-info-forwarding-mode = "modern"; player-info-forwarding-mode = "modern";
enable-player-address-logging = false; enable-player-address-logging = false;
servers.lobby = ""; # servers.lobby = "";
servers.survival = "localhost:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}"; servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}";
servers.lobby = "127.0.0.1:123";
servers.try = [ servers.try = [
"lobby" #"lobby"
"survival" "survival"
]; ];
forced-hosts."lobby.example.com" = [ "lobby" ];
advanced.tcp-fast-open = true; advanced.tcp-fast-open = true;
}; };
}; };
@ -62,7 +64,7 @@ in
data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}"; data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}";
data.database = "luckperms"; data.database = "luckperms";
data.username = "luckperms"; data.username = "luckperms";
data.password = ""; data.password = builtins.readFile /run/secrets/minecraft/database/luckperms_password;
}; };
services.mysql = { services.mysql = {
ensureDatabases = [ "luckperms" ]; ensureDatabases = [ "luckperms" ];