diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 60bd713..43d6a02 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -11,30 +11,31 @@ let arcanum-institute = "arcanum.alicehuston.xyz"; meits = "meits.alicehuston.xyz"; # bcg-plus = "bcg.alicehuston.xyz"; + pii = "pii.alicehuston.xyz"; }; defaultServer = "rlcraft"; - # defaultEnv = { - # EULA = "true"; - # TYPE = "AUTO_CURSEFORGE"; - # STOP_SERVER_ANNOUNCE_DELAY = "120"; - # STOP_DURATION = "600"; - # SYNC_CHUNK_WRITES = "false"; - # USE_AIKAR_FLAGS = "true"; - # MEMORY = "8GB"; - # ALLOW_FLIGHT = "true"; - # MAX_TICK_TIME = "-1"; - # }; + defaultEnv = { + EULA = "true"; + TYPE = "AUTO_CURSEFORGE"; + STOP_SERVER_ANNOUNCE_DELAY = "120"; + STOP_DURATION = "600"; + SYNC_CHUNK_WRITES = "false"; + USE_AIKAR_FLAGS = "true"; + MEMORY = "8GB"; + ALLOW_FLIGHT = "true"; + MAX_TICK_TIME = "-1"; + }; - # defaultOptions = [ - # "--stop-signal=SIGTERM" - # "--stop-timeout=1800" - # "--network=minecraft-net" - # ]; + defaultOptions = [ + "--stop-signal=SIGTERM" + "--stop-timeout=1800" + "--network=minecraft-net" + ]; - # vars = import ../vars.nix; - # minecraft_path = "${vars.primary_games}/minecraft"; + vars = import ../vars.nix; + minecraft_path = "${vars.primary_games}/minecraft"; in { virtualisation.oci-containers.containers = { @@ -52,23 +53,43 @@ in ) ]; }; - # rlcraft = { - # image = "itzg/minecraft-server:java8"; - # volumes = [ - # "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" - # "${minecraft_path}/rlcraft/data:/data" - # ]; - # hostname = "rlcraft"; - # environment = defaultEnv // { - # VERSION = "1.12.2"; - # CF_SLUG = "rlcraft"; - # DIFFICULTY = "hard"; - # ENABLE_COMMAND_BLOCK = "true"; - # }; - # extraOptions = defaultOptions; - # log-driver = "local"; - # environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; - # }; + #rlcraft = { + # image = "itzg/minecraft-server:java8"; + # volumes = [ + # "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" + # "${minecraft_path}/rlcraft/data:/data" + # ]; + # hostname = "rlcraft"; + # environment = defaultEnv // { + # VERSION = "1.12.2"; + # CF_SLUG = "rlcraft"; + # DIFFICULTY = "hard"; + # ENABLE_COMMAND_BLOCK = "true"; + # }; + # extraOptions = defaultOptions; + # log-driver = "local"; + # environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; + #}; + prominence-ii = { + image = "itzg/minecraft-server:java25-graalvm"; + volumes = [ + "${minecraft_path}/prominence-ii/modpacks:/modpacks:ro" + "${minecraft_path}/prominence-ii/data:/data" + ]; + hostname = "pii"; + environment = defaultEnv // { + VERSION = "1.20.1"; + TYPE = "modrinth"; + MODRINTH_MODPACK = "prominence-2-fabric"; + MODRINTH_VERSION = "3.9.14hf"; + USE_AIKAR_FLAGS = "false"; + USE_MEOWICE_FLAGS = "true"; + DIFFICULTY = "hard"; + ENABLE_COMMAND_BLOCK = "true"; + }; + extraOptions = defaultOptions; + log-driver = "local"; + }; # bcg-plus = { # image = "itzg/minecraft-server:java17"; # volumes = [ diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix index c1905d6..75c8e46 100644 --- a/systems/palatine-hill/docker/torr.nix +++ b/systems/palatine-hill/docker/torr.nix @@ -42,6 +42,8 @@ in "--dns=9.9.9.9" ]; }; + + # temp instance qbitVPN = qbitBase // { # webui port is 8081, torr port is 39274 networks = [ @@ -57,6 +59,29 @@ in "/etc/localtime:/etc/localtime:ro" ]; }; + gluetun-qbit = { + image = "qmcgaw/gluetun:v3"; + capabilities = { + NET_ADMIN = true; + }; + devices = [ + "/dev/net/tun:/dev/net/tun" + ]; + ports = [ + "8081:8081" + "8083:8083" + ]; + environment = { + TZ = "America/New_York"; + # SOPS prep + }; + environmentFiles = [ + config.sops.secrets."docker/gluetun".path + config.sops.secrets."docker/gluetun-qbitvpn".path + ]; + }; + + # permanent instance qbitPerm = qbitBase // { # webui port is 8083, torr port is 29434 networks = [ @@ -72,7 +97,7 @@ in "/etc/localtime:/etc/localtime:ro" ]; }; - gluetun-qbit = { + gluetun-qbitperm = { image = "qmcgaw/gluetun:v3"; capabilities = { NET_ADMIN = true; @@ -81,13 +106,7 @@ in "/dev/net/tun:/dev/net/tun" ]; ports = [ - # qbitvpn - "8081:8081" - "39274:39274" - - # qbitperm "8083:8083" - "29433:24933" ]; environment = { TZ = "America/New_York"; @@ -95,6 +114,7 @@ in }; environmentFiles = [ config.sops.secrets."docker/gluetun".path + config.sops.secrets."docker/gluetun-qbitperm".path ]; }; }; @@ -102,7 +122,22 @@ in sops.secrets = { "docker/gluetun" = { owner = "docker-service"; - restartUnits = [ "docker-gluetun-qbit.service" ]; + restartUnits = [ + "docker-gluetun-qbit.service" + "docker-gluetun-qbitperm.service" + ]; + }; + "docker/gluetun-qbitvpn" = { + owner = "docker-service"; + restartUnits = [ + "docker-gluetun-qbit.service" + ]; + }; + "docker/gluetun-qbitperm" = { + owner = "docker-service"; + restartUnits = [ + "docker-gluetun-qbitperm.service" + ]; }; }; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index fc9e85b..c613fbe 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -32,7 +32,9 @@ docker: sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str] lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str] jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str] - gluetun: ENC[AES256_GCM,data:LSIHzw4HXoegkPwpEzLGFZfrAJG37Qcb+1aPVkbqElMyezxgEXUMzA3IOjkI/2aREmfjnm2gQxuidtvL+50jT7bBP6I/8+BTifVfdgk1nqtLasyGRcjDi2BGvITFGoXoHMY+3cNp1bhrDp0VjOtkwR4S2EsTajvUjvuj+TKcPkBlBIjNhO0UXbBZhfh0cERCEa5BxKz/wOKgyu8Gqgts+QPFhVpV/xT8LzI1Wx3+fG6UxUFqeY3XKsPf8Ku9Ghw+D9ZEbMOxbXsRg0ljtwHJ+o8SJ1mQCSkkbCHKskFwM7mH3xqBQT7HlnI3xKHpimCTB1FUQLxJoJ9eUWEfJKnFv363OgnUdB682vofFe1H/hzKP9/EbdGxe1JYqf+9VlYcoYXnFxJhBwvd3zjRJpDZRoiIndSTopi46A+nsw18jRtj6VQaNvbqe76bZWN7+cCzfNHy57qZSF0bUKqLj1HoBSDbPrxFAkuOdelHmMBx6Aer8MEepR1YDOS1rW9Uw60vYgyQDGdHz1pU4JUkD4Ny5gc2nOnAoHjzqCHX0rLqCiF/qOEfDI3cb0g48ccH5n8TyjO4mtoj0Q==,iv:0IQfKX0KcdCloo8KEyQOpoZ4NdwX6am46b0QPHOXguA=,tag:9hCV1TDycq0XUcc2Xd1//Q==,type:str] + gluetun: ENC[AES256_GCM,data:ryhYVOYEZl5zDs+xMgbWI6q/Ei2AiNZJMxT/TcaHzTEocINgbczWk9GKeeZKno71vFXiF9/tPpYavLqvjWNL77doWDB+wiYrtBJ97PkQ70dqWntua9E8eCalYlIZpRbLsl5OA9ZHorIMPjjSB2CRYLCqq30PPi5I2TtRvs/g6LRUN4sZ/E2TTUjz7AEY7228ZEuHt1UkU+dY/jEbx6fwrm/ocP8xKvYUuAR1/Cx/z4N0mqmVl+FX/5dRSkmhpfAxO9ss898XKiJW4rewQIbG5ccYal+reZZr70TaEJQqg5KIfAnbp6dEjAsSXnRiEF801JXM0h+d14ECT4tQmdyvYBdCVnJ/Ibqw9D15cViHmeDbR68spqOCj67FSMKxgCVx4KFrxPOualsULX7RL/UbHq2cwyziSFkH4n2ljFlKohyj39F7EparJbiCOumNfhRWknDDwvXY+BjJhbAe19ccKP6QWrS68uBp0cTXqb0rVN/qlfz6Sj5EYj5M/u0rl6d5xctnKmOzfLjI2m5+E9WfDJaAUcP/Ihs+p2eD7aSQTIj+O7I66ju+UAz66D9ZoU1U3uVQ9gaPI5dOMmYdLKS3b19EVytwW2W13d0WXKIw5Vfb7MvFh9I0iPWq+ntL4jQzMYSwV5Y=,iv:Cy3h5I3vbqKORdqw91SHL4tRMeGHMLsXgQ0USJ2jtzk=,tag:0J/p1sUQfXR4ujjY7VzZuQ==,type:str] + gluetun-qbitvpn: ENC[AES256_GCM,data:3IdmuLvWs5YRQZuG9y1GRTMKMbR7OynUUVluezviDOV22EkABvo3Ic/+xZrWi/lzAhQRwRsCGjinlUJf7lBvPLg53HaIplbzSIyd3IPLbKzEVAK32WYB/M5cGNQW+XV8TiKK72HO8+WG588A0bsuvp/wQ86ohpRHVrnlboANLS3diCNXI3VdFIHPGpvM77TqB3/vo2AFLKjxi2es4l6KRam8cEUFAz0eH03tTUYaxy+ewA5IZCQSbMURLFKKdh0EATTG5jIz3jFp372fnk8UBgFPeH8+N9VHNM6rnV6zAsC2Vlj2E1YQRTRqOwSK0NRAAV5NBbr7zumS3VS0rVUpIbZVrW/C2BSAVbzowkHuo5o1B7UFsryb3s2FJJGF2biaDoL+ijM5a0Qi4LfNeaSLNKrzaTin0wYq8rPrQKOUBZL4t6FsRbG7KHmfwM4uYdWqV5h1syjI9WWReuePVb416YvqSH9p8HhNsDTka8IGgYkHcYAXYuuxUc6sgQONBwrsdeN5Dhq1IedhuOW+3qAV+hHl8qmVgiWZ8Ss+nmo016nsikifEp08N7J8t3f86/SFZO+YMBxQ/K9PJLsJzR2jsBcf2aTlq0cuzXDvb4cMtro=,iv:N9zdyKJDsj049j5hZOSnAkS/VTWlC3crTODJKIpYYko=,tag:uYHq3CZj0P/BAv+0Ak5ZEw==,type:str] + gluetun-qbitperm: ENC[AES256_GCM,data:kzSrILs78UkzNeAvxoDU3QsLKdapQNyQW9nq0it+7HhhwDQ0MJB1s2Ek8zKErTatpwzG8xiUK0HwX5hFLgNZYc+OE0CH4PUrgX1t6dykuPLD2rKQL7veElNgqhX0/39xNyopyJk2UMVFNSqoV1DCC/ja9MqX9+jBYk++7DeX7v1Gl1ntjzJ+zIscg0nOTN1eQAHtiOWtFU0COC/aA8KS+HLIsMkjrIk9UD4C/DE8AOS07s+gDxPRtl6L7324FRqjEHNyxAobWOOLeG711RZcskF7dlminVJu4aVGbBwIy/zDdHFxRwO6yaLr/AqrTlRVOa2O8Qu2Ydpv8ZNj2F6fHrVNNmVwvMEKYibV6oMVo72uT+DTz/mFaYuTUeuJfkdCy7tnQYhBnpbd5J4mKfVb8uOF9Tx02kL2fTFKyvtET3nrtakQUjv8mEqHn4F8136O2JvUBN5RmC3B3vRdFjYgdfwy8hUT9b0Cmi8w0Zzs+XGMRdvWv2g6b5fmlAn0K+a0KB1fdDLhvbIXhY+sYzR3yOH01K0lW3xVdnl1eMIFjZkUGRTi32HyCYb0SUA1EcXmtA4XmyZ6HHFEXFA5y2guVqU4xLyXXldM+lGB7yGLMcM=,iv:kuueHxYafrEdyBxGUBoU2ks7kdr/rWMnXZmE3Kx/iK4=,tag:bNIfP3H5/Kh3ofuCGGx5Hg==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] @@ -51,8 +53,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-08T04:11:30Z" - mac: ENC[AES256_GCM,data:dSrAVkL44NOXqgFog7XjD+zSane7YeqKM/SnAPaDNEYJVUcS3V1RYdL8Br1Vjrgac9ZVMU2W04jXCuZPg13uFsyYgczC0l1s39FodKnRc7Xt8eoHSejsETBeaaC8aLH7xVhWGk+fR4w7o4Vw+gtOzKPyvobuevBZfg7ugfObn10=,iv:vfHm3jjKXdi8V+2x8br5DqVgDgchJ9yewgP0vfeOP9M=,tag:z4bkPbK6weHaPyYbGJxaOw==,type:str] + lastmodified: "2026-01-10T05:52:21Z" + mac: ENC[AES256_GCM,data:DyLjQrIXJD7udT32xJ20WgCYr+4zXr7s0uuVMxOYSiC1VphhV+BQ2BgGF0bxAfx1n+JiO2BnyX8uD+z/iWh/k/9+UBGnL3MPJ5L5ffvno8hktVU9NHO72xkugYIkbSievTYrJGcSwWAsfJGTm4+1rG9GgcSoxIvRUoR6QJss22s=,iv:pHkPR0Va4bKjZVzNtvsDJ211ORNvNyZfWRf70OWI01w=,tag:/gEp09I+1nD6Cn6dPGZglA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |-