From 58d08a86840d5d0c9e8e46548b6da1fba2043df2 Mon Sep 17 00:00:00 2001 From: tux Date: Sat, 11 Jan 2025 04:25:49 +0530 Subject: [PATCH] feat: add CS-2 server --- .sops.yaml | 5 +++ hosts/capella/default.nix | 17 +++++++++ hosts/capella/secrets.yaml | 33 +++++++++++++++++ modules/nixos/containers/cs2.nix | 61 ++++++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 hosts/capella/secrets.yaml create mode 100644 modules/nixos/containers/cs2.nix diff --git a/.sops.yaml b/.sops.yaml index 58da921..944f398 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -43,3 +43,8 @@ creation_rules: - age: - *tux - *alpha + - path_regex: hosts/capella/secrets.yaml$ + key_groups: + - age: + - *tux + - *capella diff --git a/hosts/capella/default.nix b/hosts/capella/default.nix index c827f0e..a9ceb19 100644 --- a/hosts/capella/default.nix +++ b/hosts/capella/default.nix @@ -12,8 +12,23 @@ ../common ../../modules/nixos/virtualisation/docker.nix + ../../modules/nixos/containers/cs2.nix ]; + sops.secrets = { + "cs2_secrets/SRCDS_TOKEN" = { + sopsFile = ./secrets.yaml; + }; + + "cs2_secrets/CS2_RCONPW" = { + sopsFile = ./secrets.yaml; + }; + + "cs2_secrets/CS2_PW" = { + sopsFile = ./secrets.yaml; + }; + }; + nixpkgs.hostPlatform = "x86_64-linux"; networking = { @@ -21,6 +36,8 @@ firewall.enable = false; }; + security.sudo.wheelNeedsPassword = false; + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; diff --git a/hosts/capella/secrets.yaml b/hosts/capella/secrets.yaml new file mode 100644 index 0000000..220c4fa --- /dev/null +++ b/hosts/capella/secrets.yaml @@ -0,0 +1,33 @@ +cs2_secrets: + SRCDS_TOKEN: ENC[AES256_GCM,data:WKUUPlgPbAQHItF6RUoAyTxJBVHhm8j4pBCtKnKB+D9Bpnv89rOHhgoEarI=,iv:r25P7Z/5EZgh0jzCLScyfVee2K4WmhD54iJUcVL6Txo=,tag:7xnXaeBkzTGFFaYEWhmmkQ==,type:str] + CS2_RCONPW: ENC[AES256_GCM,data:KEyA7qVQbhIh+Aonv0o4o3QtuRgQKEs=,iv:KkqDqXJarbvU2coPUEpNL43cPIGTkGI3RVYKGK/dT5Q=,tag:koNljlFITRY2EHjstcVrEA==,type:str] + CS2_PW: ENC[AES256_GCM,data:O1uNUjhOCnx0LeiLo1aJPPJ3YA2dwwk=,iv:iBSv4YEgqD49vfjSdbtzv4RE5pXw2yNkS4waseg5qQw=,tag:IVRZZxlV5YoSWHmLEAptlQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEL0lPSUtjNWRNeTRQdzly + Sm5hL2Z6OSs4VmJlSTgzZ1FBMjN0cjNLQmo4CjFkdGx1T0MxTm5EQ2ZKR0gyM2Vp + M3NwUDA3V21ic01JWWNpeWNIVVBBekkKLS0tIFNuT2o1TCtWMVBxVmh6T295bDNr + bGpaeC9JbTBUVk1KYmFSTnlSMm9ybEkK0n7HZAHvjm7T0mvea1zgQJMo5aoah+bs + vi3eg3dq6gKSVXYtsnMKMXF34Uh11UFb3Nrzhbg5JIfgYYsDi4asRQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK0JGbDZqZ2pobXdHaXlw + U0t5TUVkSytNUmk3c3VuSzV0NnJuTkx1VGgwCnlNSzZ6a1FJSWMvbjdlS0s5YjVE + Ni9yVlFLVWNBZ2QwSi92NnhTOEs3R3MKLS0tIDg2MnI5ZEFJdDUzTjJVUDJXaTZz + QURYbkh3ckFTNG9RRG01eDRoZWVtM3MKd5+k09WBzx27iJ0A5Ek2bUiKCxoLfnMq + T2uRF77ElbZQRklicxBNdM895io/PLdMBocerTb4dWRE+I8FGwDCYg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-10T22:54:08Z" + mac: ENC[AES256_GCM,data:qirA0ifdYXv92LPOJy6iYGplGRl4sWlu/3yBoSSXU2jEMnTQ0JD3a0ogOaRuwXH9VHKkSuRYBbAcJt0Y9lMCTJ9nDL6xdSx0V6PxpQxxlDvtTo7YL4IgGM7wHol3CiooTssV/eQtc0rxb7WCuOunZOE43km0MKSRbURxPBd68KY=,iv:wkE5Pxxa/qQxGwBy+GoRtv6eFWB8CRNRBwKOLWRUNVc=,tag:xaDvKe9AMdJ5lpIyx75BFA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/modules/nixos/containers/cs2.nix b/modules/nixos/containers/cs2.nix new file mode 100644 index 0000000..da5cb8e --- /dev/null +++ b/modules/nixos/containers/cs2.nix @@ -0,0 +1,61 @@ +{config, ...}: { + virtualisation.oci-containers.containers.cs2-server = { + image = "joedwards32/cs2"; + environmentFiles = [ + config.sops.secrets."cs2_secrets/SRCDS_TOKEN".path + config.sops.secrets."cs2_secrets/CS2_RCONPW".path + config.sops.secrets."cs2_secrets/CS2_PW".path + ]; + + environment = { + # Server configuration + STEAMAPPVALIDATE = "0"; + CS2_SERVERNAME = "tux's CS-2 Server"; + CS2_CHEATS = "0"; + CS2_PORT = "27015"; + CS2_SERVER_HIBERNATE = "1"; + CS2_RCON_PORT = ""; + CS2_LAN = "0"; + CS2_MAXPLAYERS = "10"; + CS2_ADDITIONAL_ARGS = ""; + CS2_CFG_URL = ""; + # Game modes + CS2_GAMEALIAS = "competitive"; + CS2_GAMETYPE = "0"; + CS2_GAMEMODE = "1"; + CS2_MAPGROUP = "mg_active"; + CS2_STARTMAP = "de_mirage"; + # Workshop Maps + CS2_HOST_WORKSHOP_COLLECTION = ""; + CS2_HOST_WORKSHOP_MAP = ""; + # Bots + CS2_BOT_DIFFICULTY = "3"; + CS2_BOT_QUOTA = ""; + CS2_BOT_QUOTA_MODE = ""; + # TV + TV_AUTORECORD = "0"; + TV_ENABLE = "0"; + TV_PORT = "27020"; + TV_PW = "changeme"; + TV_RELAY_PW = "changeme"; + TV_MAXRATE = "0"; + TV_DELAY = "0"; + # Logs + CS2_LOG = "on"; + CS2_LOG_MONEY = "0"; + CS2_LOG_DETAIL = "0"; + CS2_LOG_ITEMS = "0"; + }; + volumes = [ + "cs2:/home/steam/cs2-dedicated" + ]; + ports = [ + "27015:27015/tcp" + "27015:27015/udp" + "27020:27020/udp" + ]; + extraOptions = [ + "--interactive" + ]; + }; +}