wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

minecraft-server: adjust for velocity, use template unit, ditch screen and use fifo systemd socket for input

Browse source 
it actually works now, don't know why terminal multiplexers give an error even with pty access but this setup is better overall anyway
This commit is contained in:
wo2wz 2025-12-11 11:43:39 -05:00
parent 0150c8fb49
commit 76ff79019c
1 changed files with 165 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

77
modules/nixos/services/gameserver/minecraft-server.nix
View file

@ -2,11 +2,6 @@
{ {
networking.firewall = {
allowedTCPPorts = [ 10000 ];
allowedUDPPorts = [ 10000 ];
};
users = { users = {
users.minecraft = { users.minecraft = {
group = "minecraft"; group = "minecraft";
@ -18,18 +13,7 @@
groups.minecraft = {}; groups.minecraft = {};
}; };
environment.systemPackages = [ environment.etc."minecraft/java21_args".text = ''
# to control the interactive server console
pkgs.screen
pkgs.graalvmPackages.graalvm-oracle_17
inputs.nixpkgs-pin.legacyPackages.${pkgs.stdenv.hostPlatform.system}.graalvm-ce
];
environment.etc = {
"minecraft/java21_args".text = ''
-Xmx8G
-Xms8G
--add-modules=jdk.incubator.vector --add-modules=jdk.incubator.vector
-XX:+UseG1GC -XX:+UseG1GC
-XX:MaxGCPauseMillis=200 -XX:MaxGCPauseMillis=200
@ -117,30 +101,62 @@
-Djdk.graal.LoopRotation=true -Djdk.graal.LoopRotation=true
-Djdk.graal.CompilerConfiguration=enterprise -Djdk.graal.CompilerConfiguration=enterprise
''; '';
systemd = {
targets.multi-user.wants = [
"minecraft@countries.service"
"minecraft@monifactory.service"
];
sockets."minecraft@" = {
partOf = [ "minecraft@%i.service" ];
socketConfig = {
SocketUser = "minecraft";
SocketGroup = "minecraft";
SocketMode = "0600";
ListenFIFO = "%t/minecraft-%i.stdin";
RemoveOnStop = true;
};
}; };
systemd.services.minecraft = { services."minecraft@" = {
description = "Minecraft Java Edition server"; description = "Minecraft Java Edition server for %i";
wants = [ "network-online.target" ]; wants = [ "network-online.target" "velocity.service" ];
after = [ "network-online.target" ]; after = [ "network-online.target" "velocity.service" ];
path = [ pkgs.screen ]; environment = {
script = "screen -dmS minecraft -- ${lib.getExe inputs.nixpkgs-pin.legacyPackages.${pkgs.stdenv.hostPlatform.system}.graalvm-ce} @/etc/minecraft/java21_args -jar server.jar nogui"; JAVA_17_PATH = lib.getExe pkgs.graalvmPackages.graalvm-oracle_17;
JAVA_21_PATH = lib.getExe inputs.nixpkgs-pin.legacyPackages.${pkgs.stdenv.hostPlatform.system}.graalvm-ce;
};
serviceConfig = { serviceConfig = {
User = "minecraft"; User = "minecraft";
Group = "minecraft"; Group = "minecraft";
WorkingDirectory = "/var/lib/minecraft/vanilla"; StateDirectory = "minecraft/%i";
Type = "forking"; StateDirectoryMode = "0700";
Restart = "on-failure"; WorkingDirectory = "%S/minecraft/%i";
TimerSlackNSec = "5ms";
# very necessary and sane hardening for a private minecraft server ExecStart = "${lib.getExe pkgs.bash} run.sh";
Type = "exec";
Restart = "always";
# minecraft responds to SIGINT to stop the server
KillSignal = "SIGINT";
# minecraft sends exit code 130 when stopped
SuccessExitStatus = 130;
# use socket for stdin to send commands
Sockets = "minecraft@%i.socket";
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# hardening
CapabilityBoundingSet = [ "" ]; CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ]; DeviceAllow = [ "" ];
DevicePolicy = "strict"; DevicePolicy = "strict";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; PrivateTmp = true;
@ -166,7 +182,8 @@
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ]; SystemCallFilter = [ "@system-service" ];
UMask = "0027"; UMask = "0077";
};
}; };
}; };
} }