diff --git a/flake.nix b/flake.nix index 546b96b..e51c2d4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 210 current 2025-10-10 02:55:45 25.05.20251006.20c4598 6.12.50 * +# generation: 211 current 2025-10-10 03:14:57 25.05.20251006.20c4598 6.12.50 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/gameservers/minecraft_recpro/default.nix b/modules/homelab/gameservers/minecraft_recpro/default.nix index 9e9e29a..c5f7432 100644 --- a/modules/homelab/gameservers/minecraft_recpro/default.nix +++ b/modules/homelab/gameservers/minecraft_recpro/default.nix @@ -73,8 +73,21 @@ in wantedBy = [ "multi-user.target" ]; }) servers; - environment.systemPackages = with pkgs; [ openjdk21 ]; + environment.systemPackages = with pkgs; [ openjdk21 mcrcon ]; + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "minecraft_recpro_db" ]; + ensureUsers = [ + { + name = "minecraft_recpro"; + passwordFile = sec."minecraft_recpro_db_passwd".path; + ensurePermissions = { "minecraft_recpro_db.*" = "ALL PRIVILEGES"; }; + } + ]; + }; + # open firewall networking.firewall.allowedTCPPorts = [ 25777 25565 25566 25567 ]; @@ -97,12 +110,12 @@ in # }; # }; # -# sops.secrets = { -# "${service}_" = { -# owner = "${service}"; -# group = "${service}"; -# }; -# }; + sops.secrets = { + "${service}_db_passwd" = { + owner = "minecraft"; + group = "minecraft"; + }; + }; # add to backups modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index c3bfb58..410b062 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -24,6 +24,7 @@ gitea_database_password: ENC[AES256_GCM,data:nhFn0/G7gW5rk996OZzlcTt7T9KMbP8MNM+ mosquitto_password_file: ENC[AES256_GCM,data:7ifs2hGnFQSgJOAKpN0usfiaqLjj7Rjb7zn1/qBDbqEi5hV0JfUncZGorBivR/+kjXHQO6nxaHcKqYvPedNdJ7Qy4/uil/xwgwSmzcbisdVYkhd2pf/N34EQFxmqohud0aTH9V47QbgTdrUPfvsiL+ljLvLu4w==,iv:z7YPIfJHHaLOJrDVnMQhgcMzYAPordFR11kHRAzZqYU=,tag:LRddczdvy01YTm2DFDgSJQ==,type:str] #ENC[AES256_GCM,data:HJ81OxRD2xtNZKv+8oDqiT8mYpv45JMvjxU5pdmEKzl64SK3lQ==,iv:wStoC6XaZlvRPfbqti2CUbPrOOTt4KktaUp2ecVrggU=,tag:isOwKfNdQZAM+E8YQXBSFA==,type:comment] velocity_forwarding: ENC[AES256_GCM,data:MUNhW3q0/klK51k3,iv:dGT5N+IrZfBxMIwa0mUrIKF2HJvx/uZ5o/ps6bgDNOE=,tag:KNY2LKwmmnCdWqRnxSKctw==,type:str] +minecraft_recpro_db_passwd: ENC[AES256_GCM,data:dPAkdEX0hBigo/lND2r3ShxnS4Jc5wTI2ShcKnvjig==,iv:WjPugYspUvhy6TAh5UF3etvxTZjAPe3bkgFxIkh6FDw=,tag:h9LGoxp2x8PHxcP8fEkSlA==,type:str] sops: age: - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz @@ -35,7 +36,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-10T06:58:16Z" - mac: ENC[AES256_GCM,data:esDQXPJSwUpChIVfcXJe5MVFI3ZJD2APDbOcfw5amo/PYB1QbbNS3W63heEmyVK8CW/UXSeeepfzlnk0kyneDX+v1ANP6B5+LLlpuEbjb4vKxZvo7C1xb5dGqzG7aizXjs83k/vZTwXw9/4AgQUQq9gL9ZI1Bmgk3yNvzctLU4U=,iv:IMO35FHjrhFoLu1TE1f/3PJOVGhe8Hwcr0CzsoJMHiM=,tag:L1ibIfAfYE9K+lKiTxsofQ==,type:str] + lastmodified: "2025-10-10T08:43:27Z" + mac: ENC[AES256_GCM,data:3mH0+EY8MFLe78x38CFyWY7CzgkRftAAy25y6lWcqeY8U6XT9CCenaL6vsbZO5j1ypXMtYMlJOO2VFgM5SmbdEKY1rzZldNOoyeMpfV/hHRI6Gm1dD9IyXFFISb12MhO3kt/stWRs84ufGkKe/BpjcurnFlbCAy064cQd9Knu1Y=,iv:KZOlNj/WkbhwgY/OvuY+emTtYftaFZWi+CFIZwFfXiw=,tag:adndDqlpqiVx6VYqKLVETQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0