valheim: added container

options/podman.nix

@@ -17,6 +17,7 @@ in
     memos.enable = mkEnableOption "memos podman";
     morphos.enable = mkEnableOption "morphos podman";
     soulseek.enable = mkEnableOption "soulseek podman";
+    valheim.enable = mkEnableOption "valheim";
 
     servarr = {
       enable = mkEnableOption "servarr group";

profiles/homeserver.nix

@@ -37,10 +37,11 @@
       servarr.real-debrid-manager.enable = false;
       servarr.rdtclient.enable = true;
       openobserve.enable = true;
-      minecraft.enable = true;
+      minecraft.enable = false;
       memos.enable = true;
       morphos.enable = true;
       soulseek.enable = true;
+      valheim.enable = true;
     };
 
     docker = {

secrets/valheim.yaml

@@ -0,0 +1,30 @@
+valheim:
+    server:
+        password: ENC[AES256_GCM,data:S1bD+TSUxq8=,iv:dFMlNfFuS/1S9lD0uX8ag3hflGpAOyGk77O6CxxTaXM=,tag:KyRrtZIx7yNF5m+qTHafJA==,type:str]
+    admins:
+        #ENC[AES256_GCM,data:1xnixtjNoI/7knh9VA==,iv:8SZ12M5OR/umplY87nDqooc17atVX6fCoxo+eJYidkc=,tag:AuI5bfBrGvXtPzwrwzKV6Q==,type:comment]
+        admin_1: ENC[AES256_GCM,data:9lC1kJDiILyDHrrg9x987jo=,iv:6zu9r9JbFaJ/821H1uEw1LjG7yJZb9x/oj31JW8frRY=,tag:q26AjmbSgQOm8x++U0PLXA==,type:str]
+        #ENC[AES256_GCM,data:Yb0OhTDqdCICgRY=,iv:f/WWOGf2in4w2ZNTyDmulBTHd97zGpeQ6RVVvl7yAmk=,tag:LCsTO/HKXLzIR9OVPSB3tA==,type:comment]
+        admin_2: ENC[AES256_GCM,data:Lg1zqeIgi7biUO6vNeVyl9g=,iv:viJEQ+ow6XbhwvD4FHYMDnyvVupdxA1fHK+WHreOzkc=,tag:VAysj1syU+RCKh/Byrn8LQ==,type:str]
+        #ENC[AES256_GCM,data:VMtru88mMiFgTIiWSvA=,iv:o+76QEXzt9vSx3S3NqgI43QCIDOWdTrTnE4GX6u3mtE=,tag:fuNUkR6zPFcJIYFjRz2dxw==,type:comment]
+        admin_3: ENC[AES256_GCM,data:4roXiJ0cln8S/AGit56/NMQ=,iv:H6Cw16blxUvjM82zYRnTLRRFuo2Os5XQViF5sQ/7WZg=,tag:5YnKrWfMS11HblX52mLXAw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUjBwVmZ0RXlWMWdaZ3JW
+            WlJUWVI4SGN1THB0NTRmcTdzbFF1THhzR0UwCm1iU1QwNlFncFVSeFpCUzdNKzhw
+            dGlOV3ZyTnZNazhYWUpwVE9xZi9kU1kKLS0tIFlTdy9zWVRYUFkzUmRGQnpDbnRH
+            VGJzK0pkOGpTUElBV09EdURkOGhCYU0KNHqjED8G1HKI/tB9kH/K9ZoSYho26JZ8
+            bobGVyPbPnYsAPmzmFA+F+aw+dslaqHk+5dlKjWwFBguK2r389U3SQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-08T12:30:48Z"
+    mac: ENC[AES256_GCM,data:trtu4Foo8E/X/Utxhqf8dmTzVy3ozCq4RlHFhZ9PHvx+3kVX/delZspS2QK81fxehR62hD/aTMGP2Zlxsv4gU/eMV3Iv5h5GbIYtVuDb+ZyFNdEgh2QtZ86rndGMHhdHP5Nv2oQqsrcNkQAlYqlQaeRoz6AjzOmmavEAoIrHd7M=,iv:gyyYXnavN7TvL27E1QuhEN+/NPdCiJi3oYA0vtitAy8=,tag:+Vg6xqOKpy/jUOs43hxFKw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

system/podman/default.nix

@@ -53,5 +53,6 @@ in
     ./soulseek.nix
     ./suwayomi.nix
     ./ytptube.nix
+    ./valheim.nix
   ];
 }

system/podman/valheim.nix

@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+let
+  name = "valheim";
+  podman = config.profile.podman;
+  inherit (lib) mkIf strings;
+  ip = "10.88.200.10";
+  image = "docker.io/lloesche/valheim-server";
+  domain = "${name}.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+  base_dir = "/var/lib/${name}";
+in
+{
+  config = mkIf (podman.enable && podman.${name}.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:80
+    '';
+
+    sops =
+      let
+        opts = { sopsFile = ../../secrets/valheim.yaml; };
+      in
+      {
+        secrets = {
+          "valheim/server/password" = opts;
+          "valheim/admins/admin_1" = opts;
+          "valheim/admins/admin_2" = opts;
+          "valheim/admins/admin_3" = opts;
+        };
+
+        templates."valheim-env".content =
+          let
+            placeholder = config.sops.placeholder;
+          in
+            /*sh*/ ''
+            SERVER_PASS=${placeholder."valheim/server/password"}
+            ADMINLIST_IDS=${placeholder."valheim/admins/admin_1"} ${placeholder."valheim/admins/admin_2"} ${placeholder."valheim/admins/admin_3"}
+          '';
+      };
+
+    systemd.tmpfiles.settings."podman-${name}".${base_dir}.d = {
+      group = config.profile.user.name;
+      mode = "0755";
+      user = config.profile.user.name;
+    };
+
+    virtualisation.oci-containers.containers.${name} =
+      {
+        inherit image;
+        hostname = name;
+        autoStart = true;
+        ports = [
+          "2456:2456/udp"
+          "2457:2457/udp"
+        ];
+        volumes = [
+          "${base_dir}/config:/config"
+          "${base_dir}/data:/opt/valheim"
+        ];
+        environment = {
+          TZ = "Asia/Jakarta";
+          SERVER_NAME = "Three Musketeers";
+          WORLD_NAME = "Bebas";
+          STATUS_HTTP = "true";
+          PUID = uid;
+          PGID = gid;
+        };
+        extraOptions = [
+          "--network=podman"
+          "--ip=${ip}"
+          "--cap-add=sys_nice"
+        ];
+        environmentFiles = [
+          config.sops.templates."valheim-env".path
+        ];
+        labels = {
+          "io.containers.autoupdate" = "registry";
+        };
+      };
+  };
+}