refactor(compose): minecraft via PACKWIZ_URL, authlib->auth., runtime mount

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-24 04:42:55 +02:00
parent 31eadcfb32
commit 8f6d846858

View File

@@ -1,10 +1,13 @@
# ────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────
# Minecraft 1.21.1 NeoForge + Drasl auth (with Keycloak OIDC) # Ulicraft LAN-party stack — Minecraft 1.21.1 NeoForge + Drasl auth
# ────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────
# Assumes: # Topology (single source of config: BASE_DOMAIN + HOST_LAN_IP in .env):
# - Keycloak is already running and reachable at https://keycloak.home.local # - dnsmasq resolves *.${BASE_DOMAIN} -> HOST_LAN_IP for guest laptops
# - AdGuard Home resolves drasl.home.local -> this host's LAN IP # - caddy is the only HTTP ingress; holds mcnet aliases so the stack
# - This host's LAN IP is on the same segment as the LAN party # resolves auth.${BASE_DOMAIN} / packwiz.${BASE_DOMAIN} internally too
# - drasl handles auth (password login; NO Keycloak/OIDC in this stack)
# - packwiz pack is served by caddy at packwiz.${BASE_DOMAIN}
# - minecraft installs mods via PACKWIZ_URL, authlib-injector -> auth.
# ────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────
services: services:
@@ -73,6 +76,7 @@ services:
EULA: "TRUE" EULA: "TRUE"
TYPE: "NEOFORGE" TYPE: "NEOFORGE"
VERSION: "1.21.1" VERSION: "1.21.1"
# Verify NEOFORGE_VERSION against projects.neoforged.net before deploy.
NEOFORGE_VERSION: "21.1.209" # pin a known-good build; update deliberately NEOFORGE_VERSION: "21.1.209" # pin a known-good build; update deliberately
# ── Memory / performance ──────────────────────────────────── # ── Memory / performance ────────────────────────────────────
@@ -84,7 +88,7 @@ services:
# ── Auth: offline mode + authlib-injector pointing at Drasl ─ # ── Auth: offline mode + authlib-injector pointing at Drasl ─
ONLINE_MODE: "FALSE" ONLINE_MODE: "FALSE"
# mount authlib-injector.jar at /extras/authlib-injector.jar # mount authlib-injector.jar at /extras/authlib-injector.jar
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://drasl.home.local:25585/authlib-injector" JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/authlib-injector"
# ── Server config ─────────────────────────────────────────── # ── Server config ───────────────────────────────────────────
DIFFICULTY: "normal" DIFFICULTY: "normal"
@@ -96,12 +100,8 @@ services:
ENFORCE_SECURE_PROFILE: "FALSE" # required for authlib-injector on 1.21+ ENFORCE_SECURE_PROFILE: "FALSE" # required for authlib-injector on 1.21+
ALLOW_FLIGHT: "TRUE" # many tech mods need this ALLOW_FLIGHT: "TRUE" # many tech mods need this
# ── Mod sources (Modrinth recommended over CF) ────────────── # ── Mod source: packwiz pack served by caddy ────────────────
MODRINTH_PROJECTS: "@/extras/modrinth-mods.txt" PACKWIZ_URL: "http://packwiz.${BASE_DOMAIN}/pack.toml"
MODRINTH_DOWNLOAD_DEPENDENCIES: "required"
# Optional, only if you need CF-exclusive mods:
# CF_API_KEY: ${CF_API_KEY}
# CURSEFORGE_FILES: "@/extras/cf-mods.txt"
# ── RCON for remote admin ─────────────────────────────────── # ── RCON for remote admin ───────────────────────────────────
ENABLE_RCON: "TRUE" ENABLE_RCON: "TRUE"
@@ -111,9 +111,10 @@ services:
TZ: "Europe/Madrid" TZ: "Europe/Madrid"
volumes: volumes:
- mc_data:/data - mc_data:/data
- ./extras:/extras:ro # authlib-injector.jar + mod lists live here - ./runtime:/extras:ro # authlib-injector.jar lives here
depends_on: depends_on:
- drasl - drasl
- caddy # packwiz pack is served by caddy
networks: networks:
- mcnet - mcnet