+1 -1

nixos/doc/manual/release-notes/rl-2311.section.md

··· 6 6 7 7 ## New Services {#sec-release-23.11-new-services} 8 8 9 9 - - Create the first release note entry in this section! 9 9 + - [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable). 10 10 11 11 - [acme-dns](https://github.com/joohoi/acme-dns), a limited DNS server to handle ACME DNS challenges easily and securely. Available as [services.acme-dns](#opt-services.acme-dns.enable). 12 12

+1

nixos/modules/module-list.nix

··· 476 476 ./services/games/deliantra-server.nix 477 477 ./services/games/factorio.nix 478 478 ./services/games/freeciv.nix 479 479 + ./services/games/mchprs.nix 479 480 ./services/games/minecraft-server.nix 480 481 ./services/games/minetest-server.nix 481 482 ./services/games/openarena.nix

+341

nixos/modules/services/games/mchprs.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + 3 3 + with lib; 4 4 + 5 5 + let 6 6 + cfg = config.services.mchprs; 7 7 + settingsFormat = pkgs.formats.toml { }; 8 8 + 9 9 + whitelistFile = pkgs.writeText "whitelist.json" 10 10 + (builtins.toJSON 11 11 + (mapAttrsToList (n: v: { name = n; uuid = v; }) cfg.whitelist.list)); 12 12 + 13 13 + configToml = 14 14 + (removeAttrs cfg.settings [ "address" "port" ]) // 15 15 + { 16 16 + bind_address = cfg.settings.address + ":" + toString cfg.settings.port; 17 17 + whitelist = cfg.whitelist.enable; 18 18 + }; 19 19 + 20 20 + configTomlFile = settingsFormat.generate "Config.toml" configToml; 21 21 + in 22 22 + { 23 23 + options = { 24 24 + services.mchprs = { 25 25 + enable = mkEnableOption "MCHPRS"; 26 26 + 27 27 + declarativeSettings = mkOption { 28 28 + type = types.bool; 29 29 + default = false; 30 30 + description = mdDoc '' 31 31 + Whether to use a declarative configuration for MCHPRS. 32 32 + ''; 33 33 + }; 34 34 + 35 35 + declarativeWhitelist = mkOption { 36 36 + type = types.bool; 37 37 + default = false; 38 38 + description = mdDoc '' 39 39 + Whether to use a declarative whitelist. 40 40 + The options {option}`services.mchprs.whitelist.list` 41 41 + will be applied if and only if set to `true`. 42 42 + ''; 43 43 + }; 44 44 + 45 45 + dataDir = mkOption { 46 46 + type = types.path; 47 47 + default = "/var/lib/mchprs"; 48 48 + description = mdDoc '' 49 49 + Directory to store MCHPRS database and other state/data files. 50 50 + ''; 51 51 + }; 52 52 + 53 53 + openFirewall = mkOption { 54 54 + type = types.bool; 55 55 + default = false; 56 56 + description = mdDoc '' 57 57 + Whether to open ports in the firewall for the server. 58 58 + Only has effect when 59 59 + {option}`services.mchprs.declarativeSettings` is `true`. 60 60 + ''; 61 61 + }; 62 62 + 63 63 + maxRuntime = mkOption { 64 64 + type = types.str; 65 65 + default = "infinity"; 66 66 + example = "7d"; 67 67 + description = mdDoc '' 68 68 + Automatically restart the server after 69 69 + {option}`services.mchprs.maxRuntime`. 70 70 + The time span format is described here: 71 71 + https://www.freedesktop.org/software/systemd/man/systemd.time.html#Parsing%20Time%20Spans. 72 72 + If `null`, then the server is not restarted automatically. 73 73 + ''; 74 74 + }; 75 75 + 76 76 + package = mkOption { 77 77 + type = types.package; 78 78 + default = pkgs.mchprs; 79 79 + defaultText = literalExpression "pkgs.mchprs"; 80 80 + description = mdDoc "Version of MCHPRS to run."; 81 81 + }; 82 82 + 83 83 + settings = mkOption { 84 84 + type = types.submodule { 85 85 + freeformType = settingsFormat.type; 86 86 + 87 87 + options = { 88 88 + port = mkOption { 89 89 + type = types.port; 90 90 + default = 25565; 91 91 + description = mdDoc '' 92 92 + Port for the server. 93 93 + Only has effect when 94 94 + {option}`services.mchprs.declarativeSettings` is `true`. 95 95 + ''; 96 96 + }; 97 97 + 98 98 + address = mkOption { 99 99 + type = types.str; 100 100 + default = "0.0.0.0"; 101 101 + description = mdDoc '' 102 102 + Address for the server. 103 103 + Please use enclosing square brackets when using ipv6. 104 104 + Only has effect when 105 105 + {option}`services.mchprs.declarativeSettings` is `true`. 106 106 + ''; 107 107 + }; 108 108 + 109 109 + motd = mkOption { 110 110 + type = types.str; 111 111 + default = "Minecraft High Performance Redstone Server"; 112 112 + description = mdDoc '' 113 113 + Message of the day. 114 114 + Only has effect when 115 115 + {option}`services.mchprs.declarativeSettings` is `true`. 116 116 + ''; 117 117 + }; 118 118 + 119 119 + chat_format = mkOption { 120 120 + type = types.str; 121 121 + default = "<{username}> {message}"; 122 122 + description = mdDoc '' 123 123 + How to format chat message interpolating `username` 124 124 + and `message` with curly braces. 125 125 + Only has effect when 126 126 + {option}`services.mchprs.declarativeSettings` is `true`. 127 127 + ''; 128 128 + }; 129 129 + 130 130 + max_players = mkOption { 131 131 + type = types.ints.positive; 132 132 + default = 99999; 133 133 + description = mdDoc '' 134 134 + Maximum number of simultaneous players. 135 135 + Only has effect when 136 136 + {option}`services.mchprs.declarativeSettings` is `true`. 137 137 + ''; 138 138 + }; 139 139 + 140 140 + view_distance = mkOption { 141 141 + type = types.ints.positive; 142 142 + default = 8; 143 143 + description = mdDoc '' 144 144 + Maximal distance (in chunks) between players and loaded chunks. 145 145 + Only has effect when 146 146 + {option}`services.mchprs.declarativeSettings` is `true`. 147 147 + ''; 148 148 + }; 149 149 + 150 150 + bungeecord = mkOption { 151 151 + type = types.bool; 152 152 + default = false; 153 153 + description = mdDoc '' 154 154 + Enable compatibility with 155 155 + [BungeeCord](https://github.com/SpigotMC/BungeeCord). 156 156 + Only has effect when 157 157 + {option}`services.mchprs.declarativeSettings` is `true`. 158 158 + ''; 159 159 + }; 160 160 + 161 161 + schemati = mkOption { 162 162 + type = types.bool; 163 163 + default = false; 164 164 + description = mdDoc '' 165 165 + Mimic the verification and directory layout used by the 166 166 + Open Redstone Engineers 167 167 + [Schemati plugin](https://github.com/OpenRedstoneEngineers/Schemati). 168 168 + Only has effect when 169 169 + {option}`services.mchprs.declarativeSettings` is `true`. 170 170 + ''; 171 171 + }; 172 172 + 173 173 + block_in_hitbox = mkOption { 174 174 + type = types.bool; 175 175 + default = true; 176 176 + description = mdDoc '' 177 177 + Allow placing blocks inside of players 178 178 + (hitbox logic is simplified). 179 179 + Only has effect when 180 180 + {option}`services.mchprs.declarativeSettings` is `true`. 181 181 + ''; 182 182 + }; 183 183 + 184 184 + auto_redpiler = mkOption { 185 185 + type = types.bool; 186 186 + default = true; 187 187 + description = mdDoc '' 188 188 + Use redpiler automatically. 189 189 + Only has effect when 190 190 + {option}`services.mchprs.declarativeSettings` is `true`. 191 191 + ''; 192 192 + }; 193 193 + }; 194 194 + }; 195 195 + default = { }; 196 196 + 197 197 + description = mdDoc '' 198 198 + Configuration for MCHPRS via `Config.toml`. 199 199 + See https://github.com/MCHPR/MCHPRS/blob/master/README.md for documentation. 200 200 + ''; 201 201 + }; 202 202 + 203 203 + whitelist = { 204 204 + enable = mkOption { 205 205 + type = types.bool; 206 206 + default = false; 207 207 + description = mdDoc '' 208 208 + Whether or not the whitelist (in `whitelist.json`) shoud be enabled. 209 209 + Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. 210 210 + ''; 211 211 + }; 212 212 + 213 213 + list = mkOption { 214 214 + type = 215 215 + let 216 216 + minecraftUUID = types.strMatching 217 217 + "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" // { 218 218 + description = "Minecraft UUID"; 219 219 + }; 220 220 + in 221 221 + types.attrsOf minecraftUUID; 222 222 + default = { }; 223 223 + example = literalExpression '' 224 224 + { 225 225 + username1 = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; 226 226 + username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"; 227 227 + }; 228 228 + ''; 229 229 + description = mdDoc '' 230 230 + Whitelisted players, only has an effect when 231 231 + {option}`services.mchprs.declarativeWhitelist` is 232 232 + `true` and the whitelist is enabled 233 233 + via {option}`services.mchprs.whitelist.enable`. 234 234 + This is a mapping from Minecraft usernames to UUIDs. 235 235 + You can use <https://mcuuid.net/> to get a 236 236 + Minecraft UUID for a username. 237 237 + ''; 238 238 + }; 239 239 + }; 240 240 + }; 241 241 + }; 242 242 + 243 243 + config = mkIf cfg.enable { 244 244 + users.users.mchprs = { 245 245 + description = "MCHPRS service user"; 246 246 + home = cfg.dataDir; 247 247 + createHome = true; 248 248 + isSystemUser = true; 249 249 + group = "mchprs"; 250 250 + }; 251 251 + users.groups.mchprs = { }; 252 252 + 253 253 + systemd.services.mchprs = { 254 254 + description = "MCHPRS Service"; 255 255 + wantedBy = [ "multi-user.target" ]; 256 256 + after = [ "network.target" ]; 257 257 + 258 258 + serviceConfig = { 259 259 + ExecStart = "${lib.getExe cfg.package}"; 260 260 + Restart = "always"; 261 261 + RuntimeMaxSec = cfg.maxRuntime; 262 262 + User = "mchprs"; 263 263 + WorkingDirectory = cfg.dataDir; 264 264 + 265 265 + StandardOutput = "journal"; 266 266 + StandardError = "journal"; 267 267 + 268 268 + # Hardening 269 269 + CapabilityBoundingSet = [ "" ]; 270 270 + DeviceAllow = [ "" ]; 271 271 + LockPersonality = true; 272 272 + MemoryDenyWriteExecute = true; 273 273 + PrivateDevices = true; 274 274 + PrivateTmp = true; 275 275 + PrivateUsers = true; 276 276 + ProtectClock = true; 277 277 + ProtectControlGroups = true; 278 278 + ProtectHome = true; 279 279 + ProtectHostname = true; 280 280 + ProtectKernelLogs = true; 281 281 + ProtectKernelModules = true; 282 282 + ProtectKernelTunables = true; 283 283 + ProtectProc = "invisible"; 284 284 + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; 285 285 + RestrictNamespaces = true; 286 286 + RestrictRealtime = true; 287 287 + RestrictSUIDSGID = true; 288 288 + SystemCallArchitectures = "native"; 289 289 + UMask = "0077"; 290 290 + }; 291 291 + 292 292 + preStart = 293 293 + (if cfg.declarativeSettings then '' 294 294 + if [ -e .declarativeSettings ]; then 295 295 + 296 296 + # Settings were declarative before, no need to back up anything 297 297 + cp -f ${configTomlFile} Config.toml 298 298 + 299 299 + else 300 300 + 301 301 + # Declarative settings for the first time, backup stateful files 302 302 + cp -b --suffix=.stateful ${configTomlFile} Config.toml 303 303 + 304 304 + echo "Autogenerated file that implies that this server configuration is managed declaratively by NixOS" \ 305 305 + > .declarativeSettings 306 306 + 307 307 + fi 308 308 + '' else '' 309 309 + if [ -e .declarativeSettings ]; then 310 310 + rm .declarativeSettings 311 311 + fi 312 312 + '') + (if cfg.declarativeWhitelist then '' 313 313 + if [ -e .declarativeWhitelist ]; then 314 314 + 315 315 + # Whitelist was declarative before, no need to back up anything 316 316 + ln -sf ${whitelistFile} whitelist.json 317 317 + 318 318 + else 319 319 + 320 320 + # Declarative whitelist for the first time, backup stateful files 321 321 + ln -sb --suffix=.stateful ${whitelistFile} whitelist.json 322 322 + 323 323 + echo "Autogenerated file that implies that this server's whitelist is managed declaratively by NixOS" \ 324 324 + > .declarativeWhitelist 325 325 + 326 326 + fi 327 327 + '' else '' 328 328 + if [ -e .declarativeWhitelist ]; then 329 329 + rm .declarativeWhitelist 330 330 + fi 331 331 + ''); 332 332 + }; 333 333 + 334 334 + networking.firewall = mkIf (cfg.declarativeSettings && cfg.openFirewall) { 335 335 + allowedUDPPorts = [ cfg.settings.port ]; 336 336 + allowedTCPPorts = [ cfg.settings.port ]; 337 337 + }; 338 338 + }; 339 339 + 340 340 + meta.maintainers = with maintainers; [ gdd ]; 341 341 + }