Merge branch 'main' of ssh://git-kb-one-de/kb01/aux-config

Setup SOPS for Minecraft-Server Plugin Config. --impure is now needed
Added Sops, Disabled Binary-Cache, VIM as default Editor
2025-01-26 02:44:23 +01:00 · 2025-01-26 02:43:21 +01:00 · 2025-01-26 02:42:29 +01:00 · 2025-01-26 02:31:01 +01:00
6 changed files with 48 additions and 13 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,10 +1,7 @@
 keys:
-  - &kbwork_yerukall CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8
+  - &server_kb-game-01 age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
  - &kbwork_yerukall2 age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu
 creation_rules:
-  - path_regex: systems/x86_64-linux/yerukall/secrets/secrets.yaml$
+  - path_regex: modules/nixos/services/minecraft/secrets.yaml$
    key_groups:
-    - pgp:
+    - age:
-      - *kbwork_yerukall
+      - *server_kb-game-01
      age:
      - *kbwork_yerukall2
--- a/flake.nix
+++ b/flake.nix
@ -39,7 +39,7 @@
      lix-module.nixosModules.default
    ];
-    # Modules for Host kb-games-01
+    # Modules for Host kb-game-01
    systems.hosts.kb-game-01.modules = with inputs; [
      lix-module.nixosModules.default
      sops-nix.nixosModules.sops
--- a/modules/nixos/services/minecraft/default.nix
+++ b/modules/nixos/services/minecraft/default.nix
@ -42,6 +42,9 @@ in
      enable = true;
      eula = true;
    };
    # Create Secrets
    sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; };
  };
 }
--- a/modules/nixos/services/minecraft/secrets.yaml
+++ b/modules/nixos/services/minecraft/secrets.yaml
@ -0,0 +1,23 @@
 minecraft:
    database:
        luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK
            Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl
            UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1
            RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY
            YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-17T14:22:01Z"
    mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/modules/nixos/services/minecraft/velocity.nix
+++ b/modules/nixos/services/minecraft/velocity.nix
@ -44,12 +44,14 @@ in
          online-mode = false;
          player-info-forwarding-mode = "modern";
          enable-player-address-logging = false;
-          servers.lobby = "";
+          # servers.lobby = "";
-          servers.survival = "localhost:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}";
+          servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}";
          servers.lobby = "127.0.0.1:123";
          servers.try = [
-            "lobby"
+            #"lobby"
            "survival"
          ];
          forced-hosts."lobby.example.com" = [ "lobby" ];
          advanced.tcp-fast-open = true;
        };
      };
@ -62,7 +64,7 @@ in
      data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}";
      data.database = "luckperms";
      data.username = "luckperms";
-      data.password = "";
+      data.password = builtins.readFile /run/secrets/minecraft/database/luckperms_password;
    };
    services.mysql = {
      ensureDatabases = [ "luckperms" ];
--- a/systems/x86_64-linux/kb-game-01/default.nix
+++ b/systems/x86_64-linux/kb-game-01/default.nix
@ -43,6 +43,7 @@
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    packages = with pkgs; [
      vim
      sops
    ];
  };
@ -51,6 +52,7 @@
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdxVb42GEb/rwrsQx/Wc2v2P+WIq8/WNlF+l31Rl/a Remotebuilds from HyperC"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/WONflZXVoZd8I4HdNMXNtoYELnCaxqdFY0QKDXXS9 Remotebuilds from Rubtrm"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqjdhtK0xeJcHwwCAia6I+WuZCkN9pUS21MNjJ2jOuc Remotebuilds from LANA9Z"
    ];
  };
@ -62,6 +64,14 @@
    tree
  ];
  # Default Editor
  programs.vim.enable = true;
  programs.vim.defaultEditor = true;
  # Sops Secrets Config
  sops.defaultSopsFormat = "yaml";
  sops.age.keyFile = "/home/master/.config/sops/age/keys.txt";
  # SSH and Mosh
  services.openssh = {
    enable = true;
@ -83,7 +93,7 @@
  services.forgejo-runner.enable = true;
  # Binary Cache 
-  services.binary-cache.enable = true;
+  services.binary-cache.enable = false; # No Binary-Cache, when there are Secrets in the /nix/store
  # Enable QUEMU Quest Agent
  services.qemuGuest.enable = true;
Author	SHA1	Message	Date
kB01	17fce87568	Merge branch 'main' of ssh://git-kb-one-de/kb01/aux-config Some checks failed / Check Nix Flake (push) Failing after 33s Details	2025-01-26 02:44:23 +01:00
kB01	97637d0650	Setup SOPS for Minecraft-Server Plugin Config. --impure is now needed	2025-01-26 02:43:21 +01:00
kB01	168d1d6933	Added Sops, Disabled Binary-Cache, VIM as default Editor	2025-01-26 02:42:29 +01:00
kB01	8a12217299	Fixed Typo	2025-01-26 02:31:01 +01:00