Add pterodactyl + wings services

2023-11-04 18:51:34 +01:00
parent 10dbfc682c
commit c0381c8e6c
3 changed files with 201 additions and 1 deletions
--- a/Pterodactyl/configuration.nix
+++ b/Pterodactyl/configuration.nix
@ -12,7 +12,8 @@
    <home-manager/nixos>

    # Include Services
-    # ./services/pterodactyl.nix
+    ./services/pterodactyl.nix
+    ./services/wings.nix
  ];

  # Bootloader.
@ -67,6 +68,48 @@
    ];
  };

+  systemd.services.init-behind-nginx-docker-network = {
+    description = "Create a docker network bridge for pterodactyl.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+  
+    serviceConfig.Type = "oneshot";
+    script = let
+      dockercli = "${config.virtualisation.docker.package}/bin/docker";
+      network = "pterodactyl";
+    in ''
+      # Put a true at the end to prevent getting non-zero return code, which will
+      # crash the whole service.
+      check=$(${dockercli} network ls | grep ${network} || true)
+      if [ -z "$check" ]; then
+        ${dockercli} network create ${network}
+      else
+        echo "${network} already exists in docker"
+      fi
+    '';
+  };
+
+  systemd.services.init-behind-nginx-docker-network = {
+    description = "Create a docker network bridge for wings.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+  
+    serviceConfig.Type = "oneshot";
+    script = let
+      dockercli = "${config.virtualisation.docker.package}/bin/docker";
+      network = "wings";
+    in ''
+      # Put a true at the end to prevent getting non-zero return code, which will
+      # crash the whole service.
+      check=$(${dockercli} network ls | grep ${network} || true)
+      if [ -z "$check" ]; then
+        ${dockercli} network create ${network}
+      else
+        echo "${network} already exists in docker"
+      fi
+    '';
+  };
+
  # Set your time zone.
  time.timeZone = "Europe/Berlin";

@ -205,8 +248,28 @@
  networking.firewall = {
    # Open ports in the firewall.
    allowedTCPPorts = [
+      # Pterodactyl Panel
+      80
+      443
    ];
    allowedUDPPorts = [
+      # Pterodactyl Panel
+      80
+      443
+    ];
+    allowedTCPPortRanges = [
+      # Pterodactyl Node/Servers
+      {
+        from = 10000;
+        to = 10099;
+      }
+    ];
+    allowedUDPPortRanges = [
+      # Pterodactyl Node/Servers
+      {
+        from = 10000;
+        to = 10099;
+      }
    ];
    # Or disable the firewall altogether.
    enable = true;
--- a/Pterodactyl/services/pterodactyl.nix
+++ b/Pterodactyl/services/pterodactyl.nix
@ -0,0 +1,95 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  virtualisation.oci-containers.containers.pterodactyl-db = {
+    image = "mariadb:10.5";
+    autoStart = true;
+
+    dependsOn = [
+      # "pihole"
+    ];
+
+    ports = [];
+
+    volumes = [
+      "pterodactyl-db_data:/var/lib/mysql"
+    ];
+
+    environment = {
+      MYSQL_DATABASE = "panel";
+      MYSQL_USER = "pterodactyl";
+      MYSQL_PASSWORD = "PterodactylDBPW";
+      MYSQL_ROOT_PASSWORD = "PterodactylRootPW";
+    };
+
+    cmd = [
+      "--default-authentication-plugin=mysql_native_password"
+    ];
+
+    extraOptions = [
+      "--network=pterodactyl"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.pterodactyl-cache = {
+    image = "redis:alpine";
+    autoStart = true;
+
+    dependsOn = [];
+    ports = [];
+    volumes = [];
+    environment = {};
+    cmd = [];
+    extraOptions = [
+      "--network=pterodactyl"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.pterodactyl-panel = {
+    image = "ghcr.io/pterodactyl/panel:latest";
+    autoStart = true;
+
+    dependsOn = [
+      "pterodactyl-db"
+      "pterodactyl-cache"
+    ];
+
+    ports = [
+      "80:80"
+      "443:443"
+    ];
+
+    volumes = [
+      "pterodactyl_var:/app/var"
+      "pterdactyl_nginx:/etc/nginx/http.d"
+      "pterodactyl_certs:/etc/letsencrypt"
+      "pterodactyl_logs:/app/storage/logs"
+    ];
+
+    environment = {
+      # This URL should be the URL that your reverse proxy routes to the panel server
+      APP_URL = "https://games.local.chriphost.de";
+      APP_TIMEZONE = "Europe/Berlin";
+      APP_SERVICE_AUTHOR = "christoph.urlacher@protonmail.com";
+      TRUSTED_PROXIES = "192.168.86.25"; # Set this to your proxy IP
+      DB_PASSWORD = "PterodactylDBPW";
+      APP_ENV = "production";
+      APP_ENVIRONMENT_ONLY = "false";
+      CACHE_DRIVER = "redis";
+      SESSION_DRIVER = "redis";
+      QUEUE_DRIVER = "redis";
+      REDIS_HOST = "pterodactyl-cache";
+      DB_HOST = "pterodactyl-db";
+      DB_PORT = "3306";
+    };
+
+    cmd = [];
+
+    extraOptions = [
+      "--network=pterodactyl"
+    ];
+  };
+}
--- a/Pterodactyl/services/wings.nix
+++ b/Pterodactyl/services/wings.nix
@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  virtualisation.oci-containers.containers.wings = {
+    image = "ghcr.io/pterodactyl/wings:latest";
+    autoStart = true;
+
+    dependsOn = [];
+
+    ports = [
+      "8080:8080"
+      "2022:2022"
+      "443:443"
+    ];
+
+    volumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "/var/lib/docker/containers/:/var/lib/docker/containers/"
+      "/etc/ssl/certs:/etc/ssl/certs:ro"
+
+      "wings_etc:/etc/pterodactyl/"
+      "wings_var:/var/lib/pterodactyl/"
+      "wings_logs:/var/log/pterodactyl/"
+      "wings_tmp:/tmp/pterodactyl/"
+      "wings_certs:/etc/letsencrypt/"
+    ];
+
+    environment = {
+      TZ = "Europe/Berlin";
+      WINGS_UID = 988;
+      WINGS_GID = 988;
+      WINGS_USERNAME = pterodactyl;
+    };
+
+    extraOptions = [
+      "--network=wings"
+    ];
+  };
+}