diff --git a/modules/minecraft-servers.nix b/modules/minecraft-servers.nix index 9bd6037e..7eabf3ee 100644 --- a/modules/minecraft-servers.nix +++ b/modules/minecraft-servers.nix @@ -42,6 +42,13 @@ let then formatExtensions.${head extension} or error else error; + txtList = + { }: + { + type = with lib.types; listOf str; + generate = name: value: pkgs.writeText name (lib.concatStringsSep "\n" value); + }; + formatExtensions = with pkgs.formats; { "yml" = yaml { }; "yaml" = yaml { }; @@ -50,6 +57,7 @@ let "properties" = keyValue { }; "toml" = toml { }; "ini" = ini { }; + "txt" = txtList { }; }; configType = types.submodule { @@ -449,6 +457,24 @@ in ''; }; + allowedSymlinks = mkOption { + default = ["/nix/store"]; + type = with types; listOf str; + example = literalExpression '' + [ + "/mnt/worlds" + ] + ''; + description = '' + Minecraft 1.20+ disallows symlinks inside world directories, unless + its destinations are allow-listed. /nix/store is allowed by default, + but you may add more destinations through this option. See + + for more information. + ''; + + }; + package = mkOption { description = "The Minecraft server package to use."; type = types.package; @@ -598,6 +624,7 @@ in "whitelist.json".value = mapAttrsToList (n: v: { name = n; uuid = v; }) conf.whitelist; "ops.json".value = mapAttrsToList (n: v: { name = n; uuid = v.uuid; level = v.level; bypassesPlayerLimit = v.bypassesPlayerLimit; }) conf.operators; "server.properties".value = conf.serverProperties; + "allowed_symlinks.txt".value = conf.allowedSymlinks; } // conf.files); msConfig = managementSystemConfig name conf; diff --git a/tests/simple.nix b/tests/simple.nix index ea0ff81b..42273b63 100644 --- a/tests/simple.nix +++ b/tests/simple.nix @@ -28,5 +28,6 @@ nixosTest { server.wait_for_unit(f"minecraft-server-{name}.service") server.wait_for_open_port(25565) server.wait_until_succeeds(grep_logs("Done ([0-9.]\+s)! For help, type \"help\""), timeout=30) + server.succeed(f"test -e /srv/minecraft/{name}/allowed_symlinks.txt") ''; }