added systemd service for vintagestory-server

why did i ever get rid of this in the first place?

flake.nix

@@ -162,6 +162,33 @@
       # ];
     };
 
+    # Vintage story server
+    nixosConfigurations."thancred" = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = {
+        inherit userName userEmail vintage-story;
+        hostname = "thancred";
+        role = "server";
+      };
+      modules = [
+        myOverlays
+        ./modules/common
+        ./modules/machine/thancred
+
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "server"; };
+          home-manager.backupFileExtension = "bak";
+          home-manager.users.${userName}.imports = [
+            ./home
+          ];
+        }
+      ];
+    };
+
+    # Matrix and Mastodon server
     nixosConfigurations."yshtola" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       specialArgs = {

home/git.nix

@@ -40,6 +40,11 @@
       ca = "commit -am";
       dc = "diff --cached";
       amend = "commit --amend -m";
+      wipe = "git reset --hard";
+      gg = "git reset --hard";
+      ggs = "git reset --hard";
+      sw = "git switch";
+      r = "git restore";
 
       # aliases for submodules
       update = "submodule update --init --recursive";

home/packages/linux.nix

@@ -1,4 +1,15 @@
 { lib, pkgs, isNixOS ? true, ... }:
 lib.mkIf pkgs.stdenv.isLinux {
-
+  home.packages = with pkgs; [
+    imv
+    xdg-utils
+  ] ++ lib.optionals isNixOS [
+    vesktop
+    xfce.thunar
+    pavucontrol
+    zathura
+    gpu-screen-recorder
+    gpu-screen-recorder-gtk
+    inetutils
+  ];
 }

home/shell.nix

@@ -62,7 +62,13 @@
             "If you’ve brought your ivory standard, I’ll be happy to tell you where you can stick it" \
             "Speeches? Oh, yes, I love them. There's nothing like a good exposition when you're having trouble sleeping!" \
             "Somehow, the boy just isn't very buoyant" \
-            "I am...not interested, little sun. Try again when you have become a man"
+            "I am...not interested, little sun. Try again when you have become a man" \
+            "I am rightousness! And rightousness shall previal!" \
+            "Ahhh such bliss!" \
+            "The gods themselves will be my meal. Your dear companions my dessert. Upon this world I'll feast, and death shall follow in my wake. All your hate, all your rage, you will render unto me." \
+            "Boring, boring, boring" \
+            "Would you be 'happier' had I a 'good reason'?" \
+            "A test of your reflexes!"
 
 
           set choose_meme (random)"%"(count $memes)

modules/machine/README.md

@@ -10,6 +10,10 @@ I like Final Fantasy, alright? Isn't everyone supposed to have a hobby?
 
 These are named after Final Fantasy VII characters.
 
-### Servers/Network Infrastructure
+### Servers/Network Infrastructure (bare metal)
 
 These are named after Final Fantasy summons. There is some infrastructure missing here like my routers and switches that I also name after summons.
+
+### Servers/Network Infrastructure (virtual machines)
+
+These are named after Final Fantasy XIV Online characters (currently, these are named after the Scions of the Seventh Dawn).

modules/machine/thancred/configuration.nix

@@ -0,0 +1,121 @@
+{
+  pkgs,
+  userName,
+  vintage-story,
+  ...
+}: {
+  imports = [
+    ../../pwrMgmt
+    ../../networking/core.nix
+    ../../virtualization/podman.nix
+  ];
+
+  # Enable flakes for NixOS
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Custom kernel/boot stuff
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Set your timezone
+  time.timeZone = "America/Detroit";
+
+  # Enable OpenSSH
+  services.openssh.enable = true;
+
+  # Enable keyring
+  services.gnome.gnome-keyring.enable = true;
+
+  # Enable GnuPG
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # Enable SUID wrappers (some programs need them)
+  programs.mtr.enable = true;
+
+  # Enable Polkit
+  security.polkit.enable = true;
+
+  # Power management (see ../../pwrMgmt/default.nix)
+  pwrMgmt = {
+    enable = true;
+    cpuFreqGovernor = "performance";
+    powertop.enable = false;
+  };
+
+  network = {
+    firewall = {
+      enable = true;
+      tcpPorts = {
+        allowedPorts = [ 42420 ];
+      };
+      udpPorts = {
+        allowedPorts = [ 42420 ];
+      };
+    };
+    networkManager.enable = true;
+  };
+
+  environment.systemPackages = [
+    vintage-story.packages.${pkgs.system}.default
+  ];
+
+  systemd.services.vintagestory-server = {
+    description = "Vintage Story Server";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Type = "simple";
+      User = userName;
+      WorkingDirectory = "/home/${userName}";
+      ExecStart = "${vintage-story.packages.${pkgs.system}.default}/bin/vintagestory-server";
+      Restart = "on-failure";
+      RestartSec = "5s";
+    };
+  };
+
+  # Add username to groups "wheel" and "video" - more may be added here later
+  users = {
+    groups.hazel = {};
+    users = {
+      ${userName} = {
+        extraGroups = [ "wheel" "network" ];
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4WKvKnnYpTbzZHFEslOKyfiiMqWxhW3AfX6E7ACmYU wyatt@wyattjmiller.com"
+        ];
+      };
+      "hazel" = {
+        home = "/home/hazel";
+        group = "hazel";
+        extraGroups = [ "wheel" ];
+        description = "hazel";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZnyiQx+k1ygX8E1lsUCB6aTdMc+OKzlZ4admlzknc5ulj0YrtUyqhbNhkNd6pP0QDBFMnXO/rzUvHp4TAyZXKFfpcBCa4zhK97ufymAfvzAjM4vRBqRNcr2n+2iRzxtolbklfjs3ocBQVxXW+pRT5wWxTgK2fcmP2xviDVldr7qte37x5YkQb5SAhYNH8tqJRnuGPe+Q0A3oN4HyHZFnrMq/HlbL5yg/0VKPTtF/IgHf+2dDz5OQQpBx3/N9u/QLwuIm9lkyOG03s0TGmE7up/i0jX2vIqp2BbGSnwdQEL/eSVZx73qQB/J62VFafg13P5yQWDJ33WSoiwhac6bg26HPmPOnCJp5R3c+7jM8N1F1ZbtsKicHSVsRg1RQSree4lchPy7FOPkCuUrB7LNE71mbpOzZNR767S6UAPaXxRw6QNYGBaDqQBwhlU8ZDF5F7EW6ahSUMOI6ECyoibzIMb56xs9osuNeUhB/BcL5sHSFpJjIbdcDLNkEKggrBl6s="
+        ];
+      };
+    };
+  };
+
+  services.fail2ban = {
+    enable = true;
+    package = pkgs.fail2ban;
+    maxretry = 5;
+    bantime = "3h";
+    bantime-increment = {
+      enable = true;
+      rndtime = "10m";
+    };
+  };
+
+  services.tailscale = {
+    enable = true;
+    package = pkgs.tailscale;
+  };
+
+  system.stateVersion = "24.11";
+}

modules/machine/thancred/default.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+}

modules/machine/thancred/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e2e621c1-0090-472a-99d9-61c6a87bd068";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/663E-15C0";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/60104b1a-4285-4dd1-be5e-3c3dee24515a"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}