Hm secrets management should be fine with packwiz on the client side though right? I wonder how much extra overhead would be involved if we did use packwiz.
Sorry for being super late about this. We ended up not migrating due to some hardware issues. But our configuration is public now, so if you’re still curious you can find the module (and its usage) here: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/hosts/greddost/services/minecraft
1 Like
sorry for a bit of a nerco, but i actually ended up starting a project to make packwiz compatible with nix (and nix-minecraft ofc). i’m not exactly sure how i would implement secrets, but bundling other files (like mod configs) is 100% possible and will probably be introduced soon. hope everyone here enjoys and feedback is appreciated!
I don’t mind a necro 
I’ve gone ahead and merged Misterio77’s changes into base nix-minecraft, if you want to edit your readme to point to the base repository.
Awesome to see that you have got it working! From a quick look over you were also hitting all of the issues I had found throughout my attempts to build packwiz2nix. I am saddend that you named it the same, as i still plan to create packwiz2nix.
Some of the issues currently with packwiz:
- Curseforge URLs can be generated rather easily (this however can be against their ToS if they decide they don’t like you?)
- Curseforge uses a horrible murmur2 hashing algorithm of their own design. I do not think one can use an external tool for Nix to verify a hash? A lot of curseforge support would rely on this or the introduction of sha256 in their apis. (This is however unlikely due to their hostile status against third parties).
- Packwiz currently defaults to sha1, but is planned to change to sha256. I will have time to do this next month. URL source uses deprecated sha1 only · Issue #156 · packwiz/packwiz · GitHub
- Packwiz has no ability to generate config files with secrets. This i have discussed a lot with the author, but ultimately we found no great way to add this to packwiz. Last looked into this a month ago and may best be solved with mods to allow minecraft to read env vars. Sadly i have not enough experience with Java to develop this myself. But unsup has a great idea by using
javaagentfor this.
I’ve gone ahead and merged Misterio77’s changes into base nix-minecraft, if you want to edit your readme to point to the base repository.
oh definitely! i actually first found nix-minecraft in their flake, and since it pointed to their fork, i thought it might just be a maintained version or something lol
I am saddend that you named it the same, as i still plan to create packwiz2nix
sorry i beat you to the punch /lh
Curseforge URLs can be generated rather easily (this however can be against their ToS if they decide they don’t like you?)
it’s always against their ToS. it’s why the packwiz toml files don’t contain it, and how multiple launchers have received cease and desist equivalents because they used it. i don’t see much of a way around this at all
Curseforge uses a horrible murmur2 hashing algorithm of their own design. I do not think one can use an external tool for Nix to verify a hash? A lot of curseforge support would rely on this or the introduction of sha256 in their apis. (This is however unlikely due to their hostile status against third parties).
this could be integrated easily with my project, as the sha1sums currently in use are already recalculated to sha256 in order to use pkgs.fetchurl
…but sadly this would still be blocked by the former, since even if they did natively support sha256 or another algo supported by nix, we wouldn’t be able to distribute urls
- Packwiz currently defaults to sha1, but is planned to change to sha256. I will have time to do this next month. URL source uses deprecated sha1 only · Issue #156 · packwiz/packwiz · GitHub
awesome! i actually was talking to the maintainer earlier and they mentioned this. it would be great and let me take out the part of the project i feel is the weakest (requiring maintainers to update packiz and nix checksums separately)
Packwiz has no ability to generate config files with secrets. This i have discussed a lot with the author, but ultimately we found no great way to add this to packwiz. Last looked into this a month ago and may best be solved with mods to allow minecraft to read env vars. Sadly i have not enough experience with Java to develop this myself. But unsup has a great idea by using
javaagentfor this.
this is sad to hear, but after taking a quick look at unsup, it seems like maybe this could be a great match for packwiz2nix. packwiz support is already there, but i feel like it would probably be best in a separate project as the work required to read their ini files might be a lot to undertake (could be wrong though, i might look into it more).
and while i do thing unsup would be a much better permanent solution, wouldn’t agenix and sops-nix also be able to fill a similar role for now? it would definitely remove compatibility with traditional distros (unlike unsup, which could in theory support both nixos configurations and traditional deployments) and introduce yet another flake input, but it would allow for files such as server.properties to take advantage of secrets in a pretty simple way
It looks like your project stopped getting updates. Are you planning on maintaining it?
I don’t have much time at the moment, feel free to fork!
I don’t keep up much with Discourse, so sorry for the lack of updates from me personally.
With regards to writing config files: There is a feature for that now!
There is a files option (akin to symlinks) which copies files into place instead of using symlinks. Both files and symlinks support generating their contents too:
files."filename.json".value = { a = b; };
For common formats, it will infer the format from the file name. But otherwise, you can specify it yourself:
files."filename.someformat" = {
format = pkgs.format.yaml; # Can be used for custom formats
value = { a = b; };
};
As talked about previously, a way to install Packwiz packs has also been added!
Additionally, it is possible to securely format secrets into files using the files option and a path to an environment file!
Thanks go to Misterio for all three! : )
I am a university student so my personal work on nix-minecraft has slowed down significantly. That said, feel free to submit issues about things you want to see, or PRs implementing changes, I’ll always try and make time to review them where I can, even if it takes a while : )
Finally, thank you all for enjoying the project! I never expected it would reach that far, but here it is!
2 Likes