From f4699c9663453f63b1ddec8cabb877b4eacb8050 Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 13 May 2024 22:35:38 +0200 Subject: [PATCH] feat: add minecraft server VM --- hosts/sire/default.nix | 6 +- hosts/sire/guests/minecraft.nix | 548 ++++++++++++++++++ .../proxy/plugins/vane-velocity/config.toml | 20 + .../sire/guests/minecraft/proxy/velocity.toml | 147 +++++ hosts/sire/guests/minecraft/server-loop.py | 98 ++++ .../sire/guests/minecraft/server/commands.yml | 3 + .../minecraft/server/config/paper-global.yml | 141 +++++ .../server/config/paper-world-defaults.yml | 301 ++++++++++ hosts/sire/guests/minecraft/server/eula.txt | 1 + .../guests/minecraft/server/server.properties | 58 ++ hosts/sire/guests/minecraft/server/spigot.yml | 177 ++++++ hosts/sire/secrets/minecraft/host.pub | 1 + modules/config/users.nix | 1 + .../sentinel/loki-basic-auth-hashes.age | Bin 2356 -> 2467 bytes .../promtail-loki-basic-auth-password.age | 9 + .../telegraf-influxdb-token.age | 10 + ...628181d006ba3a6-loki-basic-auth-hashes.age | Bin 0 -> 2367 bytes ...55c392329c27f35-loki-basic-auth-hashes.age | Bin 2241 -> 0 bytes ...-sentinel-psks-sentinel+sire-minecraft.age | 7 + ...telegraf-influxdb-token-sire-minecraft.age | 7 + ...540fbac5388537-telegraf-influxdb-token.age | 7 + ...-sentinel-psks-sentinel+sire-minecraft.age | 7 + ...b7aa-promtail-loki-basic-auth-password.age | 8 + ...ard-proxy-sentinel-priv-sire-minecraft.age | 9 + .../proxy-sentinel/keys/sire-minecraft.age | 9 + .../proxy-sentinel/keys/sire-minecraft.pub | 1 + .../psks/sentinel+sire-minecraft.age | 9 + 27 files changed, 1582 insertions(+), 3 deletions(-) create mode 100644 hosts/sire/guests/minecraft.nix create mode 100644 hosts/sire/guests/minecraft/proxy/plugins/vane-velocity/config.toml create mode 100644 hosts/sire/guests/minecraft/proxy/velocity.toml create mode 100644 hosts/sire/guests/minecraft/server-loop.py create mode 100644 hosts/sire/guests/minecraft/server/commands.yml create mode 100644 hosts/sire/guests/minecraft/server/config/paper-global.yml create mode 100644 hosts/sire/guests/minecraft/server/config/paper-world-defaults.yml create mode 100644 hosts/sire/guests/minecraft/server/eula.txt create mode 100644 hosts/sire/guests/minecraft/server/server.properties create mode 100644 hosts/sire/guests/minecraft/server/spigot.yml create mode 100644 hosts/sire/secrets/minecraft/host.pub create mode 100644 secrets/generated/sire-minecraft/promtail-loki-basic-auth-password.age create mode 100644 secrets/generated/sire-minecraft/telegraf-influxdb-token.age create mode 100644 secrets/rekeyed/sentinel/5bc5d5daad95fcc8f628181d006ba3a6-loki-basic-auth-hashes.age delete mode 100644 secrets/rekeyed/sentinel/b8a185a1607106ef955c392329c27f35-loki-basic-auth-hashes.age create mode 100644 secrets/rekeyed/sentinel/f973eacada1ad30cb150ddfa4ad7a103-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age create mode 100644 secrets/rekeyed/sire-influxdb/907a5127872f2d5ed17397ae7e5618e9-telegraf-influxdb-token-sire-minecraft.age create mode 100644 secrets/rekeyed/sire-minecraft/203afde61a5638a595540fbac5388537-telegraf-influxdb-token.age create mode 100644 secrets/rekeyed/sire-minecraft/39e8d6574c2824dc6c52682655f18883-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age create mode 100644 secrets/rekeyed/sire-minecraft/3b83e611fe6200989b9a624b8ef1b7aa-promtail-loki-basic-auth-password.age create mode 100644 secrets/rekeyed/sire-minecraft/e1458d710b93b5ca98cba8ce4189e0ce-wireguard-proxy-sentinel-priv-sire-minecraft.age create mode 100644 secrets/wireguard/proxy-sentinel/keys/sire-minecraft.age create mode 100644 secrets/wireguard/proxy-sentinel/keys/sire-minecraft.pub create mode 100644 secrets/wireguard/proxy-sentinel/psks/sentinel+sire-minecraft.age diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index 9bfbc6a..3c8f5b7 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -135,8 +135,8 @@ enableStorageDataset = true; } // mkMicrovm "ai" {} - #// mkMicrovm "minecraft" - #// mkMicrovm "firefly" - #// mkMicrovm "fasten-health" + // mkMicrovm "minecraft" {} + #// mkMicrovm "firefly" {} + #// mkMicrovm "fasten-health" {} ); } diff --git a/hosts/sire/guests/minecraft.nix b/hosts/sire/guests/minecraft.nix new file mode 100644 index 0000000..e4203d9 --- /dev/null +++ b/hosts/sire/guests/minecraft.nix @@ -0,0 +1,548 @@ +{ + config, + pkgs, + lib, + ... +}: let + inherit (lib) getExe; + + minecraftDomain = "mc.${config.repo.secrets.global.domains.me}"; + dataDir = "/var/lib/minecraft"; + + minecraft-attach = pkgs.writeShellApplication { + name = "minecraft-attach"; + runtimeInputs = [pkgs.tmux]; + text = '' + shopt -s nullglob + + [[ $EUID == 0 ]] || { echo "You have to be root (or use sudo) to attach to the console." >&2; exit 1; } + + SERVER_NAME="''${1-none}" + TMUX_SOCKET="/run/minecraft-$1/tmux" + + if [[ ! -e "$TMUX_SOCKET" ]]; then + echo "error: Unknown server name '$SERVER_NAME', or service not started." >&2 + AVAILABLE=("/run/minecraft-"*"/tmux") + if [[ "''${#AVAILABLE[@]}" == 0 ]]; then + echo "There are currently no servers available. Check your system services." >&2 + else + avail=("''${AVAILABLE[@]#"/run/minecraft-"}") + avail=("''${avail[@]%"/tmux"}") + echo "Available servers: ''${avail[*]}" >&2 + fi + exit 1 + fi + + exec runuser -u minecraft -- tmux -S "$TMUX_SOCKET" attach-session + ''; + }; + + helper-functions = + /* + bash + */ + '' + ################################################################ + # General helper functions + + function print_error() { echo "error: $*" >&2; } + function die() { print_error "$@"; exit 1; } + + function substatus() { echo "$*"; } + function datetime() { date "+%Y-%m-%d %H:%M:%S"; } + function status_time() { echo "[$(datetime)] $*"; } + + function flush_stdin() { + local empty_stdin + # Unused variable is intentional. + # shellcheck disable=SC2034 + while read -r -t 0.01 empty_stdin; do true; done + } + + function ask() { + local response + while true; do + flush_stdin + read -r -p "$* (Y/n) " response || die "Error in read" + case "''${response,,}" in + "") return 0 ;; + y|yes) return 0 ;; + n|no) return 1 ;; + *) continue ;; + esac + done + } + + ################################################################ + # Download helper functions + + # $@: command to run as minecraft if user was changed. + # You want to pass path/to/curent/script.sh "$@". + function become_minecaft() { + if [[ $(id -un) != "minecraft" ]]; then + if [[ $EUID == 0 ]] && ask "This script must be executed as the minecraft user. Change user and continue?"; then + # shellcheck disable=SC2093 + exec runuser -u minecraft "$@" + die "Could not change user!" + else + die "This script must be executed as the minecraft user!" + fi + fi + } + + # $1: output file name + function download_paper() { + local paper_version + local paper_build + local paper_download + paper_version="$(curl -s -o - "https://papermc.io/api/v2/projects/paper" | jq -r ".versions[-1]")" \ + || die "Error while retrieving paper version" + paper_build="$(curl -s -o - "https://papermc.io/api/v2/projects/paper/versions/$paper_version" | jq -r ".builds[-1]")" \ + || die "Error while retrieving paper builds" + paper_download="$(curl -s -o - "https://papermc.io/api/v2/projects/paper/versions/$paper_version/builds/$paper_build" | jq -r ".downloads.application.name")" \ + || die "Error while retrieving paper download name" + + substatus "Downloading paper version $paper_version build $paper_build ($paper_download)" + wget -q --show-progress "https://papermc.io/api/v2/projects/paper/versions/$paper_version/builds/$paper_build/downloads/$paper_download" \ + -O "$1" \ + || die "Could not download paper" + } + + # $1: output file name + function download_velocity() { + local velocity_version + local velocity_build + local velocity_download + velocity_version="$(curl -s -o - "https://papermc.io/api/v2/projects/velocity" | jq -r ".versions[-1]")" \ + || die "Error while retrieving velocity version" + velocity_build="$(curl -s -o - "https://papermc.io/api/v2/projects/velocity/versions/$velocity_version" | jq -r ".builds[-1]")" \ + || die "Error while retrieving velocity builds" + velocity_download="$(curl -s -o - "https://papermc.io/api/v2/projects/velocity/versions/$velocity_version/builds/$velocity_build" | jq -r ".downloads.application.name")" \ + || die "Error while retrieving velocity download name" + + substatus "Downloading velocity version $velocity_version build $velocity_build ($velocity_download)" + wget -q --show-progress "https://papermc.io/api/v2/projects/velocity/versions/$velocity_version/builds/$velocity_build/downloads/$velocity_download" \ + -O "$1" \ + || die "Could not download velocity" + } + + # $1: repo, e.g. "oddlama/vane" + declare -A LATEST_GITHUB_RELEASE_TAG_CACHE + function latest_github_release_tag() { + local repo=$1 + if [[ ! -v "LATEST_GITHUB_RELEASE_TAG_CACHE[$repo]" ]]; then + local tmp + tmp=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | jq -r .tag_name) \ + || die "Error while retrieving latest github release tag of $repo" + LATEST_GITHUB_RELEASE_TAG_CACHE[$repo]="$tmp" + fi + echo "''${LATEST_GITHUB_RELEASE_TAG_CACHE[$repo]}" + } + + # $1: repo, e.g. "oddlama/vane" + # $2: remote file name. + # {TAG} will be replaced with the release tag + # {VERSION} will be replaced with release tag excluding a leading v, if present + # $3: output file name + function download_latest_github_release() { + local repo=$1 + local remote_file=$2 + local output=$3 + + local tag + tag=$(latest_github_release_tag "$repo") + local version="''${tag#v}" # Always strip leading v in version. + + remote_file="''${remote_file//"{TAG}"/"$tag"}" + remote_file="''${remote_file//"{VERSION}"/"$version"}" + + wget -q --show-progress "https://github.com/$repo/releases/download/$tag/$remote_file" -O "$output" \ + || die "Could not download $remote_file from github repo $repo" + } + + # $1: url + # $2: output file name + function download_file() { + wget -q --show-progress "$1" -O "$2" || die "Could not download $1" + } + ''; + + server-backup-script = pkgs.writeShellApplication { + name = "minecraft-backup"; + runtimeInputs = [pkgs.rdiff-backup]; + text = '' + BACKUP_LOG_FILE="logs/backup.log" + BACKUP_TO="backups" + BACKUP_DIRS=( + 'plugins' + 'world' + 'world_nether' + 'world_the_end' + ) + + cd ${dataDir}/server || exit 1 + ${helper-functions} + + status_time "Starting backup" + + mkdir -p "$BACKUP_TO" &>/dev/null + for i in "''${!BACKUP_DIRS[@]}"; do + status_time "Backing up ''${BACKUP_DIRS[$i]}" | tee -a "$BACKUP_LOG_FILE" + rdiff-backup "''${BACKUP_DIRS[$i]}" "$BACKUP_TO/''${BACKUP_DIRS[$i]}" &>> "$BACKUP_LOG_FILE" + done + + status_time "Backup finished" | tee -a "$BACKUP_LOG_FILE" + ''; + }; + + server-start-script = pkgs.writeShellApplication { + name = "minecraft-server-start"; + runtimeInputs = [pkgs.procps pkgs.gnugrep]; + text = '' + cd ${dataDir}/server + + # Update velocity secret + VELOCITY_SECRET="$(cat ../proxy/forwarding.secret)" \ + ${getExe pkgs.yq-go} -i '.proxies.velocity.secret = strenv(VELOCITY_SECRET)' \ + config/paper-global.yml + + # Use 80% of RAM, but not more than 12GiB and not less than 1GiB + total_ram_gibi=$(free -g | grep -oP '\d+' | head -n1) + ram="$((total_ram_gibi * 8 / 10))" + [[ "$ram" -le 8 ]] || ram=8 + [[ "$ram" -ge 1 ]] || ram=1 + + echo "Executing server using ''${ram}GiB of RAM" + exec ${getExe pkgs.temurin-jre-bin} -Xms''${ram}G -Xmx''${ram}G \ + -XX:+UseG1GC \ + -XX:+ParallelRefProcEnabled \ + -XX:MaxGCPauseMillis=200 \ + -XX:+UnlockExperimentalVMOptions \ + -XX:+DisableExplicitGC \ + -XX:+AlwaysPreTouch \ + -XX:G1NewSizePercent=30 \ + -XX:G1MaxNewSizePercent=40 \ + -XX:G1HeapRegionSize=8M \ + -XX:G1ReservePercent=20 \ + -XX:G1HeapWastePercent=5 \ + -XX:G1MixedGCCountTarget=4 \ + -XX:InitiatingHeapOccupancyPercent=15 \ + -XX:G1MixedGCLiveThresholdPercent=90 \ + -XX:G1RSetUpdatingPauseTimePercent=5 \ + -XX:SurvivorRatio=32 \ + -XX:+PerfDisableSharedMem \ + -XX:MaxTenuringThreshold=1 \ + -Dusing.aikars.flags=https://mcflags.emc.gs \ + -Daikars.new.flags=true \ + -jar paper.jar nogui + ''; + }; + + proxy-start-script = pkgs.writeShellApplication { + name = "minecraft-proxy-start"; + text = '' + cd ${dataDir}/proxy + + echo "Executing proxy server" + exec ${getExe pkgs.temurin-jre-bin} -Xms1G -Xmx1G -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar velocity.jar + ''; + }; + + server-update-script = pkgs.writeShellApplication { + name = "minecraft-server-update"; + runtimeInputs = [pkgs.wget pkgs.curl pkgs.jq]; + text = '' + cd ${dataDir}/server || exit 1 + ${helper-functions} + become_minecaft "./update.sh" + + ################################################################ + # Download paper and prepare plugins + + download_paper paper.jar + + # Create plugins directory + mkdir -p plugins \ + || die "Could not create directory 'plugins'" + # Create optional plugins directory + mkdir -p plugins/optional \ + || die "Could not create directory 'plugins/optional'" + + ################################################################ + # Download plugins + + substatus "Downloading plugins" + for module in admin bedtime core enchantments permissions portals regions trifles; do + download_latest_github_release "oddlama/vane" "vane-$module-{VERSION}.jar" "plugins/vane-$module.jar" + done + + download_file "https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar" plugins/ProtocolLib.jar + download_latest_github_release "BlueMap-Minecraft/BlueMap" "BlueMap-{VERSION}-spigot.jar" plugins/bluemap.jar + ''; + }; + + proxy-update-script = pkgs.writeShellApplication { + name = "minecraft-proxy-update"; + runtimeInputs = [pkgs.wget pkgs.curl pkgs.jq]; + text = '' + cd ${dataDir}/proxy || exit 1 + ${helper-functions} + become_minecaft "./update.sh" + + ################################################################ + # Download velocity and prepare plugins + + download_velocity velocity.jar + + # Create plugins directory + mkdir -p plugins \ + || die "Could not create directory 'plugins'" + + ################################################################ + # Download plugins + + substatus "Downloading plugins" + download_latest_github_release "oddlama/vane" "vane-velocity-{VERSION}.jar" "plugins/vane-velocity.jar" + ''; + }; + + commonServiceConfig = { + Restart = "on-failure"; + User = "minecraft"; + + # Hardening + AmbientCapabilities = ["CAP_KILL"]; + CapabilityBoundingSet = ["CAP_KILL"]; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + UMask = "0027"; + }; +in { + microvm.mem = 1024 * 24; + microvm.vcpu = 16; + + wireguard.proxy-sentinel = { + client.via = "sentinel"; + firewallRuleForNode.sentinel.allowedTCPPorts = [80 25565 25566]; + }; + + users.groups.minecraft.members = ["nginx"]; + users.users.minecraft = { + description = "Minecraft server service user"; + home = dataDir; + isSystemUser = true; + group = "minecraft"; + }; + + environment.persistence."/persist".directories = [ + { + directory = dataDir; + user = "minecraft"; + group = "minecraft"; + mode = "0750"; + } + ]; + + nodes.sentinel = { + # Make sure to masquerade 25565 (wan) -> 25565 (proxy-sentinel) + # Make sure to masquerade 25566 (wan) -> 25566 (proxy-sentinel) + networking.nftables.chains = { + postrouting.to-minecraft = { + after = ["hook"]; + rules = [ + "iifname wan ip daddr ${config.wireguard.proxy-sentinel.ipv4} tcp dport 25565 masquerade random" + "iifname wan ip6 daddr ${config.wireguard.proxy-sentinel.ipv6} tcp dport 25565 masquerade random" + "iifname wan ip daddr ${config.wireguard.proxy-sentinel.ipv4} tcp dport 25566 masquerade random" + "iifname wan ip6 daddr ${config.wireguard.proxy-sentinel.ipv6} tcp dport 25566 masquerade random" + ]; + }; + prerouting.to-minecraft = { + after = ["hook"]; + rules = [ + "iifname wan tcp dport 25565 dnat ip to ${config.wireguard.proxy-sentinel.ipv4}" + "iifname wan tcp dport 25565 dnat ip6 to ${config.wireguard.proxy-sentinel.ipv6}" + "iifname wan tcp dport 25566 dnat ip to ${config.wireguard.proxy-sentinel.ipv4}" + "iifname wan tcp dport 25566 dnat ip6 to ${config.wireguard.proxy-sentinel.ipv6}" + ]; + }; + }; + + networking.providedDomains.minecraft = minecraftDomain; + + services.nginx = { + upstreams.minecraft = { + servers."${config.wireguard.proxy-sentinel.ipv4}:80" = {}; + extraConfig = '' + zone minecraft 64k; + keepalive 2; + ''; + }; + virtualHosts.${minecraftDomain} = { + forceSSL = true; + useACMEWildcardHost = true; + locations."/" = { + proxyPass = "http://minecraft"; + }; + }; + }; + }; + + systemd.services.minecraft-server = { + description = "Minecraft Server Service"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + path = [pkgs.ncurses]; # for infocmp + + serviceConfig = + commonServiceConfig + // { + Type = "forking"; + ExecStart = ''${getExe pkgs.tmux} -S /run/minecraft-server/tmux set -g default-shell ${getExe pkgs.bashInteractive} ";" new-session -d "${getExe pkgs.python3} ${./minecraft/server-loop.py} --block control/start.block ./start.sh :POST: ./backup.sh"''; + ExecStop = "${getExe pkgs.tmux} -S /run/minecraft-server/tmux kill-server"; + + WorkingDirectory = "${dataDir}/server"; + RuntimeDirectory = "minecraft-server"; + ReadWritePaths = ["${dataDir}/server" "${dataDir}/web"]; + ReadOnlyPaths = "${dataDir}/proxy"; + }; + + preStart = '' + ln -sfT ${getExe server-start-script} start.sh + ln -sfT ${getExe server-backup-script} backup.sh + ln -sfT ${getExe server-update-script} update.sh + + function copyFile() { + cp "$1" "$2" + chmod 600 "$2" + } + + copyFile ${./minecraft/server/eula.txt} eula.txt + copyFile ${./minecraft/server/server.properties} server.properties + copyFile ${./minecraft/server/spigot.yml} spigot.yml + copyFile ${./minecraft/server/commands.yml} commands.yml + mkdir -p config + copyFile ${./minecraft/server/config/paper-global.yml} config/paper-global.yml + copyFile ${./minecraft/server/config/paper-world-defaults.yml} config/paper-world-defaults.yml + + if [[ ! -e paper.jar ]]; then + ./update.sh + fi + ''; + }; + + systemd.services.minecraft-proxy = { + description = "Minecraft Proxy Service"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + path = [pkgs.ncurses]; # for infocmp + + serviceConfig = + commonServiceConfig + // { + Type = "forking"; + ExecStart = ''${getExe pkgs.tmux} -S /run/minecraft-proxy/tmux set -g default-shell ${getExe pkgs.bashInteractive} ";" new-session -d "${getExe pkgs.python3} ${./minecraft/server-loop.py} ./start.sh"''; + ExecStop = "${getExe pkgs.tmux} -S /run/minecraft-proxy/tmux kill-server"; + + WorkingDirectory = "${dataDir}/proxy"; + RuntimeDirectory = "minecraft-proxy"; + ReadWritePaths = ["${dataDir}/proxy" "${dataDir}/server/control"]; + }; + + preStart = '' + ln -sfT ${getExe proxy-start-script} start.sh + ln -sfT ${getExe proxy-update-script} update.sh + + function copyFile() { + cp "$1" "$2" + chmod 600 "$2" + } + + copyFile ${./minecraft/proxy/velocity.toml} velocity.toml + mkdir -p plugins/vane-velocity + copyFile ${./minecraft/proxy/plugins/vane-velocity/config.toml} plugins/vane-velocity/config.toml + + if [[ ! -e velocity.jar ]]; then + ./update.sh + fi + ''; + }; + + systemd.tmpfiles.settings."50-minecraft" = { + "${dataDir}".d = { + user = "minecraft"; + mode = "0750"; + }; + "${dataDir}/server".d = { + user = "minecraft"; + mode = "0700"; + }; + "${dataDir}/server/control".d = { + user = "minecraft"; + mode = "0700"; + }; + "${dataDir}/proxy".d = { + user = "minecraft"; + mode = "0700"; + }; + "${dataDir}/web".d = { + user = "minecraft"; + mode = "0750"; + }; + }; + + environment.systemPackages = [ + minecraft-attach + ]; + + services.phpfpm.pools.dynmap = { + user = "nginx"; + group = "nginx"; + phpPackage = pkgs.php82; + phpOptions = '' + error_log = 'stderr' + log_errors = on + ''; + settings = { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = true; + }; + }; + + services.nginx = { + enable = true; + recommendedSetup = false; + virtualHosts.${minecraftDomain} = { + root = "${dataDir}/web/dynmap"; + locations."~ \\.php$".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.dynmap.socket}; + include ${config.services.nginx.package}/conf/fastcgi.conf; + include ${config.services.nginx.package}/conf/fastcgi_params; + ''; + }; + }; +} diff --git a/hosts/sire/guests/minecraft/proxy/plugins/vane-velocity/config.toml b/hosts/sire/guests/minecraft/proxy/plugins/vane-velocity/config.toml new file mode 100644 index 0000000..5f9f65e --- /dev/null +++ b/hosts/sire/guests/minecraft/proxy/plugins/vane-velocity/config.toml @@ -0,0 +1,20 @@ +[auth_multiplex.1] +port = 25566 +allowed_uuids = [] # anyone may use this multiplexer + +[managed_servers.server] +display_name = "§6◊ §6§lTOHLSTE SERVER§6 ◊" + +[managed_servers.server.online] +favicon = "./server-icon.png" +motd = "{SERVER_DISPLAY_NAME}\n§a\\(^-^)/§7 | {QUOTE}" +quotes = ["Shit da ist wer, du verpasst was"] + +[managed_servers.server.offline] +quotes = ["Keiner da, join endlich"] +motd = "{SERVER_DISPLAY_NAME}\n§c~(°·°)~§7 | {QUOTE}" + +[managed_servers.server.start] +cmd = ["rm", "../{SERVER}/control/start.block"] +kick_msg = "{SERVER_DISPLAY_NAME} §7wird gestartet.\n§7Jetzt WARTE DOCH EINFACH §b10 Sekunden§7 GRRRR" +allow_anyone = true diff --git a/hosts/sire/guests/minecraft/proxy/velocity.toml b/hosts/sire/guests/minecraft/proxy/velocity.toml new file mode 100644 index 0000000..ca03f8d --- /dev/null +++ b/hosts/sire/guests/minecraft/proxy/velocity.toml @@ -0,0 +1,147 @@ +# Config version. Do not change this +config-version = "2.7" + +# What port should the proxy be bound to? +bind = "0.0.0.0:25565" + +# What should be the MOTD? This gets displayed when the player adds your server to +# their server list. Only MiniMessage format is accepted. +motd = "<#09add3>A Velocity Server" + +# What should we display for the maximum number of players? (Velocity does not support a cap +# on the number of players online.) +show-max-players = 6666 + +# Should we authenticate players with Mojang? By default, this is on. +online-mode = true + +# Should the proxy enforce the new public key security standard? By default, this is on. +force-key-authentication = true + +# If client's ISP/AS sent from this proxy is different from the one from Mojang's +# authentication server, the player is kicked. This disallows some VPN and proxy +# connections but is a weak form of protection. +prevent-client-proxy-connections = false + +# Should we forward IP addresses and other data to backend servers? +# Available options: +# - "none": No forwarding will be done. All players will appear to be connecting +# from the proxy and will have offline-mode UUIDs. +# - "legacy": Forward player IPs and UUIDs in a BungeeCord-compatible format. Use this +# if you run servers using Minecraft 1.12 or lower. +# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard +# plugin. Use this if you run servers using Minecraft 1.12 or lower, and are +# unable to implement network level firewalling (on a shared host). +# - "modern": Forward player IPs and UUIDs as part of the login process using +# Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher. +player-info-forwarding-mode = "modern" + +# If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here. +# The file is expected to be UTF-8 encoded and not empty. +forwarding-secret-file = "forwarding.secret" + +# Announce whether or not your server supports Forge. If you run a modded server, we +# suggest turning this on. +# +# If your network runs one modpack consistently, consider using ping-passthrough = "mods" +# instead for a nicer display in the server list. +announce-forge = false + +# If enabled (default is false) and the proxy is in online mode, Velocity will kick +# any existing player who is online if a duplicate connection attempt is made. +kick-existing-players = false + +# Should Velocity pass server list ping requests to a backend server? +# Available options: +# - "disabled": No pass-through will be done. The velocity.toml and server-icon.png +# will determine the initial server list ping response. +# - "mods": Passes only the mod list from your backend server into the response. +# The first server in your try list (or forced host) with a mod list will be +# used. If no backend servers can be contacted, Velocity won't display any +# mod information. +# - "description": Uses the description and mod list from the backend server. The first +# server in the try (or forced host) list that responds is used for the +# description and mod list. +# - "all": Uses the backend server's response as the proxy response. The Velocity +# configuration is used if no servers could be contacted. +ping-passthrough = "DISABLED" + +# If not enabled (default is true) player IP addresses will be replaced by in logs +enable-player-address-logging = true + +[servers] +# Configure your servers here. Each key represents the server's name, and the value +# represents the IP address of the server to connect to. +server = "127.0.0.1:25501" + +# In what order we shoulid try servers when a player logs in or is kicked from a server. +try = [ + "server" +] + +[forced-hosts] + +[advanced] +# How large a Minecraft packet has to be before we compress it. Setting this to zero will +# compress all packets, and setting it to -1 will disable compression entirely. +compression-threshold = 256 + +# How much compression should be done (from 0-9). The default is -1, which uses the +# default level of 6. +compression-level = -1 + +# How fast (in milliseconds) are clients allowed to connect after the last connection? By +# default, this is three seconds. Disable this by setting this to 0. +login-ratelimit = 3000 + +# Specify a custom timeout for connection timeouts here. The default is five seconds. +connection-timeout = 5000 + +# Specify a read timeout for connections here. The default is 30 seconds. +read-timeout = 30000 + +# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then +# don't enable it. +haproxy-protocol = false + +# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux. +tcp-fast-open = false + +# Enables BungeeCord plugin messaging channel support on Velocity. +bungee-plugin-message-channel = true + +# Shows ping requests to the proxy from clients. +show-ping-requests = true + +# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly +# loses connection to the server without an explicit disconnect message by attempting to fall the +# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You +# can disable this setting to use the BungeeCord behavior. +failover-on-unexpected-server-disconnect = true + +# Declares the proxy commands to 1.13+ clients. +announce-proxy-commands = true + +# Enables the logging of commands +log-command-executions = false + +# Enables logging of player connections when connecting to the proxy, switching servers +# and disconnecting from the proxy. +log-player-connections = true + +# Allows players transferred from other hosts via the +# Transfer packet (Minecraft 1.20.5) to be received. +accepts-transfers = false + +[query] +# Whether to enable responding to GameSpy 4 query responses or not. +enabled = false + +# If query is enabled, on what port should the query protocol listen on? +port = 25577 + +# This is the map name that is reported to the query services. +map = "Velocity" + +# Whether plugins should be shown in query response by default or not +show-plugins = false diff --git a/hosts/sire/guests/minecraft/server-loop.py b/hosts/sire/guests/minecraft/server-loop.py new file mode 100644 index 0000000..145fdc2 --- /dev/null +++ b/hosts/sire/guests/minecraft/server-loop.py @@ -0,0 +1,98 @@ +import os +import signal +import subprocess +import sys +import time +from pathlib import Path + +def exit_usage(): + print(f"usage: {sys.argv[0]} [--block blockfile] COMMAND... [:POST: POST_SCRIPT...]") + sys.exit(1) + +def main(): + if len(sys.argv) < 2: + exit_usage() + + blockfile = None + if sys.argv[1] == "--block": + if len(sys.argv) < 4: + exit_usage() + + blockfile = Path(sys.argv[2]) + cmd = sys.argv[3:] + else: + cmd = sys.argv[1:] + + # Split cmd and post-cmd + post = None + try: + separator = cmd.index(":POST:") + post = cmd[separator + 1:] + cmd = cmd[:separator] + except ValueError: + pass + + # Global state + shared_data = { + "stop": False, + "process": None, + } + + def block_start(): + if not blockfile: + return + print(f"Blocking on {blockfile}") + blockfile.touch() + while blockfile.exists() and not shared_data["stop"]: + time.sleep(.5) + + def run_server(): + if shared_data["stop"]: + return + + print(f"Starting process {cmd} ...") + start_time = time.time() + shared_data["process"] = subprocess.Popen(cmd, preexec_fn=os.setsid) + shared_data["process"].wait() + + end_time = time.time() + if end_time - start_time < 2: + print("Server exited abnormally fast, aborting!") + shared_data["stop"] = True + return + + shared_data["process"] = None + + # Launch post script + if post: + print(f"Starting post process {post} ...") + subprocess.run(post, preexec_fn=os.setsid) + + def signal_forward(sig, _): + if shared_data["process"]: + print(f"Passing signal {sig} to child ...") + try: + shared_data["process"].send_signal(sig) + except OSError: + pass + + def signal_forward_and_stop(sig, frame): + shared_data["stop"] = True + signal_forward(sig, frame) + + signal.signal(signal.SIGINT, signal_forward) + signal.signal(signal.SIGTERM, signal_forward_and_stop) + signal.signal(signal.SIGHUP, signal_forward_and_stop) + + # Run until killed + try: + while not shared_data["stop"]: + block_start() + run_server() + print("Exiting.") + finally: + if blockfile and blockfile.exists(): + blockfile.unlink() + +if __name__ == '__main__': + main() diff --git a/hosts/sire/guests/minecraft/server/commands.yml b/hosts/sire/guests/minecraft/server/commands.yml new file mode 100644 index 0000000..d016ad5 --- /dev/null +++ b/hosts/sire/guests/minecraft/server/commands.yml @@ -0,0 +1,3 @@ +command-block-overrides: [] +ignore-vanilla-permissions: false +aliases: [] diff --git a/hosts/sire/guests/minecraft/server/config/paper-global.yml b/hosts/sire/guests/minecraft/server/config/paper-global.yml new file mode 100644 index 0000000..5c41b62 --- /dev/null +++ b/hosts/sire/guests/minecraft/server/config/paper-global.yml @@ -0,0 +1,141 @@ +# This is the global configuration file for Paper. +# As you can see, there's a lot to configure. Some options may impact gameplay, so use +# with caution, and make sure you know what each option does before configuring. +# +# If you need help with the configuration or have any questions related to Paper, +# join us in our Discord or check the docs page. +# +# The world configuration options have been moved inside +# their respective world folder. The files are named paper-world.yml +# +# Docs: https://docs.papermc.io/ +# Discord: https://discord.gg/papermc +# Website: https://papermc.io/ + +_version: 29 +block-updates: + disable-chorus-plant-updates: false + disable-mushroom-block-updates: false + disable-noteblock-updates: false + disable-tripwire-updates: false +chunk-loading: + autoconfig-send-distance: true + enable-frustum-priority: false + global-max-chunk-load-rate: -1.0 + global-max-chunk-send-rate: -1.0 + global-max-concurrent-loads: 500.0 + max-concurrent-sends: 2 + min-load-radius: 2 + player-max-chunk-load-rate: -1.0 + player-max-concurrent-loads: 20.0 + target-player-chunk-send-rate: 100.0 +chunk-loading-advanced: + auto-config-send-distance: true + player-max-concurrent-chunk-generates: 0 + player-max-concurrent-chunk-loads: 0 +chunk-loading-basic: + player-max-chunk-generate-rate: -1.0 + player-max-chunk-load-rate: 100.0 + player-max-chunk-send-rate: 75.0 +chunk-system: + gen-parallelism: default + io-threads: -1 + worker-threads: -1 +collisions: + enable-player-collisions: true + send-full-pos-for-hard-colliding-entities: true +commands: + fix-target-selector-tag-completion: true + suggest-player-names-when-null-tab-completions: true + time-command-affects-all-worlds: false +console: + enable-brigadier-completions: true + enable-brigadier-highlighting: true + has-all-permissions: false +item-validation: + book: + author: 8192 + page: 16384 + title: 8192 + book-size: + page-max: 2560 + total-multiplier: 0.98 + display-name: 8192 + lore-line: 8192 + resolve-selectors-in-books: false +logging: + deobfuscate-stacktraces: true +messages: + kick: + authentication-servers-down: + connection-throttle: Connection throttled! Please wait before reconnecting. + flying-player: + flying-vehicle: + no-permission: I'm sorry, but you do not have permission to perform this command. + Please contact the server administrators if you believe that this is in error. + use-display-name-in-quit-message: false +misc: + chat-threads: + chat-executor-core-size: -1 + chat-executor-max-size: -1 + compression-level: default + fix-entity-position-desync: true + lag-compensate-block-breaking: true + load-permissions-yml-before-plugins: true + max-joins-per-tick: 3 + region-file-cache-size: 256 + strict-advancement-dimension-check: false + use-alternative-luck-formula: false + use-dimension-type-for-custom-spawners: false +packet-limiter: + all-packets: + action: KICK + interval: 7.0 + max-packet-rate: 500.0 + kick-message: + overrides: + ServerboundPlaceRecipePacket: + action: DROP + interval: 4.0 + max-packet-rate: 5.0 +player-auto-save: + max-per-tick: -1 + rate: -1 +proxies: + bungee-cord: + online-mode: true + proxy-protocol: false + velocity: + enabled: true + online-mode: true + secret: '' +scoreboards: + save-empty-scoreboard-teams: false + track-plugin-scoreboards: false +spam-limiter: + incoming-packet-threshold: 300 + recipe-spam-increment: 1 + recipe-spam-limit: 20 + tab-spam-increment: 1 + tab-spam-limit: 500 +timings: + enabled: true + hidden-config-entries: + - database + - proxies.velocity.secret + history-interval: 300 + history-length: 3600 + server-name: Unknown Server + server-name-privacy: false + url: https://timings.aikar.co/ + verbose: true +unsupported-settings: + allow-grindstone-overstacking: false + allow-headless-pistons: true + allow-permanent-block-break-exploits: true + allow-piston-duplication: true + compression-format: ZLIB + perform-username-validation: true +watchdog: + early-warning-delay: 10000 + early-warning-every: 5000 diff --git a/hosts/sire/guests/minecraft/server/config/paper-world-defaults.yml b/hosts/sire/guests/minecraft/server/config/paper-world-defaults.yml new file mode 100644 index 0000000..e2dadff --- /dev/null +++ b/hosts/sire/guests/minecraft/server/config/paper-world-defaults.yml @@ -0,0 +1,301 @@ +# This is the world defaults configuration file for Paper. +# As you can see, there's a lot to configure. Some options may impact gameplay, so use +# with caution, and make sure you know what each option does before configuring. +# +# If you need help with the configuration or have any questions related to Paper, +# join us in our Discord or check the docs page. +# +# Configuration options here apply to all worlds, unless you specify overrides inside +# the world-specific config file inside each world folder. +# +# Docs: https://docs.papermc.io/ +# Discord: https://discord.gg/papermc +# Website: https://papermc.io/ + +_version: 30 +anticheat: + anti-xray: + enabled: true + engine-mode: 1 + hidden-blocks: + - copper_ore + - deepslate_copper_ore + - gold_ore + - deepslate_gold_ore + - iron_ore + - deepslate_iron_ore + - coal_ore + - deepslate_coal_ore + - lapis_ore + - deepslate_lapis_ore + - mossy_cobblestone + - obsidian + - chest + - diamond_ore + - deepslate_diamond_ore + - redstone_ore + - deepslate_redstone_ore + - clay + - emerald_ore + - deepslate_emerald_ore + - ender_chest + lava-obscures: false + max-block-height: 64 + replacement-blocks: + - stone + - oak_planks + - deepslate + update-radius: 2 + use-permission: false + obfuscation: + items: + hide-durability: false + hide-itemmeta: false + hide-itemmeta-with-visual-effects: false +chunks: + auto-save-interval: default + delay-chunk-unloads-by: 10s + entity-per-chunk-save-limit: + arrow: -1 + ender_pearl: -1 + experience_orb: -1 + fireball: -1 + small_fireball: -1 + snowball: -1 + fixed-chunk-inhabited-time: -1 + flush-regions-on-save: false + max-auto-save-chunks-per-tick: 24 + prevent-moving-into-unloaded-chunks: false +collisions: + allow-player-cramming-damage: false + allow-vehicle-collisions: true + fix-climbing-bypassing-cramming-rule: false + max-entity-collisions: 8 + only-players-collide: false +entities: + armor-stands: + do-collision-entity-lookups: true + tick: true + behavior: + allow-spider-world-border-climbing: true + baby-zombie-movement-modifier: 0.5 + disable-chest-cat-detection: false + disable-creeper-lingering-effect: false + disable-player-crits: false + door-breaking-difficulty: + husk: + - HARD + vindicator: + - NORMAL + - HARD + zombie: + - HARD + zombie_villager: + - HARD + zombified_piglin: + - HARD + ender-dragons-death-always-places-dragon-egg: false + experience-merge-max-value: -1 + mobs-can-always-pick-up-loot: + skeletons: false + zombies: false + nerf-pigmen-from-nether-portals: false + parrots-are-unaffected-by-player-movement: false + phantoms-do-not-spawn-on-creative-players: true + phantoms-only-attack-insomniacs: true + phantoms-spawn-attempt-max-seconds: 119 + phantoms-spawn-attempt-min-seconds: 60 + piglins-guard-chests: true + pillager-patrols: + disable: false + spawn-chance: 0.2 + spawn-delay: + per-player: false + ticks: 12000 + start: + day: 5 + per-player: false + player-insomnia-start-ticks: 72000 + should-remove-dragon: false + spawner-nerfed-mobs-should-jump: false + zombie-villager-infection-chance: default + zombies-target-turtle-eggs: true + entities-target-with-follow-range: false + markers: + tick: true + mob-effects: + immune-to-wither-effect: + wither: true + wither-skeleton: true + spiders-immune-to-poison-effect: true + undead-immune-to-certain-effects: true + sniffer: + boosted-hatch-time: default + hatch-time: default + spawning: + all-chunks-are-slime-chunks: false + alt-item-despawn-rate: + enabled: false + items: + cobblestone: 300 + count-all-mobs-for-spawning: false + creative-arrow-despawn-rate: default + despawn-ranges: + ambient: + hard: 128 + soft: 32 + axolotls: + hard: 128 + soft: 32 + creature: + hard: 128 + soft: 32 + misc: + hard: 128 + soft: 32 + monster: + hard: 128 + soft: 32 + underground_water_creature: + hard: 128 + soft: 32 + water_ambient: + hard: 64 + soft: 32 + water_creature: + hard: 128 + soft: 32 + disable-mob-spawner-spawn-egg-transformation: false + duplicate-uuid: + mode: SAFE_REGEN + safe-regen-delete-range: 32 + filter-bad-tile-entity-nbt-from-falling-blocks: true + filtered-entity-tag-nbt-paths: + - Pos + - Motion + - SleepingX + - SleepingY + - SleepingZ + iron-golems-can-spawn-in-air: false + monster-spawn-max-light-level: default + non-player-arrow-despawn-rate: default + per-player-mob-spawns: true + scan-for-legacy-ender-dragon: true + skeleton-horse-thunder-spawn-chance: default + slime-spawn-height: + slime-chunk: + maximum: 40.0 + surface-biome: + maximum: 70.0 + minimum: 50.0 + spawn-limits: + ambient: -1 + axolotls: -1 + creature: -1 + monster: -1 + underground_water_creature: -1 + water_ambient: -1 + water_creature: -1 + wandering-trader: + spawn-chance-failure-increment: 25 + spawn-chance-max: 75 + spawn-chance-min: 25 + spawn-day-length: 24000 + spawn-minute-length: 1200 + wateranimal-spawn-height: + maximum: default + minimum: default + tracking-range-y: + animal: default + display: default + enabled: false + misc: default + monster: default + other: default + player: default +environment: + disable-explosion-knockback: false + disable-ice-and-snow: false + disable-teleportation-suffocation-check: false + disable-thunder: false + fire-tick-delay: 30 + frosted-ice: + delay: + max: 40 + min: 20 + enabled: true + generate-flat-bedrock: false + nether-ceiling-void-damage-height: disabled + optimize-explosions: false + portal-create-radius: 16 + portal-search-radius: 128 + portal-search-vanilla-dimension-scaling: true + treasure-maps: + enabled: true + find-already-discovered: + loot-tables: default + villager-trade: false + water-over-lava-flow-speed: 5 +feature-seeds: + generate-random-seeds-for-all: false +fishing-time-range: + maximum: 600 + minimum: 100 +fixes: + disable-unloaded-chunk-enderpearl-exploit: false + falling-block-height-nerf: disabled + fix-curing-zombie-villager-discount-exploit: true + fix-items-merging-through-walls: false + prevent-tnt-from-moving-in-water: false + split-overstacked-loot: true + tnt-entity-height-nerf: disabled +hopper: + cooldown-when-full: true + disable-move-event: true + ignore-occluding-blocks: false +lootables: + auto-replenish: true + max-refills: -1 + refresh-max: 2d + refresh-min: 12h + reset-seed-on-fill: true + restrict-player-reloot: true + restrict-player-reloot-time: 2d +maps: + item-frame-cursor-limit: 128 + item-frame-cursor-update-interval: 10 +max-growth-height: + bamboo: + max: 16 + min: 11 + cactus: 3 + reeds: 3 +misc: + disable-end-credits: false + disable-relative-projectile-velocity: false + disable-sprint-interruption-on-attack: false + light-queue-size: 20 + max-leash-distance: 10.0 + redstone-implementation: VANILLA + shield-blocking-delay: 5 + show-sign-click-command-failure-msgs-to-player: false + update-pathfinding-on-block-update: true +scoreboards: + allow-non-player-entities-on-scoreboards: false + use-vanilla-world-scoreboard-name-coloring: false +spawn: + allow-using-signs-inside-spawn-protection: false + keep-spawn-loaded: true + keep-spawn-loaded-range: 10 +tick-rates: + behavior: + villager: + validatenearbypoi: -1 + container-update: 1 + grass-spread: 1 + mob-spawner: 1 + sensor: + villager: + secondarypoisensor: 40 +unsupported-settings: + fix-invulnerable-end-crystal-exploit: true diff --git a/hosts/sire/guests/minecraft/server/eula.txt b/hosts/sire/guests/minecraft/server/eula.txt new file mode 100644 index 0000000..02dccd9 --- /dev/null +++ b/hosts/sire/guests/minecraft/server/eula.txt @@ -0,0 +1 @@ +eula=true diff --git a/hosts/sire/guests/minecraft/server/server.properties b/hosts/sire/guests/minecraft/server/server.properties new file mode 100644 index 0000000..796b595 --- /dev/null +++ b/hosts/sire/guests/minecraft/server/server.properties @@ -0,0 +1,58 @@ +allow-flight=false +allow-nether=true +broadcast-console-to-ops=true +broadcast-rcon-to-ops=true +debug=false +difficulty=hard +enable-command-block=false +enable-jmx-monitoring=false +enable-query=false +enable-rcon=false +enable-status=true +enforce-secure-profile=false +enforce-whitelist=true +entity-broadcast-range-percentage=500 +force-gamemode=false +function-permission-level=2 +gamemode=survival +generate-structures=true +generator-settings={} +hardcore=false +hide-online-players=false +initial-disabled-packs= +initial-enabled-packs=vanilla +level-name=world +level-seed=-2875792302555269470 +level-type=minecraft\:normal +log-ips=true +max-chained-neighbor-updates=1000000 +max-players=6666 +max-tick-time=60000 +max-world-size=29999984 +motd= +network-compression-threshold=256 +online-mode=false +op-permission-level=4 +player-idle-timeout=0 +prevent-proxy-connections=false +pvp=true +query.port=25501 +rate-limit=0 +rcon.password= +rcon.port=25575 +require-resource-pack=false +resource-pack-prompt= +resource-pack-sha1= +resource-pack= +server-ip= +server-port=25501 +simulation-distance=10 +spawn-animals=true +spawn-monsters=true +spawn-npcs=true +spawn-protection=0 +sync-chunk-writes=true +text-filtering-config= +use-native-transport=true +view-distance=15 +white-list=false diff --git a/hosts/sire/guests/minecraft/server/spigot.yml b/hosts/sire/guests/minecraft/server/spigot.yml new file mode 100644 index 0000000..ea35245 --- /dev/null +++ b/hosts/sire/guests/minecraft/server/spigot.yml @@ -0,0 +1,177 @@ +# This is the main configuration file for Spigot. +# As you can see, there's tons to configure. Some options may impact gameplay, so use +# with caution, and make sure you know what each option does before configuring. +# For a reference for any variable inside this file, check out the Spigot wiki at +# http://www.spigotmc.org/wiki/spigot-configuration/ +# +# If you need help with the configuration or have any questions related to Spigot, +# join us at the Discord or drop by our forums and leave a post. +# +# Discord: https://www.spigotmc.org/go/discord +# Forums: http://www.spigotmc.org/ + +messages: + whitelist: You are not whitelisted on this server! + unknown-command: Unknown command. Type "/help" for help. + server-full: The server is full! + outdated-client: Outdated client! Please use {0} + outdated-server: Outdated server! I'm still on {0} + restart: Server is restarting +commands: + spam-exclusions: + - /skill + silent-commandblock-console: false + replace-commands: + - setblock + - summon + - testforblock + - tellraw + log: true + tab-complete: 0 + send-namespaced: true +players: + disable-saving: false +advancements: + disable-saving: false + disabled: + - minecraft:story/disabled +config-version: 12 +settings: + debug: false + sample-count: 12 + player-shuffle: 0 + user-cache-size: 1000 + save-user-cache-on-stop-only: false + netty-threads: 4 + attribute: + maxHealth: + max: 2048.0 + movementSpeed: + max: 2048.0 + attackDamage: + max: 2048.0 + log-villager-deaths: true + log-named-deaths: true + timeout-time: 60 + bungeecord: false + moved-too-quickly-multiplier: 100.0 + moved-wrongly-threshold: 1.625 + restart-on-crash: false + restart-script: invalid +world-settings: + default: + seed-ancientcity: 20083232 + seed-trailruins: 83469867 + seed-buriedtreasure: 10387320 + seed-mineshaft: default + below-zero-generation-in-existing-chunks: true + view-distance: default + simulation-distance: default + thunder-chance: 100000 + item-despawn-rate: 6000 + enable-zombie-pigmen-portal-spawns: true + hanging-tick-frequency: 100 + arrow-despawn-rate: 1200 + trident-despawn-rate: 1200 + zombie-aggressive-towards-villager: true + nerf-spawner-mobs: false + mob-spawn-range: 8 + entity-activation-range: + animals: 32 + monsters: 32 + raiders: 48 + misc: 16 + water: 16 + villagers: 32 + flying-monsters: 32 + wake-up-inactive: + animals-max-per-tick: 4 + animals-every: 1200 + animals-for: 100 + monsters-max-per-tick: 8 + monsters-every: 400 + monsters-for: 100 + villagers-max-per-tick: 4 + villagers-every: 600 + villagers-for: 100 + flying-monsters-max-per-tick: 8 + flying-monsters-every: 200 + flying-monsters-for: 100 + villagers-work-immunity-after: 100 + villagers-work-immunity-for: 20 + villagers-active-for-panic: true + tick-inactive-villagers: true + ignore-spectators: false + ticks-per: + hopper-transfer: 8 + hopper-check: 1 + hopper-amount: 1 + hopper-can-load-chunks: false + seed-village: 10387312 + seed-desert: 14357617 + seed-igloo: 14357618 + seed-jungle: 14357619 + seed-swamp: 14357620 + seed-monument: 10387313 + seed-shipwreck: 165745295 + seed-ocean: 14357621 + seed-outpost: 165745296 + seed-endcity: 10387313 + seed-slime: 987234911 + seed-nether: 30084232 + seed-mansion: 10387319 + seed-fossil: 14357921 + seed-portal: 34222645 + seed-stronghold: default + hunger: + jump-walk-exhaustion: 0.05 + jump-sprint-exhaustion: 0.2 + combat-exhaustion: 0.1 + regen-exhaustion: 6.0 + swim-multiplier: 0.01 + sprint-multiplier: 0.1 + other-multiplier: 0.0 + max-tnt-per-tick: 100 + max-tick-time: + tile: 50 + entity: 50 + growth: + torchflower-modifier: 100 + pitcherplant-modifier: 100 + cactus-modifier: 100 + cane-modifier: 100 + melon-modifier: 100 + mushroom-modifier: 100 + pumpkin-modifier: 100 + sapling-modifier: 100 + beetroot-modifier: 100 + carrot-modifier: 100 + potato-modifier: 100 + wheat-modifier: 100 + netherwart-modifier: 100 + vine-modifier: 100 + cocoa-modifier: 100 + bamboo-modifier: 100 + sweetberry-modifier: 100 + kelp-modifier: 100 + twistingvines-modifier: 100 + weepingvines-modifier: 100 + cavevines-modifier: 100 + glowberry-modifier: 100 + verbose: false + dragon-death-sound-radius: 256 + end-portal-sound-radius: 256 + entity-tracking-range: + display: 128 + animals: 512 + misc: 512 + monsters: 512 + other: 512 + players: 512 + merge-radius: + exp: 0.2 + item: 0.2 + wither-spawn-sound-radius: 256 +stats: + disable-saving: false + forced-stats: {} diff --git a/hosts/sire/secrets/minecraft/host.pub b/hosts/sire/secrets/minecraft/host.pub new file mode 100644 index 0000000..e05e617 --- /dev/null +++ b/hosts/sire/secrets/minecraft/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJP6UQlWBR5TJdTYX3kKY/xtK+cg5jYGHVGuIQRTljNr diff --git a/modules/config/users.nix b/modules/config/users.nix index c57c9e6..f3a78c7 100644 --- a/modules/config/users.nix +++ b/modules/config/users.nix @@ -31,5 +31,6 @@ radicale = uidGid 978; podman = uidGid 977; maddy = uidGid 976; + minecraft = uidGid 975; }; } diff --git a/secrets/generated/sentinel/loki-basic-auth-hashes.age b/secrets/generated/sentinel/loki-basic-auth-hashes.age index ddd2a804848def3df87f111433f95e9327f391ef..e72f442f59c478a21317305f234a68b698687033 100644 GIT binary patch delta 2461 zcmV;O31arN5~CB4Ab(X(aAr+xIcZI5cWq2$Xks->W<_Z*acD<+aZ5pUX-juOYeO$q zT30hwO$uXgF)MC3I74t#ZdfulMl?!8QDbj!MnP0*H919CSu}1+Wi>@tY%x_&FbXX` zAaH4REpRe5HXwL$Q)M_&AVG9dd232EdR9erZcs8*R$^IeFMo15P%AWSVRLsgc5rA( zFLg{*dU|waG(-wcV?$JUFIj1BVn}2+M@4CNW?Do|S~zk!WotuIYE5-`K{RqvHf=Iz zNks}RJ|I?ZF<>|?XL4m>b7deTCu$%pSy_DwP+C$iWHU@bOfXt`NNG_uL33p=O;l-c zY;`eaSw}=SHh*$cRd9DpS9mutP(&|!Mo2YPZ8dOCXH#WUcXUrNX9_`3Hg_{KZ&`Rb zYjI^%WkO_SO>H!AO;|HkO$se7Eg&~9SuZtZd1y~EGjwcbVR>dzY)^M}cW88UYB@qq zPI^aWXKhz*ba`}PMG6cIt4r{ttXD)iWsTQRmwDzs+<(?Lo&s;Fl(T}^aV|wGMBDE) zZ@vF2iv$`5jI47swtOgzfuMS2jN3aquhHrJdbTvD%nVn$m1a*$&wkC!P>C~>~^2biz(#2oRwpdC<6Q~sLg5$vkvdM{<6k4qA=HPx(RWXqIwPI$hGW| zxuX4|aI_3G6eRd10Fx!MR`Xo? zf{&>+5y^n~BOQLX=dhCv9Q8d8>X*JCZs~;hY2T@dMRW_o{KO$WJH~j!D_3mtuxYhq zkpY{tU}Q4m9tGl%!e{VDyK+MyMmpq6qlA%YyoHapkKgrT>h=(qFVv%n*{nn{v49dm zD}Pl>B&ex0u96TMfOc-}#KaY&YXY0=MR^)oc_;8V{JYnG{(tes#R89FAIN5h(u4xI z8ul^(rUXu%@cYEEQelJT$j#J%ms%pM0KD{^h;HrF_RVm*6b%+jww|B z&N%xoxz-+d+*iKZ_4$p?Rb!Ari0ZJd)_*_vKevKZ5bWlN1pR_Y6Y#I?cMFmL16^a3 zq}%LVXXWWCb&mJR2}-hPvJ$dsr`Ue)7klF7{-XdFvh^fWPS>%;(jd6|&-_t-#*nc57 z4&M^IPZT;x?R4ZZ1<_EO?neJM7wJ&je&&Ulo8sgmax8YQ<`*A_Tab~^c&8^Ypp3z$ z0SKACB|p5mR3PeUqMlIs9&~#h&aXu)ts#<kdtwHo{5Jg$Dqw7%^ z>RG2APxRik5`3lfW4AXTlP7X5M1MhipFJe_jpxiJZ-KH4z>rKOt+Ku%1~WnGQzue0 zj==o_O1?kb7D})ULq^7C(~X`9WP&cP$co1@=OEKIGTFk-gC%hD1HzF%hEq_2|6GMg ztFdtKjRD)tyPQcJvD4e0g7jEU*M^C;evKWQXL!a9z~`Cnj+{*y>I~oPu^5jP1omA=GKAx5>keDh z@IQPNaKu&Je|)q(-J7wXi7_j2RMKeTiA+zPFO}8{=~aR)dvjAeNhc^^1E9IOttOCJ zpBDsHPvt;u53R~LJ%1W|Vs>=)^O{2k3toje+Wa@v_qExdR*jEp{AHheKx+)b*1ByW zMwES7<9(~?;^TEHDeAbewh+J(#AJTi*vHjU^r$nR^V^apcY6g97u*sHcBxjKc%8Q7 zQPzsQo3W59u76n)t^))^?fXb{f`v(8&f+&q zD2%?J0HP+WMhtsWK@-L_S&f`}!pt-jkD{NGV(kKwb3F1*Q_&*oYimj4HUVTdy>=VV z&18{~R$btj2}&NrwvZ#dZS(zM0p+w#rPu&L{w32XuDc-HoP>1upSo55UZRfC3Uo4> z%|s=(@PFq8p$IDa4Nu<)OM_eSqZlYawUY;y&f%?yy6d-R>J`5iY)0&tG!^L_I9hM> zbQfq1` z6RH&cT*@#T3 zbx%n~YYJLoIAmI5b3rq1GciJLG;b?2R7f>#Fi$UWbYeJKLSko8WbWS!@Rx(UNFmpC?Xi7*#S${WSH&R7dZDm7cd30J) zHDXvdHZ(XyVL}R2R!4VBS59qqXGbG)Hz(VQf%HX?i$SFnCT@ zYe@<%J|Ij+EoX9NVRK~)OK@a%b5=!dbw@@)R#;9+cuO=gQBh(sVQ*15IYe?;bT>w5 zRZn?LGf7x5M}JRwNI^k#bZ268GC@^QR7Ox#QVL~xXhuXiZ2&bYVeiY-m9_FhNdjT3JprQZRCF zG;BpSW=1t@FJVe$I0~^wDMFjYvQWr}E2F|GGyyl*GJje6@3=5_Xfl#y=gf}z0x@RE ztv^s~#-%~T(AFu&RmH(LR483l^}0`+9H!thh@xeol2srr(bI&^7GMe6$yqy&_FvGGFD`LXf%xGR4Xw7m>qlQH44ySC8rgsz3>P?z3_JG6wwpVs zuPfd#ZhuWh39|YPW&5m;ujSP}o`Z!aJ7h(V%F5!+zpR*#CPA%r>-_LsAF`KK`_FIEsMkv6Oxr?Y$SEi>vijtWPgW$mYw7KV04QF;9GBwnge1jYi_10 z)*f;c`|Z}|n~Ea94faU~!uAL(&K4yOA-O5PE2d; zhJVf#2MG?iU_lEu`1^kuN_c)*Lu8a!q8(uSzs|06blz7E_YlUZq5a3aUG9M^OLb`z znqHcb)rCwdH6C@ae$l{bvVRdKXzb}ci91~&Cb~2XW_`lXKQr^?LjFku z3c^8Mm>nDJ$Wx+Plat@;O_c`{rDSS!VCz3#sy~;fs4bf_RlhB)Tdf>mTKbF1h^`{< zI6yh2gogf>mrWq|Q|>OJaJ{ygE-LBZAH<6zh_6n}tRmz#y-8c)lM>QfRc`B^+kd1W zas3s&q(OO}sCHxRlp~@~c7+VZ4{E=Gm2hw6(lMMUNodN;q?3QgM(WdnP15eQLZEPh zpE-!&u1EIY{dj~NU+b3%_O6|py;h+ki#f!AblQ1F8zEM!<{|*Y>C)kq{*Garg&H_G zq9YP8aZx;iB(T}{&5t3w zd^8p*gc6EgFi2nEV!YJ7Ynyi>f;mQsUjSc%G0wq;Y@$8rZQZLM-sHRMe8+Z2R~T|p zT{iBm6=^eU({&hr$L6XcUw=waT1mMVc4Dj2pIBGGsmdujv@<&r=C!)dzr{3vM7e&% z+zqewr5Sr&&N4LA5u_=Frk4q@+rARXRg$>!r7P8O!o}kUk&*D?%6~~Lz)y(iU}57p zy_pJaLB(;5`n>Sly4;__sFb8u09}dGT`CU3YK?zYc;5gzy=Phjn~f$TyRQJO`X!JF zG!;lU^q%)(BrKFBH(|TS6Msh`yr(>VT@kUDQj)%d6{TEB)~TJx1f#Jqu{zzw<-a1- zg%K^0!&-SBkzvl%?0+CnX#&&m+{8xB{CdBs0I6026%-)9huNI#)NSwyj)&F+?ls|0 zb4wSj?l(_XxeNE(4r2Cp(C_?8jpCh3x9d(J5>k^s`p468rhMwR{s6PPE2Iyp1-G!T z8H`jKN9r`0Wmk&vviyYdEa;C;Ro=stw?8TVFhBqMr0C2|TYoj68Pd9^EaZkURy^7) z=4qNC4st?`#e#Yv=A({S{2!+*0Xs5z@!q-di9smr^k@VG4&t3bUvyo1mE)MI)UL4A zGfY(^u4UoP>DF=WEc~f79^vYpNlKisz>%9Wo>zjIaF&5gztF2@>R{H!VIq}Y~<6|s#4D_3#b^hXAF+e3LIm;^h~`*6?D1upePOB9)R*zYu=GCD*@s+J69-{CS6laUXxwL9c<9y{=Rv z_^hFTZ^EenXeLDf24KV=Ur4Z9lh(5GnzPf<6iz82FYtISvUEg= zib!aC`pfGY7SARIXnK0wzOFkkig7y-R(rWURLh8pP>as0A;ak?r!K=xWB?9DHZdwy zU8`iMaDU=)xLK_;}4YXkHqZ0#wU~F{3XeQ@YC2_Zmz?3!ozJ{ X25519 aQjrKYupwdP3ZRQ5CGPjUAKSHMLtORyiuGsaRncR2lM +OCClqe+ZHtMYfJh9iFRyUqsH2BIlk0j1r7K5fvMXJA0 +-> piv-p256 xqSe8Q AiZpiAPglrnrlNJryl5Ip+9cBptSURYsPSfA5IAVqHCd +WaVxAp7tawNUPiktBz0aPO9Ll+tghAMDxtgnaNOCtlI +-> Ub-*?-grease K*@{c0 YxDp0sq] LV +kfROcHQ/f0n7if1p +--- aPArSUTgMQ/xJ420wrjn0NtJwJkLJ3kT6+xqJdSSiGw +U?4Lsm;,|/t|BJ;챶mE;$6`p:h`z0;8 \ No newline at end of file diff --git a/secrets/generated/sire-minecraft/telegraf-influxdb-token.age b/secrets/generated/sire-minecraft/telegraf-influxdb-token.age new file mode 100644 index 0000000..46b7849 --- /dev/null +++ b/secrets/generated/sire-minecraft/telegraf-influxdb-token.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 x5/bA4HrnKggVAN0K+cfzw6UQy8rB0sl5AOnwzaPRBY +9rgAVY2kd+VCCgO9szVMRQuP8BMk154FloMzYKKKa74 +-> piv-p256 xqSe8Q AivGC/2AIFT1OSVeK5WxwAPiO0XUwEU7svEN1aTmXb+W +lUeg0c+Xb5IBNGgnFI86QnWxm8MRMHcf7pI31a9CGAs +-> jP-1|[-grease gE9e`wh ~e4T +vOxm1KfYqngWw9tmeefdahx8XZt5az+10l11taSxvTqDvLWV6jNaKYJWee5rdlvs +Ums +--- KBHKuTOO72icRzyKfIdNaXJZX+qK0cqx8q7zI3KmJ50 +J}<\\tCK+n;JAA葡~^7`=eQE=Ҕ}]( \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/5bc5d5daad95fcc8f628181d006ba3a6-loki-basic-auth-hashes.age b/secrets/rekeyed/sentinel/5bc5d5daad95fcc8f628181d006ba3a6-loki-basic-auth-hashes.age new file mode 100644 index 0000000000000000000000000000000000000000..9c8ec0a03f886d179a1bc3e44543d0897f2c3790 GIT binary patch literal 2367 zcmV-F3BdMYXJsvAZewzJaCB*JZZ2PRUjfRLM0@8Uo{|5QY%JPJ~0YxbazT&ST${OP;)mqS4U86NO^W{Id3ax zH8M*zW^7VxQ+au1Y-CtfLqTP0QEF&YZ9z_BR8mq{cSluBXf{>~V^L~t3N0-yAUSeM za!^)8HCZ@AVPQ&BOl~)MY;tp2aBNF-Idyh%YI>(Fx?n;5QPKxF`g79LfF-4DteyI=d0P3g$TQ@MX>5e zDYdamV8_xxQ5Cm||MdVM$Cu1N?tmXrK7q)tBQSECYsS${<d_#4srCWbLO8!0GVil&TzWM?3K{?HQ5F?J*A zXz9%#`qOScNUovo=GK(h%U7reEWvRL810@=z$q1C5?l*!B298!WW6IkKC0QRGZlng z9Z7?k*{1x6`YmIuw&z-E_sY&3p{Z!aqW>0;WOGY8w1#&j2=lL2X7>B9=IwjbrHTHz(ruF)w zP~WoyQ!>$Lsm+}R5x66873PxVZC0|QjAb#rD(8L5D1JeoJ>#YqX}U7!RpIOqwHtxU zf?u>?>tM7ML{IJ7^QDaCTr4Q>Gc3N9o`e0L=HcPn2rf^3q&1snpotP=OP!uS)$Ml~ zeZ;3Aw0VITbC+DW#X_^=#rf>|9xA-Y6T$szX-k2(X?SIgCkjInKFYV>)nAxeE^}zH zIRrx&q{g}8QloTv=|F@-ckLQcx@9!VaEv1geo2 z4XL4m>b7degOCV=l zSui4VECqKz zJ~wVVmA@K;58?A7)}~oTwF3}u&GOVGaWx@cB8?lqUi1*o_x3cvbWlk~8w>x{h#oN- zY@L0|uHLBwNZxop&>qznBVGo}K^ni4YHBh2@O5_;ZlB)%3B{uha)<0YU~&AR^?KkK zJE#pMhw+(tR?c1miB8ad=ADiO*->bGAU4dHdT;?GS>*T;(_xZQvxF8{diUiJJN2uN zL@JYcXu4dcUvv{wRs+=D2ZE_sLR#2iUua}$)~00GJEdh%ifgJ+_uhO6pg3sa)VTjA1AF5(aMZW2v>_0NDU>-kBPOS{UDpRq-^pmxpaMK6ftE6Xjv zw^w?js>LQ`#m0rE@5+)Kvmi!tu2Z{-*BOA-qfmR!oZ=UKAh(DYU!fVCCc>APL+)^< zgqgZ-Bcc;&7ZYbx%lB8X+3p0&3St2+#@Glur5zz;?nVzEzR~o*jl??k9p66JnTAA} zBZ!F?fb|FdfeGYsd@Du3<;@`Eng|?@*_w%Y_}vUDs+B}b@aP)(Sa%K?w%+uSbswn* zKE{@?2_-SZ1{5hb4vD~Zc_di3GtVHCm+f{SMiBc}n%uDNGwCA2YN&MHA*~z!%-YgQ zy>?ut<AdI5+WH(9DPGhX=Q13D#4qP5{gTu~s9n~Y)VMpC#Scz8 z#DaTaN$X;G33X){*xZC?MLW}D&Pr@pC!Z- zE#F|}Ot+ZCH<{Pu(LP`BD8qJ@j?8~TO{eTp&&ZTv7b55B8QOqm_aMeZ0EAyPgGvup z{p-z@w(NI9WZLZHUAIdtCu`rHQg_{)#Mkslk7cugBzIqIfpabnO2ay(ZpjWyz%H#~ zit-lzcF8X(u#x^&LI!&-GGEx8j>#`LN1)>6s+ZQ6vXb`St90|vR$U^pVer?DqA+07 zW~)YJY1RqurtKfxp<>2X$Dd1DzeW3gyFPqeh@$qk9V8AqUug{mHMy%eY2cV=t8qHfFWDSc#9dx}$sowo- z&@9lLW)ypG<)ZfFo(`=dy{OB$5dVPsFKsnHuI}>|@*Uo^)CZsR4|DZ(si4YAaf7n> ztfWV4!dC~o`=#7u1%Y9CBWMV`Da8#Z_V@SxkK6zEI&R2DET?T6yO8mq)|FmIF^i4gvN)%#C-q#_Xhzj`(fEvWPR7 z8sDL#m-x;1UGYg~zd_191uV0XAt`UO1o_UBpyLTGhuA5hwSho@+*>p=UU$cKmz$f^ z(_zJKP$S%x2(J(KBJ!-4brYWpl?9MrEBON;N_Z|;CE>r3BCY@YBP+Rj!LHG3zCf#G zYg*H9hf6=RAEaDf*U;w>?@lc8^AhDG&RyhyOoJOHK22@1F()nuEvh zzw9Uyh+9v^Ji^3xZwPhz0+Q*$up$(?11Avp}^nxPLj`ry%Bu{NCz#A8(MD$7D{ zlF1|0U{mpx6YrP^t@h1!x!uO|ph1$1A0fg^WN8q`b_<-~hBSl{q*);;i7*Wk|E9li zR=J8)zheYc->ZeWVW<==PH?%F==nQ27ddwc)Wg?>x}AIKNi&~G;EvBPkIq9M~s?q3{<8aPW) zPlQ<1Z#4%YCV*C2#1(crN7NtHL(-hK8YSEi&XA0!ahV=k+abHJ9-{&$H@tN8p9;}B z#JRDB1%i{orAsI~?uoeXLX6-i?;?X^1A^nSEo-vrbuO?oeAabghcM+dkYj@eQgQv+ PSPo>jcUV<|25MDh*uXMW diff --git a/secrets/rekeyed/sentinel/f973eacada1ad30cb150ddfa4ad7a103-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age b/secrets/rekeyed/sentinel/f973eacada1ad30cb150ddfa4ad7a103-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age new file mode 100644 index 0000000..105a9ab --- /dev/null +++ b/secrets/rekeyed/sentinel/f973eacada1ad30cb150ddfa4ad7a103-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA NXYIgippKhPrzMqLWOUPGO5oO4uLE1UqQGpP9DOXI20 +tzVLO2RqfmqYBbcwFQdLlEkDjk6MbyDVuYB+ZiK4/Dg +-> dL:_2b-grease d]m?$_ +TAE/woDI9wQv3Ua5zHtChHiZI4Cpo9KBfknw4Y31bG93Vx1Ja8cDWtYT4PWEoQ +--- bbm63a4+OotXMscEG/zCLhezcBC9vMIW8hFBJGNmVG4 +޷5tjoXMSoo Q_יe.P5UP ׀aHO/gD{%l \ No newline at end of file diff --git a/secrets/rekeyed/sire-influxdb/907a5127872f2d5ed17397ae7e5618e9-telegraf-influxdb-token-sire-minecraft.age b/secrets/rekeyed/sire-influxdb/907a5127872f2d5ed17397ae7e5618e9-telegraf-influxdb-token-sire-minecraft.age new file mode 100644 index 0000000..1ebd138 --- /dev/null +++ b/secrets/rekeyed/sire-influxdb/907a5127872f2d5ed17397ae7e5618e9-telegraf-influxdb-token-sire-minecraft.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 1tdZKQ i4zgh2rbHN27RAiYDPfZFlm+RTaim64AnBf2AKfpuVw +vp6RP8VMfKAWc9rUlP/ep4mKYoLw2nQ9R7OMVBzDo1A +-> ]-grease ssh-ed25519 EHTwGA 06ycNL+Y739oburNHJzo5ywa0V8Ofimhu9iZ7CAKDGE +dy/PLFFK79V+1u8+wWJtfXWJFetNxvtZDJCX2j2znUs +-> %8r-grease ez<>. zl:dK }b +uWiVXwUfxrnSuwrpnAQE92KJq0tGCWzzBV+1EW433+B+wKjByyYytk4 +--- B4qZoqEKJPzegmawmpM2EQWyQCp1jbbuSYSCA71GiNs +UsMBR_5Rl͎^y6RhTb9 ck@oxb*k>tgϏgze 2WZ \ No newline at end of file diff --git a/secrets/rekeyed/sire-minecraft/39e8d6574c2824dc6c52682655f18883-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age b/secrets/rekeyed/sire-minecraft/39e8d6574c2824dc6c52682655f18883-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age new file mode 100644 index 0000000..c44dd62 --- /dev/null +++ b/secrets/rekeyed/sire-minecraft/39e8d6574c2824dc6c52682655f18883-wireguard-proxy-sentinel-psks-sentinel+sire-minecraft.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 EHTwGA 1thFrqBMJqFLx0rw9esixG2zHYDUrV2aU7bYEplqowU +4TwJrEQutZtLQwLD8KsNpVjD8xi20Cz9tBaZ4dwemqQ +-> 1R-grease L= +EiCjHuBgJOHUwb/uPAgOpG+y//MwEnE9A2eiQEcFKmBrYC67 +--- 2DOGVZ7I5GOYq+oV3SsOoYvxTNz7h8Z85LNsbHB7Jlc + :*Ran<ʐ;̹~>LEo$cIB<݆6-o x(9m}4N\M ~W \ No newline at end of file diff --git a/secrets/rekeyed/sire-minecraft/3b83e611fe6200989b9a624b8ef1b7aa-promtail-loki-basic-auth-password.age b/secrets/rekeyed/sire-minecraft/3b83e611fe6200989b9a624b8ef1b7aa-promtail-loki-basic-auth-password.age new file mode 100644 index 0000000..cc2a553 --- /dev/null +++ b/secrets/rekeyed/sire-minecraft/3b83e611fe6200989b9a624b8ef1b7aa-promtail-loki-basic-auth-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 EHTwGA COUzHGv3rhlJSURpTKSRIHqWNJIS73QB69hU3VaqszQ +Wf7I9i8ZAI41WwwNynifG8GbUOLpoKijXkKeDQUKkjg +-> mF[PF\-grease 'Ky1)Zkz +JzjDcH0GLbxCZblzV7NeUW+MTUaLWQVY92knFxUetfPsnTpARsXYkIL12s+o47dm +MHHTlB8ExD7RNynV6r/Do6UM9uNwsmwm/US8FvWTagAWbBWkocRZWh93Zw +--- 822p/9l00Tv4a8veTfbZ2RbE7bnUBFzZVtpkeEa3hsw +8u7[ПȺ3)xDZ&}r+=<\Gp7t&>嵃|Em65k\\}ѺGD_ \ No newline at end of file diff --git a/secrets/rekeyed/sire-minecraft/e1458d710b93b5ca98cba8ce4189e0ce-wireguard-proxy-sentinel-priv-sire-minecraft.age b/secrets/rekeyed/sire-minecraft/e1458d710b93b5ca98cba8ce4189e0ce-wireguard-proxy-sentinel-priv-sire-minecraft.age new file mode 100644 index 0000000..cd2dfe5 --- /dev/null +++ b/secrets/rekeyed/sire-minecraft/e1458d710b93b5ca98cba8ce4189e0ce-wireguard-proxy-sentinel-priv-sire-minecraft.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 EHTwGA z6epbutC22AqPSf6A+vImf5qXZMjzB1uNeUBVyYw+QY +Wi1H1lSv1RMejpAb2A/rzqoiP1UUPVZYcx7Goh11Q1U +-> \D$V-grease x}66D4G 2p +s55x54FNeQhwesaZSGC5Og7TjQnwKXcSZGfrdANZF4uH469yPpotSq8HrPJK7JQv +IbNXdGvVmoCmOwA1GaIXyxdRF8YgfJPcD31eXcDMuMVMbE0dkfbB50JcxR62Zktr + +--- 36CMRrlw9MR/jT52W+aqYp+fxw9okj9DYd+M+8eOCkA +GX2ҡAd7n]ɣ}]D>x_ϳjaU;:IUUegӚ \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.age b/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.age new file mode 100644 index 0000000..91bb632 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 wD5BhJW5KI5lq37lSsED9RyDQpN3ELX6ZPh5esbVg0o +r2h5o7gstcKAFUkbeJr6uj7Q7V7rqp87v7cReHxFwYk +-> piv-p256 xqSe8Q AnymuZMQPqM6bSqYWE2Ju1DfFqs46xMw/lho4dSSYZ0I +G3HUR7lINgXIhi90rJ8i6fXAhllemz2U8OtVEmS2tkw +-> c,k.48-grease $j NDwlv8 ~Y5q!7c +xmG2lEJzTEpc6lIokN34y/Ox +--- /8ksWoOq9mJr2aMXhE7DZxrvcSY3mxlo/grXt0Ck8Zs + m ڊ^w(ZXٙ;1xZςPghk̛ߧ҄β>> \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.pub b/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.pub new file mode 100644 index 0000000..4741e7b --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sire-minecraft.pub @@ -0,0 +1 @@ +yMAdUPnWvTDhvnGJTtZSG+pKT1DiiXWQFRc2iX6MYxI= diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-minecraft.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-minecraft.age new file mode 100644 index 0000000..138352b --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-minecraft.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 Z4+MWhcHpN7ZlcH/zUeIgdsKyuSrwqYv/F3tubuwz1o +lLonaLVVbwW9nBIzbpiRQk+NzJT8Z3lARLq11btOlrk +-> piv-p256 xqSe8Q A5/OxbbTKTTwI1+X++UMNtcdQUxWevaXvF3uYz1Q9rK5 ++AqIBxSm5t+v3wi3cgxtxIHFIqXR39Bn3HGdaGpD+e4 +-> ,Td.O-grease jebr}f[ lq.5 7Q;f%P s2 ++/w +--- jmueBY0AA9hP0eUaxLCZmIwAdIFFgicIX3vih1hEbso +y=ן_pjh@ܤs* ,$!ɇ2 K\zqq1ADkx';DdWgjɋ \ No newline at end of file