{ pkgs, config, lib, ... }: let service = "minecraft_recpro"; cfg = config.modules.gameservers.${service}; sec = config.sops.secrets; servers = { velocity = { data_dir = "/var/lib/gameservers/minecraft_recpro/velocity"; ram = "2G"; }; smp = { data_dir = "/var/lib/gameservers/minecraft_recpro/smp"; ram = "12G"; }; superflat = { data_dir = "/var/lib/gameservers/minecraft_recpro/superflat"; ram = "4G"; }; bento = { data_dir = "/var/lib/gameservers/minecraft_recpro/bento"; ram = "2G"; }; }; in { options.modules.gameservers.${service} = { enable = lib.mkEnableOption "enables ${service}"; url = lib.mkOption { type = lib.types.str; default = "mc.recoil.pro"; description = "set domain for ${service}"; }; data_dir = lib.mkOption { type = lib.types.str; default = "/var/lib/gameservers/${service}"; description = "set data directory for ${service}"; }; ids = lib.mkOption { type = lib.types.int; default = 25565; description = "set uid and pid of ${service} user (matches port by default)"; }; backup = lib.mkOption { type = lib.types.bool; default = false; description = "enable backups for ${service}"; }; }; config = lib.mkIf cfg.enable { # declare ${service} group users.groups.minecraft = { gid = lib.mkForce cfg.ids; }; # declare ${service} user users.users.minecraft = { description = "minecraft server user"; uid = lib.mkForce cfg.ids; isSystemUser = true; shell = pkgs.bash; group = "minecraft"; extraGroups = []; }; systemd.tmpfiles.rules = lib.attrsets.mapAttrsToList (name: cfg: "d ${cfg.data_dir} 0770 minecraft minecraft -" ) servers; # Create a systemd service per server running in tmux systemd.services = lib.attrsets.mapAttrs (name: srv: { description = "minecraft_recpro: ${name}"; after = [ "network.target" ]; wants = [ "network.target" ]; serviceConfig = { User = "minecraft"; Group = "minecraft"; WorkingDirectory = srv.data_dir; UMask = "0007"; ExecStart = "${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui"; # ExecStart = "${pkgs.tmux}/bin/tmux new-session -d -s mc-${name} '${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui'"; # ExecStop = "${pkgs.tmux}/bin/tmux send-keys -t mc-${name} C-c"; Restart = "on-failure"; KillMode = "process"; }; wantedBy = [ "multi-user.target" ]; }) servers; environment.systemPackages = with pkgs; [ openjdk21 mcrcon tmux ]; services.mysql = { enable = true; package = pkgs.mariadb; ensureDatabases = [ "minecraft_recpro_db" ]; ensureUsers = [ { name = "minecraft"; ensurePermissions = { "minecraft_recpro_db.*" = "ALL PRIVILEGES"; }; } ]; initialScript = pkgs.writeText "minecraft_recpro-init.sql" '' CREATE USER IF NOT EXISTS 'minecraft_recpro'@'localhost' IDENTIFIED BY 'IKNOWTHISISBADIJUSTNEEDTHISTOWORKRNPLS'; GRANT ALL PRIVILEGES ON minecraft_recpro_db.* TO 'minecraft_recpro'@'localhost'; FLUSH PRIVILEGES; ''; }; # open firewall networking.firewall.allowedTCPPorts = [ 25777 25565 25566 25567 ]; # # internal reverse proxy entry # services.nginx.virtualHosts."${cfg.url}" = { # forceSSL = true; # sslCertificate = sec."ssl_blakedheld_crt".path; # sslCertificateKey = sec."ssl_blakedheld_key".path; # locations."/" = { # proxyPass = "http://127.0.0.1:${toString cfg.port}"; # }; # }; # # external reverse proxy entry # services.nginx.virtualHosts."${service}.blakedheld.xyz" = { # forceSSL = true; # sslCertificate = sec."ssl_blakedheld_crt".path; # sslCertificateKey = sec."ssl_blakedheld_key".path; # locations."/" = { # proxyPass = "http://127.0.0.1:${toString cfg.port}"; # }; # }; # sops.secrets = { "velocity_forwarding" = { owner = "minecraft"; group = "minecraft"; path = "/var/lib/gameservers/minecraft_recpro/velocity/forwarding.secret"; mode = "0400"; }; "minecraft_recpro_db_passwd" = { owner = "mysql"; group = "mysql"; }; }; # add to backups modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; }; }