diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4e2ac7c7a..5d5fde276 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,7 +24,7 @@ repos: - --notitle - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.97.0 + rev: v1.97.1 hooks: - id: terraform_docs args: diff --git a/kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/helm-release.yaml b/kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/helm-release.yaml index 33cf9e816..26f1d2d97 100644 --- a/kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/helm-release.yaml +++ b/kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/helm-release.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: k8s-resource - version: 0.2.0 + version: 0.3.0 sourceRef: kind: HelmRepository name: mirceanton-charts @@ -44,7 +44,7 @@ spec: chart: spec: chart: k8s-resource - version: 0.2.0 + version: 0.3.0 sourceRef: kind: HelmRepository name: mirceanton-charts @@ -77,7 +77,7 @@ spec: chart: spec: chart: k8s-resource - version: 0.2.0 + version: 0.3.0 sourceRef: kind: HelmRepository name: mirceanton-charts diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml index 7ea1b3845..91e64f686 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/flux-sync.yaml @@ -51,3 +51,30 @@ spec: dependsOn: - name: minecraft-public-velocity-proxy - name: apps-rook-ceph-cluster + +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &appname minecraft-public-survival-world + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + targetNamespace: gaming-public + commonMetadata: + labels: + app.kubernetes.io/name: *appname + path: ./kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: minecraft-public-velocity-proxy + - name: apps-rook-ceph-cluster diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml index 0f2be899d..ad06d7094 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/helm-release.yaml @@ -34,7 +34,7 @@ spec: cpu: 100m memory: 1024Mi minecraftServer: - resourcePackUrl: https://cdn.modrinth.com/data/Q1vvjJYV/versions/oGcsNfpD/BSL_v8.4.01.2.zip + # resourcePackUrl: "" eula: "TRUE" version: "1.21.4" type: PAPER diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml new file mode 100644 index 000000000..ef64d23bf --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/paper-global.yaml @@ -0,0 +1,137 @@ +--- +# This is the global configuration file for Paper. +# As you can see, there's a lot to configure. Some options may impact gameplay, so use +# with caution, and make sure you know what each option does before configuring. +# +# If you need help with the configuration or have any questions related to Paper, +# join us in our Discord or check the docs page. +# +# The world configuration options have been moved inside +# their respective world folder. The files are named paper-world.yml +# +# Docs: https://docs.papermc.io/ +# Discord: https://discord.gg/papermc +# Website: https://papermc.io/ + +_version: 29 +block-updates: + disable-chorus-plant-updates: false + disable-mushroom-block-updates: false + disable-noteblock-updates: false + disable-tripwire-updates: false +chunk-loading-advanced: + auto-config-send-distance: true + player-max-concurrent-chunk-generates: 0 + player-max-concurrent-chunk-loads: 0 +chunk-loading-basic: + player-max-chunk-generate-rate: -1.0 + player-max-chunk-load-rate: 100.0 + player-max-chunk-send-rate: 75.0 +chunk-system: + gen-parallelism: default + io-threads: -1 + worker-threads: -1 +collisions: + enable-player-collisions: true + send-full-pos-for-hard-colliding-entities: true +commands: + fix-target-selector-tag-completion: true + suggest-player-names-when-null-tab-completions: true + time-command-affects-all-worlds: false +console: + enable-brigadier-completions: true + enable-brigadier-highlighting: true + has-all-permissions: false +item-validation: + book: + author: 8192 + page: 16384 + title: 8192 + book-size: + page-max: 2560 + total-multiplier: 0.98 + display-name: 8192 + lore-line: 8192 + resolve-selectors-in-books: false +logging: + deobfuscate-stacktraces: true +messages: + kick: + authentication-servers-down: + connection-throttle: Connection throttled! Please wait before reconnecting. + flying-player: + flying-vehicle: + no-permission: + I'm sorry, but you do not have permission to perform this command. + Please contact the server administrators if you believe that this is in error. + use-display-name-in-quit-message: false +misc: + chat-threads: + chat-executor-core-size: -1 + chat-executor-max-size: -1 + client-interaction-leniency-distance: default + compression-level: default + fix-entity-position-desync: true + load-permissions-yml-before-plugins: true + max-joins-per-tick: 5 + region-file-cache-size: 256 + strict-advancement-dimension-check: false + use-alternative-luck-formula: false + use-dimension-type-for-custom-spawners: false +packet-limiter: + all-packets: + action: KICK + interval: 7.0 + max-packet-rate: 500.0 + kick-message: + overrides: + ServerboundPlaceRecipePacket: + action: DROP + interval: 4.0 + max-packet-rate: 5.0 +player-auto-save: + max-per-tick: -1 + rate: -1 +proxies: + bungee-cord: + online-mode: true + proxy-protocol: false + velocity: + enabled: true + online-mode: true + secret: "TEST" +scoreboards: + save-empty-scoreboard-teams: true + track-plugin-scoreboards: false +spam-limiter: + incoming-packet-threshold: 300 + recipe-spam-increment: 1 + recipe-spam-limit: 20 + tab-spam-increment: 1 + tab-spam-limit: 500 +spark: + enable-immediately: false + enabled: true +timings: + enabled: false + hidden-config-entries: + - database + - proxies.velocity.secret + history-interval: 300 + history-length: 3600 + server-name: Unknown Server + server-name-privacy: false + url: https://timings.aikar.co/ + verbose: true +unsupported-settings: + allow-headless-pistons: false + allow-permanent-block-break-exploits: false + allow-piston-duplication: false + allow-tripwire-disarming-exploits: false + allow-unsafe-end-portal-teleportation: false + compression-format: ZLIB + perform-username-validation: true + skip-vanilla-damage-tick-when-shield-blocked: false +watchdog: + early-warning-delay: 10000 + early-warning-every: 5000 diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/spigot.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/spigot.yaml new file mode 100644 index 000000000..c98d04546 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/config/spigot.yaml @@ -0,0 +1,152 @@ +--- +# This is the main configuration file for Spigot. +# As you can see, there's tons to configure. Some options may impact gameplay, so use +# with caution, and make sure you know what each option does before configuring. +# For a reference for any variable inside this file, check out the Spigot wiki at +# http://www.spigotmc.org/wiki/spigot-configuration/ +# +# If you need help with the configuration or have any questions related to Spigot, +# join us at the Discord or drop by our forums and leave a post. +# +# Discord: https://www.spigotmc.org/go/discord +# Forums: http://www.spigotmc.org/ + +messages: + whitelist: You are not whitelisted on this server! + unknown-command: Unknown command. Type "/help" for help. + server-full: The server is full! + outdated-client: Outdated client! Please use {0} + outdated-server: Outdated server! I'm still on {0} + restart: Server is restarting +world-settings: + default: + below-zero-generation-in-existing-chunks: true + verbose: true + growth: + cactus-modifier: 100 + cane-modifier: 100 + melon-modifier: 100 + mushroom-modifier: 100 + pumpkin-modifier: 100 + sapling-modifier: 100 + beetroot-modifier: 100 + carrot-modifier: 100 + potato-modifier: 100 + wheat-modifier: 100 + netherwart-modifier: 100 + vine-modifier: 100 + cocoa-modifier: 100 + bamboo-modifier: 100 + sweetberry-modifier: 100 + kelp-modifier: 100 + twistingvines-modifier: 100 + weepingvines-modifier: 100 + cavevines-modifier: 100 + ticks-per: + hopper-transfer: 8 + hopper-check: 1 + hopper-amount: 1 + hopper-can-load-chunks: false + unload-frozen-chunks: false + merge-radius: + exp: 3.0 + item: 2.5 + mob-spawn-range: 6 + entity-activation-range: + animals: 32 + monsters: 32 + raiders: 48 + misc: 16 + tick-inactive-villagers: true + ignore-spectators: false + entity-tracking-range: + players: 48 + animals: 48 + monsters: 48 + misc: 32 + display: 128 + other: 64 + dragon-death-sound-radius: 0 + seed-village: 10387312 + seed-desert: 14357617 + seed-igloo: 14357618 + seed-jungle: 14357619 + seed-swamp: 14357620 + seed-monument: 10387313 + seed-shipwreck: 165745295 + seed-ocean: 14357621 + seed-outpost: 165745296 + seed-endcity: 10387313 + seed-slime: 987234911 + seed-nether: 30084232 + seed-mansion: 10387319 + seed-fossil: 14357921 + seed-portal: 34222645 + hunger: + jump-walk-exhaustion: 0.05 + jump-sprint-exhaustion: 0.2 + combat-exhaustion: 0.1 + regen-exhaustion: 6.0 + swim-multiplier: 0.01 + sprint-multiplier: 0.1 + other-multiplier: 0.0 + max-tnt-per-tick: 100 + max-tick-time: + tile: 50 + entity: 50 + view-distance: default + simulation-distance: default + thunder-chance: 100000 + item-despawn-rate: 6000 + enable-zombie-pigmen-portal-spawns: true + arrow-despawn-rate: 1200 + trident-despawn-rate: 1200 + wither-spawn-sound-radius: 0 + end-portal-sound-radius: 0 + hanging-tick-frequency: 100 + zombie-aggressive-towards-villager: true + nerf-spawner-mobs: false +commands: + log: true + tab-complete: 0 + send-namespaced: true + spam-exclusions: + - /skill + silent-commandblock-console: false + replace-commands: + - setblock + - summon + - testforblock + - tellraw +settings: + bungeecord: false + sample-count: 12 + player-shuffle: 0 + user-cache-size: 1000 + save-user-cache-on-stop-only: false + moved-wrongly-threshold: 0.0625 + moved-too-quickly-multiplier: 10.0 + timeout-time: 60 + restart-on-crash: true + restart-script: ./start.sh + netty-threads: 4 + attribute: + maxHealth: + max: 2048.0 + movementSpeed: + max: 2048.0 + attackDamage: + max: 2048.0 + log-villager-deaths: true + log-named-deaths: true + debug: false +advancements: + disable-saving: false + disabled: + - minecraft:story/disabled +players: + disable-saving: false +config-version: 12 +stats: + disable-saving: false + forced-stats: {} diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml new file mode 100644 index 000000000..be408c52d --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/helm-release.yaml @@ -0,0 +1,92 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: minecraft-public-survival-world +spec: + interval: 15m + driftDetection: + mode: enabled + chart: + spec: + chart: minecraft + interval: 15m + version: 4.23.7 + sourceRef: + kind: HelmRepository + name: minecraft-server-charts + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + # https://artifacthub.io/packages/helm/minecraft-server-charts/minecraft + values: + image: + repository: ghcr.io/itzg/minecraft-server + tag: latest@sha256:6859bd9ff36447128df08826c3846bcfa66e7d6e27ccf2f6f4f2b9d262bf5ffd + resources: + requests: + cpu: 100m + memory: 1024Mi + minecraftServer: + # resourcePackUrl: "" + eula: "TRUE" + version: "1.21.4" + type: PAPER + motd: welcome to techicraft, have fun! + difficulty: normal + ops: "tyriis,jazzlyin" + worldSaveName: survival + levelSeed: "8883383886528594252" + enableCommandBlock: false + maxPlayers: 50 + spawnAnimals: true + spawnNPCs: true + spawnProtection: 0 + spawnMonsters: true + allowNether: true + generateStructures: true + viewDistance: 14 + levelType: DEFAULT + # maxBuildHeight: 256 + gameMode: survival + pvp: true + # https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding + onlineMode: false + memory: 1024M + rcon: + enabled: false + persistence: + dataDir: + enabled: true + existingClaim: minecraft-public-survival-world-data + postRenderers: + - kustomize: + patches: + - target: + kind: Deployment + name: minecraft-public-survival-world-minecraft + patch: |- + - op: add + path: /spec/template/spec/volumes/- + value: + name: config + configMap: + name: minecraft-public-survival-world-config + - op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: config + mountPath: /config/spigot.yml + subPath: spigot.yml + - op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: config + mountPath: /config/paper-global.yml + subPath: paper-global.yml diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml new file mode 100644 index 000000000..252f8a1b3 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/kustomization.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - secret.sops.yaml + - replication-destination.yaml + - persistent-volume-claim.yaml + - replication-source.yaml + - helm-release.yaml +configMapGenerator: + - name: minecraft-public-survival-world-config + files: + - spigot.yml=config/spigot.yaml + - paper-global.yml=config/paper-global.yaml +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/persistent-volume-claim.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/persistent-volume-claim.yaml new file mode 100644 index 000000000..2b9e7c60b --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/persistent-volume-claim.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minecraft-public-survival-world-data +spec: + accessModes: + - ReadWriteOnce + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: minecraft-public-survival-world-data + resources: + requests: + storage: 10Gi + storageClassName: ceph-block diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-destination.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-destination.yaml new file mode 100644 index 000000000..d77f5bc29 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-destination.yaml @@ -0,0 +1,31 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: minecraft-public-survival-world-data + labels: + # https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources + kustomize.toolkit.fluxcd.io/ssa: IfNotPresent +spec: + trigger: + manual: restore-once + restic: + repository: minecraft-public-survival-world-volsync + copyMethod: Snapshot + volumeSnapshotClassName: csi-ceph-blockpool + cacheStorageClassName: ceph-block + cacheAccessModes: + - ReadWriteOnce + cacheCapacity: 1Gi + storageClassName: ceph-block + accessModes: + - ReadWriteOnce + capacity: 2Gi + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + enableFileDeletion: true + cleanupCachePVC: true + cleanupTempPVC: true diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-source.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-source.yaml new file mode 100644 index 000000000..52c96aa90 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/replication-source.yaml @@ -0,0 +1,31 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: minecraft-public-survival-world-data +spec: + sourcePVC: minecraft-public-survival-world-data + trigger: + schedule: "0 * * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 14 + repository: minecraft-public-survival-world-volsync + volumeSnapshotClassName: csi-ceph-blockpool + cacheCapacity: 1Gi + cacheStorageClassName: ceph-block + cacheAccessModes: + - ReadWriteOnce + storageClassName: ceph-block + accessModes: + - ReadWriteOnce + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + retain: + hourly: 24 + daily: 7 + weekly: 4 + monthly: 3 diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/secret.sops.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/secret.sops.yaml new file mode 100644 index 000000000..10c8a781e --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/survival-world/secret.sops.yaml @@ -0,0 +1,31 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: minecraft-public-survival-world-volsync +type: Opaque +stringData: + RESTIC_REPOSITORY: ENC[AES256_GCM,data:2n75gLVqhn6NOWiYlZftOog6smVUi0fAW/qDaUyMSUBKOFUnJ0FVGDwd+ESddHPIOpsazJ5WvqTrIU5Mzf2rEgncfvNibNZtGsCmilqFvhW1QnhXU1iCjA47kg==,iv:Rr11KvQR1FCbojYy6+5EAHPdvi1sg3eJdydoqEyJg/M=,tag:e2bUBXnqH53YEomJKgu9mA==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:cYJRWOAQuC5j3Tttt9RluEcpN7nNHbGi9lVlRw4jNgf/7pSBV/xICgub+srZSM3/H35OXzzKxDMxbPTwm8cr1Q==,iv:PMxvFayHK1PukOE/TOljoednoHei44hOC+bUwK6CN4k=,tag:nyJJEe1Fy6v18OA8m/s+0Q==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:JEXZW41lEw==,iv:pduvJsbyBRNMiP6rJ5T7mz79rdW5VLpR/Y3lOXHKU8A=,tag:HZKS59FvxO4FwZrb3LhKmg==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:aguU70F7QhX2FSEJFmknY8+31PbPIXdF0iGArAkBIihiGhAfOMkD6upDfpZmuZYQcJJgRPpH2jk=,iv:I/9UIpgz0uXHzhhlbV4481gS9KRtm1ZhzvoxJScGsxg=,tag:ax0t2h1ltyPkk+0TgnMCIg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16zqeqx5y6ay3flwz0d06rn83yjv9ckys3j8tpkysf9v6295fhc6sf4r0uj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYjdZeVptaDlPZW9idmtP + UkRGdmxyb0REM2s4dnZVSERQNFFSRHlqVkcwClJlZHVhQUVnUm16QVloazMyUUFx + Q24vakF5RUEvMTExZ0lPa1RXblFEV3cKLS0tIFNMcGx3NzRQT0U4MTZER0FQUzh3 + SThDODl4ZFFMMUlxM3BneWlrNDdjdUUKm16agevW+HLV4al0q2m5W/SyS84E5SXh + QfWlkG1byRaLRQ+tMeTuCN0tk2A2asmSPygQ1IKo4AO9kMirDEjQ6w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-01T21:52:47Z" + mac: ENC[AES256_GCM,data:CnqbXQDkaqFdNYt4FXKvLzix35LE/8h1vIcfxiXdU+h14nlVpXQQYiyuRtGCdqjsIx+XjWFSHNNzpyBrdOZ2DBBpjPe/JGqEQvENpl/1bVmELWGX1RJ4mWIuVz6qpiX5wVImAT7sOtSMWkGfcJ3oF6i3c1i0j8GX4a4zcYawyjE=,iv:ihIzFGVtPJqX19ju+qjYSx4Oi14+hgwzGBJBSDe2QeQ=,tag:vRWl5h/OuqCN2LvTh6kX1w==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml index f3fdc7c71..8d7f8a5eb 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/config/velocity.toml @@ -75,11 +75,13 @@ enable-player-address-logging = true # lobby = "minecraft-lobby-world-minecraft:25565" # creative = "minecraft-creative-world-minecraft:25565" playground = "minecraft-public-playground-world-minecraft:25565" +survival = "minecraft-public-survival-world-minecraft:25565" # survival = "minecraft-survival-world-minecraft:25565" # In what order we should try servers when a player logs in or is kicked from a server. try = [ - "playground" + "survival", + "playground" ] [forced-hosts] diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml new file mode 100644 index 000000000..6c036b5f6 --- /dev/null +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name minecraft-public-velocity-proxy-whitelist +spec: + refreshInterval: 1m + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: *name + creationPolicy: Owner + template: + engineVersion: v2 + data: + whitelist.txt: "{{ .WHITELIST_TXT }}" + dataFrom: + - extract: + key: infra/techtales/gaming-public/minecraft-java diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml index 2c4415dd8..d9703bf7b 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml @@ -31,6 +31,8 @@ spec: annotations: reloader.stakater.com/auto: "true" pod: + labels: + ingress.home.arpa/playit: allow securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -50,7 +52,7 @@ spec: TYPE: "VELOCITY" VELOCITY_VERSION: "latest" VELOCITY_BUILD_ID: "latest" - PLUGINS: https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity,https://download.geysermc.org/v2/projects/floodgate/versions/latest/builds/latest/downloads/velocity,https://cdn.modrinth.com/data/9eGKb6K1/versions/yGTasgG4/voicechat-velocity-2.5.24.jar + PLUGINS: https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/velocity,https://download.geysermc.org/v2/projects/floodgate/versions/latest/builds/latest/downloads/velocity,https://cdn.modrinth.com/data/9eGKb6K1/versions/yGTasgG4/voicechat-velocity-2.5.24.jar,https://cdn.modrinth.com/data/mGVcEBwo/versions/fhsSOjSc/simplewhitelist-velocity-1.0.0.jar MEMORY: 256M # JVM_OPTS: "-Xms128M -Xmx256M" ENABLE_RCON: "false" @@ -144,3 +146,12 @@ spec: - path: /config/forwarding.secret subPath: forwarding.secret readOnly: true + whitelist: + type: secret + name: minecraft-public-velocity-proxy-whitelist + advancedMounts: + velocity: + app: + - path: /server/plugins/simplewhitelist/whitelist.txt + subPath: whitelist.txt + readOnly: true diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml index c0e359680..001791b8f 100644 --- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml +++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml @@ -3,8 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./persistent-volume-claim.yaml - - ./helm-release.yaml + - external-secret.yaml + - persistent-volume-claim.yaml + - helm-release.yaml configMapGenerator: - name: minecraft-public-velocity-proxy-config files: diff --git a/kubernetes/talos-flux/apps/home-automation/node-red/app/helm-release.yaml b/kubernetes/talos-flux/apps/home-automation/node-red/app/helm-release.yaml index b182810fe..2498ba9df 100644 --- a/kubernetes/talos-flux/apps/home-automation/node-red/app/helm-release.yaml +++ b/kubernetes/talos-flux/apps/home-automation/node-red/app/helm-release.yaml @@ -45,7 +45,7 @@ spec: app: image: repository: docker.io/nodered/node-red - tag: 4.0.8@sha256:871225abb46d62e434c75c73ec264c406ae1d0ea09b365ed9ffa122fdc327879 + tag: 4.0.8@sha256:94926616c16e016e2468c2c83a8d9040ffdef1999e54a2b36e54986d37de2f7f env: TZ: ${SETTING_TZ} FLOWS: flows.json diff --git a/kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/helm-release.yaml b/kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/helm-release.yaml index 3768919df..edeb97ef6 100644 --- a/kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/helm-release.yaml +++ b/kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/helm-release.yaml @@ -74,7 +74,7 @@ spec: ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/ttyUSB0 image: repository: ghcr.io/koenkk/zigbee2mqtt - tag: 2.0.0@sha256:6105a3a01a66bbfb98909a7c309d0707ec7b41728ac15d399747077225231545 + tag: 2.1.0@sha256:9426e9a8de6c4efc15e13f2802435bd57fbe3f532c1b18a215df98c664b64d19 ports: - name: http containerPort: 8080 diff --git a/kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/helm-release.yaml b/kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/helm-release.yaml index cc56e5abe..2fdea6989 100644 --- a/kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/helm-release.yaml +++ b/kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/helm-release.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: k8s-resource - version: 0.2.0 + version: 0.3.0 sourceRef: kind: HelmRepository name: mirceanton-charts @@ -44,7 +44,7 @@ spec: chart: spec: chart: k8s-resource - version: 0.2.0 + version: 0.3.0 sourceRef: kind: HelmRepository name: mirceanton-charts diff --git a/kubernetes/talos-flux/apps/networking/cloudflared/app/config.yaml b/kubernetes/talos-flux/apps/networking/cloudflared/app/config.yaml index 11d3ef4dd..26f4c5a58 100644 --- a/kubernetes/talos-flux/apps/networking/cloudflared/app/config.yaml +++ b/kubernetes/talos-flux/apps/networking/cloudflared/app/config.yaml @@ -41,16 +41,16 @@ ingress: service: https://kromgo.techtales.io originRequest: httpHostHeader: kromgo.techtales.io - - hostname: minecraft.techtales.io - service: "tcp://minecraft-public-velocity-proxy.gaming-public.svc.cluster.local:25565" - originRequest: - proxyType: tcp - - hostname: bedrock.techtales.io - service: "udp://minecraft-public-velocity-proxy.gaming-public.svc.cluster.local" - originRequest: - proxyType: udp - # originRequest: - # httpHostHeader: minecraft.techtales.io + # - hostname: minecraft.techtales.io + # service: "tcp://minecraft-public-velocity-proxy.gaming-public.svc.cluster.local:25565" + # originRequest: + # proxyType: tcp + # - hostname: bedrock.techtales.io + # service: "udp://minecraft-public-velocity-proxy.gaming-public.svc.cluster.local:19132" + # originRequest: + # proxyType: udp + # originRequest: + # httpHostHeader: minecraft.techtales.io # - hostname: example2.com # service: localhost:8001 # The localhost:8002 service overrides some root-level config. diff --git a/kubernetes/talos-flux/apps/networking/kustomization.yaml b/kubernetes/talos-flux/apps/networking/kustomization.yaml index a9d2f9dc7..7663288d0 100644 --- a/kubernetes/talos-flux/apps/networking/kustomization.yaml +++ b/kubernetes/talos-flux/apps/networking/kustomization.yaml @@ -8,5 +8,6 @@ resources: - ./adguard-home/flux-sync.yaml - ./cloudflared/flux-sync.yaml - ./external-dns/flux-sync.yaml + - ./playit/flux-sync.yaml - ./redirect-service/flux-sync.yaml - ./unifi/flux-sync.yaml diff --git a/kubernetes/talos-flux/apps/networking/playit/app/external-secret.yaml b/kubernetes/talos-flux/apps/networking/playit/app/external-secret.yaml new file mode 100644 index 000000000..4b593c42f --- /dev/null +++ b/kubernetes/talos-flux/apps/networking/playit/app/external-secret.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name playit-env +spec: + refreshInterval: 1m + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: *name + creationPolicy: Owner + template: + engineVersion: v2 + data: + SECRET_KEY: "{{ .PLAYIT_SECRET_KEY }}" + dataFrom: + - extract: + key: infra/techtales/network/playit diff --git a/kubernetes/talos-flux/apps/networking/playit/app/helm-release.yaml b/kubernetes/talos-flux/apps/networking/playit/app/helm-release.yaml new file mode 100644 index 000000000..82b3e405a --- /dev/null +++ b/kubernetes/talos-flux/apps/networking/playit/app/helm-release.yaml @@ -0,0 +1,74 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app playit +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.6.1 + sourceRef: + kind: HelmRepository + name: bjw-s-charts + namespace: flux-system + interval: 15m + install: + createNamespace: false + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + defaultPodOptions: + automountServiceAccountToken: false + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + + controllers: + plait: + replicas: 1 + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + nameOverride: *app + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: [ALL] + envFrom: + - secretRef: + name: playit-env + env: + TZ: ${SETTING_TZ} + image: + repository: ghcr.io/playit-cloud/playit-agent + tag: 0.15.26@sha256:3d08eb4a627a6d167f3cce497d8e2ec8f9e7d2df4e96f0599ca41e4b957c852c + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 150Mi + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false diff --git a/kubernetes/talos-flux/apps/networking/playit/app/kustomization.yaml b/kubernetes/talos-flux/apps/networking/playit/app/kustomization.yaml new file mode 100644 index 000000000..b9561b556 --- /dev/null +++ b/kubernetes/talos-flux/apps/networking/playit/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: home-automation +resources: + - external-secret.yaml + # - networkpolicy.yaml + - helm-release.yaml diff --git a/kubernetes/talos-flux/apps/networking/playit/app/networkpolicy.yaml b/kubernetes/talos-flux/apps/networking/playit/app/networkpolicy.yaml new file mode 100644 index 000000000..fcded2269 --- /dev/null +++ b/kubernetes/talos-flux/apps/networking/playit/app/networkpolicy.yaml @@ -0,0 +1,36 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: playit +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/name: playit + + egress: + - toEntities: + - world # TODO: get concrete info on what ports are required + - toEndpoints: + - matchLabels: + ingress.home.arpa/playit: allow + matchExpressions: + - key: io.kubernetes.pod.namespace + operator: Exists # any namespace + +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json +--- +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: playit-to-app +spec: + endpointSelector: + matchLabels: + ingress.home.arpa/playit: allow + + ingress: + - fromEndpoints: + - matchLabels: + app.kubernetes.io/name: playit diff --git a/kubernetes/talos-flux/apps/networking/playit/flux-sync.yaml b/kubernetes/talos-flux/apps/networking/playit/flux-sync.yaml new file mode 100644 index 000000000..dc35ebda9 --- /dev/null +++ b/kubernetes/talos-flux/apps/networking/playit/flux-sync.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &appname playit + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *appname + interval: 30m + path: ./kubernetes/talos-flux/apps/networking/playit/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: true + timeout: 5m + dependsOn: + - name: apps-external-secrets-stores