diff --git a/.sops.yaml b/.sops.yaml index a4f24a6..353c8db 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -20,6 +20,7 @@ keys: - &host_lupine-4 age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l - &host_lupine-5 age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn - &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr + - &host_gluttony age12czfkvuw9pjk5qny5c6m2hjhd634cj9r4dsa3ss5zkux5h4vvc7s7k4urq creation_rules: # Global secrets @@ -119,3 +120,16 @@ creation_rules: - *user_vegardbm pgp: - *user_oysteikt + + - path_regex: secrets/gluttony/[^/]+\.yaml$ + key_groups: + - age: + - *host_gluttony + - *user_danio + - *user_felixalb + - *user_pederbs_sopp + - *user_pederbs_nord + - *user_pederbs_bjarte + - *user_vegardbm + pgp: + - *user_oysteikt diff --git a/flake.nix b/flake.nix index 643bc0a..6469b87 100644 --- a/flake.nix +++ b/flake.nix @@ -205,7 +205,6 @@ inputs.disko.nixosModules.disko ]; }; - #ildkule-unstable = unstableNixosConfig "ildkule" { }; skrot = stableNixosConfig "skrot" { modules = [ inputs.disko.nixosModules.disko @@ -216,7 +215,12 @@ shark = stableNixosConfig "shark" {}; wenche = stableNixosConfig "wenche" {}; temmie = stableNixosConfig "temmie" {}; - gluttony = stableNixosConfig "gluttony" {}; + gluttony = stableNixosConfig "gluttony" { + overlays = [ + (final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; }) + ]; + modules = [ self.nixosModules.bluemap ]; + }; kommode = stableNixosConfig "kommode" { overlays = [ diff --git a/hosts/gluttony/configuration.nix b/hosts/gluttony/configuration.nix index 9c31cd8..a14a143 100644 --- a/hosts/gluttony/configuration.nix +++ b/hosts/gluttony/configuration.nix @@ -7,6 +7,7 @@ { imports = [ ./hardware-configuration.nix + ./services/bluemap.nix (fp /base) ]; diff --git a/hosts/gluttony/services/bluemap.nix b/hosts/gluttony/services/bluemap.nix new file mode 100644 index 0000000..c503e44 --- /dev/null +++ b/hosts/gluttony/services/bluemap.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, inputs, ... }: +let + vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world"; +in { + # NOTE: our version of the module gets added in flake.nix + disabledModules = [ "services/web-apps/bluemap.nix" ]; + + sops.secrets."bluemap/ssh-key" = { }; + sops.secrets."bluemap/ssh-known-hosts" = { }; + + services.bluemap = { + enable = true; + + eula = true; + onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade + + enableNginx = false; + + host = "minecraft.pvv.ntnu.no"; + + maps = let + inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export; + in { + "verden" = { + extraHoconMarkersFile = "${bluemap-export}/overworld.hocon"; + settings = { + world = vanillaSurvival; + dimension = "minecraft:overworld"; + name = "Verden"; + sorting = 0; + start-pos = { + x = 0; + z = 0; + }; + ambient-light = 0.1; + cave-detection-ocean-floor = -5; + }; + }; + "underverden" = { + extraHoconMarkersFile = "${bluemap-export}/nether.hocon"; + settings = { + world = vanillaSurvival; + dimension = "minecraft:the_nether"; + name = "Underverden"; + sorting = 100; + start-pos = { + x = 0; + z = 0; + }; + sky-color = "#290000"; + void-color = "#150000"; + sky-light = 1; + ambient-light = 0.6; + remove-caves-below-y = -10000; + cave-detection-ocean-floor = -5; + cave-detection-uses-block-light = true; + render-mask = [{ + max-y = 90; + }]; + }; + }; + "enden" = { + extraHoconMarkersFile = "${bluemap-export}/the-end.hocon"; + settings = { + world = vanillaSurvival; + dimension = "minecraft:the_end"; + name = "Enden"; + sorting = 200; + start-pos = { + x = 0; + z = 0; + }; + sky-color = "#080010"; + void-color = "#080010"; + sky-light = 1; + ambient-light = 0.6; + remove-caves-below-y = -10000; + cave-detection-ocean-floor = -5; + }; + }; + }; + }; + + systemd.services."render-bluemap-maps" = { + serviceConfig = { + StateDirectory = [ "bluemap/world" ]; + ExecStartPre = let + rsyncArgs = lib.cli.toCommandLineShellGNU { } { + archive = true; + compress = true; + verbose = true; + no-owner = true; + no-group = true; + rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey"; + }; + in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}"; + LoadCredential = [ + "sshkey:${config.sops.secrets."bluemap/ssh-key".path}" + "ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}" + ]; + }; + }; +} diff --git a/secrets/gluttony/gluttony.yaml b/secrets/gluttony/gluttony.yaml new file mode 100644 index 0000000..b2e7f03 --- /dev/null +++ b/secrets/gluttony/gluttony.yaml @@ -0,0 +1,93 @@ +bluemap: + ssh-key: ENC[AES256_GCM,data:zkEB6Sn02U9Xd66xsFRwUkOAfApuvjfuvmpB0DmcyOB+QzZqMg4G9cEmeZ/L9t+k0CiX3dIBlC0qVuf+49gJ27uhOX0vzlVNe99Bt7yWBf47PROhK/FhHes+BvBU2Qtwd1ObtZwcD2BDj2f/BEXZ2rRAeqno95/3JlCrZvaGrWuZUBmODlfDcyKZv93QUd4opekpo7iAkQa+0wYJKf8ojXrDzjGIzBrkPWNh1OUEFM0qTENy9ajEEhPy4FShIVzLt8QmKAgObegpKoDykjGI+KPaNb+fD+RAKZjQ8j4Enkofpbdr4MB9UIcffPgZo1b+JR9zg2UTfsVzYrDCAm8k/FFsXOWWa2ZHcR2sDryUVFTZYdw/Qyb055F0Shxs3nHb7oJcP6XdWbAmz2AMffBHr5uJtkNid6mKuF0VQmDMwwtOkOgDkFtHyoMe0+nMIU7UBF4iwGURqsNnG/89KjfayDte21vMGTTtg2Owvty/tU9PWwztKVrBn47NMl8q/u2VkoHX3ZtjVsuEDsGqkWUGQBJVf5xngRtcKMnC,iv:vPEFXXaQX7e5FVf65MhjR13FI+JhIECLIY/xgqasFKY=,tag:/c6ZtCs3ivorIqFdlg9G9Q==,type:str] + ssh-known-hosts: ENC[AES256_GCM,data:r39Q2ZK3TNKQ5eETfwJRaz1Hn4IGpN808O2PMnwI9VBac8aV3R06GhIe+eeMO81LMEoRWPa+Lhmumt+HBlsCbIdBT3Wg+4swdNGmbShjFGC5VfEVIjR5nkd/KxM0pSiO466GrYRYzjpFbc9rIji+osE2ymH71/M5iZJ8f8bPa9ufTuJnhr2knms3oy4/kfRYdOXMYKWnJ4FCSyRJUZOEbXMjxDqo5ESXgzw4vhTlBX0qI097iVXUNhnziwA3DYpSlEg8COXJWfwMWAazg3ocRaN7oqTkEshacVBtySUWvFmD606ToY+tXKX+BaV8hY5TI+LGQ+igRxi1KY4BYyNmGTlqmNmEkNURKqcw+j5Irc/+LGVvL0G4QQ3k+ABLRbp/3P6f+KKRu4fhBK/3dzwWQLWV4ENQrOSyMtUsZLswsjhEDRStcQyUVoQjqep6nWeeGz+yRieohJepwIoVqax6vF/zjHb2/UV2J79KR4krIlCZB1cfZb6I7QMHn62F+jns5n9jpyLBEIvRVFQMpJ+B0g7n08kq5F2Yi2JgWEULo5iF8ublLLhSvhvGjwhbJEwYxAkaHpTg6QX36oVY+NRC4YH4ky/JndDVw9648fpkKr48+pi8Hx4ksSU+sCZrbS/uThuueI2GmVTAwKqHmbCy0pnfcYJ+55iusekXLuUW4vqYVwVBoBBvZueSr4/qOpDgD8b/pKneA8Dw2lS9H5MfEQuRXOTZN+44qgtx/DQCTihuOfvBYyzskqd1TnoYweRLFXKxpqNQjxgs4bIxf7lZ0Lyknw7DjBlqK+gJHLPLm1DllrnwhYoK/SrsPpj0tMYK4Y9QmubbfoPITkEmrCAJqfwFUvrZt3f3YIetYxrXuxpCwqrWNPsd4mqJ0+dg7TJN5mgivjJMS08caM6Oc+F+GLu4RtRIB347F0wOgNhjSACzTZ5rQ71YF3zSkgCgw7pu+mL2qINsZO0LpqZgWXL8nNhErHQ4dvdRuy8baixYktjLyeGXRt0YO3AiBrkO1qD4x9R2JrriIYVhTxAjZEsKgLcQK8WU0/gDOU8JTiwLYV8zeSr6xRTziOtq2/e4E6wL/JXSgi+AmiknKZyI1SZCIikhXCC8ElQwHFxiG9IdBQFGs1zpjFTlI0xyImYRHKe4hiuDYdRvOITlXzuxhz2FnHtlmowGkZVu3Dgrlh0Ypo9HojYVgzTp19pTjc2upJXGAEkpqI167rldyRKZ3s6+sGbtk4UeVBa5LYic4lOHCP1Sx4U2Ke+ZvpbtdBFvV+J/hkdkkz5jFs0tVNB0VYClMkm4blD48E9wB2D4mYQkJGkdc5SnKu2EsqkTSHfw6vydiFpPZoxh+obSMy31az1oEDVb6t+ga9qHjOFvBGD8IOk8hQ6EURaIaKBtFIDGm5TuGTHJZKEAEeLDon1GB1qPY8PeN0pJF8+B4Mh81YxIJlolvpig9EL6R6W+q+KxjLNWppGSAwimDGDNhFy9UgpH8gUL86I5v/oOGjFmpz4DibHomqZr9hUEe7UJzAiMuwOTz1L+l7HaLwVPrOeHZQmkcY5l93xwFdReHjoCtQ6MosdkBUAUDA==,iv:yqzaB8raT0/s/y2T4C06MwHGKwg+EHwuwbj+AXxvkIU=,tag:q41KpDG2e6yFOq6TxstC8A==,type:str] +sops: + age: + - recipient: age12czfkvuw9pjk5qny5c6m2hjhd634cj9r4dsa3ss5zkux5h4vvc7s7k4urq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeHFDb2xERDdQa3FDT1Ni + OFBBb1MzUXNqMktTVUlDWHhRWithYkN3OEcwCkd3OWlaSks4bnFhRzJud3AwZ1Bo + c0xNYXdDVzVxRjZna3FaMEJuR3hMbVUKLS0tIGNoZGpKUFBldDBDaGF5bG1SS3R2 + VzBDc296WmFkdHcvVWVILzNFUzJKY2cKIHUNTXL28jYIgo7tMsR64gpydX6bg+1f + PntcQBsVXmjW/XOWg0XTa23BRkuL9a8wkWPKV+EvVaRAHLA+NdrCzw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNXJnNGxEaUtvazVyWVBn + NkZLbk0zYytTcmFVek5hWElPUUZ2NDc5S0J3Cll6NkRZbHBkREVtYmxSQjRiTG1w + THJRYXE2VzhhTUtqZUQ1Q2k5d1V0c00KLS0tIEpjb3gybTVSMlpnT0pHK3U5bkFP + aW9YZVZpbXE1Ty9tZjZWRTJXcDN1UTAK7NC7zqWWfsjwsg4RC6+pHgIRSr2NYdJU + JnSODgTDeRWNWTnlOsGLVBB4G4cs3sr+G1TTU6ECNeScVHjm5LEXpA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhamk3VWVheTZOUXVwUnU3 + YnAzSzF0UDFNVTJycHJTdk1zNmtkWWVHeVJBCnZTQ0xEM1hSQ3dTcHhQYmt1UDdr + TWEzeE5SZ1FUVlhsd0N0NUdzNXB1V1kKLS0tIFlzRE4wNUdYN3kremxNUHlMRzVx + WWRKRGZza0hlU3JXQkdwY2psQkdqbGsK7XHA7aO7AN+fK65phQ2Wjuoz0/CylAKb + aEo6e2DDlEKoHyel6VtncYU7IytU8vx4f2KdBQuDIsypQqOCyjpcYg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcXhaNVJrUnlSVTQvVE9T + RnpDa2JBZFQwVG5oaVpUWG9ZeGM0UkNZakF3CmhsK3ByK1JaamV2cWgweTZUVjNk + QWdtREtiVnd4TllycDQybWxSb05IaFEKLS0tIDJXZzNKZzZJL3M4bTNiV1lHQ2lq + MW9uSUo2dzR4VzhmK09yU2Y3Vkl6T0UKz9PygM7wNx+SDO4ea4RKwENSpnzGC8jP + 5N7p/MQZQjclpNyIUO3OKQECMQD8jPqN+OlBmctQqDR4vTSq4HmCvw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRVVucnNNVEk1TkRvb1V0 + ZjlCMjcyVHdVVzRwVUxmQnFSSThZblcxc1JFCnVPS1NKRGxERzNPUmpOOUZWd0pa + bFJGZVVObzhNdEx5ZWFlWkdaOUZrS3cKLS0tIGdqV2FaNVNJM2Z0TUV3VklodDM3 + SDQ5d2p4SnB4REdTbWRRZjYxVURqNkUK3wcPruP459YHsffOw8vWHNlOleUA0Iv5 + /370YCc4uA3wp8YyLvotGsjn65IWlaZ1R9wUEiQTNa3wvChBYmtLVg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTW04bUZrMFMxVTdkbDNk + Z2dWTTgrUERRT243NkZtTmY1ZkFjQ0w5bVJBCnh6cmM0Z2hwcVRyL3R0YXdSbzRa + cFc5MmowbVhTMTZTZzFsK3ZpNXdxN1EKLS0tIERxYzN4S0dsYi9mU1UvVzRNZGZw + TXlrR3FKWlJLQ0NpWDdQVEo0aHFNZWsK1lUGm0uye00S07JYBPGvIZtdNFuknZv3 + bViaCBUH8GKV7w+sWtnBoQlaD1F8rpoVd+l4SIW0pouEYdze4u/v9Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RVFKdjNDMURPVHY0eFc1 + c0JUbk93RlppNjg5ZTlIMEdmRWI5Q3prWlh3CjdTNXk0YUtFeWtuNkkxVGpndVBu + WTIrdFh0QThQWkJTc1llSWN0OUtzWVEKLS0tIHF1NytpSUtnQ2xoSUlMR3NIdytV + WWE5WUVPVXVwMW9QY0F4RUo4K1JJSzgKu8KUfNcYkVPTIIy+AsqmbNsRwhe2OVH+ + iTBo4DixGc4XFsflBYxTmu212DE8/Mr2spqZpa4brfbblF4JAmak6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-05-23T17:17:29Z" + mac: ENC[AES256_GCM,data:jZqF4WRtMSg5oPT6LGC8oNBlgADFa+AP5SlmjiiPvwds/GLL1txfN7Phm7ct4birmuAfndLq4EPK9nru2klnYirGsz7KCRVtbzb5BPoh8HtiqhHSoGeyTyC/uKgHhg7Rk+yW2F+GI20cS/MaXxIhu4QohIvnZxrYEbCkffSjukM=,iv:2W4NRFHQiKL9Bq/krqqvvM6NzgqDVXyrq68c1glPG9A=,tag:/IYCXGjdGUkZv8S+P9H0NQ==,type:str] + pgp: + - created_at: "2026-05-23T17:17:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA0av/duuklWYAQ/+ISNrWiNzl986g1c2S8x65xCWuJ8ntbb9k0nm56/Ve1TI + 5bkkovKFUFCBUrcVEoRPA+uVDdnd/KWkwF6BX3me8jkhe9ogXNvNJh7FVWiPa70U + nxt0wL2TGDdj0RD2gneqTEsN3GtuwNw3gUcdRBg03vG9rmmNa3eWvVmwk/XNZ7J+ + 7LEyG21tLicB5ZPBYiGLznsQPbGvLg+FguCRngvjmz0IgvpNkNpylmlkkc6pmHka + T5UAekNgBY0H6H22T1xmD5O4/ZVsmyETHc+6TJn4jIS2fENVtfApbwJuF5B+x+Xf + fNIx8soxYOBLjN9CdPXWw+/nAuCQVnsOYxUVcHBoNvQ3KDm8c6R4Yv8B+gndpvUN + eRo3XQTGNCX2mvEdRHDlvJjMHgmP3a8qBsFVdKnS/7138HKO4dyIX8Ca+9gWvEmz + UGdTXtYjRl8Wxp+8mePAsR6OaDGLqRfyIveCsSAJiwsQDaVqnVElXUZBp93QySxq + RPY8yNrVayiw3lPLe2Q0iHJLfpUEqvIGz0WjfqCkfhMXb93lrjTywsvMRf6ocZOY + Xb4paiRlKsJo9a6ZvyH+vuIXv75SUVtdzWs7P998TGo/C8+0Tf/dVgvGB/UfnB0p + JkGndpicaJ98Xb+vTrE+/MNpMD0hBzWIbsKs6c50Hfml7Xjb8ngewuKAqXpvdE/S + XAEl1l+gnC44ekV0CBWbyWXcsBHopt4plVC1VIH4CgsnHz5xPxTfrrJCTWAvTDpI + arHX/6qD+QOMXpT4/W37WxIyTEICBUEGtn6gMbb1xU96WJ3zqp7EYjxO/IOU + =Mkw8 + -----END PGP MESSAGE----- + fp: F7D37890228A907440E1FD4846B9228E814A2AAC + unencrypted_suffix: _unencrypted + version: 3.12.2