From bbc529287d769d708a900fd0ce8fd4b24e332e0a Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Sat, 30 Mar 2024 15:56:58 +0000 Subject: [PATCH] fix: add second no-proxy dyndns for minecraft and others --- flake.nix | 1 + modules/common/default.nix | 4 +++ modules/nixos/gaming/minecraft-server.nix | 2 ++ modules/nixos/services/cloudflare.nix | 40 +++++++++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/flake.nix b/flake.nix index 23d05e4..82288b0 100644 --- a/flake.nix +++ b/flake.nix @@ -239,6 +239,7 @@ influxdb = "influxdb.${baseName}"; irc = "irc.${baseName}"; metrics = "metrics.${baseName}"; + minecraft = "minecraft.${baseName}"; prometheus = "prom.${baseName}"; paperless = "paper.${baseName}"; secrets = "vault.${baseName}"; diff --git a/modules/common/default.nix b/modules/common/default.nix index 09391ea..7cf9c64 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -75,6 +75,10 @@ type = lib.types.str; description = "Hostname for metrics server."; }; + minecraft = lib.mkOption { + type = lib.types.str; + description = "Hostname for Minecraft server."; + }; paperless = lib.mkOption { type = lib.types.str; description = "Hostname for document server (paperless-ngx)."; diff --git a/modules/nixos/gaming/minecraft-server.nix b/modules/nixos/gaming/minecraft-server.nix index 9c21b06..869934d 100644 --- a/modules/nixos/gaming/minecraft-server.nix +++ b/modules/nixos/gaming/minecraft-server.nix @@ -44,6 +44,8 @@ in { networking.firewall.allowedTCPPorts = [ publicPort ]; + cloudflare.noProxyDomains = [ config.hostnames.minecraft ]; + ## Automatically start and stop Minecraft server based on player connections # Adapted shamelessly from: diff --git a/modules/nixos/services/cloudflare.nix b/modules/nixos/services/cloudflare.nix index 64c4a97..763d34c 100644 --- a/modules/nixos/services/cloudflare.nix +++ b/modules/nixos/services/cloudflare.nix @@ -46,6 +46,11 @@ in { options.cloudflare.enable = lib.mkEnableOption "Use Cloudflare."; + options.cloudflare.noProxyDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Domains to use for dyndns without CDN proxying."; + }; + config = lib.mkIf config.cloudflare.enable { # Forces Caddy to error if coming from a non-Cloudflare IP @@ -95,6 +100,7 @@ in { services.cloudflare-dyndns = { enable = true; proxied = true; + deleteMissing = true; apiTokenFile = config.secrets.cloudflare-api.dest; }; @@ -104,5 +110,39 @@ in { requires = [ "cloudflare-api-secret.service" ]; }; + # Run a second copy of dyn-dns for non-proxied domains + # Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix + systemd.services.cloudflare-dyndns-noproxy = { + description = "CloudFlare Dynamic DNS Client (no proxy)"; + after = [ "network.target" "cloudflare-api-secret.service" ]; + requires = [ "cloudflare-api-secret.service" ]; + wantedBy = [ "multi-user.target" ]; + startAt = "*:0/5"; + + environment = { + CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains; + }; + + serviceConfig = { + Type = "simple"; + DynamicUser = true; + StateDirectory = "cloudflare-dyndns-noproxy"; + EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile; + ExecStart = let + args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ] + ++ (if config.services.cloudflare-dyndns.ipv4 then + [ "-4" ] + else + [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then + [ "-6" ] + else + [ "-no-6" ]) + ++ lib.optional config.services.cloudflare-dyndns.deleteMissing + "--delete-missing"; + + in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}"; + }; + }; + }; }