Compare commits
68 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 08fe8c9c53 | |||
| 10b86ae23e | |||
| cd79b0e540 | |||
| 25df9f9398 | |||
| 1958a96acf | |||
| e45ce210ba | |||
| d12071df04 | |||
| a67b9cf59e | |||
| d303d23d18 | |||
| 614e47598b | |||
| 69871c8a93 | |||
| 015bf7fbe3 | |||
| d0bc81f0f7 | |||
| 35be2e6b76 | |||
| 33b9ebc7f6 | |||
| b9929da54d | |||
| 36c28362bc | |||
| 07a4ae469d | |||
| 2c3e4cf385 | |||
| 4855447b29 | |||
| 14ef545bbb | |||
| 7222904c91 | |||
| 8a71709048 | |||
| db63aa7d10 | |||
| 39b9262ee9 | |||
| 037b1777d6 | |||
| 1019da66a3 | |||
| 0b098ae06e | |||
| db270a9695 | |||
| 4750c0d6c7 | |||
| 220b43d007 | |||
| 37d21cacf9 | |||
| 3af14d0144 | |||
| 369b4dc0a0 | |||
| c3b2d89ddc | |||
| 362228f985 | |||
| c8a6c77a8e | |||
| c233b1bfbc | |||
| de1ac2ee17 | |||
| 5d5602fbd7 | |||
| 97347693b6 | |||
| a138bbfd72 | |||
| 6c7e259fcb | |||
| 096ef82420 | |||
| c249172baa | |||
| fa8cede6ae | |||
| 84196d59d0 | |||
| 27237bc7c1 | |||
| 90c3be7bb5 | |||
| d21a7f0e92 | |||
| df8ffca53e | |||
| 067e990306 | |||
| 673202e1e4 | |||
| 1ec3a9c1ee | |||
| 663b87a4e4 | |||
| a2821f2bbc | |||
| cfd60131fb | |||
| 95c63e1ee0 | |||
| 46103495fb | |||
| 1709bcd340 | |||
| 67d1f82e6a | |||
| ff645de2c8 | |||
| 6df885eb13 | |||
| 6fac1647aa | |||
| a6155819b6 | |||
| 3185fea4c1 | |||
| f3c38da56c | |||
| 21e6080e78 |
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: deploy
|
name: deploy
|
||||||
description: Redeploy the Ulicraft Minecraft stack to the production host `cochi` — git pull on main then a hard restart (compose down + build-stack.sh --up online). Use when the user says "deploy", "redeploy", "deploy to cochi", "push to prod", "ship it", or "restart the server" for this project. Causes brief Minecraft downtime.
|
description: Redeploy the Ulicraft Minecraft stack to the production host `cochi` — git pull on main then a hard restart (compose down + up). Use when the user says "deploy", "redeploy", "deploy to cochi", "push to prod", "ship it", or "restart the server" for this project. Causes brief Minecraft downtime.
|
||||||
---
|
---
|
||||||
|
|
||||||
# Deploy Ulicraft to `cochi`
|
# Deploy Ulicraft to `cochi`
|
||||||
@@ -13,8 +13,9 @@ Redeploy the running stack on the production host. Full reference:
|
|||||||
- Host: `cochi` (SSH alias)
|
- Host: `cochi` (SSH alias)
|
||||||
- Path: `/home/ubuntu/mc/ulicraft-server-v1`
|
- Path: `/home/ubuntu/mc/ulicraft-server-v1`
|
||||||
- Branch: `main`
|
- Branch: `main`
|
||||||
- Run mode: `online` → compose files `docker-compose.yml` + `docker-compose.static.yml`
|
- Stack: single unified `docker-compose.yml` (drasl, minecraft, mc-backup,
|
||||||
- Auth: Drasl (base stack)
|
caddy, nmsr, mc-status, uptime-kuma, filestash)
|
||||||
|
- Auth: Drasl
|
||||||
- Restart: **hard** (down → up) — players are disconnected for a few minutes
|
- Restart: **hard** (down → up) — players are disconnected for a few minutes
|
||||||
|
|
||||||
## Procedure
|
## Procedure
|
||||||
@@ -30,37 +31,96 @@ invoking this skill is the authorization to proceed, but:
|
|||||||
already up to date and ask whether to restart anyway (they may want a plain
|
already up to date and ask whether to restart anyway (they may want a plain
|
||||||
restart). If `git fetch` fails (host unreachable, auth), STOP and report.
|
restart). If `git fetch` fails (host unreachable, auth), STOP and report.
|
||||||
|
|
||||||
2. **Pull + hard restart** (single SSH session, halts on any error):
|
**If the incoming commits ADD A SERVICE, check `.env` on the host first.**
|
||||||
|
A new service with `${FOO:?...}` guards (filestash uses them) fails the
|
||||||
|
**whole compose file**, not just that service — so a missing var means
|
||||||
|
`up` refuses to start *anything*, and a `--hard` deploy has already run
|
||||||
|
`down`. The stack stays down. Check before tearing it down:
|
||||||
|
```bash
|
||||||
|
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && grep -c "^FILES_" .env'
|
||||||
|
```
|
||||||
|
Same for a new **subdomain**: it needs a cert (`LE_SUBDOMAINS` +
|
||||||
|
`issue-letsencrypt.sh`) and an nginx vhost — see step 2b, which the deploy
|
||||||
|
does NOT do for you.
|
||||||
|
|
||||||
|
2. **Pull, ensure authlib, then `update-all.sh --hard`** (single SSH session,
|
||||||
|
halts on any error):
|
||||||
```bash
|
```bash
|
||||||
ssh cochi 'set -e
|
ssh cochi 'set -e
|
||||||
cd /home/ubuntu/mc/ulicraft-server-v1
|
cd /home/ubuntu/mc/ulicraft-server-v1
|
||||||
git pull --ff-only
|
git pull --ff-only
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml down --remove-orphans
|
tooling/fetch-authlib.sh
|
||||||
tooling/build-stack.sh --up online'
|
./update-all.sh --hard'
|
||||||
```
|
```
|
||||||
- `--ff-only` refuses to merge — if the pull is not a fast-forward, STOP and
|
- `--ff-only` refuses to merge — if the pull is not a fast-forward, STOP and
|
||||||
report (local changes on the host need manual resolution).
|
report (local changes on the host need manual resolution).
|
||||||
- `build-stack.sh --up online` renders configs (needs `.env` complete:
|
- `fetch-authlib.sh` ensures `runtime/authlib-injector.jar` exists (gitignored;
|
||||||
`BASE_DOMAIN`, `HOST_LAN_IP`, `RCON_PASSWORD`) and runs `compose up -d`.
|
skips if already valid; NOT part of update-all since it rarely changes).
|
||||||
|
Missing jar = minecraft crashloops with "Error opening zip file or JAR
|
||||||
|
manifest missing". Run it before `update-all` so the jar is present when
|
||||||
|
compose brings minecraft up.
|
||||||
|
- **`update-all.sh` is the single source of truth** for the post-pull build +
|
||||||
|
restart steps (render drasl/nmsr configs from `.env`, sync server mods, regen
|
||||||
|
the landing mod list, rebuild `www/`, then apply via docker compose). It is
|
||||||
|
also runnable on its own for a lighter rolling update (no `--hard` =
|
||||||
|
change-detected restart, no world downtime). `--hard` here does
|
||||||
|
`down --remove-orphans && up -d --build` for the deliberate full restart.
|
||||||
|
`render-config.sh` halts on an invalid `REGISTRATION_MODE` (must be `invite`
|
||||||
|
or `open`); a missing distribution jar halts `sync-server-mods.sh`. The
|
||||||
|
landing rebuild is unconditional (the gitignored `www/` is never updated by
|
||||||
|
`git pull`), so no separate landing step is needed.
|
||||||
|
|
||||||
|
2b. **Only if the deploy changed `nginx/ulicraft-caddy.conf.tmpl`** (a new
|
||||||
|
subdomain, a new body-size/rate-limit rule, a changed `CADDY_HTTP_PORT`).
|
||||||
|
`update-all.sh` does **not** touch the host nginx, so a new vhost simply
|
||||||
|
won't exist and the subdomain 404s / hits the wrong server block:
|
||||||
|
```bash
|
||||||
|
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && tooling/render-nginx.sh --install'
|
||||||
|
```
|
||||||
|
It runs `nginx -t` before reloading, so a bad render fails safe. The cert
|
||||||
|
must already exist (`certs/<name>/cert.pem`) or nginx won't load the block —
|
||||||
|
issue it first with `tooling/issue-letsencrypt.sh` (reads `LE_SUBDOMAINS`).
|
||||||
|
|
||||||
3. **Verify.**
|
3. **Verify.**
|
||||||
```bash
|
```bash
|
||||||
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && docker compose -f docker-compose.yml -f docker-compose.static.yml ps'
|
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && docker compose ps'
|
||||||
```
|
```
|
||||||
Confirm `caddy`, `drasl`, `minecraft`, `mc-backup` are Up. Tail the minecraft
|
Confirm `caddy`, `drasl`, `minecraft`, `mc-backup`, `nmsr`, `mc-status`,
|
||||||
log briefly and confirm it reaches `Done` (server ready):
|
`uptime-kuma`, `filestash` are Up. Tail the minecraft log briefly and confirm
|
||||||
|
it reaches the ready marker (match `Done (Ns)! For help` — a bare `Done`
|
||||||
|
also matches unrelated mod-loading lines):
|
||||||
```bash
|
```bash
|
||||||
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && timeout 120 docker compose -f docker-compose.yml -f docker-compose.static.yml logs -f minecraft' 2>/dev/null | grep -m1 "Done"
|
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && timeout 180 docker compose logs -f minecraft' 2>/dev/null | grep -m1 'Done ([0-9.]*s)! For help'
|
||||||
```
|
```
|
||||||
|
If a public vhost changed, verify it end-to-end from your workstation rather
|
||||||
|
than trusting `compose ps` (a container can be Up while nginx never routes to
|
||||||
|
it): `curl -s -o /dev/null -w '%{http_code}' https://<vhost>/`.
|
||||||
|
|
||||||
## Guardrails
|
## Guardrails
|
||||||
|
|
||||||
- Never `git reset --hard` or discard changes on `cochi` without telling the user
|
- Never `git reset --hard` or discard changes on `cochi` without telling the user
|
||||||
first — there may be host-local edits.
|
first — there may be host-local edits.
|
||||||
- Volumes (`mc_data`, `drasl_state`) persist across `down`; the world is safe. Do
|
- **Caddy conf changes need a recreate, not reload/restart.** If the deploy
|
||||||
NOT pass `-v`/`--volumes` to `down`.
|
touched any `caddy/conf.d/*.caddy` or the Caddyfile and you did a *rolling*
|
||||||
|
`update-all.sh` (not `--hard`), the change WON'T apply: those are single-file
|
||||||
|
bind mounts pinned to the host inode, and `git pull` gives the file a new inode.
|
||||||
|
`restart`/`caddy reload` reuse the stale inode. Run
|
||||||
|
`docker compose up -d --force-recreate caddy`, then verify with
|
||||||
|
`docker compose exec caddy cat /etc/caddy/conf.d/<file>`. The `--hard` path
|
||||||
|
(full `down`/`up`) already recreates, so it's unaffected.
|
||||||
|
- **Same trap for `filestash/config.json`** — also a single-file bind mount, and
|
||||||
|
it is *re-rendered on every run* by `render-config.sh`, so a rolling
|
||||||
|
`update-all.sh` leaves filestash reading the stale inode after any `FILES_*`
|
||||||
|
change (rotating the shared password, flipping `FILES_AUTH`). Apply with
|
||||||
|
`docker compose up -d --force-recreate filestash`. `--hard` is unaffected.
|
||||||
|
- **Never let `filestash/config.json` be missing when compose runs.** It is
|
||||||
|
gitignored and rendered; if it doesn't exist, Docker creates a *directory* at
|
||||||
|
that path and filestash breaks in a confusing way. `update-all.sh` renders
|
||||||
|
before `up`, so the normal path is safe — just don't hand-run `docker compose
|
||||||
|
up` on the host without rendering first. If it happened: `rm -rf
|
||||||
|
filestash/config.json && tooling/render-config.sh && docker compose up -d
|
||||||
|
--force-recreate filestash`.
|
||||||
|
- Volumes (`mc_data`, `drasl_state`, `kuma_data`) persist across `down`; the
|
||||||
|
world and monitors are safe. Do NOT pass `-v`/`--volumes` to `down`.
|
||||||
- If a step fails, STOP and surface the exact error + the failing command. Do not
|
- If a step fails, STOP and surface the exact error + the failing command. Do not
|
||||||
improvise recovery on production.
|
improvise recovery on production.
|
||||||
- Blessing Skin variant or `airgap` mode changes the compose file set — if the
|
|
||||||
user asks for those, follow `plan/14-deploy.md` instead of the fixed commands
|
|
||||||
above.
|
|
||||||
|
|||||||
125
.env.example
125
.env.example
@@ -1,35 +1,100 @@
|
|||||||
# Copy to .env and fill in real values
|
# Copy to .env and fill in real values
|
||||||
|
|
||||||
# Single base domain for the whole stack; every service is a subdomain of this.
|
# Single base domain for the whole stack; every service is a subdomain of this.
|
||||||
# Use .lan (NOT .local) — .local is intercepted by mDNS on macOS/Linux and
|
# DNS is handled OUTSIDE this repo — point ${BASE_DOMAIN} and every subdomain
|
||||||
# won't resolve through a normal unicast DNS server.
|
# (auth. avatar. status. distribution. www.) at the host running nginx.
|
||||||
BASE_DOMAIN=ulicraft.lan
|
BASE_DOMAIN=ulicraft.net
|
||||||
# The Docker host's LAN IP — every service name resolves here.
|
|
||||||
HOST_LAN_IP=192.168.1.10
|
|
||||||
|
|
||||||
# mDNS toggle. true + BASE_DOMAIN=*.local → an Avahi container publishes the
|
|
||||||
# service names over mDNS (zero-config for macOS/Linux guests; Windows needs
|
|
||||||
# Bonjour). false → use your own party DNS (records: tooling/dns-records.sh).
|
|
||||||
# NOTE: mDNS resolves ONLY *.local; it cannot serve the air-gap upstream-host
|
|
||||||
# spoofs — those always need a real DNS server.
|
|
||||||
ENABLE_MDNS=false
|
|
||||||
|
|
||||||
RCON_PASSWORD=change-me-to-something-random
|
RCON_PASSWORD=change-me-to-something-random
|
||||||
|
|
||||||
# Caddy host-published port (docker-compose.caddy.yml). Default 80 for the
|
# Registration mode (BACKEND gate) for self-hosted accounts (Drasl).
|
||||||
# standalone LAN/air-gap path. When the machine's own nginx fronts caddy
|
# invite = closed; guests need an admin-minted invite code (recommended on a
|
||||||
# (nginx terminates TLS → reverse-proxies to caddy), set a high port and bind
|
# public, internet-present host). Admin mints via POST /drasl/api/v2/invites.
|
||||||
# it to localhost so only nginx reaches it:
|
# open = anyone can self-register with username+password (set [RateLimit]!).
|
||||||
# CADDY_HTTP_PORT=8880
|
# Consumed by render-config.sh (-> Drasl RegistrationNewPlayer.RequireInvite).
|
||||||
# CADDY_HTTP_BIND=127.0.0.1
|
# Default: invite. NOTE: this no longer controls the landing invite FIELD — that's
|
||||||
# Then render nginx/ulicraft-caddy.conf.tmpl with CADDY_HTTP_PORT.
|
# REGISTRATION_SHOW_INVITE below.
|
||||||
CADDY_HTTP_PORT=80
|
REGISTRATION_MODE=invite
|
||||||
CADDY_HTTP_BIND=0.0.0.0
|
|
||||||
|
|
||||||
# distribution.${BASE_DOMAIN} static vhost (docker-compose.distribution.yml).
|
# Show the invite-code FIELD on the landing register form. Read by the landing
|
||||||
# Absolute host path to the built static site — it lives in ANOTHER repo.
|
# BUILD (data/site.ts) only; default false (hidden). Independent of the backend
|
||||||
# Bind-mounted read-only into caddy and served at distribution.${BASE_DOMAIN}.
|
# gate above. CAVEAT: if REGISTRATION_MODE=invite (Drasl requires a code) but this
|
||||||
|
# is false, public self-registration can't supply one — enable both together, or
|
||||||
|
# mint accounts admin-side. true | false.
|
||||||
|
REGISTRATION_SHOW_INVITE=false
|
||||||
|
|
||||||
|
# NMSR avatar render mode for the landing's avatar tiles. Read by the landing
|
||||||
|
# BUILD (data/site.ts) only. Avatar URL =
|
||||||
|
# https://avatar.${BASE_DOMAIN}/<mode>/<uuid>?size=N. e.g. headiso | head | fullbody.
|
||||||
|
# AVATAR_MODE → ServerCard online row + account preview (heads)
|
||||||
|
# ROSTER_AVATAR_MODE → Members grid (full body; default fullbodyiso)
|
||||||
|
AVATAR_MODE=headiso
|
||||||
|
ROSTER_AVATAR_MODE=fullbodyiso
|
||||||
|
|
||||||
|
# Drasl admin creds for the registered-players roster (/api/mcstatus/players).
|
||||||
|
# Consumed ONLY by the mc-status container (server-side login → sanitized
|
||||||
|
# [{uuid,name}] list); these NEVER reach the browser. Use a DEDICATED, rotatable
|
||||||
|
# admin account (Drasl has no read-only role) to limit blast radius. Leave blank
|
||||||
|
# to disable the roster (the Members grid then just shows its empty state).
|
||||||
|
DRASL_ADMIN_USERNAME=
|
||||||
|
DRASL_ADMIN_PASSWORD=
|
||||||
|
|
||||||
|
# caddy host-published port. The host's own nginx terminates TLS and
|
||||||
|
# reverse-proxies to caddy by Host header (nginx/ulicraft-caddy.conf.tmpl), so
|
||||||
|
# bind caddy to a high localhost-only port — only nginx should reach it.
|
||||||
|
CADDY_HTTP_PORT=8880
|
||||||
|
CADDY_HTTP_BIND=127.0.0.1
|
||||||
|
|
||||||
|
# distribution.${BASE_DOMAIN} static vhost. Absolute host path to the built
|
||||||
|
# static site — it lives in ANOTHER repo. Bind-mounted read-only into caddy.
|
||||||
DISTRIBUTION_WEB_ROOT=/home/oier/projects/mc-mods/ulicraft-group/ulicraft-distribution/dist
|
DISTRIBUTION_WEB_ROOT=/home/oier/projects/mc-mods/ulicraft-group/ulicraft-distribution/dist
|
||||||
|
|
||||||
|
# ── files.${BASE_DOMAIN} — Filestash player file share ────────────────
|
||||||
|
# Screenshots / schematics / maps. ONE shared login for all players, writable.
|
||||||
|
# Full design + gotchas: plan/20-files.md.
|
||||||
|
|
||||||
|
# Host path holding the shared files. Keep it OUTSIDE the repo — guest-writable
|
||||||
|
# data must not live in a git tree we `git pull` into.
|
||||||
|
FILES_DATA_DIR=/srv/ulicraft-files
|
||||||
|
|
||||||
|
# Literal mount flag for FILES_DATA_DIR: rw | ro. `ro` makes the share
|
||||||
|
# read-only at the KERNEL, regardless of what the Filestash UI thinks. It is a
|
||||||
|
# mount flag rather than a boolean because compose has no conditionals — the
|
||||||
|
# value is substituted straight into the volume string.
|
||||||
|
FILES_MOUNT_MODE=rw
|
||||||
|
|
||||||
|
# Auth middleware (rendered into config.json by render-config.sh):
|
||||||
|
# htpasswd one shared user/pass — the only internet-safe value
|
||||||
|
# passthrough NO LOGIN. Anyone reaching the vhost is in.
|
||||||
|
# none alias of passthrough
|
||||||
|
# passthrough/none on a WRITABLE, internet-reachable share is an open upload
|
||||||
|
# relay (malware/phishing hosted on your domain, under your cert, with your
|
||||||
|
# bandwidth — and a domain blocklisting would take auth. and the apex down
|
||||||
|
# with it). Only set it once this host is unreachable from the internet.
|
||||||
|
FILES_AUTH=htpasswd
|
||||||
|
|
||||||
|
# The shared player credential (FILES_AUTH=htpasswd).
|
||||||
|
# FILES_PASSWORD_HASH: openssl passwd -6 '<password>'
|
||||||
|
# MUST be $6$ (sha512). The htpasswd plugin's bcrypt branch only accepts $2a$,
|
||||||
|
# so a $2y$ hash from `htpasswd -B` fails EVERY login, silently.
|
||||||
|
# render-config.sh rejects the wrong format rather than shipping it.
|
||||||
|
FILES_USER=uli
|
||||||
|
FILES_PASSWORD_HASH=
|
||||||
|
|
||||||
|
# Filestash /admin console password — bcrypt, and /admin IS publicly exposed, so
|
||||||
|
# use a 20+ char generated password. It is the only credential guarding config.
|
||||||
|
# docker run --rm caddy:alpine caddy hash-password --plaintext '<password>'
|
||||||
|
FILES_ADMIN_PASSWORD_HASH=
|
||||||
|
|
||||||
|
# Session key (openssl rand -hex 16). Must be non-empty: an empty secret_key
|
||||||
|
# makes filestash rewrite config.json at boot, which fails on the :ro mount.
|
||||||
|
FILES_SECRET_KEY=
|
||||||
|
|
||||||
|
# Unlocks the local storage backend, which filestash admin-gates: it refuses to
|
||||||
|
# init unless the connection params carry this secret. config.json supplies it
|
||||||
|
# server-side; players never see it. openssl rand -hex 24.
|
||||||
|
FILES_LOCAL_SECRET=
|
||||||
|
|
||||||
# Only needed if using CurseForge-exclusive mods:
|
# Only needed if using CurseForge-exclusive mods:
|
||||||
# CF_API_KEY=your-curseforge-api-key
|
# CF_API_KEY=your-curseforge-api-key
|
||||||
|
|
||||||
@@ -37,7 +102,7 @@ DISTRIBUTION_WEB_ROOT=/home/oier/projects/mc-mods/ulicraft-group/ulicraft-distri
|
|||||||
# Only needed to issue real TLS certs. DNS-01 needs no inbound ports.
|
# Only needed to issue real TLS certs. DNS-01 needs no inbound ports.
|
||||||
LE_EMAIL=you@example.com
|
LE_EMAIL=you@example.com
|
||||||
# space-separated subdomains; apex ${BASE_DOMAIN} is always included
|
# space-separated subdomains; apex ${BASE_DOMAIN} is always included
|
||||||
LE_SUBDOMAINS=auth pack distribution
|
LE_SUBDOMAINS=auth distribution www avatar status files
|
||||||
# OVH API creds (DNS zone write). Create at https://eu.api.ovh.com/createToken/
|
# OVH API creds (DNS zone write). Create at https://eu.api.ovh.com/createToken/
|
||||||
# OVH_CK can be blank on first run — acme.sh prints an auth URL, then paste it.
|
# OVH_CK can be blank on first run — acme.sh prints an auth URL, then paste it.
|
||||||
OVH_END_POINT=ovh-eu
|
OVH_END_POINT=ovh-eu
|
||||||
@@ -45,13 +110,3 @@ OVH_AK=
|
|||||||
OVH_AS=
|
OVH_AS=
|
||||||
OVH_CK=
|
OVH_CK=
|
||||||
# LE_STAGING=1 # use the untrusted staging CA for dry runs
|
# LE_STAGING=1 # use the untrusted staging CA for dry runs
|
||||||
|
|
||||||
# ── Blessing Skin auth variant (docker-compose.blessingskin.yml) ──────
|
|
||||||
# Only needed when running the Blessing Skin override instead of Drasl.
|
|
||||||
BS_DB_NAME=blessingskin
|
|
||||||
BS_DB_USER=blessingskin
|
|
||||||
BS_DB_PASSWORD=change-me-bs-db
|
|
||||||
BS_DB_ROOT_PASSWORD=change-me-bs-root
|
|
||||||
# Generate once and paste here so it survives container recreates:
|
|
||||||
# docker run --rm azusamikan/blessing-skin-server-docker:latest php artisan key:generate --show
|
|
||||||
BS_APP_KEY=base64:replace-with-generated-key
|
|
||||||
|
|||||||
33
.gitignore
vendored
33
.gitignore
vendored
@@ -5,16 +5,17 @@ runtime/authlib-injector.jar
|
|||||||
|
|
||||||
# rendered configs (from tooling/render-config.sh)
|
# rendered configs (from tooling/render-config.sh)
|
||||||
drasl/config/config.toml
|
drasl/config/config.toml
|
||||||
dnsmasq/dnsmasq.conf
|
nmsr/config.toml
|
||||||
# packwiz pack files rendered from pack/**/*.tmpl by tooling/render-pack.sh
|
# holds the admin bcrypt hash, the shared player hash, the session key and the
|
||||||
# (domain-dependent build output); source of truth is the .tmpl + custom/ jars.
|
# local-backend secret — only the .tmpl is tracked
|
||||||
pack/mods/*.pw.toml
|
filestash/config.json
|
||||||
pack/index.toml
|
|
||||||
pack/CustomSkinLoader/CustomSkinLoader.json
|
|
||||||
|
|
||||||
# vendored / mirrored binaries
|
# server mod subset synced from the distribution repo by
|
||||||
mirror/
|
# tooling/sync-server-mods.sh (source of truth is mods-sides.json + $DIST jars)
|
||||||
pack/mods-files/
|
server-mods/
|
||||||
|
|
||||||
|
# vendored binaries
|
||||||
|
launcher/
|
||||||
|
|
||||||
# landing page: generated build output + deps
|
# landing page: generated build output + deps
|
||||||
www/
|
www/
|
||||||
@@ -22,8 +23,18 @@ landing/node_modules/
|
|||||||
landing/.astro/
|
landing/.astro/
|
||||||
landing/dist/
|
landing/dist/
|
||||||
|
|
||||||
# exported Caddy CA (per-deploy artifact)
|
# launcher download list: the custom-launcher build output launcher.json,
|
||||||
caddy/caddy-root-ca.crt
|
# synced from UlicraftLauncher/dist/launcher.json (launcher.example.json is
|
||||||
|
# committed as the documented shape)
|
||||||
|
landing/src/data/launcher.json
|
||||||
|
|
||||||
|
# mod catalogue + extracted logos: generated by tooling/build-modlist.py from
|
||||||
|
# the distribution forgemods (the .example.json is committed as the empty shape)
|
||||||
|
landing/src/data/mods.json
|
||||||
|
landing/public/mod-logos/
|
||||||
|
|
||||||
|
# compiled mc-status binary (built into the image; stray local `go build` output)
|
||||||
|
docker/mc-status/mc-status
|
||||||
|
|
||||||
# Let's Encrypt certs + private keys (issued by tooling/issue-letsencrypt.sh)
|
# Let's Encrypt certs + private keys (issued by tooling/issue-letsencrypt.sh)
|
||||||
certs/
|
certs/
|
||||||
|
|||||||
415
CLAUDE.md
415
CLAUDE.md
@@ -1,280 +1,219 @@
|
|||||||
# Minecraft LAN Party Server — Project Context
|
# Ulicraft Server — Project Context
|
||||||
|
|
||||||
> Self-hosted modded Minecraft server for a LAN party (~8 players), with
|
> Self-hosted modded Minecraft (NeoForge 1.21.1) with self-hosted auth/skins
|
||||||
> persistent auth/skin infrastructure designed to outlive the LAN weekend
|
> (Drasl), a distribution-fed modpack, avatar rendering, a guest landing page, and uptime
|
||||||
> and integrate with the existing homelab.
|
> monitoring. Public, internet-present deployment behind the host's nginx + TLS.
|
||||||
|
|
||||||
|
**`plan/` is the source of truth for the design.** Start at `plan/00-overview.md`.
|
||||||
|
This file is a fast orientation + the durable decisions/gotchas; when it disagrees
|
||||||
|
with `plan/` or the code, those win.
|
||||||
|
|
||||||
## Goals & Constraints
|
## Goals & Constraints
|
||||||
|
|
||||||
- **Players**: 4–10 friends, LAN-based
|
- **Players**: 4–10 friends
|
||||||
- **Modpack vibe**: Kitchen-sink (tech + magic + exploration + QoL)
|
- **Modpack vibe**: Kitchen-sink (tech + magic + exploration + QoL)
|
||||||
- **Pack approach**: Manually curated (~50–100 mods), NOT a forked existing pack
|
- **Pack approach**: Manually curated (~50–100 mods), NOT a forked existing pack
|
||||||
- **Minecraft version**: 1.21.1
|
- **Minecraft version**: 1.21.1, **NeoForge** (not classic Forge)
|
||||||
- **Mod loader**: NeoForge (NOT classic Forge — see Decisions below)
|
- **Auth/skins**: Drasl (Yggdrasil-compatible), **password login** — no OIDC
|
||||||
- **Network**: LAN party context, but stack is persistent (lives past the weekend)
|
- **DNS**: handled OUTSIDE this repo; point `${BASE_DOMAIN}` + subdomains at the host
|
||||||
- **Auth**: Self-hosted Yggdrasil-compatible (Drasl) + Keycloak OIDC
|
- **Persistence horizon**: long-term service, not disposable
|
||||||
- **Skins**: Handled by Drasl
|
|
||||||
- **Persistence horizon**: Long-term homelab service, not disposable
|
|
||||||
|
|
||||||
## Existing Homelab Context (relevant to this project)
|
|
||||||
|
|
||||||
- **Keycloak 26.0.7** running in Docker Compose (PostgreSQL 17, production mode,
|
|
||||||
bind-mounted secrets, xforwarded proxy headers). This is the IdP for everything.
|
|
||||||
- **NetBird** as the proxy/networking layer for remote access (NOT used for the
|
|
||||||
LAN party itself — see Decisions).
|
|
||||||
- **AdGuard Home** as recursive DNS resolver — used here for `*.home.local` LAN records.
|
|
||||||
- **Multi-VPS topology**: this Minecraft project likely runs on a local box or
|
|
||||||
beefier homelab node, not a VPS (RAM/CPU requirements).
|
|
||||||
- Operator timezone: Europe/Madrid.
|
|
||||||
|
|
||||||
## Key Decisions (with reasoning)
|
|
||||||
|
|
||||||
### NeoForge over classic Forge
|
|
||||||
Despite the user originally saying "Forge", the 1.21.x kitchen-sink ecosystem
|
|
||||||
(ATM10, Leaking Kitchen Sink, etc.) is overwhelmingly NeoForge in 2025/2026.
|
|
||||||
The original Forge team essentially migrated to NeoForge. `itzg/minecraft-server`
|
|
||||||
supports both via `TYPE=NEOFORGE`. Going with NeoForge 1.21.1.
|
|
||||||
|
|
||||||
### Drasl over Ely.by or vanilla offline mode
|
|
||||||
- **Ely.by**: not self-hosted, Russian-hosted, no control over identity layer.
|
|
||||||
- **Vanilla offline + no auth server**: works for one weekend but skins break,
|
|
||||||
no persistent identity, doesn't match homelab philosophy.
|
|
||||||
- **Drasl**: self-hosted Go service, Yggdrasil-compatible, drop-in Mojang
|
|
||||||
replacement, supports skins + capes, **has first-class OIDC support with
|
|
||||||
PKCE** (perfect for Keycloak), actively maintained (current version 3.4.2+).
|
|
||||||
GPLv3 licensed.
|
|
||||||
|
|
||||||
### LAN (not NetBird) for the party itself
|
|
||||||
NetBird is the homelab's remote access layer, but adding a mesh VPN on top
|
|
||||||
of a LAN party introduces complexity for guests with no upside. Drasl and
|
|
||||||
Minecraft live on the LAN; clients reach them via `drasl.home.local` resolved
|
|
||||||
through AdGuard.
|
|
||||||
|
|
||||||
### Manual curation (user choice — flagged as expensive)
|
|
||||||
User insisted on manual curation despite my pushback that forking ATM10 or
|
|
||||||
Leaking Kitchen Sink would save weeks of crash-log triage. **Note for future
|
|
||||||
sessions**: if curation gets painful, the fork-and-trim option is still on
|
|
||||||
the table — Leaking Kitchen Sink is the closest match to the requested vibe.
|
|
||||||
|
|
||||||
### itzg/minecraft-server as base image
|
|
||||||
The de facto standard. Handles NeoForge installation automatically via
|
|
||||||
`TYPE=NEOFORGE` + `VERSION` + `NEOFORGE_VERSION`. Supports Modrinth and
|
|
||||||
CurseForge mod auto-download via `MODRINTH_PROJECTS` and `CURSEFORGE_FILES`.
|
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
```
|
One unified `docker-compose.yml`. The host's own nginx terminates TLS (Let's
|
||||||
LAN segment
|
Encrypt) and reverse-proxies every vhost to caddy (published localhost-only) by
|
||||||
│
|
Host header. caddy is the internal router; containers reach the stack's own names
|
||||||
├── AdGuard Home → resolves drasl.home.local, keycloak.home.local
|
via caddy's `mcnet` aliases (`auth.`).
|
||||||
│ to the Docker host's LAN IP
|
|
||||||
│
|
|
||||||
├── Keycloak (existing, separate compose)
|
|
||||||
│ realm: homelab
|
|
||||||
│ client: drasl (confidential, PKCE S256)
|
|
||||||
│
|
|
||||||
└── Minecraft host (this project's compose)
|
|
||||||
│
|
|
||||||
├── drasl :25585 (Yggdrasil API + web UI)
|
|
||||||
│ └── OIDC → Keycloak
|
|
||||||
│
|
|
||||||
├── minecraft :25565 (server)
|
|
||||||
│ :24454/udp (Simple Voice Chat, optional)
|
|
||||||
│ └── -javaagent:authlib-injector.jar=http://drasl.home.local:25585/authlib-injector
|
|
||||||
│ └── ONLINE_MODE=false (required for authlib-injector)
|
|
||||||
│
|
|
||||||
└── mc-backup (itzg/mc-backup, 6h interval)
|
|
||||||
└── RCON → minecraft
|
|
||||||
|
|
||||||
Clients (LAN party guests):
|
```
|
||||||
Prism Launcher → authlib-injector account pointing at Drasl
|
Internet ── host nginx (TLS, LE certs, HSTS) ──► caddy (127.0.0.1:8880)
|
||||||
→ joins minecraft:25565
|
│ routes by Host:
|
||||||
|
${BASE_DOMAIN} ─► /srv/www landing + /launcher/ downloads
|
||||||
|
auth.${BASE_DOMAIN} ─► drasl (Yggdrasil API + web UI)
|
||||||
|
avatar.${BASE_DOMAIN} ─► nmsr (skin/avatar renderer, Drasl-backed)
|
||||||
|
status.${BASE_DOMAIN} ─► uptime-kuma (status page + monitors)
|
||||||
|
files.${BASE_DOMAIN} ─► filestash (player file share, ONE shared login, writable)
|
||||||
|
distribution.${BASE} ─► static site from ANOTHER repo (DISTRIBUTION_WEB_ROOT)
|
||||||
|
|
||||||
|
minecraft :25565 (+ 24454/udp Simple Voice Chat)
|
||||||
|
└ ONLINE_MODE=true (validated against Drasl, NOT offline), -javaagent authlib-injector → http://auth.${BASE_DOMAIN}/authlib-injector
|
||||||
|
└ mods from ./server-mods volume (/mods, REMOVE_OLD_MODS) — see plan/04-mods.md
|
||||||
|
mc-backup ── RCON → minecraft (6h interval, prune 14d, world-only)
|
||||||
```
|
```
|
||||||
|
|
||||||
## Auth Flow (end-to-end)
|
Bring-up: render configs → sync server mods → build landing → fetch launcher → `docker compose up -d --build`.
|
||||||
|
See `plan/12-build-order.md` and `plan/14-deploy.md`. Deploy to prod host `cochi`
|
||||||
|
via the `deploy` skill.
|
||||||
|
|
||||||
1. Guest opens `http://drasl.home.local:25585` in browser.
|
## Key Decisions
|
||||||
2. Clicks "Register with Keycloak" → redirected to Keycloak login.
|
|
||||||
3. Logs in with homelab Keycloak credentials.
|
- **NeoForge over Forge** — the 1.21.x kitchen-sink ecosystem is overwhelmingly
|
||||||
4. Returned to Drasl, picks a player name, uploads a skin.
|
NeoForge; the Forge team migrated. `itzg/minecraft-server` via `TYPE=NEOFORGE`.
|
||||||
5. Drasl shows them a "Minecraft Token" on their profile page.
|
- **Drasl over Ely.by / vanilla offline** — self-hosted Go service, Yggdrasil
|
||||||
6. In Prism Launcher: Settings → Accounts → Add authlib-injector account
|
drop-in, skins + capes, actively maintained. Run with **password login**
|
||||||
with URL `http://drasl.home.local:25585/authlib-injector` and the
|
(no OIDC/Keycloak in this stack).
|
||||||
Minecraft Token as password.
|
- **Manual curation** (user choice, flagged expensive) — if it gets painful,
|
||||||
7. Joins Minecraft server. Server validates session against Drasl (via
|
fork-and-trim Leaking Kitchen Sink is still on the table (closest vibe match).
|
||||||
authlib-injector JVM agent), Drasl confirms, player enters with their skin.
|
- **itzg/minecraft-server** base image — de-facto standard, auto-installs NeoForge.
|
||||||
|
- **Distribution-fed mod volume (replaced packwiz)** — the modset's source of
|
||||||
|
truth is the HeliosLauncher distribution repo (`$DISTRIBUTION_WEB_ROOT`).
|
||||||
|
Clients install the full set via `distribution.json`. The SERVER loads a
|
||||||
|
filtered subset (`both`/`server`) from a mounted `./server-mods` volume
|
||||||
|
(`REMOVE_OLD_MODS=TRUE`). See `plan/04-mods.md`.
|
||||||
|
|
||||||
## Critical Gotchas
|
## Critical Gotchas
|
||||||
|
|
||||||
### Minecraft 1.21+ secure profile incompatibility
|
### Minecraft 1.21+ secure profile
|
||||||
- Server: must set `enforce-secure-profile=false` (compose: `ENFORCE_SECURE_PROFILE=FALSE`)
|
- Server: `ENFORCE_SECURE_PROFILE=FALSE` (`enforce-secure-profile=false`)
|
||||||
- Drasl: must set `SignPublicKeys = false`
|
- Drasl: `SignPublicKeys = false`
|
||||||
- These are linked. The Drasl docs explicitly warn: *"Mixed authentication does
|
- Linked. Drasl docs: *"Mixed authentication does not work with
|
||||||
not work with `SignPublicKeys = true` on Minecraft 1.21+."*
|
`SignPublicKeys = true` on Minecraft 1.21+."*
|
||||||
|
- **This is the ONLY auth flag that goes off. `ONLINE_MODE` stays TRUE** — see
|
||||||
|
next gotcha. Do not conflate "secure profile off" with "offline mode".
|
||||||
|
|
||||||
|
### ONLINE_MODE must be TRUE (authlib-injector ≠ offline)
|
||||||
|
authlib-injector redirects the server's normal **online**-auth handshake from
|
||||||
|
Mojang to Drasl. `ONLINE_MODE=FALSE` skips that handshake → offline-hash UUIDs,
|
||||||
|
no Drasl session validation, and **no skins** (everyone joins but everyone is
|
||||||
|
Steve; `usercache.json` shows offline-hash UUIDs). Keep `ONLINE_MODE=TRUE`.
|
||||||
|
|
||||||
### authlib-injector JVM agent
|
### authlib-injector JVM agent
|
||||||
- Syntax: `-javaagent:/path/to/authlib-injector.jar=<yggdrasil-api-url>`
|
- Syntax: `-javaagent:/extras/authlib-injector.jar=<yggdrasil-api-url>`
|
||||||
- The URL after `=` is the **API root**, which for Drasl is
|
- URL after `=` is the **API root** = `<BaseURL>/authlib-injector`. For this
|
||||||
`<BaseURL>/authlib-injector`.
|
stack: `http://auth.${BASE_DOMAIN}/authlib-injector` (internal, over mcnet).
|
||||||
- **Must match between server and client.** If server uses
|
- **Must match between server and client** (clients use the public
|
||||||
`http://drasl.home.local:25585/authlib-injector` and client uses anything
|
`https://auth.${BASE_DOMAIN}/authlib-injector`), else session validation fails
|
||||||
else (e.g. an IP), session validation fails silently with "Invalid session".
|
silently with "Invalid session".
|
||||||
- Download from: https://github.com/yushijinhun/authlib-injector/releases
|
- Releases: https://github.com/yushijinhun/authlib-injector — jar lives in
|
||||||
- Mount into the itzg container at `/extras/authlib-injector.jar`.
|
`runtime/` (mounted at `/extras/authlib-injector.jar`).
|
||||||
|
|
||||||
### Keycloak reachability on LAN day
|
|
||||||
If Keycloak is only reachable via NetBird or only from the public internet,
|
|
||||||
**Drasl OIDC registration breaks on LAN-only day**. Options:
|
|
||||||
1. Expose Keycloak on the LAN (simplest)
|
|
||||||
2. Pre-register all guests before the party
|
|
||||||
3. Temporarily disable OIDC and allow password registration during the LAN
|
|
||||||
(`AllowPasswordLogin = true`, comment out the OIDC block)
|
|
||||||
|
|
||||||
### HTTP vs HTTPS for OIDC
|
|
||||||
Modern browsers warn on plain HTTP for OIDC flows but they work. For a
|
|
||||||
production-grade setup, front Drasl with Caddy or Traefik using a local CA
|
|
||||||
cert (smallstep/step-ca pairs well with the existing homelab). For LAN-only
|
|
||||||
HTTP is fine.
|
|
||||||
|
|
||||||
### NeoForge version pinning
|
### NeoForge version pinning
|
||||||
Mods are picky about exact NeoForge minor versions. The compose currently
|
Mods are picky about exact minor versions. Compose pins `NEOFORGE_VERSION:
|
||||||
pins `NEOFORGE_VERSION: "21.1.209"` as a placeholder. **Verify against
|
"21.1.233"` — **must match the distribution's NeoForge** (`distribution.json`),
|
||||||
https://projects.neoforged.net/neoforged/neoforge before deploying.** Don't
|
since mods are built against it (e.g. ferritecore≥218, farmersdelight≥219).
|
||||||
use `"latest"` for a stable server.
|
**Verify against https://projects.neoforged.net/neoforged/neoforge before
|
||||||
|
deploying.** Never `"latest"` for a stable server.
|
||||||
|
|
||||||
### Drasl username vs player name
|
### Mod source + server filtering
|
||||||
- **Drasl username** = OIDC user's email (used for web UI login)
|
The full modset lives in the distribution repo (`$DISTRIBUTION_WEB_ROOT/servers/
|
||||||
- **Player name** = `preferred_username` from OIDC, or user-chosen if
|
ulicraft-1.21.1/forgemods/required/*.jar`), managed by Nebula. Clients get
|
||||||
`AllowChoosingPlayerName = true`
|
everything via `distribution.json`. The server runs a **filtered subset**:
|
||||||
- Keycloak users must have email set. Verify the realm's email-as-username
|
`tooling/classify-mods.py` reads each jar's `neoforge.mods.toml` with tomllib and
|
||||||
setting and the `preferred_username` mapper are configured.
|
seeds `mods-sides.json` (`client|server|both`, default `both`), then
|
||||||
|
`tooling/sync-server-mods.sh` copies the `both`/`server` jars into `./server-mods`
|
||||||
|
(mounted at `/mods`). Hard client-only mods (sodium/iris) classify as `client`
|
||||||
|
automatically; cosmetic-client mods that declare `BOTH` stay `both` until you
|
||||||
|
hand-edit `mods-sides.json` to `client`. No Modrinth/packwiz, no network at
|
||||||
|
classify/sync time. See `plan/04-mods.md`.
|
||||||
|
|
||||||
### Mod source preference
|
### Filestash (files.) — four traps
|
||||||
Prefer **Modrinth over CurseForge** for itzg auto-download. CurseForge
|
Full list in `plan/20-files.md`; the ones that cost real time:
|
||||||
requires an API key (`CF_API_KEY`) and has been historically flakier with
|
- **`general.host` is a BARE HOSTNAME** (`files.${BASE_DOMAIN}`, no scheme) +
|
||||||
the itzg image. Use CF only for mods that are exclusive to it.
|
`force_ssl: true`. The SPA builds its origin as `scheme + host`, so a URL there
|
||||||
|
yields `http://https://files...` and every client-side redirect dies. The
|
||||||
|
server strips the scheme before its own Host check, so **curl and the uptime
|
||||||
|
monitor stay green while every browser is broken**. Cost a debugging round on
|
||||||
|
2026-07-14.
|
||||||
|
- The `local` backend is **admin-gated**: without `LOCAL_BACKEND_SECRET` in the
|
||||||
|
connection params, every login fails with `backend error - Not Allowed` (looks
|
||||||
|
like bad credentials, isn't).
|
||||||
|
- `FILES_PASSWORD_HASH` must be **`$6$`** (`openssl passwd -6`). A `$2y$` bcrypt
|
||||||
|
from `htpasswd -B` fails every login silently — the plugin only matches `$2a$`.
|
||||||
|
- `config.json` is rendered + mounted `:ro` (the admin console can't save, on
|
||||||
|
purpose). Single-file bind mount ⇒ **`--force-recreate` after re-rendering**,
|
||||||
|
never `restart`.
|
||||||
|
|
||||||
## Compose Stack
|
**Verifying an SPA:** a 200 on `/` proves the server is up, not that the app
|
||||||
|
works. After any filestash config change, check the browser-facing values
|
||||||
The working compose file is at `./docker-compose.yml`. Key environment vars
|
(`curl /api/config` → `origin`) and re-read `docker compose logs filestash` —
|
||||||
documented inline. Adjacent files:
|
the broken redirect announced itself there (`msg=Redirecting to http://https://`)
|
||||||
|
while every other check passed.
|
||||||
```
|
|
||||||
.
|
|
||||||
├── docker-compose.yml
|
|
||||||
├── .env # RCON_PASSWORD, CF_API_KEY (if needed)
|
|
||||||
├── drasl/
|
|
||||||
│ └── config/
|
|
||||||
│ ├── config.toml # see ./drasl-config.toml example
|
|
||||||
│ └── keycloak-client-secret # single line, no trailing newline
|
|
||||||
├── extras/
|
|
||||||
│ ├── authlib-injector.jar # downloaded from yushijinhun's releases
|
|
||||||
│ ├── modrinth-mods.txt # one mod slug per line
|
|
||||||
│ └── cf-mods.txt # only if using CurseForge mods
|
|
||||||
├── backups/ # mc-backup writes here
|
|
||||||
└── CLAUDE.md # this file
|
|
||||||
```
|
|
||||||
|
|
||||||
### Memory sizing
|
### Memory sizing
|
||||||
With ~50–100 mods and 8 concurrent players on 1.21.1:
|
~50–100 mods, 8 players, 1.21.1: `INIT_MEMORY: 4G`, `MAX_MEMORY: 10G`,
|
||||||
- `INIT_MEMORY: 4G`, `MAX_MEMORY: 10G` is a safe starting point
|
`USE_AIKAR_FLAGS: TRUE`.
|
||||||
- Use `USE_AIKAR_FLAGS: TRUE` for the well-known GC tuning
|
|
||||||
- Monitor with `mc-monitor` (itzg makes one) if you want metrics
|
|
||||||
|
|
||||||
### Backups
|
## Config (.env)
|
||||||
`itzg/mc-backup` runs alongside, talks to the server via RCON, takes
|
|
||||||
snapshots every 6h, prunes after 14 days. Backups are world-only (no mod
|
|
||||||
jars), which is correct — mods are reproducible from the mod list files.
|
|
||||||
|
|
||||||
## Keycloak Client Configuration
|
`BASE_DOMAIN`, `RCON_PASSWORD`, `CADDY_HTTP_PORT`/`CADDY_HTTP_BIND`,
|
||||||
|
`DISTRIBUTION_WEB_ROOT` (source of the modset + caddy `distribution.` mount), the
|
||||||
|
Let's Encrypt block (`LE_EMAIL`, `LE_SUBDOMAINS`, `OVH_*`). Rendered configs
|
||||||
|
(drasl, nmsr) come from `*.tmpl` via `tooling/render-config.sh` (substitutes
|
||||||
|
`${BASE_DOMAIN}` only). Server mods are synced (not rendered) by
|
||||||
|
`tooling/sync-server-mods.sh`.
|
||||||
|
|
||||||
In the `homelab` realm (or whatever the realm is called):
|
## Client Distribution (guests)
|
||||||
|
|
||||||
1. **Clients → Create client**
|
Launcher: **FjordLauncherUnlocked** (Prism fork, first-class authlib-injector),
|
||||||
- Client type: `OpenID Connect`
|
mirrored at apex `/launcher/`. Per guest:
|
||||||
- Client ID: `drasl`
|
1. Download from `https://${BASE_DOMAIN}` → `/launcher/`.
|
||||||
- Name: `Drasl Minecraft Auth`
|
2. Add an authlib-injector account, URL
|
||||||
|
`https://auth.${BASE_DOMAIN}/authlib-injector` (register/login at
|
||||||
2. **Capability config**
|
`https://auth.${BASE_DOMAIN}`).
|
||||||
- Client authentication: **ON** (confidential client)
|
3. The launcher installs the modpack from the distribution (`distribution.json`).
|
||||||
- Authentication flow: **Standard flow** only
|
(packwiz and the `pack.` service/subdomain have been fully removed.)
|
||||||
- Disable: Direct access grants, Implicit, Service accounts
|
4. Connect to `${BASE_DOMAIN}` (`:25565`).
|
||||||
|
|
||||||
3. **Login settings**
|
|
||||||
- Root URL: `http://drasl.home.local:25585`
|
|
||||||
- Valid redirect URIs: `http://drasl.home.local:25585/web/oidc-callback/Keycloak`
|
|
||||||
(the `Keycloak` at the end MUST match the `Name = "Keycloak"` in Drasl's
|
|
||||||
`[[RegistrationOIDC]]` block — case sensitive)
|
|
||||||
- Web origins: `http://drasl.home.local:25585`
|
|
||||||
|
|
||||||
4. **Credentials tab** → copy Client Secret to
|
|
||||||
`./drasl/config/keycloak-client-secret` (no trailing newline).
|
|
||||||
|
|
||||||
5. **Advanced tab** → PKCE Code Challenge Method: `S256`
|
|
||||||
|
|
||||||
## Client Distribution (LAN guests)
|
|
||||||
|
|
||||||
### Recommended launcher
|
|
||||||
**Prism Launcher** — open source, cross-platform (Win/Mac/Linux), first-class
|
|
||||||
authlib-injector support, can import/export instance ZIPs.
|
|
||||||
|
|
||||||
### Per-guest one-time setup
|
|
||||||
1. Install Prism Launcher.
|
|
||||||
2. Add authlib-injector account:
|
|
||||||
- URL: `http://drasl.home.local:25585/authlib-injector`
|
|
||||||
- Username/password: their Drasl credentials (or Minecraft Token if
|
|
||||||
registered via Keycloak OIDC)
|
|
||||||
3. Import the modpack instance ZIP.
|
|
||||||
|
|
||||||
### What to ship guests
|
|
||||||
- A Prism instance ZIP (right-click instance → Export Instance)
|
|
||||||
- A one-page README with the auth URL and import steps
|
|
||||||
- Optionally `authlib-injector.jar` for guests who refuse Prism
|
|
||||||
|
|
||||||
## Open / Pending Work
|
## Open / Pending Work
|
||||||
|
|
||||||
These were on the roadmap when we ended the brainstorm:
|
### Roadmap — mod migration follow-ups (post packwiz→04-mods)
|
||||||
|
- [ ] **Curate `mods-sides.json` cosmetic-client mods.** tomllib auto-flagged 11
|
||||||
|
hard client-only mods; the other 65 default `both`, including client-cosmetic
|
||||||
|
ones (BetterF3, entityculling, MouseTweaks, ponderjs, fancymenu, drippy, melody,
|
||||||
|
welcomescreen, Searchables, JustEnoughResources, TravelersTitles, yeetus…) that
|
||||||
|
load harmlessly on the server but waste RAM. Hand-edit them to `client` so
|
||||||
|
`sync-server-mods.sh` drops them from `./server-mods`. (Also review `appleskin`,
|
||||||
|
flagged `client` — flip to `both` if server-side food data wanted.)
|
||||||
|
### Landing rework + mod list (PLANNED — see `plan/18-landing-rework.md`)
|
||||||
|
Full design settled across WS1–WS6; all tasks unchecked, ready to execute.
|
||||||
|
- [ ] **WS1 — Join flow off packwiz.** Homepage = UlicraftLauncher, 3 steps
|
||||||
|
(register → download launcher → join); drop `packwizUrl` + packwiz step.
|
||||||
|
Per-OS downloads from a synced `launcher.json` (shape
|
||||||
|
`productName/version/files[]`, the build output of the `custom-launcher`
|
||||||
|
repo; `launcher.example.json` committed as the documented fallback). Fjord
|
||||||
|
moves to its own `/fjord` page.
|
||||||
|
- [ ] **WS2/3 — Player rosters.** Online (mc-status, live) + all-registered (new
|
||||||
|
`mc-status /api/mcstatus/players`, admin-login → Drasl `GET /players`, ~60s
|
||||||
|
cache). Shared avatar tile, `AVATAR_MODE` env (default `headiso`). Admin creds
|
||||||
|
→ mc-status only.
|
||||||
|
- [ ] **WS4 — Account page** (`/account`): skin CRUD via browser-direct Drasl
|
||||||
|
(reuses `register.astro` skin JS). Skins only, in-memory token, `players[0]`.
|
||||||
|
- [ ] **WS5 — Footer status link** to `status.${BASE_DOMAIN}` (nav unchanged).
|
||||||
|
|
||||||
- [ ] **Mod shortlist for the kitchen-sink pack.** Categories to fill:
|
- [ ] **WS6 — Mod shortlist + list component (`plan/17-mod-shortlist.md`).**
|
||||||
- Performance (Embeddium/Sodium-equivalent for NeoForge, FerriteCore, ModernFix)
|
Light gap doc: current 76-jar pack is vanilla+ QoL/perf; **empty** on tech &
|
||||||
- Tech/automation (Mekanism, Create, Immersive Engineering, AE2)
|
magic, thin worldgen, no map; orphan deps `ponderjs`/`Necronomicon`. Landing
|
||||||
- Magic (Ars Nouveau, Botania, Iron's Spells 'n Spellbooks)
|
mod-list component = auto-generated `mods.json` + extracted logos from the
|
||||||
- Storage (Sophisticated Storage/Backpacks, Functional Storage)
|
distribution forgemods (`tooling/build-modlist.py`), flat alphabetical, pretty
|
||||||
- Exploration (YUNG's structures, Repurposed Structures, biome packs)
|
names, no categories/links; feeds the "50+" stat tile.
|
||||||
- QoL (JEI, Jade, JEI Resources, Inventory Profiles Next, AppleSkin)
|
- [ ] Server-side perf mods (C2ME, etc.).
|
||||||
- World gen (Tectonic, Terralith — check NeoForge 1.21.1 compat)
|
- [x] **Filestash file share** (`files.`, 2026-07-14) — live in prod. One shared
|
||||||
- Compat glue (Polymorph for recipe conflicts)
|
htpasswd login, writable, rendered `:ro` config. See `plan/20-files.md`.
|
||||||
- Map (XaeroMinimap + Xaero World Map)
|
Follow-ups: add the Uptime Kuma HTTP monitor for `files.`; the share is
|
||||||
- Voice (Simple Voice Chat — port 24454/udp already in compose)
|
**outside mc-backup** and unquota'd (accepted — eyeballed).
|
||||||
- [ ] **Decide on dimension/server-side performance mods** (C2ME, Lithium-equivalent)
|
- [ ] **Verify NeoForge version** against current stable before first deploy.
|
||||||
- [ ] **Reverse proxy + local TLS** for Drasl (Caddy + step-ca recommended,
|
- [x] **Bootstrap Drasl admin** account (`admin`, 2026-06-10). Key is
|
||||||
given the existing homelab)
|
`DefaultAdmins` (not `DefaultAdminUsernames`); first admin needs an invite-flip.
|
||||||
- [ ] **DNS record** in AdGuard for `drasl.home.local` → Docker host LAN IP
|
See `plan/03-drasl.md` gotchas.
|
||||||
- [ ] **Keycloak client** creation per the section above
|
|
||||||
- [ ] **Verify NeoForge version** against current stable before first deploy
|
|
||||||
- [ ] **Bootstrap admin in Drasl**: leave `AllowPasswordLogin = true` initially,
|
|
||||||
create the admin account, then optionally disable password login to force OIDC
|
|
||||||
|
|
||||||
## Reference URLs
|
## Reference URLs
|
||||||
|
|
||||||
- Drasl repo: https://github.com/unmojang/drasl
|
- Drasl: https://github.com/unmojang/drasl — config docs:
|
||||||
- Drasl configuration docs: https://github.com/unmojang/drasl/blob/master/doc/configuration.md
|
https://github.com/unmojang/drasl/blob/master/doc/configuration.md
|
||||||
- Drasl recipes (example configs): https://github.com/unmojang/drasl/blob/master/doc/recipes.md
|
|
||||||
- authlib-injector: https://github.com/yushijinhun/authlib-injector
|
- authlib-injector: https://github.com/yushijinhun/authlib-injector
|
||||||
- itzg/minecraft-server: https://github.com/itzg/docker-minecraft-server
|
- itzg/minecraft-server: https://github.com/itzg/docker-minecraft-server
|
||||||
- itzg NeoForge docs: https://github.com/itzg/docker-minecraft-server/blob/master/docs/types-and-platforms/server-types/forge.md
|
(NeoForge: …/docs/types-and-platforms/server-types/forge.md)
|
||||||
- itzg/mc-backup: https://github.com/itzg/docker-mc-backup
|
- itzg/mc-backup: https://github.com/itzg/docker-mc-backup
|
||||||
- NeoForge versions: https://projects.neoforged.net/neoforged/neoforge
|
- NeoForge versions: https://projects.neoforged.net/neoforged/neoforge
|
||||||
- Prism Launcher: https://prismlauncher.org/
|
- NMSR: https://github.com/NickAcPT/nmsr-rs
|
||||||
- Reference modpacks for inspiration (NOT forking):
|
- Uptime Kuma: https://github.com/louislam/uptime-kuma
|
||||||
- ATM10 (Modrinth/CurseForge — ~500 mods, NeoForge 1.21.1)
|
- FjordLauncherUnlocked: https://github.com/hero-persson/FjordLauncherUnlocked
|
||||||
- Leaking Kitchen Sink (CurseForge — trimmed ~150 mods, NeoForge 1.21.1)
|
- Reference packs (inspiration, NOT forking): ATM10, Leaking Kitchen Sink.
|
||||||
|
|
||||||
## Communication Preferences (carry-over from past sessions)
|
## Communication Preferences (carry-over)
|
||||||
|
|
||||||
- Concise and direct
|
- Concise and direct; diagnose + resolve without demanding repro steps.
|
||||||
- Diagnose and resolve without demanding detailed reproduction steps
|
- Prefer iterative single-change updates over large rewrites.
|
||||||
- Prefer iterative single-change updates over large rewrites
|
- Cautious scripts that halt on ambiguity rather than proceeding silently.
|
||||||
- Cautious scripts that halt on ambiguity rather than proceeding silently
|
- Avoid over-engineering when a simple answer suffices.
|
||||||
- Avoid over-engineered responses when a simple answer suffices
|
- Spanish or English both fine.
|
||||||
- Spanish or English fine; user is comfortable in both
|
|
||||||
|
|||||||
267
README.md
267
README.md
@@ -1,111 +1,232 @@
|
|||||||
# Ulicraft Server
|
# Ulicraft Server
|
||||||
|
|
||||||
Self-hosted modded Minecraft (NeoForge 1.21.1) for a LAN party. Runs **online**
|
Self-hosted modded Minecraft (NeoForge 1.21.1) with self-hosted auth/skins
|
||||||
(internet present) or **fully air-gapped** (offline). Self-hosted auth/skins
|
(Drasl), a distribution-fed modpack, avatar rendering, a guest landing page, and
|
||||||
(Drasl), a packwiz modpack, a guest landing page, and a transparent mirror of
|
uptime monitoring. One unified `docker-compose.yml` runs the whole stack behind
|
||||||
Mojang/launcher/NeoForge assets so guest laptops need no internet.
|
the host's nginx + Let's Encrypt.
|
||||||
|
|
||||||
## Stack
|
## Stack
|
||||||
|
|
||||||
|
One compose file, one `docker compose up -d`:
|
||||||
|
|
||||||
| Service | Image | Role |
|
| Service | Image | Role |
|
||||||
|---|---|---|
|
|---|---|---|
|
||||||
| `minecraft` | itzg/minecraft-server | NeoForge 1.21.1 server, `:25565` |
|
| `minecraft` | itzg/minecraft-server | NeoForge 1.21.1 server, `:25565` |
|
||||||
| `drasl` | unmojang/drasl | Yggdrasil auth + skins (password login) |
|
| `drasl` | unmojang/drasl | Yggdrasil auth + skins (password login) |
|
||||||
| `caddy` | caddy:alpine | ingress: landing, auth/packwiz proxy, asset mirror (`tls internal`) |
|
| `caddy` | caddy:alpine | internal ingress: routes every vhost by Host header |
|
||||||
|
| `nmsr` | built from source | skin/avatar renderer at `avatar.${BASE_DOMAIN}` |
|
||||||
|
| `mc-status` | built from source | live server-status JSON for the landing card |
|
||||||
|
| `uptime-kuma` | louislam/uptime-kuma | status page at `status.${BASE_DOMAIN}` |
|
||||||
|
| `filestash` | machines/filestash (digest-pinned) | player file share at `files.${BASE_DOMAIN}` |
|
||||||
| `mc-backup` | itzg/mc-backup | world backups every 6h via RCON |
|
| `mc-backup` | itzg/mc-backup | world backups every 6h via RCON |
|
||||||
|
|
||||||
Optional layers: `avahi` (mDNS `.local`), `dnsmasq` (turnkey DNS) — only if you
|
Vhosts (all proxied through the host nginx → caddy):
|
||||||
don't run your own DNS.
|
|
||||||
|
|
||||||
Config lives in `.env`: `BASE_DOMAIN` (default `ulicraft.lan`), `HOST_LAN_IP`,
|
- apex `${BASE_DOMAIN}` — landing page + `/launcher/` downloads + `/api/mcstatus/*`
|
||||||
`RCON_PASSWORD`, `ENABLE_MDNS`. Services are subdomains: `auth.`, `packwiz.`,
|
- `auth.` — Drasl
|
||||||
`mc.`, plus the apex landing page.
|
- `avatar.` — NMSR
|
||||||
|
- `status.` — Uptime Kuma
|
||||||
|
- `files.` — Filestash player file share (one shared login, writable)
|
||||||
|
- `distribution.` — static site from another repo (`DISTRIBUTION_WEB_ROOT`)
|
||||||
|
|
||||||
## DNS (pick one)
|
Config lives in `.env`: `BASE_DOMAIN`, `RCON_PASSWORD`, `CADDY_HTTP_PORT` /
|
||||||
|
`CADDY_HTTP_BIND`, `DISTRIBUTION_WEB_ROOT`, the `FILES_*` block. See `.env.example`.
|
||||||
|
|
||||||
Names must resolve to `HOST_LAN_IP`. Use **your own party DNS server** (recommended):
|
## DNS
|
||||||
|
|
||||||
```sh
|
Handled **outside this repo**. Point `${BASE_DOMAIN}` and every subdomain
|
||||||
tooling/dns-records.sh online # service names only (internet present)
|
(`auth. avatar. status. files. distribution. www.`) at the host running nginx.
|
||||||
tooling/dns-records.sh airgap # + Mojang/launcher/NeoForge spoofs (offline)
|
|
||||||
```
|
|
||||||
Paste the printed records into your DNS. **Use `.lan`, not `.local`** — `.local`
|
|
||||||
is intercepted by mDNS and won't resolve via unicast DNS.
|
|
||||||
|
|
||||||
Alternatives: `ENABLE_MDNS=true` + `BASE_DOMAIN=*.local` (zero-config mDNS,
|
|
||||||
macOS/Linux native, Windows needs Bonjour) — but mDNS can't serve the air-gap
|
|
||||||
upstream spoofs. Or layer in `docker-compose.dnsmasq.yml` for a turnkey DNS.
|
|
||||||
|
|
||||||
### Simulate the DNS via /etc/hosts (single machine, testing)
|
|
||||||
|
|
||||||
No DNS server? Append the records straight to `/etc/hosts` (marker-wrapped):
|
|
||||||
|
|
||||||
```sh
|
|
||||||
tooling/dns-records.sh online hosts | sudo tee -a /etc/hosts # services only
|
|
||||||
tooling/dns-records.sh airgap hosts | sudo tee -a /etc/hosts # + Mojang spoofs
|
|
||||||
```
|
|
||||||
|
|
||||||
Remove them later:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
sudo sed -i '/# >>> ulicraft/,/# <<< ulicraft/d' /etc/hosts
|
|
||||||
```
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
- `/etc/hosts` has **no wildcard** — only the listed names resolve.
|
|
||||||
- `airgap` adds the Mojang/launcher/NeoForge hostnames pointing at the LAN; this
|
|
||||||
**breaks normal internet access to those domains** while present. Use it only
|
|
||||||
while offline; for an online box use `online`.
|
|
||||||
- `mc.<domain>` works (client defaults to :25565); SRV isn't used via `/etc/hosts`.
|
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
Docker + Docker Compose; for prep also `pnpm`, `packwiz`, `jq`, `curl`,
|
Docker + Docker Compose; for prep also `pnpm`, `jq`, `curl`, `envsubst`.
|
||||||
`envsubst`, `sha1sum`.
|
|
||||||
|
|
||||||
## Launch
|
## Launch
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
cp .env.example .env # set BASE_DOMAIN, HOST_LAN_IP, RCON_PASSWORD
|
cp .env.example .env # set BASE_DOMAIN, RCON_PASSWORD, DISTRIBUTION_WEB_ROOT
|
||||||
|
|
||||||
tooling/build-stack.sh --prep # ONLINE, once: render, build landing,
|
# One-time / on change — render configs + build content:
|
||||||
# mirror mods+assets, fetch launcher +
|
tooling/render-config.sh # drasl + nmsr configs from *.tmpl
|
||||||
# authlib, pre-bake the server volume
|
tooling/sync-server-mods.sh # filtered server mods → ./server-mods
|
||||||
|
( cd landing && pnpm install && BASE_DOMAIN="$BASE_DOMAIN" pnpm run build ) # → www/
|
||||||
|
tooling/fetch-launcher.sh # FjordLauncher assets → launcher/ (served at /launcher/)
|
||||||
|
tooling/fetch-authlib.sh # authlib-injector.jar → runtime/ (server JVM agent)
|
||||||
|
|
||||||
tooling/build-stack.sh --up online # internet present, no mirror
|
docker compose up -d --build # first run installs NeoForge + mods, builds nmsr
|
||||||
tooling/build-stack.sh --up airgap # offline; full asset mirror on :443 (default)
|
docker compose down # stop
|
||||||
tooling/build-stack.sh --up core # base only (debugging)
|
|
||||||
```
|
```
|
||||||
|
|
||||||
`--up` prints the DNS records to add for that mode. Down:
|
First boot: itzg installs NeoForge + the synced server mods into the `mc_data` volume;
|
||||||
`docker compose -f docker-compose.yml -f docker-compose.static.yml -f docker-compose.mirror.yml down`
|
nmsr does a one-time Rust compile. Watch `docker compose logs -f minecraft` until
|
||||||
|
`Done`.
|
||||||
|
|
||||||
|
## Public TLS (host nginx in front of caddy)
|
||||||
|
|
||||||
|
caddy is published on a localhost-only port (`CADDY_HTTP_BIND=127.0.0.1`,
|
||||||
|
`CADDY_HTTP_PORT=8880`). The host's own nginx terminates TLS with Let's Encrypt
|
||||||
|
certs and reverse-proxies every vhost to caddy by Host header. HTTPS-only: HTTP
|
||||||
|
301s to HTTPS and every TLS vhost sends HSTS.
|
||||||
|
|
||||||
|
1. **Issue certs** (OVH DNS-01, no inbound ports needed):
|
||||||
|
```sh
|
||||||
|
# .env: BASE_DOMAIN, LE_EMAIL, OVH_* creds,
|
||||||
|
# LE_SUBDOMAINS="auth distribution www avatar status"
|
||||||
|
tooling/issue-letsencrypt.sh # → certs/<name>/{cert,key}.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
2. **Render + install the nginx vhost** with `tooling/render-nginx.sh`. It pulls
|
||||||
|
`BASE_DOMAIN` + `CADDY_HTTP_PORT` from `.env`, defaults `APP_DIR` to the repo
|
||||||
|
checkout (where `certs/` live), and renders `nginx/ulicraft-caddy.conf.tmpl`:
|
||||||
|
```sh
|
||||||
|
tooling/render-nginx.sh # preview to stdout (dry run)
|
||||||
|
tooling/render-nginx.sh --install # write, symlink, nginx -t, reload
|
||||||
|
```
|
||||||
|
Override `APP_DIR=/path` if the repo isn't at the cert location. Re-run
|
||||||
|
whenever you add a subdomain so its server block is rendered.
|
||||||
|
|
||||||
|
## Avatar renderer (NMSR)
|
||||||
|
|
||||||
|
`avatar.${BASE_DOMAIN}` renders players' skins/avatars via
|
||||||
|
[NMSR-aas](https://github.com/NickAcPT/nmsr-rs), sourced from **Drasl** (not
|
||||||
|
Mojang). No upstream image exists, so it's built from source — `docker/nmsr/`
|
||||||
|
pins a commit; bump `ARG NMSR_REF` to update.
|
||||||
|
|
||||||
|
- **Config**: `nmsr/config.toml.tmpl` → rendered to `nmsr/config.toml` by
|
||||||
|
`tooling/render-config.sh`. `[mojank]` points every Mojang endpoint at
|
||||||
|
`http://auth.${BASE_DOMAIN}`; Drasl serves the Mojang-compatible routes at its
|
||||||
|
bare BaseURL and embeds absolute skin URLs that NMSR fetches directly.
|
||||||
|
`allow_offline_mode_uuids = true` (Drasl issues offline v3 UUIDs).
|
||||||
|
- **Network**: skin resolution stays internal over `mcnet` (caddy alias
|
||||||
|
`auth.${BASE_DOMAIN}` → drasl). caddy reverse-proxies `avatar.` → `nmsr:8080`.
|
||||||
|
- **Endpoints**: e.g. `https://avatar.${BASE_DOMAIN}/skin/<player>`,
|
||||||
|
`/face/<player>`, `/fullbody/<player>` — by username or UUID.
|
||||||
|
|
||||||
|
First build is heavy (Rust compile). Headless rendering uses lavapipe (software
|
||||||
|
Vulkan); if renders fail, check `docker logs nmsr` for Vulkan device init.
|
||||||
|
|
||||||
|
## Status monitoring (Uptime Kuma)
|
||||||
|
|
||||||
|
`status.${BASE_DOMAIN}` runs [Uptime Kuma](https://github.com/louislam/uptime-kuma)
|
||||||
|
— uptime probes for every vhost **and** a native Minecraft-protocol ping (player
|
||||||
|
count + up/down), plus a public status page. It joins `mcnet`, so monitors can
|
||||||
|
probe the stack by internal service name. caddy reverse-proxies `status.` →
|
||||||
|
`uptime-kuma:3001`.
|
||||||
|
|
||||||
|
First run, open `https://status.${BASE_DOMAIN}`, create the admin account, and
|
||||||
|
add monitors. Kuma has no config-as-code — add these once via the UI (data
|
||||||
|
persists in the `kuma_data` volume):
|
||||||
|
|
||||||
|
| Monitor | Type | Target |
|
||||||
|
|---|---|---|
|
||||||
|
| Minecraft | Minecraft Server | `minecraft` : `25565` |
|
||||||
|
| Drasl auth | HTTP(s) | `https://auth.${BASE_DOMAIN}` |
|
||||||
|
| Landing (apex) | HTTP(s) | `https://${BASE_DOMAIN}` |
|
||||||
|
| Distribution | HTTP(s) | `https://distribution.${BASE_DOMAIN}` |
|
||||||
|
| Avatar (NMSR) | HTTP(s) | `https://avatar.${BASE_DOMAIN}` |
|
||||||
|
| Files (Filestash) | HTTP(s) | `https://files.${BASE_DOMAIN}` (expect 200 — the login page is a 200) |
|
||||||
|
|
||||||
|
Internal-name targets (`minecraft`, `drasl:25585`, `nmsr:8080`) isolate "service
|
||||||
|
down" from "ingress/TLS/DNS down"; public-URL targets test the whole chain.
|
||||||
|
`status` is in the default `LE_SUBDOMAINS`; the nginx vhost adds websocket
|
||||||
|
upgrade headers for Kuma's live UI.
|
||||||
|
|
||||||
|
## Server status JSON (mc-status)
|
||||||
|
|
||||||
|
`mc-status` is a self-hosted SLP→JSON pinger (built from `docker/mc-status`, an
|
||||||
|
mcutil wrapper) that the landing's `ServerCard` reads for live player count + MOTD.
|
||||||
|
It emits **mcstatus.io v2** JSON, so the card consumes it unchanged — but
|
||||||
|
same-origin, with no CORS and no third-party calls. caddy proxies the apex
|
||||||
|
`/api/mcstatus/*` path to `mc-status:8080` (strips the prefix); the container has
|
||||||
|
no published port. The pinger only ever probes its configured `MC_STATUS_TARGET`,
|
||||||
|
so the path after the prefix is ignored.
|
||||||
|
|
||||||
|
Endpoint (apex, same-origin):
|
||||||
|
|
||||||
|
```
|
||||||
|
https://${BASE_DOMAIN}/api/mcstatus/v2/status/java/${BASE_DOMAIN}
|
||||||
|
```
|
||||||
|
|
||||||
|
Hitting caddy directly (localhost-only, routes by Host header) — e.g. `ulicraft.net`
|
||||||
|
on `127.0.0.1:8880`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
curl -H "Host: ulicraft.net" \
|
||||||
|
http://127.0.0.1:8880/api/mcstatus/v2/status/java/ulicraft.net
|
||||||
|
```
|
||||||
|
|
||||||
|
Wired in `landing/src/data/site.ts` (`statusApi`) and `caddy/conf.d/10-static.caddy`.
|
||||||
|
|
||||||
|
## Player file share (Filestash)
|
||||||
|
|
||||||
|
`files.${BASE_DOMAIN}` is a web file share for player media — screenshots,
|
||||||
|
schematics, maps, guides. **One shared username/password for everybody**
|
||||||
|
(`FILES_USER` / `FILES_PASSWORD_HASH`), read **and** write. It is *not* a backup
|
||||||
|
browser and *not* a mod mirror: world snapshots contain every player's inventory
|
||||||
|
and coordinates, and the modset already ships via `distribution.`.
|
||||||
|
|
||||||
|
Full design, deploy steps and gotchas: **`plan/20-files.md`**. The short version:
|
||||||
|
|
||||||
|
- Config is `filestash/config.json`, **rendered from a template and mounted
|
||||||
|
`:ro`** — git is the source of truth. The admin console at `/admin` loads but
|
||||||
|
**cannot save**; that's deliberate. Change config by editing the `.tmpl`,
|
||||||
|
re-rendering, and **recreating** the container (`up -d --force-recreate
|
||||||
|
filestash` — a single-file bind mount pins the inode, so `restart` reads the
|
||||||
|
stale file).
|
||||||
|
- Files live in `${FILES_DATA_DIR}` on the host, outside the repo. **Not backed
|
||||||
|
up** by mc-backup — treat the share as disposable.
|
||||||
|
- `FILES_MOUNT_MODE=ro|rw` is the literal mount flag: `ro` makes the share
|
||||||
|
read-only at the *kernel*, whatever the UI thinks.
|
||||||
|
- `FILES_AUTH=htpasswd|passthrough` — `passthrough` means **no login at all**.
|
||||||
|
Only valid once the host is off the public internet: an unauthenticated
|
||||||
|
*writable* share on a public domain is an open upload relay.
|
||||||
|
|
||||||
|
Four traps that cost real time (all enforced or documented in the tooling):
|
||||||
|
|
||||||
|
- **`general.host` is a bare hostname**, no scheme (`files.${BASE_DOMAIN}`), with
|
||||||
|
`force_ssl: true`. The SPA builds its redirect origin as `scheme + host`, so a
|
||||||
|
URL there produces `http://https://files...` and every client-side redirect
|
||||||
|
breaks. The server strips the scheme before its *own* Host check, so `curl`
|
||||||
|
and the uptime monitor stay **green while every browser is broken**.
|
||||||
|
- **`FILES_PASSWORD_HASH` must be `$6$`** (`openssl passwd -6`). The htpasswd
|
||||||
|
plugin's bcrypt branch only matches `$2a$`, so a `$2y$` hash from
|
||||||
|
`htpasswd -B` fails *every* login, silently. `render-config.sh` rejects it.
|
||||||
|
- **The `local` storage backend is admin-gated** — without `FILES_LOCAL_SECRET`
|
||||||
|
reaching it through the connection params, every login dies with
|
||||||
|
`backend error - Not Allowed`, which looks like bad credentials and isn't.
|
||||||
|
- **Don't set `APPLICATION_URL`/`ADMIN_PASSWORD` env** — either makes Filestash
|
||||||
|
rewrite `config.json` at boot, which fails against the `:ro` mount.
|
||||||
|
|
||||||
|
> Verifying this service: a 200 on `/` only proves the server is up. Check the
|
||||||
|
> browser-facing origin — `curl -s -H 'X-Requested-With: XmlHttpRequest`
|
||||||
|
> `https://files.${BASE_DOMAIN}/api/config | jq -r .result.origin` must print
|
||||||
|
> `https://files.${BASE_DOMAIN}` — and re-read `docker compose logs filestash`.
|
||||||
|
|
||||||
## Join (guests)
|
## Join (guests)
|
||||||
|
|
||||||
1. Open `http://ulicraft.lan`, download FjordLauncherUnlocked for your OS.
|
1. Open `https://${BASE_DOMAIN}`, download FjordLauncherUnlocked for your OS.
|
||||||
2. Add an **authlib-injector** account, URL `http://auth.ulicraft.lan/authlib-injector`
|
2. Add an **authlib-injector** account, URL
|
||||||
(register/login at `http://auth.ulicraft.lan`).
|
`https://auth.${BASE_DOMAIN}/authlib-injector` (register/login at
|
||||||
3. **Air-gap only:** trust the local CA — download `http://ulicraft.lan/ca.crt`
|
`https://auth.${BASE_DOMAIN}`).
|
||||||
and add it to your OS trust store (so the HTTPS asset mirror is trusted).
|
3. The launcher installs the modpack from the distribution automatically.
|
||||||
4. Import the pack: `http://packwiz.ulicraft.lan/pack.toml`.
|
4. Connect to **`${BASE_DOMAIN}`** (Minecraft, `:25565`).
|
||||||
5. Connect to **`mc.ulicraft.lan`** (no port needed).
|
|
||||||
|
|
||||||
## Layout
|
## Layout
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose.yml # core: drasl, minecraft, mc-backup, caddy
|
docker-compose.yml # the whole stack (one file)
|
||||||
.static.yml .mirror.yml # online/airgap layers
|
caddy/Caddyfile + conf.d/*.caddy # ingress vhost snippets
|
||||||
.avahi.yml .dnsmasq.yml # optional DNS layers
|
# (core/static/distribution/avatar/status)
|
||||||
caddy/Caddyfile + conf.d/*.caddy # ingress vhost snippets (core/static/mirror)
|
|
||||||
drasl/config/config.toml.tmpl # auth config (rendered)
|
drasl/config/config.toml.tmpl # auth config (rendered)
|
||||||
dnsmasq/dnsmasq.conf.tmpl # optional DNS config (rendered)
|
nmsr/config.toml.tmpl # avatar renderer config, Drasl-backed (rendered)
|
||||||
docker/avahi/ # mDNS responder image
|
docker/nmsr/ # built-from-source NMSR image
|
||||||
pack/ # packwiz modpack source
|
|
||||||
landing/ # Astro site → www/
|
landing/ # Astro site → www/
|
||||||
tooling/ # build-stack, render-config, dns-records,
|
launcher/ # FjordLauncher assets (gitignored)
|
||||||
# mirror-mods, mirror-airgap, fetch-launcher
|
server-mods/ # filtered server mod jars (synced, gitignored)
|
||||||
mirror/ # vendored jars + launcher + asset mirror (gitignored)
|
tooling/ # render-config, sync-server-mods, render-nginx,
|
||||||
plan/ # full design docs (00–12)
|
# issue-letsencrypt, fetch-launcher
|
||||||
|
nginx/ulicraft-caddy.conf.tmpl # host-nginx TLS vhost template (front of caddy)
|
||||||
|
plan/ # design docs
|
||||||
```
|
```
|
||||||
|
|
||||||
See `plan/00-overview.md` for the full design.
|
See `plan/00-overview.md` for the full design.
|
||||||
|
|||||||
@@ -1,10 +1,12 @@
|
|||||||
# Base Caddy config. Vhosts live in conf.d/*.caddy snippets that are mounted
|
# Base Caddy config. Vhosts live in conf.d/*.caddy snippets:
|
||||||
# in selectively so the stack can run with or without the static site / mirror:
|
# conf.d/00-core.caddy auth
|
||||||
# conf.d/00-core.caddy auth + packwiz (always — core ingress)
|
# conf.d/10-static.caddy apex landing + launcher downloads
|
||||||
# conf.d/10-static.caddy apex landing + launcher downloads (static toggle)
|
# conf.d/30-distribution.caddy static site from another repo
|
||||||
# conf.d/20-mirror.caddy air-gap upstream mirror (tls internal) (mirror toggle)
|
# conf.d/40-avatar.caddy nmsr skin/avatar renderer
|
||||||
# auto_https disable_redirects: http:// sites stay plaintext on :80; the mirror
|
# conf.d/50-status.caddy uptime-kuma status page
|
||||||
# snippet's hosts still get internal TLS on :443 when that snippet is present.
|
# All snippets are plain http:// on :80 — the host's nginx terminates TLS in
|
||||||
|
# front (nginx/ulicraft-caddy.conf.tmpl). disable_redirects keeps caddy from
|
||||||
|
# upgrading to its own https.
|
||||||
{
|
{
|
||||||
auto_https disable_redirects
|
auto_https disable_redirects
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,14 +0,0 @@
|
|||||||
# Core ingress — Blessing Skin variant. Replaces 00-core.caddy when the
|
|
||||||
# docker-compose.blessingskin.yml override is in play (mounted at the same
|
|
||||||
# target path). auth.* now points at Blessing Skin instead of Drasl.
|
|
||||||
#
|
|
||||||
# Blessing Skin serves BOTH its web UI (/) and the Yggdrasil API (/api/yggdrasil)
|
|
||||||
# on the same vhost, so a single reverse_proxy covers everything.
|
|
||||||
http://auth.{$BASE_DOMAIN} {
|
|
||||||
reverse_proxy blessing-skin:80
|
|
||||||
}
|
|
||||||
|
|
||||||
http://pack.{$BASE_DOMAIN} {
|
|
||||||
root * /srv/pack
|
|
||||||
file_server browse
|
|
||||||
}
|
|
||||||
@@ -1,9 +1,4 @@
|
|||||||
# Core ingress — always mounted. Drasl auth + packwiz pack metadata.
|
# Core ingress — always mounted. Drasl auth.
|
||||||
http://auth.{$BASE_DOMAIN} {
|
http://auth.{$BASE_DOMAIN} {
|
||||||
reverse_proxy drasl:25585
|
reverse_proxy drasl:25585
|
||||||
}
|
}
|
||||||
|
|
||||||
http://pack.{$BASE_DOMAIN} {
|
|
||||||
root * /srv/pack
|
|
||||||
file_server browse
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -1,19 +1,18 @@
|
|||||||
# Static toggle — apex landing page + launcher downloads.
|
# Apex — landing page (/srv/www) + launcher downloads (/srv/launcher).
|
||||||
# Mounted only when the stack runs with static files (build-stack.sh up static|full).
|
|
||||||
http://{$BASE_DOMAIN} {
|
http://{$BASE_DOMAIN} {
|
||||||
# Caddy's local CA root, so guests can trust the air-gap HTTPS mirror.
|
|
||||||
# Mounted from ./caddy/caddy-root-ca.crt (exported by build-stack prep;
|
|
||||||
# the live pki dir is root-only 0600 and can't be served directly).
|
|
||||||
handle /ca.crt {
|
|
||||||
root * /srv/ca-pub
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
# Launcher downloads are a sibling mount (/srv/launcher), not nested under
|
# Launcher downloads are a sibling mount (/srv/launcher), not nested under
|
||||||
# the read-only /srv/www. handle_path strips the /launcher prefix.
|
# the read-only /srv/www. handle_path strips the /launcher prefix.
|
||||||
handle_path /launcher/* {
|
handle_path /launcher/* {
|
||||||
root * /srv/launcher
|
root * /srv/launcher
|
||||||
file_server browse
|
file_server browse
|
||||||
}
|
}
|
||||||
|
# Self-hosted Minecraft status JSON (mc-status service). Same-origin, so the
|
||||||
|
# landing's ServerCard fetch needs no CORS. The <addr> in the path is
|
||||||
|
# ignored by mc-status — it only ever pings its configured MC_STATUS_TARGET.
|
||||||
|
handle /api/mcstatus/* {
|
||||||
|
uri strip_prefix /api/mcstatus
|
||||||
|
reverse_proxy mc-status:8080
|
||||||
|
}
|
||||||
handle {
|
handle {
|
||||||
root * /srv/www
|
root * /srv/www
|
||||||
file_server
|
file_server
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
# Mirror toggle — full client air-gap mirror (see plan/11-full-airgap-mirror.md).
|
|
||||||
# Byte-exact copies of the real upstream hosts over HTTPS with Caddy's local CA.
|
|
||||||
# dnsmasq spoofs these hostnames -> our host; {host} roots each at its subtree.
|
|
||||||
# Mounted only when the stack runs with the mirror (build-stack.sh up mirror|full).
|
|
||||||
meta.prismlauncher.org, piston-meta.mojang.com, piston-data.mojang.com, libraries.minecraft.net, maven.neoforged.net, resources.download.minecraft.net {
|
|
||||||
tls internal
|
|
||||||
root * /srv/mirror/{host}
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
@@ -1,8 +1,10 @@
|
|||||||
# Distribution toggle — static site served from a web root in ANOTHER repo.
|
# Distribution — static site served from a web root in ANOTHER repo. The host
|
||||||
# The host path is set by DISTRIBUTION_WEB_ROOT in .env and bind-mounted to
|
# path is set by DISTRIBUTION_WEB_ROOT in .env and bind-mounted to
|
||||||
# /srv/distribution by docker-compose.caddy.yml. Mounted only when that var is
|
# /srv/distribution by the caddy service in docker-compose.yml.
|
||||||
# set (see the distribution override).
|
|
||||||
http://distribution.{$BASE_DOMAIN} {
|
http://distribution.{$BASE_DOMAIN} {
|
||||||
root * /srv/distribution
|
root * /srv/distribution
|
||||||
|
# The landing page (apex origin) fetches launcher.json cross-origin to render
|
||||||
|
# the download buttons. Allow it — launcher assets are fully public, no creds.
|
||||||
|
header /launcher/* Access-Control-Allow-Origin "*"
|
||||||
file_server browse
|
file_server browse
|
||||||
}
|
}
|
||||||
|
|||||||
4
caddy/conf.d/40-avatar.caddy
Normal file
4
caddy/conf.d/40-avatar.caddy
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
# Avatar — NMSR skin/avatar renderer (nmsr service), Drasl-backed.
|
||||||
|
http://avatar.{$BASE_DOMAIN} {
|
||||||
|
reverse_proxy nmsr:8080
|
||||||
|
}
|
||||||
4
caddy/conf.d/50-status.caddy
Normal file
4
caddy/conf.d/50-status.caddy
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
# Status — Uptime Kuma monitoring + public status page (uptime-kuma service).
|
||||||
|
http://status.{$BASE_DOMAIN} {
|
||||||
|
reverse_proxy uptime-kuma:3001
|
||||||
|
}
|
||||||
10
caddy/conf.d/60-files.caddy
Normal file
10
caddy/conf.d/60-files.caddy
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
# Files — Filestash player file share (filestash service). Shared login,
|
||||||
|
# writable. See plan/20-files.md.
|
||||||
|
#
|
||||||
|
# Filestash blocks any request whose Host header doesn't match its configured
|
||||||
|
# `general.host` (https://files.${BASE_DOMAIN}), with "only traffic from X is
|
||||||
|
# allowed". The host nginx forwards the original Host, and caddy passes it
|
||||||
|
# through untouched — do NOT rewrite it here or every request 403s.
|
||||||
|
http://files.{$BASE_DOMAIN} {
|
||||||
|
reverse_proxy filestash:8334
|
||||||
|
}
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,21 +0,0 @@
|
|||||||
# Resolve every *.${BASE_DOMAIN} (and the apex) to the Docker host LAN IP.
|
|
||||||
# Rendered by tooling/render-config.sh -> dnsmasq/dnsmasq.conf (gitignored).
|
|
||||||
address=/${BASE_DOMAIN}/${HOST_LAN_IP}
|
|
||||||
no-resolv
|
|
||||||
|
|
||||||
# Minecraft SRV record: guests connect to "mc.${BASE_DOMAIN}" with NO port —
|
|
||||||
# the SRV lookup points the client at port 25565. Target mc.${BASE_DOMAIN}
|
|
||||||
# resolves to HOST_LAN_IP via the wildcard above.
|
|
||||||
# Format: srv-host=_service._proto.name,target,port
|
|
||||||
srv-host=_minecraft._tcp.mc.${BASE_DOMAIN},mc.${BASE_DOMAIN},25565
|
|
||||||
|
|
||||||
# Full client air-gap (see plan/11-full-airgap-mirror.md): spoof the real
|
|
||||||
# upstream hosts -> our Caddy mirror. Auth hosts (session/textures/api.mojang)
|
|
||||||
# are NOT spoofed — drasl handles those via authlib-injector. Keep this list in
|
|
||||||
# sync with the proxy-capture step.
|
|
||||||
address=/meta.prismlauncher.org/${HOST_LAN_IP}
|
|
||||||
address=/piston-meta.mojang.com/${HOST_LAN_IP}
|
|
||||||
address=/piston-data.mojang.com/${HOST_LAN_IP}
|
|
||||||
address=/libraries.minecraft.net/${HOST_LAN_IP}
|
|
||||||
address=/maven.neoforged.net/${HOST_LAN_IP}
|
|
||||||
address=/resources.download.minecraft.net/${HOST_LAN_IP}
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
# mDNS toggle — publish *.local service names via the HOST's avahi-daemon for
|
|
||||||
# zero-config guest resolution. Enabled when ENABLE_MDNS=true in .env and only
|
|
||||||
# meaningful when BASE_DOMAIN=*.local.
|
|
||||||
#
|
|
||||||
# Host prerequisites:
|
|
||||||
# - avahi-daemon running on the host
|
|
||||||
# - if the host has many interfaces (e.g. lots of docker bridges), restrict
|
|
||||||
# avahi to the LAN NIC in /etc/avahi/avahi-daemon.conf:
|
|
||||||
# allow-interfaces=<lan-iface>
|
|
||||||
# otherwise avahi sees its own announcements across bridges → "Local name
|
|
||||||
# collision" and publishing fails.
|
|
||||||
services:
|
|
||||||
avahi:
|
|
||||||
build: ./docker/avahi
|
|
||||||
image: ulicraft-avahi:local
|
|
||||||
container_name: avahi
|
|
||||||
restart: unless-stopped
|
|
||||||
network_mode: host
|
|
||||||
# AppArmor's docker-default profile blocks the D-Bus publish to host avahi.
|
|
||||||
security_opt:
|
|
||||||
- apparmor=unconfined
|
|
||||||
environment:
|
|
||||||
BASE_DOMAIN: ${BASE_DOMAIN}
|
|
||||||
HOST_LAN_IP: ${HOST_LAN_IP}
|
|
||||||
DBUS_SYSTEM_BUS_ADDRESS: "unix:path=/run/dbus/system_bus_socket"
|
|
||||||
volumes:
|
|
||||||
# Talk to the host's avahi-daemon (host must run avahi-daemon).
|
|
||||||
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
|
|
||||||
@@ -1,105 +0,0 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Blessing Skin auth variant — use INSTEAD of Drasl.
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Layer this over the base file AND the caddy ingress (caddy lives in its own
|
|
||||||
# file now; this override only swaps caddy's core conf, so caddy.yml is required):
|
|
||||||
#
|
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml \
|
|
||||||
# -f docker-compose.blessingskin.yml up -d
|
|
||||||
#
|
|
||||||
# What it does vs the base stack:
|
|
||||||
# - drasl → left running but UNUSED + unreachable (Caddy no longer
|
|
||||||
# routes to it; it has no host port). Compose merges
|
|
||||||
# depends_on, so it can't be removed from an override —
|
|
||||||
# idling it is the clean option. `docker compose ... stop
|
|
||||||
# drasl` after up if you want it down.
|
|
||||||
# - caddy → auth.* now reverse-proxies blessing-skin:80
|
|
||||||
# - mariadb → new; Blessing Skin's datastore (no SQLite support)
|
|
||||||
# - blessing-skin → new; PHP skin server + yggdrasil-api plugin
|
|
||||||
# - minecraft → authlib-injector now points at /api/yggdrasil,
|
|
||||||
# ONLINE_MODE=TRUE (real session validation against BSS)
|
|
||||||
#
|
|
||||||
# First-run is a WEB WIZARD — see plan/03b-blessing-skin.md. The yggdrasil-api
|
|
||||||
# plugin must be installed + enabled from the BSS admin panel before the
|
|
||||||
# /api/yggdrasil endpoint (and thus Minecraft login) works.
|
|
||||||
#
|
|
||||||
# DB creds + APP_KEY come from .env (see .env.example: BS_* vars).
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
services:
|
|
||||||
caddy:
|
|
||||||
# Swap the core ingress conf for the Blessing Skin one. Compose MERGES
|
|
||||||
# volumes by container path, so mounting the BSS conf at the SAME target
|
|
||||||
# (/etc/caddy/conf.d/00-core.caddy) shadows the base 00-core.caddy; all
|
|
||||||
# other base mounts (pack, custom, static, ca) are kept automatically.
|
|
||||||
volumes:
|
|
||||||
- ./caddy/conf.d/00-core-blessingskin.caddy:/etc/caddy/conf.d/00-core.caddy:ro
|
|
||||||
depends_on:
|
|
||||||
- blessing-skin
|
|
||||||
|
|
||||||
mariadb:
|
|
||||||
image: mariadb:11
|
|
||||||
container_name: mariadb
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
MARIADB_DATABASE: ${BS_DB_NAME}
|
|
||||||
MARIADB_USER: ${BS_DB_USER}
|
|
||||||
MARIADB_PASSWORD: ${BS_DB_PASSWORD}
|
|
||||||
MARIADB_ROOT_PASSWORD: ${BS_DB_ROOT_PASSWORD}
|
|
||||||
TZ: "Europe/Madrid"
|
|
||||||
volumes:
|
|
||||||
- bs_db:/var/lib/mysql
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 10
|
|
||||||
networks:
|
|
||||||
- mcnet
|
|
||||||
|
|
||||||
blessing-skin:
|
|
||||||
image: azusamikan/blessing-skin-server-docker:latest
|
|
||||||
container_name: blessing-skin
|
|
||||||
restart: unless-stopped
|
|
||||||
# Internal-only — reached via Caddy at auth.${BASE_DOMAIN}.
|
|
||||||
environment:
|
|
||||||
APP_URL: "http://auth.${BASE_DOMAIN}"
|
|
||||||
# Persist APP_KEY across recreates (else sessions/encryption break).
|
|
||||||
# Generate once: docker run --rm azusamikan/blessing-skin-server-docker:latest php artisan key:generate --show
|
|
||||||
APP_KEY: ${BS_APP_KEY}
|
|
||||||
DB_DRIVER: "mysql"
|
|
||||||
DB_HOST: "mariadb"
|
|
||||||
DB_PORT: "3306"
|
|
||||||
DB_DATABASE: ${BS_DB_NAME}
|
|
||||||
DB_USERNAME: ${BS_DB_USER}
|
|
||||||
DB_PASSWORD: ${BS_DB_PASSWORD}
|
|
||||||
TZ: "Europe/Madrid"
|
|
||||||
volumes:
|
|
||||||
- bs_storage:/app/storage # uploaded skins/capes + textures
|
|
||||||
- bs_plugins:/app/plugins # yggdrasil-api plugin lives here
|
|
||||||
depends_on:
|
|
||||||
mariadb:
|
|
||||||
condition: service_healthy
|
|
||||||
networks:
|
|
||||||
- mcnet
|
|
||||||
|
|
||||||
minecraft:
|
|
||||||
environment:
|
|
||||||
# authlib-injector API root for Blessing Skin's yggdrasil-api plugin
|
|
||||||
# is <site>/api/yggdrasil (NOT /authlib-injector like Drasl).
|
|
||||||
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/api/yggdrasil"
|
|
||||||
# authlib-injector needs real auth: online-mode TRUE so the server
|
|
||||||
# validates sessions against Blessing Skin. (Drasl variant used FALSE.)
|
|
||||||
ONLINE_MODE: "TRUE"
|
|
||||||
# Keep FALSE for safety on 1.21+. The yggdrasil-api plugin DOES sign
|
|
||||||
# profile keys, so you MAY flip this to TRUE if signed chat is wanted.
|
|
||||||
ENFORCE_SECURE_PROFILE: "FALSE"
|
|
||||||
# Merged with the base depends_on (drasl, caddy); just adds blessing-skin so
|
|
||||||
# Minecraft starts after the skin server is up.
|
|
||||||
depends_on:
|
|
||||||
- blessing-skin
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
bs_db:
|
|
||||||
bs_storage:
|
|
||||||
bs_plugins:
|
|
||||||
@@ -1,50 +0,0 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Caddy ingress — LAN / air-gap path. NOT started with the base stack.
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Caddy was moved out of docker-compose.yml so the base stack can run behind
|
|
||||||
# the host's nginx (production) without it. build-stack.sh adds this file for
|
|
||||||
# its online/airgap/core modes; static/mirror overrides mount extra vhosts in.
|
|
||||||
#
|
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
|
|
||||||
#
|
|
||||||
# Holds the mcnet aliases (auth./pack.${BASE_DOMAIN}) so containers resolve the
|
|
||||||
# stack's own names internally — this is why minecraft can reach the pack here
|
|
||||||
# without extra_hosts (the nginx path uses extra_hosts instead).
|
|
||||||
services:
|
|
||||||
caddy:
|
|
||||||
image: caddy:alpine
|
|
||||||
container_name: caddy
|
|
||||||
restart: unless-stopped
|
|
||||||
# Host-published port. Default 80 for the standalone LAN/air-gap path; set
|
|
||||||
# CADDY_HTTP_PORT to a high localhost-only port when the machine's nginx
|
|
||||||
# fronts caddy (nginx terminates TLS, reverse-proxies here by Host header —
|
|
||||||
# see nginx/ulicraft-caddy.conf.tmpl).
|
|
||||||
ports:
|
|
||||||
- "${CADDY_HTTP_BIND:-0.0.0.0}:${CADDY_HTTP_PORT:-80}:80"
|
|
||||||
environment:
|
|
||||||
BASE_DOMAIN: ${BASE_DOMAIN}
|
|
||||||
volumes:
|
|
||||||
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
|
|
||||||
- ./caddy/conf.d/00-core.caddy:/etc/caddy/conf.d/00-core.caddy:ro
|
|
||||||
- ./caddy/conf.d/10-static.caddy:/etc/caddy/conf.d/10-static.caddy:ro
|
|
||||||
- ./www:/srv/www:ro
|
|
||||||
- ./mirror/launcher:/srv/launcher:ro
|
|
||||||
- ./caddy/caddy-root-ca.crt:/srv/ca-pub/ca.crt:ro
|
|
||||||
- ./pack:/srv/pack:ro
|
|
||||||
# Custom (locally-hosted) mod jars live OUTSIDE ./pack so packwiz refresh
|
|
||||||
# doesn't index them as direct files. Served at pack.${BASE_DOMAIN}/custom/.
|
|
||||||
- ./custom:/srv/pack/custom:ro
|
|
||||||
networks:
|
|
||||||
mcnet:
|
|
||||||
# The upstream spoof-host aliases live in docker-compose.mirror.yml —
|
|
||||||
# adding them here would hijack maven.neoforged.net etc. for ALL mcnet
|
|
||||||
# containers, breaking the ONLINE NeoForge install during pre-bake.
|
|
||||||
aliases:
|
|
||||||
- "auth.${BASE_DOMAIN}"
|
|
||||||
- "pack.${BASE_DOMAIN}"
|
|
||||||
|
|
||||||
# Restore the ordering the base file used to have (base drops it so it can run
|
|
||||||
# caddy-less behind nginx).
|
|
||||||
minecraft:
|
|
||||||
depends_on:
|
|
||||||
- caddy
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Distribution vhost — distribution.${BASE_DOMAIN}, static files from a web
|
|
||||||
# root that lives in ANOTHER repo. Layered on top of the caddy ingress.
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml \
|
|
||||||
# -f docker-compose.distribution.yml up -d
|
|
||||||
#
|
|
||||||
# DISTRIBUTION_WEB_ROOT (.env) = absolute host path to the built static site in
|
|
||||||
# the other repo. Bind-mounted read-only; caddy serves it via the
|
|
||||||
# conf.d/30-distribution.caddy snippet.
|
|
||||||
services:
|
|
||||||
caddy:
|
|
||||||
volumes:
|
|
||||||
- ./caddy/conf.d/30-distribution.caddy:/etc/caddy/conf.d/30-distribution.caddy:ro
|
|
||||||
- ${DISTRIBUTION_WEB_ROOT:?DISTRIBUTION_WEB_ROOT unset in .env}:/srv/distribution:ro
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
# Optional turnkey DNS — only if you DON'T run your own party DNS server.
|
|
||||||
# Layer on: `docker compose -f docker-compose.yml -f docker-compose.dnsmasq.yml ... up -d`.
|
|
||||||
# Serves dnsmasq/dnsmasq.conf (rendered from the template, includes the airgap
|
|
||||||
# spoof records). If you have your own DNS, skip this and use the records from
|
|
||||||
# `tooling/dns-records.sh` instead.
|
|
||||||
services:
|
|
||||||
dnsmasq:
|
|
||||||
image: jpillora/dnsmasq
|
|
||||||
container_name: dnsmasq
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
# Bind DNS to the host LAN IP so it doesn't clash with systemd-resolved on :53.
|
|
||||||
- "${HOST_LAN_IP}:53:53/udp"
|
|
||||||
- "${HOST_LAN_IP}:53:53/tcp"
|
|
||||||
volumes:
|
|
||||||
- ./dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf:ro
|
|
||||||
networks:
|
|
||||||
- mcnet
|
|
||||||
# webproc UI (:8080) can be exposed behind Caddy as dns.${BASE_DOMAIN};
|
|
||||||
# guard with HTTP_USER / HTTP_PASS.
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
# Mirror toggle — full client air-gap upstream mirror (see plan/11).
|
|
||||||
# Layer on top of the base: `docker compose -f docker-compose.yml -f docker-compose.mirror.yml up -d`
|
|
||||||
# (or `tooling/build-stack.sh --up mirror`). Adds the mirror vhost snippet, the
|
|
||||||
# upstream content mount, and publishes :443 for Caddy's `tls internal` certs.
|
|
||||||
# Populate the mirror first: tooling/mirror-airgap.sh (+ the proxy-capture step).
|
|
||||||
services:
|
|
||||||
caddy:
|
|
||||||
ports:
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- ./caddy/conf.d/20-mirror.caddy:/etc/caddy/conf.d/20-mirror.caddy:ro
|
|
||||||
- ./mirror/upstream:/srv/mirror:ro
|
|
||||||
networks:
|
|
||||||
mcnet:
|
|
||||||
# Spoof the real upstream hosts -> Caddy (air-gap runtime only). Includes
|
|
||||||
# the base aliases because compose replaces (not merges) the alias list.
|
|
||||||
aliases:
|
|
||||||
- "auth.${BASE_DOMAIN}"
|
|
||||||
- "packwiz.${BASE_DOMAIN}"
|
|
||||||
- "meta.prismlauncher.org"
|
|
||||||
- "piston-meta.mojang.com"
|
|
||||||
- "piston-data.mojang.com"
|
|
||||||
- "libraries.minecraft.net"
|
|
||||||
- "maven.neoforged.net"
|
|
||||||
- "resources.download.minecraft.net"
|
|
||||||
@@ -1,30 +0,0 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Production ingress = the HOST's nginx + Let's Encrypt. No caddy.
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
|
|
||||||
#
|
|
||||||
# nginx (on the host, already installed) terminates TLS with the LE certs from
|
|
||||||
# tooling/issue-letsencrypt.sh and:
|
|
||||||
# - serves apex + pack.${BASE_DOMAIN} as static files (./www, ./pack, ./custom)
|
|
||||||
# - reverse-proxies auth.${BASE_DOMAIN} -> 127.0.0.1:25585 (drasl)
|
|
||||||
# See nginx/ulicraft.conf.tmpl.
|
|
||||||
#
|
|
||||||
# This override:
|
|
||||||
# - publishes drasl on localhost so the host nginx can reach it
|
|
||||||
# - points the minecraft container at the host (extra_hosts) over HTTPS, so it
|
|
||||||
# fetches the pack and validates sessions through the same public names the
|
|
||||||
# LE certs cover (JVM trusts Let's Encrypt out of the box)
|
|
||||||
services:
|
|
||||||
drasl:
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:25585:25585"
|
|
||||||
|
|
||||||
minecraft:
|
|
||||||
# Make the public names resolve to the host running nginx.
|
|
||||||
extra_hosts:
|
|
||||||
- "auth.${BASE_DOMAIN}:host-gateway"
|
|
||||||
- "pack.${BASE_DOMAIN}:host-gateway"
|
|
||||||
environment:
|
|
||||||
# Use HTTPS now that nginx terminates TLS with a publicly-trusted cert.
|
|
||||||
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=https://auth.${BASE_DOMAIN}/authlib-injector"
|
|
||||||
PACKWIZ_URL: "https://pack.${BASE_DOMAIN}/pack.toml"
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
# Static toggle — apex landing page + launcher downloads.
|
|
||||||
# Layer on top of the base: `docker compose -f docker-compose.yml -f docker-compose.static.yml up -d`
|
|
||||||
# (or `tooling/build-stack.sh --up static`). Adds the static vhost snippet plus
|
|
||||||
# the www + launcher content mounts. Build www first: cd landing && pnpm run build.
|
|
||||||
services:
|
|
||||||
caddy:
|
|
||||||
volumes:
|
|
||||||
- ./caddy/conf.d/10-static.caddy:/etc/caddy/conf.d/10-static.caddy:ro
|
|
||||||
- ./www:/srv/www:ro
|
|
||||||
- ./mirror/launcher:/srv/launcher:ro
|
|
||||||
- ./caddy/caddy-root-ca.crt:/srv/ca-pub/ca.crt:ro
|
|
||||||
@@ -1,31 +1,31 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────────
|
||||||
# Ulicraft LAN-party stack — Minecraft 1.21.1 NeoForge + Drasl auth
|
# Ulicraft LAN-party stack — Minecraft 1.21.1 NeoForge + Drasl auth
|
||||||
# ──────────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────────
|
||||||
# Single source of config: BASE_DOMAIN + HOST_LAN_IP in .env.
|
# Single, unified compose. One file holds the whole stack:
|
||||||
# DNS is provided by YOUR party DNS server — see tooling/dns-records.sh for the
|
# drasl auth + skins (Yggdrasil), internal only
|
||||||
# records to add (online vs airgap). A turnkey dnsmasq is available as an
|
# minecraft the server (itzg/NEOFORGE), mods from ./server-mods volume
|
||||||
# optional layer: docker-compose.dnsmasq.yml.
|
# mc-backup world backups every 6h via RCON
|
||||||
# - ingress is layered on, NOT in this base file: caddy (docker-compose.caddy.yml,
|
# caddy internal ingress — routes auth./apex/launcher/avatar.
|
||||||
# LAN/air-gap, holds mcnet aliases) OR the host's nginx (docker-compose.nginx.yml
|
# /distribution. by Host header (conf.d/*.caddy)
|
||||||
# + Let's Encrypt, production)
|
# nmsr skin/avatar renderer at avatar.${BASE_DOMAIN}
|
||||||
# - drasl handles auth (password login; NO Keycloak/OIDC in this stack)
|
# uptime-kuma status monitoring at status.${BASE_DOMAIN}
|
||||||
# - packwiz pack is served by the ingress at pack.${BASE_DOMAIN}
|
#
|
||||||
# - minecraft installs mods via PACKWIZ_URL, authlib-injector -> auth.
|
# Bring up: docker compose up -d (render configs first: tooling/render-config.sh)
|
||||||
|
#
|
||||||
|
# DNS is handled OUTSIDE this repo — point every service name at the host.
|
||||||
|
# Production TLS terminates at the HOST's nginx in front of caddy
|
||||||
|
# (nginx/ulicraft-caddy.conf.tmpl + Let's Encrypt); caddy is published on a
|
||||||
|
# localhost-only port (CADDY_HTTP_BIND/CADDY_HTTP_PORT in .env). Containers reach
|
||||||
|
# the stack's own names internally via caddy's mcnet alias (auth.).
|
||||||
# ──────────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# NOTE: the HTTP(S) ingress is NOT in this base file.
|
|
||||||
# - LAN / air-gap: caddy (docker-compose.caddy.yml) — added by build-stack.sh
|
|
||||||
# - production: the HOST's nginx + Let's Encrypt (docker-compose.nginx.yml
|
|
||||||
# publishes drasl to localhost; nginx/ulicraft.conf.tmpl)
|
|
||||||
# Base alone (drasl + minecraft + mc-backup) is not a complete deployment —
|
|
||||||
# always layer one ingress file on top.
|
|
||||||
drasl:
|
drasl:
|
||||||
image: unmojang/drasl:latest
|
image: unmojang/drasl:latest
|
||||||
container_name: drasl
|
container_name: drasl
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
# Internal-only: no published host port. Reached via Caddy at
|
# Internal-only: no published host port. Reached via caddy at
|
||||||
# auth.${BASE_DOMAIN} (Caddy holds the network alias on mcnet).
|
# auth.${BASE_DOMAIN} (caddy holds the network alias on mcnet).
|
||||||
volumes:
|
volumes:
|
||||||
- ./drasl/config:/etc/drasl:ro
|
- ./drasl/config:/etc/drasl:ro
|
||||||
- drasl_state:/var/lib/drasl
|
- drasl_state:/var/lib/drasl
|
||||||
@@ -48,7 +48,9 @@ services:
|
|||||||
TYPE: "NEOFORGE"
|
TYPE: "NEOFORGE"
|
||||||
VERSION: "1.21.1"
|
VERSION: "1.21.1"
|
||||||
# Verify NEOFORGE_VERSION against projects.neoforged.net before deploy.
|
# Verify NEOFORGE_VERSION against projects.neoforged.net before deploy.
|
||||||
NEOFORGE_VERSION: "21.1.209" # pin a known-good build; update deliberately
|
# Must match the distribution's NeoForge (distribution.json → 21.1.233);
|
||||||
|
# several mods (ferritecore≥218, farmersdelight≥219, configured≥211) need it.
|
||||||
|
NEOFORGE_VERSION: "21.1.233" # pin a known-good build; update deliberately
|
||||||
|
|
||||||
# ── Memory / performance ────────────────────────────────────
|
# ── Memory / performance ────────────────────────────────────
|
||||||
INIT_MEMORY: "4G"
|
INIT_MEMORY: "4G"
|
||||||
@@ -56,25 +58,37 @@ services:
|
|||||||
USE_AIKAR_FLAGS: "TRUE"
|
USE_AIKAR_FLAGS: "TRUE"
|
||||||
JVM_XX_OPTS: "-XX:+UseG1GC"
|
JVM_XX_OPTS: "-XX:+UseG1GC"
|
||||||
|
|
||||||
# ── Auth: offline mode + authlib-injector pointing at Drasl ─
|
# ── Auth: ONLINE mode validated against Drasl via authlib-injector ─
|
||||||
ONLINE_MODE: "FALSE"
|
# MUST be true: authlib-injector redirects the normal online-auth
|
||||||
# mount authlib-injector.jar at /extras/authlib-injector.jar
|
# handshake from Mojang to Drasl. online-mode=false skips the handshake
|
||||||
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/authlib-injector"
|
# entirely -> offline UUIDs, no session validation, NO SKINS for anyone.
|
||||||
|
# Secure-profile is the part that must stay off on 1.21+ (see
|
||||||
|
# ENFORCE_SECURE_PROFILE + Drasl SignPublicKeys=false), NOT online-mode.
|
||||||
|
ONLINE_MODE: "TRUE"
|
||||||
|
# Resolves over mcnet to caddy (alias auth.${BASE_DOMAIN}) -> drasl.
|
||||||
|
JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=https://auth.${BASE_DOMAIN}/authlib-injector"
|
||||||
|
|
||||||
# ── Server config ───────────────────────────────────────────
|
# ── Server config ───────────────────────────────────────────
|
||||||
DIFFICULTY: "normal"
|
DIFFICULTY: "normal"
|
||||||
MODE: "survival"
|
MODE: "survival"
|
||||||
MOTD: "Uli LAN party"
|
MOTD: "Uli LAN party"
|
||||||
|
# Server-list icon (auto-scaled to 64x64). PNG lives in ./runtime (mounted
|
||||||
|
# /extras); OVERRIDE_ICON re-applies it on every boot. Also surfaces in the
|
||||||
|
# landing ServerCard via the SLP favicon.
|
||||||
|
ICON: "/extras/server-icon.png"
|
||||||
|
OVERRIDE_ICON: "TRUE"
|
||||||
MAX_PLAYERS: "10"
|
MAX_PLAYERS: "10"
|
||||||
VIEW_DISTANCE: "10"
|
VIEW_DISTANCE: "10"
|
||||||
SIMULATION_DISTANCE: "8"
|
SIMULATION_DISTANCE: "8"
|
||||||
ENFORCE_SECURE_PROFILE: "FALSE" # required for authlib-injector on 1.21+
|
ENFORCE_SECURE_PROFILE: "FALSE" # required for authlib-injector on 1.21+
|
||||||
ALLOW_FLIGHT: "TRUE" # many tech mods need this
|
ALLOW_FLIGHT: "TRUE" # many tech mods need this
|
||||||
|
|
||||||
# ── Mod source: packwiz pack served by the ingress ──────────
|
# ── Mod source: filtered subset of the distribution modset ──
|
||||||
# http + caddy alias by default; the nginx override switches this to
|
# Jars are synced into ./server-mods by tooling/sync-server-mods.sh
|
||||||
# https + host-gateway (extra_hosts) for the production path.
|
# (both/server entries from mods-sides.json) and mounted at /mods below;
|
||||||
PACKWIZ_URL: "http://pack.${BASE_DOMAIN}/pack.toml"
|
# itzg auto-syncs /mods → /data/mods. REMOVE_OLD_MODS makes that mirror
|
||||||
|
# authoritative so removed mods get pruned. See plan/04-mods.md.
|
||||||
|
REMOVE_OLD_MODS: "TRUE"
|
||||||
|
|
||||||
# ── RCON for remote admin ───────────────────────────────────
|
# ── RCON for remote admin ───────────────────────────────────
|
||||||
ENABLE_RCON: "TRUE"
|
ENABLE_RCON: "TRUE"
|
||||||
@@ -85,12 +99,28 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- mc_data:/data
|
- mc_data:/data
|
||||||
- ./runtime:/extras:ro # authlib-injector.jar lives here
|
- ./runtime:/extras:ro # authlib-injector.jar lives here
|
||||||
|
- ./server-mods:/mods:ro # itzg auto-syncs /mods → /data/mods
|
||||||
|
# Distribution client-override files the server also needs, from the live
|
||||||
|
# distribution (DISTRIBUTION_WEB_ROOT), same source as caddy. Only the kubejs
|
||||||
|
# *source* subdirs are bind-mounted ro — kubejs itself writes config/, cache/,
|
||||||
|
# generated/, logs/ at boot, so the kubejs ROOT must stay writable (lives in
|
||||||
|
# mc_data). Mounting the whole kubejs dir ro makes BaseProperties.save() NPE
|
||||||
|
# and kubejs never initialises. CustomSkinLoader is ro (read-only json).
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT:?DISTRIBUTION_WEB_ROOT unset in .env}/servers/ulicraft-1.21.1/files/kubejs/server_scripts:/data/kubejs/server_scripts:ro
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT}/servers/ulicraft-1.21.1/files/kubejs/startup_scripts:/data/kubejs/startup_scripts:ro
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT}/servers/ulicraft-1.21.1/files/kubejs/data:/data/kubejs/data:ro
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT}/servers/ulicraft-1.21.1/files/kubejs/assets:/data/kubejs/assets:ro
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT}/servers/ulicraft-1.21.1/files/CustomSkinLoader:/data/CustomSkinLoader:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
- drasl # ingress (caddy/nginx) is layered separately
|
- drasl # authlib (auth.) must resolve at boot
|
||||||
|
# Containers don't inherit the host's /etc/hosts; the LAN resolver returns a
|
||||||
|
# dead address for the public names. Pin auth. to the host so HTTPS to it
|
||||||
|
# lands on the host's nginx (valid LE cert) -> caddy -> drasl.
|
||||||
|
extra_hosts:
|
||||||
|
- "auth.${BASE_DOMAIN}:host-gateway"
|
||||||
networks:
|
networks:
|
||||||
- mcnet
|
- mcnet
|
||||||
|
|
||||||
# Optional: backups
|
|
||||||
mc-backup:
|
mc-backup:
|
||||||
image: itzg/mc-backup
|
image: itzg/mc-backup
|
||||||
container_name: mc-backup
|
container_name: mc-backup
|
||||||
@@ -109,9 +139,129 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- mcnet
|
- mcnet
|
||||||
|
|
||||||
|
# Internal ingress. Routes every vhost by Host header (conf.d/*.caddy):
|
||||||
|
# auth. -> drasl, apex -> landing + /launcher,
|
||||||
|
# avatar. -> nmsr, status. -> uptime-kuma, distribution. -> static site.
|
||||||
|
# Published on a localhost-only port; the host's nginx terminates TLS in
|
||||||
|
# front of it (nginx/ulicraft-caddy.conf.tmpl).
|
||||||
|
caddy:
|
||||||
|
image: caddy:alpine
|
||||||
|
container_name: caddy
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "${CADDY_HTTP_BIND:-127.0.0.1}:${CADDY_HTTP_PORT:-8880}:80"
|
||||||
|
environment:
|
||||||
|
BASE_DOMAIN: ${BASE_DOMAIN}
|
||||||
|
volumes:
|
||||||
|
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
|
||||||
|
- ./caddy/conf.d/00-core.caddy:/etc/caddy/conf.d/00-core.caddy:ro
|
||||||
|
- ./caddy/conf.d/10-static.caddy:/etc/caddy/conf.d/10-static.caddy:ro
|
||||||
|
- ./caddy/conf.d/30-distribution.caddy:/etc/caddy/conf.d/30-distribution.caddy:ro
|
||||||
|
- ./caddy/conf.d/40-avatar.caddy:/etc/caddy/conf.d/40-avatar.caddy:ro
|
||||||
|
- ./caddy/conf.d/50-status.caddy:/etc/caddy/conf.d/50-status.caddy:ro
|
||||||
|
- ./caddy/conf.d/60-files.caddy:/etc/caddy/conf.d/60-files.caddy:ro
|
||||||
|
- ./www:/srv/www:ro
|
||||||
|
- ./launcher:/srv/launcher:ro
|
||||||
|
# Static site from ANOTHER repo (absolute host path in .env).
|
||||||
|
- ${DISTRIBUTION_WEB_ROOT:?DISTRIBUTION_WEB_ROOT unset in .env}:/srv/distribution:ro
|
||||||
|
networks:
|
||||||
|
mcnet:
|
||||||
|
# Containers resolve the stack's own public names to caddy internally.
|
||||||
|
aliases:
|
||||||
|
- "auth.${BASE_DOMAIN}"
|
||||||
|
|
||||||
|
# Avatar/skin renderer — built from source (docker/nmsr/Dockerfile), pulls
|
||||||
|
# player profiles from Drasl over mcnet. caddy proxies avatar. -> nmsr:8080.
|
||||||
|
nmsr:
|
||||||
|
build:
|
||||||
|
context: ./docker/nmsr
|
||||||
|
image: ulicraft/nmsr:local
|
||||||
|
container_name: nmsr
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./nmsr/config.toml:/nmsr/config.toml:ro
|
||||||
|
# Drasl embeds absolute HTTPS skin URLs (BaseURL is https) in the profile.
|
||||||
|
# The mcnet alias resolves auth. -> caddy (http :80 only), so NMSR's https
|
||||||
|
# skin fetch to auth.:443 finds no listener and every avatar falls back to
|
||||||
|
# the default skin. Pin auth. to the host (same as the minecraft service) so
|
||||||
|
# NMSR reaches the host nginx on :443 with the real LE cert.
|
||||||
|
extra_hosts:
|
||||||
|
- "auth.${BASE_DOMAIN}:host-gateway"
|
||||||
|
networks:
|
||||||
|
- mcnet
|
||||||
|
|
||||||
|
# Self-hosted SLP→JSON pinger (built from docker/mc-status, mcutil wrapper).
|
||||||
|
# Emits mcstatus.io v2 JSON so the landing's ServerCard reads it unchanged.
|
||||||
|
# No published port — caddy proxies apex /api/mcstatus/* -> mc-status:8080.
|
||||||
|
# Pings the minecraft service internally over mcnet; result cached 30s.
|
||||||
|
mc-status:
|
||||||
|
build:
|
||||||
|
context: ./docker/mc-status
|
||||||
|
image: ulicraft/mc-status:local
|
||||||
|
container_name: mc-status
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
MC_STATUS_TARGET: "minecraft:25565"
|
||||||
|
MC_STATUS_CACHE_TTL: "30s"
|
||||||
|
# Registered-players roster (/api/mcstatus/players). mc-status logs into
|
||||||
|
# the Drasl admin API server-side and exposes a sanitized [{uuid,name}]
|
||||||
|
# list; these creds NEVER reach the browser. Use a dedicated, rotatable
|
||||||
|
# admin account. Isolated from the status pinger (own TTL/client).
|
||||||
|
DRASL_API_URL: "http://drasl:25585/drasl/api/v2"
|
||||||
|
DRASL_ADMIN_USERNAME: ${DRASL_ADMIN_USERNAME}
|
||||||
|
DRASL_ADMIN_PASSWORD: ${DRASL_ADMIN_PASSWORD}
|
||||||
|
MC_STATUS_ROSTER_TTL: "60s"
|
||||||
|
networks:
|
||||||
|
- mcnet
|
||||||
|
|
||||||
|
# Player file share (screenshots, schematics, maps) at files.${BASE_DOMAIN}.
|
||||||
|
# ONE shared login for everybody (FILES_AUTH=htpasswd), writable. See
|
||||||
|
# plan/20-files.md — it documents every non-obvious bit of this service.
|
||||||
|
#
|
||||||
|
# Config is rendered read-only from filestash/config.json.tmpl: filestash has
|
||||||
|
# no env-var config, and its admin console writes config.json back at runtime,
|
||||||
|
# so pinning it :ro is what keeps git authoritative. The console still loads —
|
||||||
|
# it just cannot save. That is intentional, not a bug.
|
||||||
|
filestash:
|
||||||
|
image: machines/filestash@sha256:8cb09d42470328a02aec6e3861f912addf8a9d54ad63d9c965bcb48df5ad36b1
|
||||||
|
container_name: filestash
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
# The `local` storage backend is admin-gated in filestash: it refuses to
|
||||||
|
# init unless the connection params carry this secret (or the admin
|
||||||
|
# password). config.json's attribute_mapping supplies it server-side, so
|
||||||
|
# players never see it. Without this, every login dies on "Not Allowed".
|
||||||
|
LOCAL_BACKEND_SECRET: ${FILES_LOCAL_SECRET:?FILES_LOCAL_SECRET unset in .env}
|
||||||
|
# Do NOT set APPLICATION_URL / ADMIN_PASSWORD here: either one makes
|
||||||
|
# filestash rewrite config.json at boot, which fails on the :ro mount.
|
||||||
|
# Both live in the rendered config instead (general.host / auth.admin).
|
||||||
|
volumes:
|
||||||
|
# /app/data/state holds config + sqlite + search index + logs, so the
|
||||||
|
# DIRECTORY must stay writable. Only config.json is pinned read-only.
|
||||||
|
- filestash_state:/app/data/state
|
||||||
|
- ./filestash/config.json:/app/data/state/config/config.json:ro
|
||||||
|
# The share itself. FILES_MOUNT_MODE is the literal mount flag (ro|rw) —
|
||||||
|
# `ro` enforces a read-only share at the KERNEL, whatever the UI thinks.
|
||||||
|
- ${FILES_DATA_DIR:?FILES_DATA_DIR unset in .env}:/data/files:${FILES_MOUNT_MODE:-ro}
|
||||||
|
networks:
|
||||||
|
- mcnet
|
||||||
|
|
||||||
|
# Status monitoring + public status page. caddy proxies status. -> :3001.
|
||||||
|
# Joins mcnet so monitors probe the stack by internal service name.
|
||||||
|
uptime-kuma:
|
||||||
|
image: louislam/uptime-kuma:1
|
||||||
|
container_name: uptime-kuma
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- kuma_data:/app/data
|
||||||
|
networks:
|
||||||
|
- mcnet
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
drasl_state:
|
drasl_state:
|
||||||
mc_data:
|
mc_data:
|
||||||
|
kuma_data:
|
||||||
|
filestash_state:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
mcnet:
|
mcnet:
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
# Publishes the stack's service names on .local via the HOST's avahi-daemon
|
|
||||||
# (over its D-Bus socket — no second daemon, avoids the :5353 collision).
|
|
||||||
# Requires the host to run avahi-daemon and the socket to be mounted (see
|
|
||||||
# docker-compose.avahi.yml). Used when ENABLE_MDNS=true and BASE_DOMAIN=*.local.
|
|
||||||
FROM alpine:3.20
|
|
||||||
RUN apk add --no-cache avahi-tools
|
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
|
||||||
RUN chmod +x /entrypoint.sh
|
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# Publish A records for the stack's service names on .local via the HOST's
|
|
||||||
# avahi-daemon (reached over its mounted D-Bus socket). One avahi-publish per
|
|
||||||
# name; if any drops the container exits so Docker restarts it.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
: "${BASE_DOMAIN:?BASE_DOMAIN unset}"
|
|
||||||
: "${HOST_LAN_IP:?HOST_LAN_IP unset}"
|
|
||||||
|
|
||||||
case "$BASE_DOMAIN" in
|
|
||||||
*.local) ;;
|
|
||||||
*) echo "WARN: mDNS resolves only .local — BASE_DOMAIN=$BASE_DOMAIN will NOT be discoverable via avahi. Set BASE_DOMAIN=*.local to use mDNS." >&2 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
bus="${DBUS_SYSTEM_BUS_ADDRESS:-unix:path=/run/dbus/system_bus_socket}"
|
|
||||||
sock=${bus#unix:path=}
|
|
||||||
if [ ! -S "$sock" ]; then
|
|
||||||
echo "ERROR: host D-Bus socket '$sock' not found. Mount the host's" >&2
|
|
||||||
echo " /run/dbus/system_bus_socket and ensure avahi-daemon runs on the host." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
export DBUS_SYSTEM_BUS_ADDRESS="$bus"
|
|
||||||
|
|
||||||
pids=""
|
|
||||||
for n in "$BASE_DOMAIN" "auth.$BASE_DOMAIN" "packwiz.$BASE_DOMAIN" "mc.$BASE_DOMAIN"; do
|
|
||||||
echo "mDNS publish (host avahi): $n -> $HOST_LAN_IP"
|
|
||||||
avahi-publish -a "$n" "$HOST_LAN_IP" &
|
|
||||||
pids="$pids $!"
|
|
||||||
done
|
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
wait -n $pids 2>/dev/null || wait
|
|
||||||
15
docker/mc-status/Dockerfile
Normal file
15
docker/mc-status/Dockerfile
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
# mc-status — self-hosted SLP→JSON pinger (mcutil wrapper). Multi-stage:
|
||||||
|
# build a static binary, ship it on scratch.
|
||||||
|
FROM golang:1.25-alpine AS build
|
||||||
|
WORKDIR /src
|
||||||
|
COPY go.mod go.sum ./
|
||||||
|
RUN go mod download
|
||||||
|
COPY . .
|
||||||
|
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /out/mc-status .
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
|
# CA roots so SRV/DNS over the resolver and any TLS lookups work.
|
||||||
|
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||||
|
COPY --from=build /out/mc-status /mc-status
|
||||||
|
EXPOSE 8080
|
||||||
|
ENTRYPOINT ["/mc-status"]
|
||||||
5
docker/mc-status/go.mod
Normal file
5
docker/mc-status/go.mod
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
module ulicraft/mc-status
|
||||||
|
|
||||||
|
go 1.25.0
|
||||||
|
|
||||||
|
require github.com/mcstatus-io/mcutil/v4 v4.0.1
|
||||||
2
docker/mc-status/go.sum
Normal file
2
docker/mc-status/go.sum
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
github.com/mcstatus-io/mcutil/v4 v4.0.1 h1:/AQkHrz7irCU7USGnrH3kneQw80aDQOVdOWc8xu/NUY=
|
||||||
|
github.com/mcstatus-io/mcutil/v4 v4.0.1/go.mod h1:yC91WInI1U2GAMFWgpPgsAULPVS2o+4JCZbiiWhHwxM=
|
||||||
397
docker/mc-status/main.go
Normal file
397
docker/mc-status/main.go
Normal file
@@ -0,0 +1,397 @@
|
|||||||
|
// mc-status — a tiny self-hosted Minecraft Server List Ping → JSON service.
|
||||||
|
//
|
||||||
|
// It wraps github.com/mcstatus-io/mcutil (the same library that powers
|
||||||
|
// api.mcstatus.io) and re-emits the result in mcstatus.io's *v2* JSON shape, so
|
||||||
|
// the landing's ServerCard.astro can talk to it with zero changes — just point
|
||||||
|
// `statusApi` at this service instead of the public API.
|
||||||
|
//
|
||||||
|
// Hardening notes:
|
||||||
|
// - The address in the request path is IGNORED. We only ever ping the single
|
||||||
|
// allow-listed MC_STATUS_TARGET. This is deliberate: a path-controlled
|
||||||
|
// pinger would be an open SSRF relay. The path segment is kept only so the
|
||||||
|
// URL stays drop-in compatible with api.mcstatus.io/v2/status/java/<addr>.
|
||||||
|
// - Results are cached in-memory for MC_STATUS_CACHE_TTL so a busy landing
|
||||||
|
// page can't hammer the Minecraft server with a ping per visitor.
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"io"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/mcstatus-io/mcutil/v4/status"
|
||||||
|
)
|
||||||
|
|
||||||
|
// --- mcstatus.io v2 response shape (only the fields ServerCard reads) ---
|
||||||
|
|
||||||
|
type v2Version struct {
|
||||||
|
NameRaw string `json:"name_raw"`
|
||||||
|
NameClean string `json:"name_clean"`
|
||||||
|
NameHTML string `json:"name_html"`
|
||||||
|
Protocol int64 `json:"protocol"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type v2Player struct {
|
||||||
|
UUID string `json:"uuid"`
|
||||||
|
NameRaw string `json:"name_raw"`
|
||||||
|
NameClean string `json:"name_clean"`
|
||||||
|
NameHTML string `json:"name_html"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type v2Players struct {
|
||||||
|
Online int64 `json:"online"`
|
||||||
|
Max int64 `json:"max"`
|
||||||
|
List []v2Player `json:"list"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type v2MOTD struct {
|
||||||
|
Raw string `json:"raw"`
|
||||||
|
Clean string `json:"clean"`
|
||||||
|
HTML string `json:"html"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type v2Response struct {
|
||||||
|
Online bool `json:"online"`
|
||||||
|
Host string `json:"host"`
|
||||||
|
Port uint16 `json:"port"`
|
||||||
|
Version *v2Version `json:"version,omitempty"`
|
||||||
|
Players *v2Players `json:"players,omitempty"`
|
||||||
|
MOTD *v2MOTD `json:"motd,omitempty"`
|
||||||
|
Icon *string `json:"icon"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// --- tiny TTL cache (single target → single entry) ---
|
||||||
|
|
||||||
|
type cache struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
payload []byte
|
||||||
|
expires time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func deref[T any](p *T) (v T) {
|
||||||
|
if p != nil {
|
||||||
|
v = *p
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// --- registered-players roster (Drasl admin) ---
|
||||||
|
//
|
||||||
|
// The roster path is DELIBERATELY isolated from the status path: its own
|
||||||
|
// http.Client (with a timeout), its own TTL cache, and its own cached admin
|
||||||
|
// token. Drasl being slow or down must never block or break /v2/status — on any
|
||||||
|
// failure we serve stale-or-empty JSON rather than hanging. Mirrors the status
|
||||||
|
// cache style above (single entry, mutex-guarded).
|
||||||
|
|
||||||
|
// rosterPlayer is the sanitized shape we expose publicly: uuid + name only,
|
||||||
|
// everything else from Drasl stripped (no emails, capes, admin flags, etc.).
|
||||||
|
type rosterPlayer struct {
|
||||||
|
UUID string `json:"uuid"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// draslPlayer is the subset of Drasl's GET /players entries we read.
|
||||||
|
type draslPlayer struct {
|
||||||
|
UUID string `json:"uuid"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// roster holds the cached public payload plus the cached admin token. Both are
|
||||||
|
// guarded by the same mutex; token reuse avoids a login per request.
|
||||||
|
type roster struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
payload []byte
|
||||||
|
expires time.Time
|
||||||
|
|
||||||
|
token string
|
||||||
|
|
||||||
|
apiURL string
|
||||||
|
username string
|
||||||
|
password string
|
||||||
|
ttl time.Duration
|
||||||
|
client *http.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
// payloadOrEmpty returns the cached payload, or an empty JSON array if nothing
|
||||||
|
// has ever been fetched. Used so a Drasl failure on the very first request
|
||||||
|
// still yields valid JSON ("[]") instead of an error.
|
||||||
|
func (rs *roster) payloadOrEmpty() []byte {
|
||||||
|
if rs.payload != nil {
|
||||||
|
return rs.payload
|
||||||
|
}
|
||||||
|
return []byte("[]")
|
||||||
|
}
|
||||||
|
|
||||||
|
// fetch logs in (if no token) and lists players, re-logging in once on a 401.
|
||||||
|
// On any error it returns the previous payload (stale-or-empty), never an error
|
||||||
|
// to the caller — the handler always serves something.
|
||||||
|
func (rs *roster) fetch() []byte {
|
||||||
|
players, err := rs.listPlayers(false)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("roster: list players failed: %v", err)
|
||||||
|
return rs.payloadOrEmpty()
|
||||||
|
}
|
||||||
|
|
||||||
|
out := make([]rosterPlayer, 0, len(players))
|
||||||
|
for _, p := range players {
|
||||||
|
out = append(out, rosterPlayer{UUID: p.UUID, Name: p.Name})
|
||||||
|
}
|
||||||
|
b, err := json.Marshal(out)
|
||||||
|
if err != nil {
|
||||||
|
return rs.payloadOrEmpty()
|
||||||
|
}
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
// listPlayers performs GET {apiURL}/players with the cached token, logging in
|
||||||
|
// first if needed. On 401 it clears the token and retries once (retried=true
|
||||||
|
// prevents a loop). Caller holds rs.mu.
|
||||||
|
func (rs *roster) listPlayers(retried bool) ([]draslPlayer, error) {
|
||||||
|
if rs.token == "" {
|
||||||
|
if err := rs.login(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, rs.apiURL+"/players", nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
req.Header.Set("Authorization", "Bearer "+rs.token)
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
|
||||||
|
resp, err := rs.client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if resp.StatusCode == http.StatusUnauthorized && !retried {
|
||||||
|
// Token expired/invalid — drop it and re-login once.
|
||||||
|
rs.token = ""
|
||||||
|
io.Copy(io.Discard, resp.Body)
|
||||||
|
return rs.listPlayers(true)
|
||||||
|
}
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
io.Copy(io.Discard, resp.Body)
|
||||||
|
return nil, &httpError{status: resp.StatusCode, op: "list players"}
|
||||||
|
}
|
||||||
|
|
||||||
|
var players []draslPlayer
|
||||||
|
if err := json.NewDecoder(resp.Body).Decode(&players); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return players, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// login posts admin creds to {apiURL}/login and caches the returned apiToken.
|
||||||
|
// Caller holds rs.mu.
|
||||||
|
func (rs *roster) login() error {
|
||||||
|
body, err := json.Marshal(map[string]string{
|
||||||
|
"username": rs.username,
|
||||||
|
"password": rs.password,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodPost, rs.apiURL+"/login", bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
|
||||||
|
resp, err := rs.client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
io.Copy(io.Discard, resp.Body)
|
||||||
|
return &httpError{status: resp.StatusCode, op: "login"}
|
||||||
|
}
|
||||||
|
|
||||||
|
var out struct {
|
||||||
|
APIToken string `json:"apiToken"`
|
||||||
|
}
|
||||||
|
if err := json.NewDecoder(resp.Body).Decode(&out); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if out.APIToken == "" {
|
||||||
|
return &httpError{status: resp.StatusCode, op: "login (no apiToken)"}
|
||||||
|
}
|
||||||
|
rs.token = out.APIToken
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type httpError struct {
|
||||||
|
status int
|
||||||
|
op string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *httpError) Error() string {
|
||||||
|
return "drasl " + e.op + ": status " + strconv.Itoa(e.status)
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
target := envOr("MC_STATUS_TARGET", "minecraft:25565")
|
||||||
|
listen := envOr("MC_STATUS_LISTEN", ":8080")
|
||||||
|
ttl, err := time.ParseDuration(envOr("MC_STATUS_CACHE_TTL", "30s"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("invalid MC_STATUS_CACHE_TTL: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
rosterTTL, err := time.ParseDuration(envOr("MC_STATUS_ROSTER_TTL", "60s"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("invalid MC_STATUS_ROSTER_TTL: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
host, port := splitHostPort(target)
|
||||||
|
c := &cache{}
|
||||||
|
|
||||||
|
// Registered-players roster, fed by the Drasl admin API. Isolated from the
|
||||||
|
// status pinger above (own client + timeout + cache). If the admin creds are
|
||||||
|
// unset, /players still works — it just always serves "[]".
|
||||||
|
rs := &roster{
|
||||||
|
apiURL: strings.TrimRight(envOr("DRASL_API_URL", "http://drasl:25585/drasl/api/v2"), "/"),
|
||||||
|
username: os.Getenv("DRASL_ADMIN_USERNAME"),
|
||||||
|
password: os.Getenv("DRASL_ADMIN_PASSWORD"),
|
||||||
|
ttl: rosterTTL,
|
||||||
|
client: &http.Client{Timeout: 5 * time.Second},
|
||||||
|
}
|
||||||
|
|
||||||
|
mux := http.NewServeMux()
|
||||||
|
|
||||||
|
// Drop-in path: /v2/status/java/<addr> — <addr> is ignored (see file header).
|
||||||
|
mux.HandleFunc("/v2/status/java/", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||||
|
|
||||||
|
c.mu.Lock()
|
||||||
|
fresh := c.payload != nil && time.Now().Before(c.expires)
|
||||||
|
if fresh {
|
||||||
|
payload := c.payload
|
||||||
|
c.mu.Unlock()
|
||||||
|
w.Write(payload)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.mu.Unlock()
|
||||||
|
|
||||||
|
payload := buildPayload(host, port)
|
||||||
|
|
||||||
|
c.mu.Lock()
|
||||||
|
c.payload = payload
|
||||||
|
c.expires = time.Now().Add(ttl)
|
||||||
|
c.mu.Unlock()
|
||||||
|
|
||||||
|
w.Write(payload)
|
||||||
|
})
|
||||||
|
|
||||||
|
// Registered-players roster — public path /api/mcstatus/players (caddy
|
||||||
|
// strips the /api/mcstatus prefix → internal /players). Serves a sanitized
|
||||||
|
// [{uuid,name}] of all Drasl players. Same CORS:* as the status route.
|
||||||
|
// Isolated from the status path: own TTL cache, own token, own client; on
|
||||||
|
// any Drasl failure it serves stale-or-empty rather than hanging.
|
||||||
|
mux.HandleFunc("/players", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||||
|
|
||||||
|
rs.mu.Lock()
|
||||||
|
defer rs.mu.Unlock()
|
||||||
|
|
||||||
|
if rs.payload != nil && time.Now().Before(rs.expires) {
|
||||||
|
w.Write(rs.payload)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := rs.fetch()
|
||||||
|
rs.payload = payload
|
||||||
|
rs.expires = time.Now().Add(rs.ttl)
|
||||||
|
w.Write(payload)
|
||||||
|
})
|
||||||
|
|
||||||
|
mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Write([]byte("ok"))
|
||||||
|
})
|
||||||
|
|
||||||
|
log.Printf("mc-status listening on %s, target=%s:%d, ttl=%s, roster-ttl=%s", listen, host, port, ttl, rosterTTL)
|
||||||
|
log.Fatal(http.ListenAndServe(listen, mux))
|
||||||
|
}
|
||||||
|
|
||||||
|
// buildPayload pings the target and marshals the v2 response. On any ping
|
||||||
|
// failure it returns a minimal {"online":false} so the frontend can show an
|
||||||
|
// offline state without erroring.
|
||||||
|
func buildPayload(host string, port uint16) []byte {
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
resp, err := status.Modern(ctx, host, port)
|
||||||
|
if err != nil {
|
||||||
|
b, _ := json.Marshal(v2Response{Online: false, Host: host, Port: port})
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
out := v2Response{
|
||||||
|
Online: true,
|
||||||
|
Host: host,
|
||||||
|
Port: port,
|
||||||
|
Icon: resp.Favicon,
|
||||||
|
Version: &v2Version{
|
||||||
|
NameRaw: resp.Version.Name.Raw,
|
||||||
|
NameClean: resp.Version.Name.Clean,
|
||||||
|
NameHTML: resp.Version.Name.HTML,
|
||||||
|
Protocol: resp.Version.Protocol,
|
||||||
|
},
|
||||||
|
MOTD: &v2MOTD{
|
||||||
|
Raw: resp.MOTD.Raw,
|
||||||
|
Clean: resp.MOTD.Clean,
|
||||||
|
HTML: resp.MOTD.HTML,
|
||||||
|
},
|
||||||
|
Players: &v2Players{
|
||||||
|
Online: deref(resp.Players.Online),
|
||||||
|
Max: deref(resp.Players.Max),
|
||||||
|
List: make([]v2Player, 0, len(resp.Players.Sample)),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, p := range resp.Players.Sample {
|
||||||
|
out.Players.List = append(out.Players.List, v2Player{
|
||||||
|
UUID: p.ID,
|
||||||
|
NameRaw: p.Name.Raw,
|
||||||
|
NameClean: p.Name.Clean,
|
||||||
|
NameHTML: p.Name.HTML,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
b, _ := json.Marshal(out)
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
func envOr(key, def string) string {
|
||||||
|
if v := os.Getenv(key); v != "" {
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
return def
|
||||||
|
}
|
||||||
|
|
||||||
|
func splitHostPort(target string) (string, uint16) {
|
||||||
|
host, portStr, found := strings.Cut(target, ":")
|
||||||
|
if !found {
|
||||||
|
return target, 25565
|
||||||
|
}
|
||||||
|
p, err := strconv.ParseUint(portStr, 10, 16)
|
||||||
|
if err != nil {
|
||||||
|
return host, 25565
|
||||||
|
}
|
||||||
|
return host, uint16(p)
|
||||||
|
}
|
||||||
33
docker/nmsr/Dockerfile
Normal file
33
docker/nmsr/Dockerfile
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
# NMSR-as-a-Service (https://github.com/NickAcPT/nmsr-rs) — built from source.
|
||||||
|
# Upstream ships no published image, so we vendor a pinned build. Adapted from
|
||||||
|
# the upstream Dockerfile but: pinned to a commit (reproducible), and the config
|
||||||
|
# is bind-mounted at runtime (not COPYed) so it can change without a rebuild.
|
||||||
|
#
|
||||||
|
# Pin — bump deliberately:
|
||||||
|
ARG NMSR_REF=948ba4bc027b
|
||||||
|
|
||||||
|
FROM rust:slim-bookworm AS builder
|
||||||
|
ARG NMSR_REF
|
||||||
|
WORKDIR /tmp
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get --no-install-recommends install -y git libssl-dev pkg-config ca-certificates
|
||||||
|
RUN git clone https://github.com/NickAcPT/nmsr-rs/
|
||||||
|
WORKDIR /tmp/nmsr-rs
|
||||||
|
RUN git checkout "${NMSR_REF}"
|
||||||
|
# target-cpu=native: this image is built on the host that runs it (self-host).
|
||||||
|
RUN RUSTFLAGS="-Ctarget-cpu=native" \
|
||||||
|
cargo build --release --bin nmsr-aas --features ears --package nmsr-aas
|
||||||
|
|
||||||
|
FROM rust:slim-bookworm
|
||||||
|
# mesa-vulkan-drivers provides lavapipe (software Vulkan) for headless rendering.
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get --no-install-recommends install -y mesa-vulkan-drivers ca-certificates
|
||||||
|
WORKDIR /nmsr
|
||||||
|
COPY --from=builder /tmp/nmsr-rs/target/release/nmsr-aas /nmsr/nmsr-aas
|
||||||
|
ENV NMSR_USE_SMAA=1 \
|
||||||
|
NMSR_SAMPLE_COUNT=1 \
|
||||||
|
WGPU_BACKEND=vulkan \
|
||||||
|
RUST_BACKTRACE=1
|
||||||
|
EXPOSE 8080
|
||||||
|
# config.toml is bind-mounted by docker-compose.nmsr.yml.
|
||||||
|
CMD ["/nmsr/nmsr-aas", "-c", "/nmsr/config.toml"]
|
||||||
@@ -1,12 +1,16 @@
|
|||||||
# Drasl config — password-login mode (NO Keycloak/OIDC for now).
|
# Drasl config — password-login mode (NO Keycloak/OIDC for now).
|
||||||
# TOML only (drasl has no env support). Rendered by tooling/render-config.sh
|
# TOML only (drasl has no env support). Rendered by tooling/render-config.sh
|
||||||
# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted.
|
# -> drasl/config/config.toml (gitignored). Substitutes ${BASE_DOMAIN} and
|
||||||
|
# ${REGISTRATION_REQUIRE_INVITE} (derived from REGISTRATION_MODE in .env).
|
||||||
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
|
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
|
||||||
|
|
||||||
BaseURL = "http://auth.${BASE_DOMAIN}"
|
# Public scheme is HTTPS — the host nginx terminates TLS in front of caddy.
|
||||||
|
# Drasl builds absolute URLs (textures, authlib-injector API location) from this;
|
||||||
|
# an http:// value triggers mixed-content + broken login on the https origin.
|
||||||
|
BaseURL = "https://auth.${BASE_DOMAIN}"
|
||||||
Domain = "auth.${BASE_DOMAIN}"
|
Domain = "auth.${BASE_DOMAIN}"
|
||||||
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
|
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
|
||||||
DefaultAdminUsernames = ["admin"]
|
DefaultAdmins = ["admin"]
|
||||||
|
|
||||||
# Password login: admin + guests register a username/password on the web UI.
|
# Password login: admin + guests register a username/password on the web UI.
|
||||||
AllowPasswordLogin = true
|
AllowPasswordLogin = true
|
||||||
@@ -18,5 +22,29 @@ SignPublicKeys = false
|
|||||||
# Free-text owner label shown in the web UI (a string, not a table).
|
# Free-text owner label shown in the web UI (a string, not a table).
|
||||||
ApplicationOwner = "Ulicraft"
|
ApplicationOwner = "Ulicraft"
|
||||||
|
|
||||||
|
# CORS: the landing register/account form (served from the apex) calls the
|
||||||
|
# Drasl API from the browser. Without this the API has NO CORS headers and the
|
||||||
|
# browser blocks every cross-origin call. Scope to the apex only — never "*",
|
||||||
|
# which would let any site script the auth API. Echo backfills AllowMethods
|
||||||
|
# (incl. PATCH/DELETE) and reflects requested headers (Content-Type/Authorization).
|
||||||
|
# MUST stay top-level (before any [Section]) — under a table it parses as
|
||||||
|
# <table>.CORSAllowOrigins and drasl ignores it (silent: no CORS headers).
|
||||||
|
CORSAllowOrigins = ["https://${BASE_DOMAIN}"]
|
||||||
|
|
||||||
|
# New-account registration (username+password). RequireInvite is derived from
|
||||||
|
# REGISTRATION_MODE in .env by render-config.sh: invite -> true, open -> false.
|
||||||
|
# When true, non-admin callers (web UI + landing register form) must supply a
|
||||||
|
# valid invite code; admins bypass. Mint codes via POST /drasl/api/v2/invites
|
||||||
|
# with an admin api token.
|
||||||
|
[RegistrationNewPlayer]
|
||||||
|
Allow = true
|
||||||
|
RequireInvite = ${REGISTRATION_REQUIRE_INVITE}
|
||||||
|
|
||||||
|
# Rate limit the now public-facing API (anonymous POST /users etc). Token
|
||||||
|
# bucket; admins are exempt. Conservative for a 4-10 player server.
|
||||||
|
[RateLimit]
|
||||||
|
RequestsPerSecond = 5
|
||||||
|
Burst = 10
|
||||||
|
|
||||||
# OIDC block intentionally omitted for now (no Keycloak).
|
# OIDC block intentionally omitted for now (no Keycloak).
|
||||||
# [[RegistrationOIDC]] <- future task
|
# [[RegistrationOIDC]] <- future task
|
||||||
|
|||||||
31
filestash/config.json.tmpl
Normal file
31
filestash/config.json.tmpl
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"general": {
|
||||||
|
"name": "Ulicraft Files",
|
||||||
|
"host": "files.${BASE_DOMAIN}",
|
||||||
|
"force_ssl": true,
|
||||||
|
"secret_key": "${FILES_SECRET_KEY}",
|
||||||
|
"editor": "base",
|
||||||
|
"display_hidden": false,
|
||||||
|
"upload_button": true,
|
||||||
|
"fork_button": false
|
||||||
|
},
|
||||||
|
"auth": {
|
||||||
|
"admin": "${FILES_ADMIN_PASSWORD_HASH}"
|
||||||
|
},
|
||||||
|
"middleware": {
|
||||||
|
"identity_provider": {
|
||||||
|
"type": "${FILES_IDP_TYPE}",
|
||||||
|
"params": "${FILES_IDP_PARAMS}"
|
||||||
|
},
|
||||||
|
"attribute_mapping": {
|
||||||
|
"related_backend": "files",
|
||||||
|
"params": "{\"files\":{\"type\":\"local\",\"path\":\"/data/files/\",\"password\":\"${FILES_LOCAL_SECRET}\"}}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"connections": [
|
||||||
|
{
|
||||||
|
"label": "files",
|
||||||
|
"type": "local"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
5
landing/pnpm-workspace.yaml
Normal file
5
landing/pnpm-workspace.yaml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
packages:
|
||||||
|
- '.'
|
||||||
|
onlyBuiltDependencies:
|
||||||
|
- esbuild
|
||||||
|
- sharp
|
||||||
BIN
landing/public/Goat_JE1_BE1.webp
Normal file
BIN
landing/public/Goat_JE1_BE1.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 34 KiB |
BIN
landing/public/favicon.png
Normal file
BIN
landing/public/favicon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 9.0 KiB |
BIN
landing/public/fonts/BlockBlueprint.ttf
Normal file
BIN
landing/public/fonts/BlockBlueprint.ttf
Normal file
Binary file not shown.
@@ -268,3 +268,13 @@
|
|||||||
src: url(/fonts/pxiKyp0ihIEF2isfFJU.woff2) format('woff2');
|
src: url(/fonts/pxiKyp0ihIEF2isfFJU.woff2) format('woff2');
|
||||||
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
|
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
|
||||||
}
|
}
|
||||||
|
/* Block Blueprint — vendored from 1001fonts (NOT on Google Fonts; appended by
|
||||||
|
fetch-fonts.sh after the Google rewrite). License: 1001Fonts Free For Personal
|
||||||
|
Use. Single weight, TTF (no woff2 toolchain on the build box). */
|
||||||
|
@font-face {
|
||||||
|
font-family: 'Block Blueprint';
|
||||||
|
font-style: normal;
|
||||||
|
font-weight: 400;
|
||||||
|
font-display: swap;
|
||||||
|
src: url(/fonts/BlockBlueprint.ttf) format('truetype');
|
||||||
|
}
|
||||||
|
|||||||
52
landing/public/ulicraft-logo-mini.svg
Normal file
52
landing/public/ulicraft-logo-mini.svg
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
width="64"
|
||||||
|
height="64"
|
||||||
|
viewBox="0 0 9.677 9.667"
|
||||||
|
version="1.1"
|
||||||
|
id="svg3"
|
||||||
|
sodipodi:docname="mojang.svg"
|
||||||
|
inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg">
|
||||||
|
<defs
|
||||||
|
id="defs3" />
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="namedview3"
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#000000"
|
||||||
|
borderopacity="0.25"
|
||||||
|
inkscape:showpageshadow="2"
|
||||||
|
inkscape:pageopacity="0.0"
|
||||||
|
inkscape:pagecheckerboard="0"
|
||||||
|
inkscape:deskcolor="#d1d1d1"
|
||||||
|
inkscape:zoom="2.0467427"
|
||||||
|
inkscape:cx="-92.830429"
|
||||||
|
inkscape:cy="96.006206"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="992"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="0"
|
||||||
|
inkscape:window-maximized="1"
|
||||||
|
inkscape:current-layer="g3" />
|
||||||
|
<path
|
||||||
|
d="M1.54 2.844c.314-.76 1.31-.46 1.954-.528.785-.083 1.503.272 2.1.758l.164-.9c.327.345.587.756.964 1.052.28.254.655-.342.86-.013.42.864.408 1.86.54 2.795l-.788-.373C6.9 4.17 5.126 3.052 3.656 3.685c-1.294.592-1.156 2.65.06 3.255 1.354.703 2.953.51 4.405.292-.07.42-.34.87-.834.816l-4.95.002c-.5.055-.886-.413-.838-.89l.04-4.315z"
|
||||||
|
fill="#fff"
|
||||||
|
id="path3" />
|
||||||
|
<g
|
||||||
|
id="g3"
|
||||||
|
transform="matrix(0.33310606,0,0,0.33310606,8.7658015,-1.332)">
|
||||||
|
<circle
|
||||||
|
style="fill:#283c63;fill-opacity:1;stroke:none;stroke-width:4.73305"
|
||||||
|
id="path1-9"
|
||||||
|
r="14.345329"
|
||||||
|
cy="18.66217"
|
||||||
|
cx="-11.946259" />
|
||||||
|
<path
|
||||||
|
id="logo"
|
||||||
|
d="m -16.05726,28.400159 c -0.04546,-0.07393 -0.04146,-0.951547 0.009,-1.949545 l 0.09191,-1.81518 -0.526472,-0.542457 c -0.672825,-0.692806 -1.103893,-0.809189 -1.679816,-0.453545 -0.538461,0.333165 -0.830668,0.335663 -1.972023,0.01948 -0.862137,-0.23926 -1.268729,-0.459538 -1.120876,-0.607391 0.03746,-0.03797 0.539459,-0.211288 1.113883,-0.385613 1.338658,-0.405094 1.827167,-0.597401 1.740754,-0.684314 -0.03847,-0.03746 -0.615382,0.08842 -1.283213,0.280718 -1.289707,0.370628 -1.760235,0.354645 -1.986009,-0.06693 -0.109385,-0.204296 -0.07793,-0.311188 0.153347,-0.526972 0.159839,-0.148851 0.329669,-0.270729 0.376622,-0.270729 0.04745,0 0.407591,-0.182817 0.801196,-0.406593 l 0.714784,-0.406592 -0.627871,0.07393 c -0.554444,0.06494 -0.62787,0.04396 -0.62787,-0.177322 0,-0.497002 0.182316,-0.679319 1.807687,-1.811185 2.161834,-1.50599 2.788706,-2.085909 3.82167,-3.534457 0.472526,-0.662836 1.121376,-1.3966 1.441555,-1.630866 0.416083,-0.304693 0.627371,-0.578419 0.741756,-0.959537 0.174825,-0.584415 0.423575,-0.866132 0.643355,-0.730268 0.07793,0.04795 0.376124,0.554444 0.663335,1.124871 0.495503,0.985014 0.792705,1.382116 0.792705,1.057441 0,-0.08142 -0.279719,-0.693305 -0.620877,-1.359636 -0.56843,-1.107891 -0.770727,-1.918578 -0.537462,-2.151844 0.143857,-0.143855 0.308192,0.03196 1.558938,1.673323 1.3971002,1.833162 1.6083883,2.205789 1.7192766,3.026966 0.076421,0.567931 0.084919,0.57792 0.1873128,0.217782 0.07543,-0.264735 0.041463,-0.515983 -0.1143866,-0.842656 -0.1218821,-0.255744 -0.1923077,-0.494004 -0.1568436,-0.52947 0.076922,-0.07692 3.2342583,1.562934 4.8366523,2.511483 1.3516446,0.800198 1.8501452,1.238759 1.8501452,1.62637 0,0.467532 -1.0164816,2.36463 -1.8831125,3.514478 -1.1038935,1.465529 -3.3566354,3.276715 -4.0799095,3.280711 -0.2612379,0.0015 -2.1603357,-1.960035 -2.2577377,-2.332162 -0.04496,-0.173826 0.17882,-0.701797 0.63936,-1.505991 0.6992989,-1.221275 0.9160807,-1.784211 0.4735251,-1.227769 l -0.8541441,1.073923 c -0.469529,0.590908 -0.860637,0.910587 -1.561435,1.278718 -0.513984,0.270729 -0.969029,0.580419 -1.010487,0.689309 -0.04146,0.108396 0,0.510987 0.09141,0.894104 0.132368,0.551947 0.133367,0.803694 0.006,1.211286 -0.253246,0.809189 -1.090407,2.56343 -1.223774,2.56343 -0.06593,0 -0.0889,-0.104396 -0.05095,-0.231267 0.03747,-0.127373 0.104397,-0.40959 0.147852,-0.627872 0.07543,-0.376622 0.05095,-0.363135 -0.489509,0.264236 -0.742257,0.863135 -1.41708,1.519976 -1.561435,1.519976 -0.06293,0 -0.152347,-0.06044 -0.197802,-0.134865 z m 3.54145,-11.877094 c 0.213785,-0.214286 -0.03447,-0.411587 -0.516982,-0.411587 -0.567931,0 -0.974523,0.202296 -0.974523,0.485512 0,0.177822 0.110388,0.198801 0.683815,0.130869 0.375623,-0.04446 0.739259,-0.136863 0.80769,-0.204794 z m 2.467027,-4.450039 c -0.167332,-0.201798 0.631368,-0.91908 1.5134836,-1.359638 1.1278687,-0.563436 2.9155763,-0.601397 3.9170734,-0.08341 0.3346641,0.172825 0.9740234,0.845152 0.8866115,0.932564 -0.019979,0.01998 -0.3626379,-0.07642 -0.7617364,-0.214285 -1.3331643,-0.460038 -3.0534394,-0.26973 -4.6588303,0.514484 -0.5889094,0.288211 -0.7927059,0.335664 -0.8966018,0.210289 z m -0.83716,-0.906592 c -0.262737,-0.321178 -0.478521,-0.643355 -0.478521,-0.716281 0,-0.204296 1.587908,-1.2002978 2.160335,-1.3746227 0.5724257,-0.173826 1.252744,-0.2857133 2.3086856,-0.2857133 1.0559416,0 1.7432527,0.1608381 2.547446,0.5429553 0.8121863,0.3861131 2.468526,1.7382577 2.1448505,1.7507447 -0.085909,0.0035 -0.650848,-0.243257 -1.2557409,-0.547452 -1.0034949,-0.504993 -1.2057923,-0.5584397 -2.3261694,-0.6108863 -1.6183763,-0.07543 -2.2127818,0.1048983 -3.4750167,1.0559403 -0.5614371,0.423076 -1.0489481,0.769229 -1.0839131,0.769229 -0.03497,0 -0.27872,-0.262735 -0.541956,-0.584413 z"
|
||||||
|
style="fill:#bbbbbb;fill-opacity:1;stroke:none;stroke-width:0.499498;stroke-opacity:1" />
|
||||||
|
</g>
|
||||||
|
</svg>
|
||||||
|
After Width: | Height: | Size: 5.4 KiB |
@@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
// MC-GUI slot + copy button. variant "ip" = big gold mono (server address);
|
// MC-GUI slot + copy button. variant "ip" = big gold mono (server address);
|
||||||
// "url" = smaller, wraps (auth / packwiz URLs). Copy handled by the global
|
// "url" = smaller, wraps (auth / authlib URLs). Copy handled by the global
|
||||||
// [data-copy] script in [...lang].astro; data-label / data-copied drive the
|
// [data-copy] script in [...lang].astro (and the equivalent on /fjord);
|
||||||
// (localized) button text and transient feedback.
|
// data-label / data-copied drive the (localized) button text + feedback.
|
||||||
interface Props {
|
interface Props {
|
||||||
value: string;
|
value: string;
|
||||||
variant?: "ip" | "url";
|
variant?: "ip" | "url";
|
||||||
|
|||||||
84
landing/src/components/ModList.astro
Normal file
84
landing/src/components/ModList.astro
Normal file
@@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
// Installed-pack mod list (the "Mods" section). Build-time baked from the
|
||||||
|
// auto-generated catalogue (tooling/build-modlist.py → src/data/mods.json),
|
||||||
|
// loaded via ./data/mods.ts (resilient: missing file → empty list, build never
|
||||||
|
// fails). Flat alphabetical grid: extracted logo (or a pixel placeholder) +
|
||||||
|
// pretty name + version. description is exposed as a tooltip. No categories, no
|
||||||
|
// external links. Tiles share the MC-GUI bevel treatment used by .feat.
|
||||||
|
import { MODS } from "../data/mods";
|
||||||
|
|
||||||
|
interface Props {
|
||||||
|
emptyLabel?: string;
|
||||||
|
}
|
||||||
|
const { emptyLabel = "Mod list not generated yet." } = Astro.props;
|
||||||
|
|
||||||
|
const mods = MODS.mods;
|
||||||
|
---
|
||||||
|
{mods.length === 0 ? (
|
||||||
|
<p class="mods-empty">{emptyLabel}</p>
|
||||||
|
) : (
|
||||||
|
<div class="mod-grid">
|
||||||
|
{mods.map((m) => (
|
||||||
|
<div class="mod" title={m.description || m.name}>
|
||||||
|
<div class="mod-logo">
|
||||||
|
{m.logo ? (
|
||||||
|
<img src={m.logo} alt="" width="40" height="40" loading="lazy" />
|
||||||
|
) : (
|
||||||
|
<span class="mod-noicon" aria-hidden="true">{m.name.slice(0, 1).toUpperCase()}</span>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
<div class="mod-meta">
|
||||||
|
<span class="mod-name">{m.name}</span>
|
||||||
|
{m.version && <span class="mod-ver">{m.version}</span>}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
|
|
||||||
|
<style>
|
||||||
|
.mod-grid {
|
||||||
|
display: grid;
|
||||||
|
grid-template-columns: repeat(auto-fill, minmax(220px, 1fr));
|
||||||
|
gap: 12px;
|
||||||
|
}
|
||||||
|
.mod {
|
||||||
|
display: flex;
|
||||||
|
align-items: center;
|
||||||
|
gap: 12px;
|
||||||
|
padding: 12px 14px;
|
||||||
|
background: var(--surface);
|
||||||
|
box-shadow: inset 2px 2px 0 var(--bevel-hi), inset -2px -2px 0 var(--bevel-lo);
|
||||||
|
transition: transform .14s ease, filter .14s ease;
|
||||||
|
}
|
||||||
|
.mod:hover { transform: translateY(-2px); filter: brightness(1.06); }
|
||||||
|
.mod-logo {
|
||||||
|
width: 40px; height: 40px; flex-shrink: 0;
|
||||||
|
display: grid; place-items: center;
|
||||||
|
background: var(--bg-2);
|
||||||
|
box-shadow: inset 1px 1px 0 var(--bevel-lo), inset -1px -1px 0 var(--bevel-hi);
|
||||||
|
}
|
||||||
|
.mod-logo img { width: 40px; height: 40px; image-rendering: pixelated; }
|
||||||
|
.mod-noicon {
|
||||||
|
font-family: var(--font-head);
|
||||||
|
font-weight: 600;
|
||||||
|
font-size: 20px;
|
||||||
|
color: var(--accent);
|
||||||
|
line-height: 1;
|
||||||
|
}
|
||||||
|
.mod-meta { min-width: 0; display: flex; flex-direction: column; gap: 2px; }
|
||||||
|
.mod-name {
|
||||||
|
font-size: 15px;
|
||||||
|
color: var(--text);
|
||||||
|
white-space: nowrap;
|
||||||
|
overflow: hidden;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
}
|
||||||
|
.mod-ver {
|
||||||
|
font-family: var(--font-mono);
|
||||||
|
font-size: 12px;
|
||||||
|
color: var(--dim);
|
||||||
|
font-variant-numeric: tabular-nums;
|
||||||
|
}
|
||||||
|
.mods-empty { margin: 0; color: var(--dim); font-size: 14px; }
|
||||||
|
</style>
|
||||||
@@ -1,10 +1,13 @@
|
|||||||
---
|
---
|
||||||
// 7x7 feature glyphs — styled by .picon in main.css.
|
// Feature icon. Default: a 7x7 procedural glyph (styled by .picon in main.css).
|
||||||
|
// Optional: pass `img` (an absolute path like "/icons/foo.png|svg" under
|
||||||
|
// landing/public/) to render a custom image instead of a glyph.
|
||||||
interface Props {
|
interface Props {
|
||||||
glyph: "shield" | "diamond" | "orb" | "heart";
|
glyph: "shield" | "diamond" | "orb" | "heart";
|
||||||
gold?: boolean;
|
gold?: boolean;
|
||||||
|
img?: string; // custom icon path in /public/icons/ — overrides the glyph
|
||||||
}
|
}
|
||||||
const { glyph, gold = false } = Astro.props;
|
const { glyph, gold = false, img } = Astro.props;
|
||||||
|
|
||||||
const GLYPHS: Record<Props["glyph"], string[]> = {
|
const GLYPHS: Record<Props["glyph"], string[]> = {
|
||||||
shield: ["0111110", "1111111", "1111111", "1111111", "0111110", "0011100", "0001000"],
|
shield: ["0111110", "1111111", "1111111", "1111111", "0111110", "0011100", "0001000"],
|
||||||
@@ -15,6 +18,10 @@ const GLYPHS: Record<Props["glyph"], string[]> = {
|
|||||||
const cells = GLYPHS[glyph].join("").split("");
|
const cells = GLYPHS[glyph].join("").split("");
|
||||||
const onClass = gold ? "go" : "on";
|
const onClass = gold ? "go" : "on";
|
||||||
---
|
---
|
||||||
<div class="picon" aria-hidden="true">
|
{img ? (
|
||||||
|
<img class="picon-img" src={img} alt="" aria-hidden="true" width="52" height="52" />
|
||||||
|
) : (
|
||||||
|
<div class="picon" aria-hidden="true">
|
||||||
{cells.map((c) => <i class={c === "1" ? onClass : undefined} />)}
|
{cells.map((c) => <i class={c === "1" ? onClass : undefined} />)}
|
||||||
</div>
|
</div>
|
||||||
|
)}
|
||||||
|
|||||||
91
landing/src/components/PlayerRoster.astro
Normal file
91
landing/src/components/PlayerRoster.astro
Normal file
@@ -0,0 +1,91 @@
|
|||||||
|
---
|
||||||
|
// Registered-players roster (the "Members" section). Progressive enhancement,
|
||||||
|
// same shape as ServerCard:
|
||||||
|
// SSG → renders an empty skeleton (a single .roster grid + an empty-state
|
||||||
|
// line) so the page is valid with JS off.
|
||||||
|
// Client → fetches OUR mc-status roster endpoint (site.status.rosterApi,
|
||||||
|
// same-origin via caddy /api/mcstatus/* → internal /players). It
|
||||||
|
// returns a sanitized [{uuid,name}] of every Drasl player (admin login
|
||||||
|
// is server-side in mc-status — no admin token reaches the page). Each
|
||||||
|
// player renders as a SHARED avatar tile (.roster-tile, styled in
|
||||||
|
// main.css alongside ServerCard's online tiles).
|
||||||
|
//
|
||||||
|
// Empty/error → hide the grid and show the "no members yet" line (data-empty).
|
||||||
|
import { site } from "../data/site";
|
||||||
|
|
||||||
|
interface Props {
|
||||||
|
// Empty-state copy (passed from the page for i18n; English default).
|
||||||
|
emptyLabel?: string;
|
||||||
|
}
|
||||||
|
const { emptyLabel = "No members yet." } = Astro.props;
|
||||||
|
|
||||||
|
const { status, avatarUrl, rosterAvatarMode } = site;
|
||||||
|
---
|
||||||
|
<div
|
||||||
|
class="roster-block"
|
||||||
|
data-api={status.rosterApi}
|
||||||
|
data-avatar={avatarUrl}
|
||||||
|
data-mode={rosterAvatarMode}
|
||||||
|
data-empty={emptyLabel}
|
||||||
|
>
|
||||||
|
<div class="roster" aria-label="Registered players"></div>
|
||||||
|
<p class="roster-empty" hidden></p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
async function hydrate(el: HTMLElement) {
|
||||||
|
const { api, avatar, mode, empty } = el.dataset;
|
||||||
|
if (!api || !avatar || !mode) return;
|
||||||
|
|
||||||
|
const grid = el.querySelector<HTMLElement>(".roster");
|
||||||
|
const emptyEl = el.querySelector<HTMLElement>(".roster-empty");
|
||||||
|
if (!grid) return;
|
||||||
|
|
||||||
|
const showEmpty = () => {
|
||||||
|
grid.hidden = true;
|
||||||
|
if (emptyEl) {
|
||||||
|
emptyEl.textContent = empty ?? "No members yet.";
|
||||||
|
emptyEl.hidden = false;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let data: Array<{ uuid?: string; name?: string }>;
|
||||||
|
try {
|
||||||
|
const r = await fetch(api, { headers: { Accept: "application/json" } });
|
||||||
|
if (!r.ok) return showEmpty();
|
||||||
|
data = await r.json();
|
||||||
|
} catch {
|
||||||
|
return showEmpty();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Drop the service `admin` account from the public members grid.
|
||||||
|
const players = Array.isArray(data)
|
||||||
|
? data.filter((p) => p && p.uuid && p.name?.toLowerCase() !== "admin")
|
||||||
|
: [];
|
||||||
|
if (players.length === 0) return showEmpty();
|
||||||
|
|
||||||
|
grid.innerHTML = "";
|
||||||
|
for (const p of players) {
|
||||||
|
grid.appendChild(rosterTile(p.uuid!, p.name ?? "", avatar, mode));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Shared avatar tile (avatar + name) — identical markup to ServerCard's
|
||||||
|
// online tiles, so .roster / .roster-tile (global, main.css) style both.
|
||||||
|
function rosterTile(uuid: string, name: string, avatar: string, mode: string) {
|
||||||
|
const tile = document.createElement("div");
|
||||||
|
tile.className = "roster-tile";
|
||||||
|
const img = document.createElement("img");
|
||||||
|
img.loading = "lazy";
|
||||||
|
img.alt = name;
|
||||||
|
img.src = `${avatar}/${mode}/${uuid}?size=256`;
|
||||||
|
const label = document.createElement("span");
|
||||||
|
label.className = "roster-name";
|
||||||
|
label.textContent = name;
|
||||||
|
label.title = name;
|
||||||
|
tile.append(img, label);
|
||||||
|
return tile;
|
||||||
|
}
|
||||||
|
|
||||||
|
document.querySelectorAll<HTMLElement>(".roster-block").forEach(hydrate);
|
||||||
|
</script>
|
||||||
239
landing/src/components/ServerCard.astro
Normal file
239
landing/src/components/ServerCard.astro
Normal file
@@ -0,0 +1,239 @@
|
|||||||
|
---
|
||||||
|
// Featured LIVE server card. Progressive enhancement:
|
||||||
|
// SSG → renders a static skeleton (server icon, MOTD, slot cap) identical in
|
||||||
|
// spirit to the old ServerListPanel, so it looks right with JS off or
|
||||||
|
// if the status API is unreachable.
|
||||||
|
// Client → fetches mcstatus.io (CORS:*, no key, 60s cache) for the public
|
||||||
|
// address and fills in: live online/offline pill, players online/max +
|
||||||
|
// fill bar, the real server favicon, color MOTD, and a row of player
|
||||||
|
// HEADS rendered by OUR NMSR from Drasl skins (not Mojang/Crafatar).
|
||||||
|
//
|
||||||
|
// Live labels are passed as data-* so copy stays translatable from the page
|
||||||
|
// (defaults are English). Heads use /headiso. Promo/placeholder players with
|
||||||
|
// the all-zero UUID are filtered out.
|
||||||
|
import { site } from "../data/site";
|
||||||
|
|
||||||
|
interface Props {
|
||||||
|
// SSG fallback copy (same props the old ServerListPanel took).
|
||||||
|
modded: string;
|
||||||
|
motd: string;
|
||||||
|
upTo: string;
|
||||||
|
// Live labels (optional, English defaults). Pass t.* from the page to i18n.
|
||||||
|
onlineLabel?: string;
|
||||||
|
offlineLabel?: string;
|
||||||
|
emptyLabel?: string;
|
||||||
|
}
|
||||||
|
const {
|
||||||
|
modded,
|
||||||
|
motd,
|
||||||
|
upTo,
|
||||||
|
onlineLabel = "Online",
|
||||||
|
offlineLabel = "Offline",
|
||||||
|
emptyLabel = "Nobody online",
|
||||||
|
} = Astro.props;
|
||||||
|
|
||||||
|
const { status, avatarUrl, avatarMode } = site;
|
||||||
|
---
|
||||||
|
<div
|
||||||
|
class="servercard"
|
||||||
|
data-api={status.statusApi}
|
||||||
|
data-avatar={avatarUrl}
|
||||||
|
data-mode={avatarMode}
|
||||||
|
data-slots={status.slots}
|
||||||
|
data-online={onlineLabel}
|
||||||
|
data-offline={offlineLabel}
|
||||||
|
data-empty={emptyLabel}
|
||||||
|
>
|
||||||
|
<div class="sc-top">
|
||||||
|
<div class="sc-icon">
|
||||||
|
<!-- Replaced by the real server favicon on success; Ulicraft logo otherwise. -->
|
||||||
|
<img class="sc-favicon" alt="" hidden />
|
||||||
|
<span class="sc-creeper"><img src="/ulicraft-logo-mini.svg" alt="" width="56" height="56" /></span>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="sc-meta">
|
||||||
|
<div class="sc-row1">
|
||||||
|
<span class="sc-title">{site.name}</span>
|
||||||
|
<span class="sc-ver">Java {site.mcVersion}</span>
|
||||||
|
</div>
|
||||||
|
<p class="sc-motd"><span class="a">⛏ {modded}</span> · <span class="sc-motd-text">{motd}</span></p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="sc-state">
|
||||||
|
<span class="sc-pill" data-up="">
|
||||||
|
<span class="sc-dot"></span>
|
||||||
|
<span class="sc-pill-txt">·</span>
|
||||||
|
</span>
|
||||||
|
<div class="sc-count">
|
||||||
|
<span class="sc-on">{upTo}</span> <b class="sc-max">{status.slots}</b>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- Player fill bar (online/max). Hidden until a live count arrives. -->
|
||||||
|
<div class="sc-bar" hidden><span class="sc-bar-fill"></span></div>
|
||||||
|
|
||||||
|
<!-- Avatar tiles + empty state. Populated client-side. -->
|
||||||
|
<div class="sc-players" hidden>
|
||||||
|
<div class="roster" aria-label="Players online"></div>
|
||||||
|
<p class="sc-empty" hidden></p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<style>
|
||||||
|
.servercard {
|
||||||
|
background: var(--slot);
|
||||||
|
padding: 16px;
|
||||||
|
display: flex;
|
||||||
|
flex-direction: column;
|
||||||
|
gap: 14px;
|
||||||
|
box-shadow:
|
||||||
|
inset 2px 2px 0 var(--bevel-hi),
|
||||||
|
inset -2px -2px 0 var(--bevel-lo),
|
||||||
|
0 8px 24px oklch(0 0 0 / 0.4);
|
||||||
|
}
|
||||||
|
.sc-top { display: flex; gap: 18px; align-items: center; }
|
||||||
|
|
||||||
|
.sc-icon {
|
||||||
|
width: 72px; height: 72px; flex-shrink: 0;
|
||||||
|
display: grid; place-items: center; position: relative;
|
||||||
|
background: var(--bg-2);
|
||||||
|
}
|
||||||
|
.sc-favicon { width: 64px; height: 64px; image-rendering: pixelated; }
|
||||||
|
.sc-creeper img { width: 56px; height: 56px; }
|
||||||
|
|
||||||
|
.sc-meta { flex: 1; min-width: 0; }
|
||||||
|
.sc-row1 { display: flex; align-items: baseline; gap: 12px; }
|
||||||
|
.sc-title { font-family: var(--font-head); font-weight: 600; font-size: 22px; white-space: nowrap; }
|
||||||
|
.sc-ver { color: var(--dim); font-family: var(--font-mono); font-size: 17px; white-space: nowrap; }
|
||||||
|
.sc-motd { margin: 6px 0 0; color: var(--muted); font-size: 15px; }
|
||||||
|
.sc-motd .a { color: var(--accent); }
|
||||||
|
/* mcstatus.io motd.html ships inline color styles; keep its spans inline. */
|
||||||
|
.sc-motd-text :global(span) { display: inline; }
|
||||||
|
|
||||||
|
.sc-state { text-align: right; flex-shrink: 0; display: flex; flex-direction: column; align-items: flex-end; gap: 6px; }
|
||||||
|
.sc-pill {
|
||||||
|
display: inline-flex; align-items: center; gap: 6px;
|
||||||
|
font-size: 11px; font-family: var(--font-pixel, var(--font-mono));
|
||||||
|
letter-spacing: 0.04em; text-transform: uppercase;
|
||||||
|
padding: 3px 8px; color: var(--dim);
|
||||||
|
box-shadow: inset 1px 1px 0 var(--bevel-hi), inset -1px -1px 0 var(--bevel-lo);
|
||||||
|
}
|
||||||
|
.sc-dot { width: 9px; height: 9px; background: var(--dim); image-rendering: pixelated; }
|
||||||
|
.sc-pill[data-up="1"] { color: var(--accent-hi); }
|
||||||
|
.sc-pill[data-up="1"] .sc-dot { background: var(--accent); box-shadow: 0 0 6px var(--glow); }
|
||||||
|
.sc-pill[data-up="0"] { color: oklch(0.65 0.18 25); }
|
||||||
|
.sc-pill[data-up="0"] .sc-dot { background: oklch(0.62 0.2 25); }
|
||||||
|
.sc-count { font-variant-numeric: tabular-nums; font-size: 15px; color: var(--muted); }
|
||||||
|
.sc-count b { color: var(--text); }
|
||||||
|
|
||||||
|
.sc-bar { height: 6px; background: var(--bg-2); box-shadow: inset 1px 1px 0 var(--bevel-lo); }
|
||||||
|
.sc-bar-fill { display: block; height: 100%; width: 0; background: var(--accent); transition: width 0.6s ease; }
|
||||||
|
|
||||||
|
/* Online avatar tiles use the shared .roster / .roster-tile styles in
|
||||||
|
main.css (also used by PlayerRoster.astro). */
|
||||||
|
.sc-empty { margin: 0; color: var(--dim); font-size: 13px; }
|
||||||
|
</style>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
const ZERO_UUID = "00000000-0000-0000-0000-000000000000";
|
||||||
|
|
||||||
|
async function hydrate(el: HTMLElement) {
|
||||||
|
const { api, avatar, mode, slots, online, offline, empty } = el.dataset;
|
||||||
|
if (!api || !avatar || !mode) return;
|
||||||
|
|
||||||
|
const q = <T extends HTMLElement>(s: string) => el.querySelector<T>(s);
|
||||||
|
const pill = q(".sc-pill");
|
||||||
|
const pillTxt = q(".sc-pill-txt");
|
||||||
|
const favicon = q<HTMLImageElement>(".sc-favicon");
|
||||||
|
const creeper = q(".sc-creeper");
|
||||||
|
const onEl = q(".sc-on");
|
||||||
|
const maxEl = q(".sc-max");
|
||||||
|
const motdEl = q(".sc-motd-text");
|
||||||
|
const bar = q(".sc-bar");
|
||||||
|
const fill = q<HTMLElement>(".sc-bar-fill");
|
||||||
|
const players = q(".sc-players");
|
||||||
|
const roster = q(".roster");
|
||||||
|
const emptyEl = q(".sc-empty");
|
||||||
|
|
||||||
|
let data: any;
|
||||||
|
try {
|
||||||
|
const r = await fetch(api, { headers: { Accept: "application/json" } });
|
||||||
|
if (!r.ok) return; // keep SSG skeleton
|
||||||
|
data = await r.json();
|
||||||
|
} catch {
|
||||||
|
return; // offline/network → keep SSG skeleton
|
||||||
|
}
|
||||||
|
|
||||||
|
const up = data.online === true;
|
||||||
|
pill?.setAttribute("data-up", up ? "1" : "0");
|
||||||
|
if (pillTxt) pillTxt.textContent = up ? (online ?? "Online") : (offline ?? "Offline");
|
||||||
|
|
||||||
|
if (!up) return; // offline pill set; leave the rest as the static fallback
|
||||||
|
|
||||||
|
// Live count + bar.
|
||||||
|
const on = data.players?.online ?? 0;
|
||||||
|
const max = data.players?.max ?? (Number(slots) || 0);
|
||||||
|
if (onEl) onEl.textContent = String(on);
|
||||||
|
if (maxEl) maxEl.textContent = String(max);
|
||||||
|
if (bar && fill) {
|
||||||
|
bar.hidden = false;
|
||||||
|
fill.style.width = max > 0 ? `${Math.min(100, (on / max) * 100)}%` : "0%";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Real server favicon.
|
||||||
|
if (favicon && typeof data.icon === "string" && data.icon.startsWith("data:image")) {
|
||||||
|
favicon.src = data.icon;
|
||||||
|
favicon.hidden = false;
|
||||||
|
creeper?.setAttribute("hidden", "");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Color MOTD (mcstatus ships inline-styled spans for our own server).
|
||||||
|
if (motdEl && data.motd?.html) motdEl.innerHTML = data.motd.html;
|
||||||
|
|
||||||
|
// Labeled avatar tiles from OUR NMSR (Drasl skins). Filter promo/placeholder
|
||||||
|
// rows (all-zero UUID) and dedupe. Tiles share .roster styles with the
|
||||||
|
// Members grid (PlayerRoster.astro) — see rosterTile() below.
|
||||||
|
const list: Array<{ uuid?: string; name_clean?: string }> = data.players?.list ?? [];
|
||||||
|
const seen = new Set<string>();
|
||||||
|
const real = list.filter((p) => {
|
||||||
|
const u = (p.uuid ?? "").toLowerCase();
|
||||||
|
if (!u || u === ZERO_UUID || seen.has(u)) return false;
|
||||||
|
seen.add(u);
|
||||||
|
return true;
|
||||||
|
});
|
||||||
|
if (players && roster) {
|
||||||
|
players.hidden = false;
|
||||||
|
if (real.length === 0) {
|
||||||
|
if (emptyEl) {
|
||||||
|
emptyEl.textContent = empty ?? "Nobody online";
|
||||||
|
emptyEl.hidden = false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
roster.innerHTML = "";
|
||||||
|
for (const p of real.slice(0, 16)) {
|
||||||
|
roster.appendChild(rosterTile(p.uuid!, p.name_clean ?? "", avatar, mode));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Build one shared avatar tile (avatar + name). Same markup PlayerRoster
|
||||||
|
// builds, so .roster / .roster-tile (global, in main.css) style both.
|
||||||
|
function rosterTile(uuid: string, name: string, avatar: string, mode: string) {
|
||||||
|
const tile = document.createElement("div");
|
||||||
|
tile.className = "roster-tile";
|
||||||
|
const img = document.createElement("img");
|
||||||
|
img.loading = "lazy";
|
||||||
|
img.alt = name;
|
||||||
|
img.src = `${avatar}/${mode}/${uuid}?size=64`;
|
||||||
|
const label = document.createElement("span");
|
||||||
|
label.className = "roster-name";
|
||||||
|
label.textContent = name;
|
||||||
|
label.title = name;
|
||||||
|
tile.append(img, label);
|
||||||
|
return tile;
|
||||||
|
}
|
||||||
|
|
||||||
|
document.querySelectorAll<HTMLElement>(".servercard").forEach(hydrate);
|
||||||
|
</script>
|
||||||
39
landing/src/data/launcher.example.json
Normal file
39
landing/src/data/launcher.example.json
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
{
|
||||||
|
"productName": "Ulicraft",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"baseUrl": "https://distribution.ulicraft.net/launcher",
|
||||||
|
"files": [
|
||||||
|
{
|
||||||
|
"name": "Ulicraft-1.0.0.exe",
|
||||||
|
"os": "windows",
|
||||||
|
"arch": "x64",
|
||||||
|
"ext": "exe",
|
||||||
|
"size": 90893289,
|
||||||
|
"url": "https://distribution.ulicraft.net/launcher/Ulicraft-1.0.0.exe"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Ulicraft-1.0.0.AppImage",
|
||||||
|
"os": "linux",
|
||||||
|
"arch": "x64",
|
||||||
|
"ext": "AppImage",
|
||||||
|
"size": 95722608,
|
||||||
|
"url": "https://distribution.ulicraft.net/launcher/Ulicraft-1.0.0.AppImage"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Ulicraft-1.0.0.deb",
|
||||||
|
"os": "linux",
|
||||||
|
"arch": "x64",
|
||||||
|
"ext": "deb",
|
||||||
|
"size": 87751876,
|
||||||
|
"url": "https://distribution.ulicraft.net/launcher/Ulicraft-1.0.0.deb"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Ulicraft-1.0.0.tar.gz",
|
||||||
|
"os": "linux",
|
||||||
|
"arch": "x64",
|
||||||
|
"ext": "tar.gz",
|
||||||
|
"size": 116347746,
|
||||||
|
"url": "https://distribution.ulicraft.net/launcher/Ulicraft-1.0.0.tar.gz"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
5
landing/src/data/mods.example.json
Normal file
5
landing/src/data/mods.example.json
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"schemaVersion": 1,
|
||||||
|
"count": 0,
|
||||||
|
"mods": []
|
||||||
|
}
|
||||||
56
landing/src/data/mods.ts
Normal file
56
landing/src/data/mods.ts
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
// Build-time loader for the auto-generated mod catalogue. tooling/build-modlist.py
|
||||||
|
// writes src/data/mods.json (gitignored, generated) from the distribution's full
|
||||||
|
// client modset; it MAY NOT EXIST on a fresh checkout, so we read it at runtime
|
||||||
|
// with fs (a static `import` would hard-fail the build when absent). Fall back to
|
||||||
|
// the committed .example.json (an empty catalogue); if even that is unreadable,
|
||||||
|
// expose an empty catalogue so the page simply renders no mods and the stat tile
|
||||||
|
// keeps its default. Same pattern as loadLauncherManifest in site.ts.
|
||||||
|
// @ts-ignore — node builtins (no @types/node in this Astro SSG; same reason
|
||||||
|
// `process`/`import.meta.url` reads work at build time, as in site.ts).
|
||||||
|
import { readFileSync } from "node:fs";
|
||||||
|
|
||||||
|
export type Mod = {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
version: string;
|
||||||
|
authors: string;
|
||||||
|
description: string;
|
||||||
|
logo: string | null;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type ModCatalogue = {
|
||||||
|
schemaVersion: number;
|
||||||
|
count: number;
|
||||||
|
mods: Mod[];
|
||||||
|
};
|
||||||
|
|
||||||
|
export function loadMods(): ModCatalogue {
|
||||||
|
const empty: ModCatalogue = { schemaVersion: 1, count: 0, mods: [] };
|
||||||
|
// Resolve relative to this module first (works when import.meta.url points at
|
||||||
|
// the source dir), then fall back to a cwd-relative path (Astro runs the build
|
||||||
|
// from the landing root, so src/data/* resolves there even when the module has
|
||||||
|
// been bundled to a different location). Prefer the generated mods.json, then
|
||||||
|
// the committed empty mods.example.json.
|
||||||
|
// @ts-ignore — `process` is untyped here (no @types/node), same as site.ts.
|
||||||
|
const cwd: string = typeof process !== "undefined" ? process.cwd() : ".";
|
||||||
|
const candidates: Array<string | URL> = [];
|
||||||
|
for (const name of ["mods.json", "mods.example.json"]) {
|
||||||
|
try {
|
||||||
|
candidates.push(new URL(name, import.meta.url));
|
||||||
|
} catch {
|
||||||
|
// import.meta.url unavailable — skip the module-relative candidate.
|
||||||
|
}
|
||||||
|
candidates.push(`${cwd}/src/data/${name}`);
|
||||||
|
}
|
||||||
|
for (const c of candidates) {
|
||||||
|
try {
|
||||||
|
const parsed = JSON.parse(readFileSync(c, "utf8")) as ModCatalogue;
|
||||||
|
if (parsed && Array.isArray(parsed.mods)) return parsed;
|
||||||
|
} catch {
|
||||||
|
// try the next candidate (file missing/unreadable → fall back)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return empty;
|
||||||
|
}
|
||||||
|
|
||||||
|
export const MODS = loadMods();
|
||||||
@@ -2,8 +2,114 @@
|
|||||||
// domains, URLs, theme, launcher files, and the structural shape of the
|
// domains, URLs, theme, launcher files, and the structural shape of the
|
||||||
// stat/feature lists. Translatable copy lives in src/i18n/ui.ts.
|
// stat/feature lists. Translatable copy lives in src/i18n/ui.ts.
|
||||||
// BASE_DOMAIN is read at build time; falls back to ulicraft.local.
|
// BASE_DOMAIN is read at build time; falls back to ulicraft.local.
|
||||||
|
// @ts-ignore — node builtins (no @types/node in this Astro SSG; same reason
|
||||||
|
// `process` below is untyped). Used only at build time to read the manifest.
|
||||||
|
import { readFileSync } from "node:fs";
|
||||||
|
|
||||||
const BASE_DOMAIN = process.env.BASE_DOMAIN ?? "ulicraft.local";
|
const BASE_DOMAIN = process.env.BASE_DOMAIN ?? "ulicraft.local";
|
||||||
|
|
||||||
|
// NMSR render mode for avatar tiles. AVATAR_MODE is the ServerCard online row +
|
||||||
|
// account preview (heads); ROSTER_AVATAR_MODE is the Members grid (full body by
|
||||||
|
// default). Read at build time, same as BASE_DOMAIN. e.g. "headiso" | "head" |
|
||||||
|
// "fullbody" | "fullbodyiso".
|
||||||
|
// @ts-ignore — `process` is untyped here (no @types/node), same as BASE_DOMAIN.
|
||||||
|
const AVATAR_MODE = process.env.AVATAR_MODE ?? "headiso";
|
||||||
|
// @ts-ignore — `process` is untyped here (no @types/node).
|
||||||
|
const ROSTER_AVATAR_MODE = process.env.ROSTER_AVATAR_MODE ?? "fullbodyiso";
|
||||||
|
|
||||||
|
// UlicraftLauncher download list. Source of truth is the custom-launcher repo's
|
||||||
|
// build output `launcher.json` (shape: productName/version/baseUrl/files[]),
|
||||||
|
// published to https://distribution.${BASE}/launcher/launcher.json. The release
|
||||||
|
// flow syncs that file into this dir as `launcher.json` (gitignored, generated)
|
||||||
|
// — same pattern as sync-server-mods.sh. It MAY NOT EXIST at build time, so we
|
||||||
|
// read it at runtime with fs (a static `import` would hard-fail the build when
|
||||||
|
// absent). Fall back to the committed `launcher.example.json` (the documented
|
||||||
|
// shape); if even that is unreadable, expose an empty file list so the homepage
|
||||||
|
// simply renders no download buttons. The raw launcher.json is normalized into
|
||||||
|
// the internal shape the page renders against (builds[]).
|
||||||
|
type LauncherBuild = {
|
||||||
|
os: string; // "windows" | "macos" | "linux"
|
||||||
|
arch: string; // "x64" | "arm64" | "universal"
|
||||||
|
format: string; // file extension: "exe" | "dmg" | "AppImage" | "deb" | "tar.gz" | …
|
||||||
|
filename: string;
|
||||||
|
url: string;
|
||||||
|
size?: number;
|
||||||
|
};
|
||||||
|
type LauncherFile = { filename: string; url: string; size?: number };
|
||||||
|
type LauncherManifest = {
|
||||||
|
product: string;
|
||||||
|
version: string;
|
||||||
|
builds: LauncherBuild[];
|
||||||
|
// Not present in launcher.json; the Fjord page degrades gracefully when absent.
|
||||||
|
fjordPack?: LauncherFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
// Raw shape as produced by the custom-launcher build (UlicraftLauncher/dist/launcher.json).
|
||||||
|
type RawLauncherJson = {
|
||||||
|
productName?: string;
|
||||||
|
version?: string;
|
||||||
|
baseUrl?: string;
|
||||||
|
files?: Array<{ name: string; os: string; arch: string; ext: string; url: string; size?: number }>;
|
||||||
|
};
|
||||||
|
|
||||||
|
function normalizeLauncher(raw: RawLauncherJson): LauncherManifest {
|
||||||
|
return {
|
||||||
|
product: raw.productName ?? "UlicraftLauncher",
|
||||||
|
version: raw.version ?? "0.0.0",
|
||||||
|
builds: (raw.files ?? []).map((f) => ({
|
||||||
|
os: f.os,
|
||||||
|
arch: f.arch,
|
||||||
|
format: f.ext,
|
||||||
|
filename: f.name,
|
||||||
|
url: f.url,
|
||||||
|
size: f.size,
|
||||||
|
})),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
function loadLauncherManifest(): LauncherManifest {
|
||||||
|
const empty: LauncherManifest = { product: "UlicraftLauncher", version: "0.0.0", builds: [] };
|
||||||
|
// Resolve relative to this module first, then fall back to a cwd-relative path:
|
||||||
|
// Astro bundles this module so import.meta.url may not point at src/data/ at
|
||||||
|
// build time, but the build runs from the landing root, so <cwd>/src/data/*
|
||||||
|
// resolves. Prefer the synced launcher.json, then the committed example.
|
||||||
|
// @ts-ignore — `process` is untyped here (no @types/node).
|
||||||
|
const cwd: string = typeof process !== "undefined" ? process.cwd() : ".";
|
||||||
|
const candidates: Array<string | URL> = [];
|
||||||
|
for (const name of ["launcher.json", "launcher.example.json"]) {
|
||||||
|
try {
|
||||||
|
candidates.push(new URL(name, import.meta.url));
|
||||||
|
} catch {
|
||||||
|
// import.meta.url unavailable — skip the module-relative candidate.
|
||||||
|
}
|
||||||
|
candidates.push(`${cwd}/src/data/${name}`);
|
||||||
|
}
|
||||||
|
for (const c of candidates) {
|
||||||
|
try {
|
||||||
|
const raw = JSON.parse(readFileSync(c, "utf8")) as RawLauncherJson;
|
||||||
|
if (raw && Array.isArray(raw.files)) return normalizeLauncher(raw);
|
||||||
|
} catch {
|
||||||
|
// try the next candidate (synced file missing → fall back to example)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return empty;
|
||||||
|
}
|
||||||
|
|
||||||
|
const LAUNCHER_MANIFEST = loadLauncherManifest();
|
||||||
|
|
||||||
|
// REGISTRATION_MODE (invite|open) is read at build time, same .env as Drasl's
|
||||||
|
// render-config.sh. "invite" => the register form must collect an invite code.
|
||||||
|
const REGISTRATION_MODE = process.env.REGISTRATION_MODE ?? "invite";
|
||||||
|
|
||||||
|
// REGISTRATION_SHOW_INVITE (true|false, default false=hidden) ONLY toggles the
|
||||||
|
// visibility of the invite-code field on the register form. The backend invite
|
||||||
|
// gate stays on Drasl's RequireInvite (driven by REGISTRATION_MODE). Decoupled on
|
||||||
|
// purpose: invites are usually admin-minted and the field is hidden by default.
|
||||||
|
// CAVEAT: if REGISTRATION_MODE=invite (backend requires a code) but this is
|
||||||
|
// false, public self-registration can't supply one — set both together.
|
||||||
|
// @ts-ignore — `process` is untyped here (no @types/node).
|
||||||
|
const REGISTRATION_SHOW_INVITE = process.env.REGISTRATION_SHOW_INVITE ?? "false";
|
||||||
|
|
||||||
// Minecraft / pack facts, surfaced in a few places.
|
// Minecraft / pack facts, surfaced in a few places.
|
||||||
const MC_VERSION = "1.21.1";
|
const MC_VERSION = "1.21.1";
|
||||||
|
|
||||||
@@ -12,47 +118,65 @@ export const site = {
|
|||||||
baseDomain: BASE_DOMAIN,
|
baseDomain: BASE_DOMAIN,
|
||||||
mcVersion: MC_VERSION,
|
mcVersion: MC_VERSION,
|
||||||
|
|
||||||
|
// Register form behaviour, driven by REGISTRATION_MODE in .env.
|
||||||
|
// true => Drasl RequireInvite = true (backend gate)
|
||||||
|
// false => open self-registration
|
||||||
|
registrationRequiresInvite: REGISTRATION_MODE === "invite",
|
||||||
|
// Whether the invite-code FIELD is shown on the register form (default false).
|
||||||
|
// Independent of the backend gate above — see REGISTRATION_SHOW_INVITE note.
|
||||||
|
registrationShowInvite: REGISTRATION_SHOW_INVITE === "true",
|
||||||
|
|
||||||
// Design knobs (replace the design's in-browser TweaksPanel). Baked at build.
|
// Design knobs (replace the design's in-browser TweaksPanel). Baked at build.
|
||||||
// mood: "grass" | "nether" | "end"
|
// mood: "grass" | "nether" | "end"
|
||||||
// hero: "centered" | "split" | "spotlight"
|
// hero: "centered" | "split" | "spotlight"
|
||||||
// headFont: "pixelify" | "8bit" | "silkscreen"
|
// headFont: "blockblueprint" | "pixelify" | "8bit" | "silkscreen"
|
||||||
// dust: floating pixel particles in the hero
|
// dust: floating pixel particles in the hero
|
||||||
theme: {
|
theme: {
|
||||||
mood: "grass",
|
mood: "grass",
|
||||||
hero: "centered",
|
hero: "centered",
|
||||||
headFont: "pixelify",
|
headFont: "blockblueprint",
|
||||||
dust: true,
|
dust: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Connect target shown to guests. No port needed — a dnsmasq SRV record
|
// Connect target shown to guests. No port needed (defaults to 25565).
|
||||||
// (_minecraft._tcp.mc.<domain>) points clients at 25565.
|
serverAddress: `${BASE_DOMAIN}`,
|
||||||
serverAddress: `mc.${BASE_DOMAIN}`,
|
|
||||||
|
|
||||||
// Drasl auth web UI + authlib-injector API root.
|
// Drasl auth web UI + authlib-injector API root (public HTTPS).
|
||||||
authUrl: `http://auth.${BASE_DOMAIN}`,
|
authUrl: `https://auth.${BASE_DOMAIN}`,
|
||||||
authlibUrl: `http://auth.${BASE_DOMAIN}/authlib-injector`,
|
authlibUrl: `https://auth.${BASE_DOMAIN}/authlib-injector`,
|
||||||
|
// Drasl REST API v2 root — the /register form calls this from the browser.
|
||||||
|
// Requires CORSAllowOrigins to include the apex in drasl config.toml.
|
||||||
|
draslApiUrl: `https://auth.${BASE_DOMAIN}/drasl/api/v2`,
|
||||||
|
|
||||||
// packwiz modpack entrypoint.
|
// NMSR avatar renderer root. Player heads come from OUR Drasl skins, not
|
||||||
packwizUrl: `http://packwiz.${BASE_DOMAIN}/pack.toml`,
|
// Mojang/Crafatar — head URL is `${avatarUrl}/headiso/<uuid>?size=64`.
|
||||||
|
avatarUrl: `https://avatar.${BASE_DOMAIN}`,
|
||||||
|
|
||||||
// Caddy local CA root — guests import this to trust the offline asset mirror.
|
// NMSR render mode for avatar tiles. Avatar URL = `${avatarUrl}/<mode>/<uuid>?size=N`.
|
||||||
caCertUrl: `http://${BASE_DOMAIN}/ca.crt`,
|
// avatarMode → ServerCard online row + account preview (heads)
|
||||||
|
// rosterAvatarMode → PlayerRoster members grid (full body)
|
||||||
|
avatarMode: AVATAR_MODE,
|
||||||
|
rosterAvatarMode: ROSTER_AVATAR_MODE,
|
||||||
|
|
||||||
// Static server-list panel (Status section). No fake live count — see plan
|
// Uptime Kuma status page (external link in footer).
|
||||||
// 09-landing.md option B.
|
statusUrl: `https://status.${BASE_DOMAIN}`,
|
||||||
|
|
||||||
|
// Live server card (ServerCard.astro). `slots` is the SSG fallback cap shown
|
||||||
|
// before/without JS; live data comes from our SELF-HOSTED mc-status service
|
||||||
|
// (docker/mc-status, mcutil wrapper) reverse-proxied same-origin at the apex
|
||||||
|
// /api/mcstatus/* path — no CORS, no third-party calls. It emits mcstatus.io
|
||||||
|
// v2 JSON, so the URL stays drop-in compatible. Uptime Kuma stays the history
|
||||||
|
// + alerting backend (plan/10).
|
||||||
status: {
|
status: {
|
||||||
slots: 10,
|
slots: 10,
|
||||||
|
statusApi: `/api/mcstatus/v2/status/java/${BASE_DOMAIN}`,
|
||||||
|
// Registered-players roster (PlayerRoster.astro). Same mc-status service,
|
||||||
|
// same-origin via caddy /api/mcstatus/* → internal /players. Returns a
|
||||||
|
// sanitized [{uuid,name}] of every Drasl player (admin login is server-side
|
||||||
|
// in mc-status; no admin token in the page).
|
||||||
|
rosterApi: `/api/mcstatus/players`,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Honest stat tiles. Keys (numbers/versions) are language-neutral; labels
|
|
||||||
// come from ui.ts (same order).
|
|
||||||
stats: [
|
|
||||||
{ key: "50+" },
|
|
||||||
{ key: MC_VERSION },
|
|
||||||
{ key: "10" },
|
|
||||||
{ key: "6h" },
|
|
||||||
],
|
|
||||||
|
|
||||||
// Feature cards. glyph ∈ shield|diamond|orb|heart; gold = gold pixel fill.
|
// Feature cards. glyph ∈ shield|diamond|orb|heart; gold = gold pixel fill.
|
||||||
// Text (h/p) comes from ui.ts (same order).
|
// Text (h/p) comes from ui.ts (same order).
|
||||||
features: [
|
features: [
|
||||||
@@ -62,10 +186,16 @@ export const site = {
|
|||||||
{ glyph: "heart", gold: true },
|
{ glyph: "heart", gold: true },
|
||||||
],
|
],
|
||||||
|
|
||||||
// Launcher downloads. Stable filenames are symlinks created by
|
// UlicraftLauncher download manifest — feeds the homepage join step 2
|
||||||
|
// per-OS buttons from `builds[]` (and the Fjord page's .mrpack via
|
||||||
|
// `fjordPack`). Synced from the custom-launcher repo; see loader above.
|
||||||
|
launcherManifest: LAUNCHER_MANIFEST,
|
||||||
|
|
||||||
|
// Fjord Launcher downloads (the alternative manual path on /fjord, OFF the
|
||||||
|
// homepage flow). Stable filenames are symlinks created by
|
||||||
// tooling/fetch-launcher.sh — keep these in sync with that script. OS names
|
// tooling/fetch-launcher.sh — keep these in sync with that script. OS names
|
||||||
// and hints are technical, kept language-neutral here.
|
// and hints are technical, kept language-neutral here.
|
||||||
launcher: {
|
fjord: {
|
||||||
name: "Fjord Launcher",
|
name: "Fjord Launcher",
|
||||||
base: "/launcher/latest",
|
base: "/launcher/latest",
|
||||||
downloads: [
|
downloads: [
|
||||||
@@ -86,6 +216,7 @@ export const LITERALS = {
|
|||||||
|
|
||||||
// Head-font CSS stacks, keyed by theme.headFont.
|
// Head-font CSS stacks, keyed by theme.headFont.
|
||||||
export const HEAD_FONTS: Record<string, string> = {
|
export const HEAD_FONTS: Record<string, string> = {
|
||||||
|
blockblueprint: "'Block Blueprint', system-ui, sans-serif",
|
||||||
pixelify: "'Pixelify Sans', system-ui, sans-serif",
|
pixelify: "'Pixelify Sans', system-ui, sans-serif",
|
||||||
"8bit": "'Press Start 2P', monospace",
|
"8bit": "'Press Start 2P', monospace",
|
||||||
silkscreen: "'Silkscreen', system-ui, sans-serif",
|
silkscreen: "'Silkscreen', system-ui, sans-serif",
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
// locales; the page (src/pages/[...lang].astro) renders against it.
|
// locales; the page (src/pages/[...lang].astro) renders against it.
|
||||||
//
|
//
|
||||||
// Conventions:
|
// Conventions:
|
||||||
// - "{name}" in step1 is replaced with the launcher name at render time.
|
// - "{name}" is replaced with the launcher name at render time.
|
||||||
// - Sentences containing links/kbd/literals are split into parts (a/b/pre/
|
// - Sentences containing links/kbd/literals are split into parts (a/b/pre/
|
||||||
// post/link) so the markup stays in the template, not in the strings.
|
// post/link) so the markup stays in the template, not in the strings.
|
||||||
// - Product / in-game literals (authlib-injector, Multiplayer, Add Server)
|
// - Product / in-game literals (authlib-injector, Multiplayer, Add Server)
|
||||||
@@ -11,13 +11,31 @@
|
|||||||
export type Lang = "en" | "es" | "eu";
|
export type Lang = "en" | "es" | "eu";
|
||||||
export const LANGS: Lang[] = ["en", "es", "eu"];
|
export const LANGS: Lang[] = ["en", "es", "eu"];
|
||||||
export const LANG_LABEL: Record<Lang, string> = { en: "EN", es: "ES", eu: "EU" };
|
export const LANG_LABEL: Record<Lang, string> = { en: "EN", es: "ES", eu: "EU" };
|
||||||
// URL path per locale (en is default, served at root).
|
// URL path per locale (es is default, served at root; en moves to /en/).
|
||||||
export const LANG_PATH: Record<Lang, string> = { en: "/", es: "/es/", eu: "/eu/" };
|
export const LANG_PATH: Record<Lang, string> = { es: "/", en: "/en/", eu: "/eu/" };
|
||||||
|
// Register page path per locale (mirrors LANG_PATH: es at /register).
|
||||||
|
export const LANG_REGISTER_PATH: Record<Lang, string> = {
|
||||||
|
es: "/register",
|
||||||
|
en: "/en/register",
|
||||||
|
eu: "/eu/register",
|
||||||
|
};
|
||||||
|
// Fjord (alternative path) page path per locale (mirrors LANG_REGISTER_PATH).
|
||||||
|
export const LANG_FJORD_PATH: Record<Lang, string> = {
|
||||||
|
es: "/fjord",
|
||||||
|
en: "/en/fjord",
|
||||||
|
eu: "/eu/fjord",
|
||||||
|
};
|
||||||
|
// Account page path per locale (mirrors LANG_REGISTER_PATH).
|
||||||
|
export const LANG_ACCOUNT_PATH: Record<Lang, string> = {
|
||||||
|
es: "/account",
|
||||||
|
en: "/en/account",
|
||||||
|
eu: "/eu/account",
|
||||||
|
};
|
||||||
|
|
||||||
export interface UI {
|
export interface UI {
|
||||||
htmlLang: string;
|
htmlLang: string;
|
||||||
copied: string; // transient copy-button feedback
|
copied: string; // transient copy-button feedback
|
||||||
nav: { status: string; features: string; join: string; play: string };
|
nav: { status: string; members: string; features: string; mods: string; join: string; play: string; register: string; login: string };
|
||||||
hero: {
|
hero: {
|
||||||
eyebrow: string; // "Modded LAN · NeoForge" — version appended at render
|
eyebrow: string; // "Modded LAN · NeoForge" — version appended at render
|
||||||
tagline: string;
|
tagline: string;
|
||||||
@@ -25,7 +43,6 @@ export interface UI {
|
|||||||
copyIp: string;
|
copyIp: string;
|
||||||
howToJoin: string;
|
howToJoin: string;
|
||||||
metaModpack: string;
|
metaModpack: string;
|
||||||
metaLan: string;
|
|
||||||
};
|
};
|
||||||
status: {
|
status: {
|
||||||
eyebrow: string;
|
eyebrow: string;
|
||||||
@@ -34,15 +51,41 @@ export interface UI {
|
|||||||
modded: string;
|
modded: string;
|
||||||
motd: string;
|
motd: string;
|
||||||
upTo: string;
|
upTo: string;
|
||||||
|
empty: string; // shown on the ServerCard when nobody is online
|
||||||
|
};
|
||||||
|
members: {
|
||||||
|
eyebrow: string;
|
||||||
|
title: string;
|
||||||
|
lead: string;
|
||||||
|
empty: string; // shown when the roster is empty or unreachable
|
||||||
};
|
};
|
||||||
statLabels: [string, string, string, string];
|
|
||||||
features: {
|
features: {
|
||||||
eyebrow: string;
|
eyebrow: string;
|
||||||
title: string;
|
title: string;
|
||||||
lead: string;
|
lead: string;
|
||||||
items: { h: string; p: string }[];
|
items: { h: string; p: string }[];
|
||||||
};
|
};
|
||||||
|
mods: {
|
||||||
|
eyebrow: string;
|
||||||
|
title: string;
|
||||||
|
lead: string;
|
||||||
|
empty: string; // shown when the catalogue is absent/empty (not yet generated)
|
||||||
|
};
|
||||||
join: {
|
join: {
|
||||||
|
eyebrow: string;
|
||||||
|
title: string;
|
||||||
|
lead: string;
|
||||||
|
s1: {
|
||||||
|
kicker: string;
|
||||||
|
h: string;
|
||||||
|
pa: string; // before the register link
|
||||||
|
pb: string; // after it
|
||||||
|
registerLink: string;
|
||||||
|
};
|
||||||
|
s2: { kicker: string; h: string; p: string };
|
||||||
|
};
|
||||||
|
fjord: {
|
||||||
|
navHome: string; // "← Home" link in nav
|
||||||
eyebrow: string;
|
eyebrow: string;
|
||||||
title: string;
|
title: string;
|
||||||
lead: string;
|
lead: string;
|
||||||
@@ -53,10 +96,6 @@ export interface UI {
|
|||||||
pa: string; // before the authlib-injector literal
|
pa: string; // before the authlib-injector literal
|
||||||
pb: string; // after it
|
pb: string; // after it
|
||||||
copy: string;
|
copy: string;
|
||||||
registerPre: string;
|
|
||||||
caPre: string;
|
|
||||||
caLink: string;
|
|
||||||
caPost: string;
|
|
||||||
};
|
};
|
||||||
s3: { kicker: string; h: string; p: string };
|
s3: { kicker: string; h: string; p: string };
|
||||||
s4: {
|
s4: {
|
||||||
@@ -66,26 +105,94 @@ export interface UI {
|
|||||||
pb: string; // after them
|
pb: string; // after them
|
||||||
copy: string;
|
copy: string;
|
||||||
};
|
};
|
||||||
|
noPack: string; // shown when fjordPack is missing from the manifest
|
||||||
|
};
|
||||||
|
footer: { join: string; status: string; disc: string };
|
||||||
|
register: {
|
||||||
|
navHome: string; // "← Home" link in nav
|
||||||
|
eyebrow: string;
|
||||||
|
title: string;
|
||||||
|
lead: string;
|
||||||
|
usernameLabel: string;
|
||||||
|
usernamePlaceholder: string;
|
||||||
|
passwordLabel: string;
|
||||||
|
passwordPlaceholder: string;
|
||||||
|
inviteLabel: string;
|
||||||
|
invitePlaceholder: string;
|
||||||
|
inviteHint: string; // where to get a code
|
||||||
|
submit: string;
|
||||||
|
submitting: string;
|
||||||
|
haveAccount: string; // "Already have an account?"
|
||||||
|
loginLink: string; // links to the account page
|
||||||
|
successTitle: string;
|
||||||
|
successBody: string; // {name} = player name
|
||||||
|
uuidLabel: string;
|
||||||
|
skinTitle: string;
|
||||||
|
skinLead: string;
|
||||||
|
skinChoose: string;
|
||||||
|
modelLabel: string;
|
||||||
|
modelClassic: string;
|
||||||
|
modelSlim: string;
|
||||||
|
skinUpload: string;
|
||||||
|
skinUploading: string;
|
||||||
|
skinOk: string;
|
||||||
|
finish: string; // proceed to How to Join
|
||||||
|
errFields: string;
|
||||||
|
errSkinType: string;
|
||||||
|
errNetwork: string;
|
||||||
|
};
|
||||||
|
account: {
|
||||||
|
navHome: string; // "← Home" link in nav
|
||||||
|
eyebrow: string;
|
||||||
|
title: string;
|
||||||
|
lead: string;
|
||||||
|
// Login form
|
||||||
|
usernameLabel: string;
|
||||||
|
usernamePlaceholder: string;
|
||||||
|
passwordLabel: string;
|
||||||
|
passwordPlaceholder: string;
|
||||||
|
submit: string;
|
||||||
|
submitting: string;
|
||||||
|
noAccount: string; // "No account yet?"
|
||||||
|
registerLink: string; // links to /register
|
||||||
|
// Skin panel
|
||||||
|
refresh: string; // re-fetch the NMSR avatar
|
||||||
|
playerLabel: string; // "Logged in as"
|
||||||
|
skinTitle: string;
|
||||||
|
skinLead: string; // reuses register.skinLead concept
|
||||||
|
skinChoose: string;
|
||||||
|
modelLabel: string;
|
||||||
|
modelClassic: string;
|
||||||
|
modelSlim: string;
|
||||||
|
skinUpload: string;
|
||||||
|
skinUploading: string;
|
||||||
|
skinOk: string;
|
||||||
|
skinPreviewNote: string; // "NMSR takes ~1 min to update" hint
|
||||||
|
resetSkin: string;
|
||||||
|
resetConfirm: string; // window.confirm text
|
||||||
|
resetOk: string;
|
||||||
|
// Errors
|
||||||
|
errFields: string;
|
||||||
|
errSkinType: string;
|
||||||
|
errNetwork: string;
|
||||||
};
|
};
|
||||||
footer: { join: string; disc: string };
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export const ui: Record<Lang, UI> = {
|
export const ui: Record<Lang, UI> = {
|
||||||
en: {
|
en: {
|
||||||
htmlLang: "en",
|
htmlLang: "en",
|
||||||
copied: "Copied!",
|
copied: "Copied!",
|
||||||
nav: { status: "Status", features: "Features", join: "How to Join", play: "Play Now" },
|
nav: { status: "Status", members: "Members", features: "Features", mods: "Mods", join: "How to Join", play: "Play", register: "Register", login: "Account" },
|
||||||
hero: {
|
hero: {
|
||||||
eyebrow: "Modded LAN · NeoForge",
|
eyebrow: "Modded LAN · NeoForge",
|
||||||
tagline: "Kitchen-sink survival, built to outlast the weekend.",
|
tagline: "Kitchen-sink survival, built to outlast the weekend.",
|
||||||
sub:
|
sub:
|
||||||
"A self-hosted modded server for the crew — a curated tech + magic + " +
|
"A self-hosted modded server for El valle — a curated tech + magic + " +
|
||||||
"exploration pack, your own skins, one-click setup. Grab the address, " +
|
"exploration pack, your own skins, one-click setup. Grab the address, " +
|
||||||
"import the pack, dig in.",
|
"import the pack, dig in.",
|
||||||
copyIp: "Copy IP",
|
copyIp: "Copy IP",
|
||||||
howToJoin: "How to Join",
|
howToJoin: "How to Join",
|
||||||
metaModpack: "NeoForge modpack",
|
metaModpack: "NeoForge modpack",
|
||||||
metaLan: "LAN-only",
|
|
||||||
},
|
},
|
||||||
status: {
|
status: {
|
||||||
eyebrow: "Server",
|
eyebrow: "Server",
|
||||||
@@ -94,11 +201,17 @@ export const ui: Record<Lang, UI> = {
|
|||||||
modded: "Modded",
|
modded: "Modded",
|
||||||
motd: "NeoForge modpack · Simple Voice Chat · LAN-only",
|
motd: "NeoForge modpack · Simple Voice Chat · LAN-only",
|
||||||
upTo: "up to",
|
upTo: "up to",
|
||||||
|
empty: "Nobody online",
|
||||||
|
},
|
||||||
|
members: {
|
||||||
|
eyebrow: "El valle",
|
||||||
|
title: "Who's on the server.",
|
||||||
|
lead: "Everyone registered on Ulicraft, with their own self-hosted skin.",
|
||||||
|
empty: "No members yet — be the first to register.",
|
||||||
},
|
},
|
||||||
statLabels: ["Mods", "NeoForge", "Player slots", "World backups"],
|
|
||||||
features: {
|
features: {
|
||||||
eyebrow: "What makes it Ulicraft",
|
eyebrow: "What makes it Ulicraft",
|
||||||
title: "Built for the crew.",
|
title: "Built for El valle.",
|
||||||
lead:
|
lead:
|
||||||
"Self-hosted, curated, and persistent — a modded server that respects " +
|
"Self-hosted, curated, and persistent — a modded server that respects " +
|
||||||
"your time and outlives the LAN.",
|
"your time and outlives the LAN.",
|
||||||
@@ -113,7 +226,7 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "One-click setup",
|
h: "One-click setup",
|
||||||
p: "packwiz installs and updates the whole modpack inside your launcher, so everyone stays in sync.",
|
p: "The Ulicraft Launcher installs and updates the whole modpack from our distribution, so everyone stays in sync.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "Built to last",
|
h: "Built to last",
|
||||||
@@ -121,30 +234,50 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
mods: {
|
||||||
|
eyebrow: "The pack",
|
||||||
|
title: "Every mod in the pack.",
|
||||||
|
lead: "The full client modset, installed automatically by the launcher. No hunting, no version mismatches.",
|
||||||
|
empty: "Mod list not generated yet — check back soon.",
|
||||||
|
},
|
||||||
join: {
|
join: {
|
||||||
eyebrow: "How to Join · 4 Steps",
|
eyebrow: "How to Join · 2 Steps",
|
||||||
title: "From zero to spawning in.",
|
title: "From zero to spawning in.",
|
||||||
lead: "One-time setup. After this, the launcher keeps you in sync.",
|
lead: "One-time setup. After this, the launcher keeps you in sync.",
|
||||||
s1: {
|
s1: {
|
||||||
|
kicker: "Account",
|
||||||
|
h: "Register",
|
||||||
|
pa: "Create your Ulicraft account at",
|
||||||
|
pb: "— one username and password for the server and your skin.",
|
||||||
|
registerLink: "Register",
|
||||||
|
},
|
||||||
|
s2: {
|
||||||
kicker: "Launcher",
|
kicker: "Launcher",
|
||||||
h: "Download {name}",
|
h: "Download {name}",
|
||||||
p: "Grab {name} for your system — a Prism-based launcher with authlib-injector support built in.",
|
p: "Grab {name}, log in with your Ulicraft credentials, and hit play. Everything else — the modpack, the server address, updates — is handled inside the launcher.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
fjord: {
|
||||||
|
navHome: "← Home",
|
||||||
|
eyebrow: "Alternative · Fjord Launcher",
|
||||||
|
title: "Play with Fjord Launcher.",
|
||||||
|
lead: "Prefer a vanilla Prism-based launcher? Set it up manually with Fjord and import the Ulicraft pack.",
|
||||||
|
s1: {
|
||||||
|
kicker: "Launcher",
|
||||||
|
h: "Download Fjord",
|
||||||
|
p: "Grab Fjord Launcher for your system — a Prism-based launcher with authlib-injector support built in.",
|
||||||
},
|
},
|
||||||
s2: {
|
s2: {
|
||||||
kicker: "Account",
|
kicker: "Account",
|
||||||
h: "Add your account",
|
h: "Add your account",
|
||||||
pa: "In the launcher, add an",
|
pa: "In Fjord, add an",
|
||||||
pb: "account using this URL, then log in with your Ulicraft credentials.",
|
pb: "account using this URL, then log in with your Ulicraft credentials.",
|
||||||
copy: "Copy",
|
copy: "Copy",
|
||||||
registerPre: "Need credentials? Register at",
|
|
||||||
caPre: "Offline party? Download and trust the",
|
|
||||||
caLink: "local CA certificate",
|
|
||||||
caPost: "so the game-file mirror works over HTTPS.",
|
|
||||||
},
|
},
|
||||||
s3: {
|
s3: {
|
||||||
kicker: "Modpack",
|
kicker: "Modpack",
|
||||||
h: "Import the modpack",
|
h: "Import the Ulicraft pack",
|
||||||
p: "Add a new instance from this packwiz URL — it installs and updates the whole pack.",
|
p: "Download the Ulicraft modpack and import it into Fjord as a new instance — it installs the whole pack.",
|
||||||
},
|
},
|
||||||
s4: {
|
s4: {
|
||||||
kicker: "Connect",
|
kicker: "Connect",
|
||||||
@@ -153,28 +286,94 @@ export const ui: Record<Lang, UI> = {
|
|||||||
pb: ", paste the address, and join.",
|
pb: ", paste the address, and join.",
|
||||||
copy: "Copy IP",
|
copy: "Copy IP",
|
||||||
},
|
},
|
||||||
|
noPack: "The pack download isn't available yet — check back soon.",
|
||||||
},
|
},
|
||||||
footer: {
|
footer: {
|
||||||
join: "How to Join",
|
join: "How to Join",
|
||||||
|
status: "Server status",
|
||||||
disc: "Not affiliated with Mojang or Microsoft. Minecraft is a trademark of Mojang AB.",
|
disc: "Not affiliated with Mojang or Microsoft. Minecraft is a trademark of Mojang AB.",
|
||||||
},
|
},
|
||||||
|
register: {
|
||||||
|
navHome: "← Home",
|
||||||
|
eyebrow: "Account",
|
||||||
|
title: "Create your Ulicraft account.",
|
||||||
|
lead: "One username and password for the server, your skin, and your cape. Takes a minute.",
|
||||||
|
usernameLabel: "Username",
|
||||||
|
usernamePlaceholder: "your in-game name",
|
||||||
|
passwordLabel: "Password",
|
||||||
|
passwordPlaceholder: "choose a password",
|
||||||
|
inviteLabel: "Invite code",
|
||||||
|
invitePlaceholder: "paste your invite code",
|
||||||
|
inviteHint: "Ask an admin for an invite code.",
|
||||||
|
submit: "Create account",
|
||||||
|
submitting: "Creating…",
|
||||||
|
haveAccount: "Already have an account?",
|
||||||
|
loginLink: "Manage it here",
|
||||||
|
successTitle: "Account created.",
|
||||||
|
successBody: "Welcome, {name}. You can set a skin now, or head straight to How to Join.",
|
||||||
|
uuidLabel: "Player UUID",
|
||||||
|
skinTitle: "Set your skin (optional)",
|
||||||
|
skinLead: "Upload a Minecraft skin PNG. You can always change it later in the account page.",
|
||||||
|
skinChoose: "Choose PNG…",
|
||||||
|
modelLabel: "Model",
|
||||||
|
modelClassic: "Classic",
|
||||||
|
modelSlim: "Slim",
|
||||||
|
skinUpload: "Upload skin",
|
||||||
|
skinUploading: "Uploading…",
|
||||||
|
skinOk: "Skin set!",
|
||||||
|
finish: "Continue to How to Join",
|
||||||
|
errFields: "Fill in every field.",
|
||||||
|
errSkinType: "Pick a PNG image.",
|
||||||
|
errNetwork: "Network error — try again.",
|
||||||
|
},
|
||||||
|
account: {
|
||||||
|
navHome: "← Home",
|
||||||
|
eyebrow: "Account",
|
||||||
|
title: "Manage your skin.",
|
||||||
|
lead: "Log in to upload or reset your Minecraft skin.",
|
||||||
|
usernameLabel: "Username",
|
||||||
|
usernamePlaceholder: "your in-game name",
|
||||||
|
passwordLabel: "Password",
|
||||||
|
passwordPlaceholder: "your password",
|
||||||
|
submit: "Log in",
|
||||||
|
submitting: "Logging in…",
|
||||||
|
noAccount: "No account yet?",
|
||||||
|
registerLink: "Register here",
|
||||||
|
refresh: "Refresh",
|
||||||
|
playerLabel: "Logged in as",
|
||||||
|
skinTitle: "Your skin",
|
||||||
|
skinLead: "Upload a Minecraft skin PNG. The 3D preview below updates instantly; the in-game avatar takes ~1 minute.",
|
||||||
|
skinChoose: "Choose PNG…",
|
||||||
|
modelLabel: "Model",
|
||||||
|
modelClassic: "Classic",
|
||||||
|
modelSlim: "Slim",
|
||||||
|
skinUpload: "Upload skin",
|
||||||
|
skinUploading: "Uploading…",
|
||||||
|
skinOk: "Skin updated!",
|
||||||
|
skinPreviewNote: "Avatar updates in ~1 min.",
|
||||||
|
resetSkin: "Reset to default",
|
||||||
|
resetConfirm: "Reset your skin to the default? This cannot be undone.",
|
||||||
|
resetOk: "Skin reset to default.",
|
||||||
|
errFields: "Fill in every field.",
|
||||||
|
errSkinType: "Pick a PNG image.",
|
||||||
|
errNetwork: "Network error — try again.",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
es: {
|
es: {
|
||||||
htmlLang: "es",
|
htmlLang: "es",
|
||||||
copied: "¡Copiado!",
|
copied: "¡Copiado!",
|
||||||
nav: { status: "Estado", features: "Características", join: "Cómo entrar", play: "Jugar ahora" },
|
nav: { status: "Estado", members: "Miembros", features: "Características", mods: "Mods", join: "Cómo entrar", play: "Jugar", register: "Registro", login: "Cuenta" },
|
||||||
hero: {
|
hero: {
|
||||||
eyebrow: "LAN con mods · NeoForge",
|
eyebrow: "LAN con mods · NeoForge",
|
||||||
tagline: "Supervivencia todo incluido, para durar más que el finde.",
|
tagline: "Supervivencia todo incluido, para durar más que el finde.",
|
||||||
sub:
|
sub:
|
||||||
"Un servidor con mods autoalojado para la cuadrilla: un pack curado de " +
|
"Un servidor con mods autoalojado para El valle: un pack curado de " +
|
||||||
"tecnología, magia y exploración, tus propias skins y configuración en un " +
|
"tecnología, magia y exploración, tus propias skins y configuración en un " +
|
||||||
"clic. Copia la dirección, importa el pack y a cavar.",
|
"clic. Copia la dirección, importa el pack y a cavar.",
|
||||||
copyIp: "Copiar IP",
|
copyIp: "Copiar IP",
|
||||||
howToJoin: "Cómo entrar",
|
howToJoin: "Cómo entrar",
|
||||||
metaModpack: "Pack NeoForge",
|
metaModpack: "Pack NeoForge",
|
||||||
metaLan: "Solo LAN",
|
|
||||||
},
|
},
|
||||||
status: {
|
status: {
|
||||||
eyebrow: "Servidor",
|
eyebrow: "Servidor",
|
||||||
@@ -183,11 +382,17 @@ export const ui: Record<Lang, UI> = {
|
|||||||
modded: "Con mods",
|
modded: "Con mods",
|
||||||
motd: "Pack NeoForge · Simple Voice Chat · Solo LAN",
|
motd: "Pack NeoForge · Simple Voice Chat · Solo LAN",
|
||||||
upTo: "hasta",
|
upTo: "hasta",
|
||||||
|
empty: "No hay nadie conectado",
|
||||||
|
},
|
||||||
|
members: {
|
||||||
|
eyebrow: "El valle",
|
||||||
|
title: "Quién está en el servidor.",
|
||||||
|
lead: "Todos los registrados en Ulicraft, cada uno con su skin autoalojada.",
|
||||||
|
empty: "Aún no hay miembros — sé el primero en registrarte.",
|
||||||
},
|
},
|
||||||
statLabels: ["Mods", "NeoForge", "Plazas", "Copias del mundo"],
|
|
||||||
features: {
|
features: {
|
||||||
eyebrow: "Qué hace especial a Ulicraft",
|
eyebrow: "Qué hace especial a Ulicraft",
|
||||||
title: "Hecho para la cuadrilla.",
|
title: "Hecho para El valle.",
|
||||||
lead:
|
lead:
|
||||||
"Autoalojado, curado y persistente: un servidor con mods que respeta tu " +
|
"Autoalojado, curado y persistente: un servidor con mods que respeta tu " +
|
||||||
"tiempo y sobrevive a la LAN.",
|
"tiempo y sobrevive a la LAN.",
|
||||||
@@ -202,7 +407,7 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "Configuración en un clic",
|
h: "Configuración en un clic",
|
||||||
p: "packwiz instala y actualiza todo el modpack dentro de tu launcher, así todos vais sincronizados.",
|
p: "El Ulicraft Launcher instala y actualiza todo el modpack desde nuestra distribución, así todos vais sincronizados.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "Hecho para durar",
|
h: "Hecho para durar",
|
||||||
@@ -210,30 +415,50 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
mods: {
|
||||||
|
eyebrow: "El pack",
|
||||||
|
title: "Todos los mods del pack.",
|
||||||
|
lead: "El modset completo del cliente, instalado automáticamente por el launcher. Sin búsquedas ni versiones incompatibles.",
|
||||||
|
empty: "La lista de mods aún no está generada — vuelve pronto.",
|
||||||
|
},
|
||||||
join: {
|
join: {
|
||||||
eyebrow: "Cómo entrar · 4 pasos",
|
eyebrow: "Cómo entrar · 2 pasos",
|
||||||
title: "De cero a aparecer en el mundo.",
|
title: "De cero a aparecer en el mundo.",
|
||||||
lead: "Configuración única. Después, el launcher te mantiene sincronizado.",
|
lead: "Configuración única. Después, el launcher te mantiene sincronizado.",
|
||||||
s1: {
|
s1: {
|
||||||
|
kicker: "Cuenta",
|
||||||
|
h: "Regístrate",
|
||||||
|
pa: "Crea tu cuenta de Ulicraft en",
|
||||||
|
pb: "— un usuario y contraseña para el servidor y tu skin.",
|
||||||
|
registerLink: "Registro",
|
||||||
|
},
|
||||||
|
s2: {
|
||||||
kicker: "Launcher",
|
kicker: "Launcher",
|
||||||
h: "Descarga {name}",
|
h: "Descarga {name}",
|
||||||
p: "Coge {name} para tu sistema: un launcher basado en Prism con soporte authlib-injector integrado.",
|
p: "Coge {name}, inicia sesión con tus credenciales de Ulicraft y dale a jugar. Todo lo demás — el modpack, la dirección del servidor, las actualizaciones — se gestiona dentro del launcher.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
fjord: {
|
||||||
|
navHome: "← Inicio",
|
||||||
|
eyebrow: "Alternativa · Fjord Launcher",
|
||||||
|
title: "Juega con Fjord Launcher.",
|
||||||
|
lead: "¿Prefieres un launcher vanilla basado en Prism? Configúralo a mano con Fjord e importa el pack de Ulicraft.",
|
||||||
|
s1: {
|
||||||
|
kicker: "Launcher",
|
||||||
|
h: "Descarga Fjord",
|
||||||
|
p: "Coge Fjord Launcher para tu sistema: un launcher basado en Prism con soporte authlib-injector integrado.",
|
||||||
},
|
},
|
||||||
s2: {
|
s2: {
|
||||||
kicker: "Cuenta",
|
kicker: "Cuenta",
|
||||||
h: "Añade tu cuenta",
|
h: "Añade tu cuenta",
|
||||||
pa: "En el launcher, añade una cuenta",
|
pa: "En Fjord, añade una cuenta",
|
||||||
pb: "con esta URL y luego inicia sesión con tus credenciales de Ulicraft.",
|
pb: "con esta URL y luego inicia sesión con tus credenciales de Ulicraft.",
|
||||||
copy: "Copiar",
|
copy: "Copiar",
|
||||||
registerPre: "¿Sin credenciales? Regístrate en",
|
|
||||||
caPre: "¿Fiesta sin internet? Descarga y confía en el",
|
|
||||||
caLink: "certificado CA local",
|
|
||||||
caPost: "para que el mirror de archivos funcione por HTTPS.",
|
|
||||||
},
|
},
|
||||||
s3: {
|
s3: {
|
||||||
kicker: "Modpack",
|
kicker: "Modpack",
|
||||||
h: "Importa el modpack",
|
h: "Importa el pack de Ulicraft",
|
||||||
p: "Añade una instancia nueva desde esta URL de packwiz: instala y actualiza todo el pack.",
|
p: "Descarga el modpack de Ulicraft e impórtalo en Fjord como instancia nueva: instala todo el pack.",
|
||||||
},
|
},
|
||||||
s4: {
|
s4: {
|
||||||
kicker: "Conectar",
|
kicker: "Conectar",
|
||||||
@@ -242,28 +467,94 @@ export const ui: Record<Lang, UI> = {
|
|||||||
pb: ", pega la dirección y entra.",
|
pb: ", pega la dirección y entra.",
|
||||||
copy: "Copiar IP",
|
copy: "Copiar IP",
|
||||||
},
|
},
|
||||||
|
noPack: "La descarga del pack aún no está disponible — vuelve pronto.",
|
||||||
},
|
},
|
||||||
footer: {
|
footer: {
|
||||||
join: "Cómo entrar",
|
join: "Cómo entrar",
|
||||||
|
status: "Estado del servidor",
|
||||||
disc: "No afiliado a Mojang ni Microsoft. Minecraft es una marca de Mojang AB.",
|
disc: "No afiliado a Mojang ni Microsoft. Minecraft es una marca de Mojang AB.",
|
||||||
},
|
},
|
||||||
|
register: {
|
||||||
|
navHome: "← Inicio",
|
||||||
|
eyebrow: "Cuenta",
|
||||||
|
title: "Crea tu cuenta de Ulicraft.",
|
||||||
|
lead: "Un usuario y contraseña para el servidor, tu skin y tu capa. Cosa de un minuto.",
|
||||||
|
usernameLabel: "Usuario",
|
||||||
|
usernamePlaceholder: "tu nombre en el juego",
|
||||||
|
passwordLabel: "Contraseña",
|
||||||
|
passwordPlaceholder: "elige una contraseña",
|
||||||
|
inviteLabel: "Código de invitación",
|
||||||
|
invitePlaceholder: "pega tu código de invitación",
|
||||||
|
inviteHint: "Pide un código de invitación a un admin.",
|
||||||
|
submit: "Crear cuenta",
|
||||||
|
submitting: "Creando…",
|
||||||
|
haveAccount: "¿Ya tienes cuenta?",
|
||||||
|
loginLink: "Gestiónala aquí",
|
||||||
|
successTitle: "Cuenta creada.",
|
||||||
|
successBody: "Bienvenido, {name}. Puedes poner una skin ahora o ir directo a Cómo entrar.",
|
||||||
|
uuidLabel: "UUID del jugador",
|
||||||
|
skinTitle: "Pon tu skin (opcional)",
|
||||||
|
skinLead: "Sube un PNG de skin de Minecraft. Siempre puedes cambiarla luego en tu cuenta.",
|
||||||
|
skinChoose: "Elegir PNG…",
|
||||||
|
modelLabel: "Modelo",
|
||||||
|
modelClassic: "Clásico",
|
||||||
|
modelSlim: "Fino",
|
||||||
|
skinUpload: "Subir skin",
|
||||||
|
skinUploading: "Subiendo…",
|
||||||
|
skinOk: "¡Skin puesta!",
|
||||||
|
finish: "Continuar a Cómo entrar",
|
||||||
|
errFields: "Rellena todos los campos.",
|
||||||
|
errSkinType: "Elige una imagen PNG.",
|
||||||
|
errNetwork: "Error de red: inténtalo de nuevo.",
|
||||||
|
},
|
||||||
|
account: {
|
||||||
|
navHome: "← Inicio",
|
||||||
|
eyebrow: "Cuenta",
|
||||||
|
title: "Gestiona tu skin.",
|
||||||
|
lead: "Inicia sesión para subir o restablecer tu skin de Minecraft.",
|
||||||
|
usernameLabel: "Usuario",
|
||||||
|
usernamePlaceholder: "tu nombre en el juego",
|
||||||
|
passwordLabel: "Contraseña",
|
||||||
|
passwordPlaceholder: "tu contraseña",
|
||||||
|
submit: "Iniciar sesión",
|
||||||
|
submitting: "Entrando…",
|
||||||
|
noAccount: "¿Aún no tienes cuenta?",
|
||||||
|
registerLink: "Regístrate aquí",
|
||||||
|
refresh: "Actualizar",
|
||||||
|
playerLabel: "Sesión iniciada como",
|
||||||
|
skinTitle: "Tu skin",
|
||||||
|
skinLead: "Sube un PNG de skin de Minecraft. La vista previa 3D se actualiza al instante; el avatar en el juego tarda ~1 minuto.",
|
||||||
|
skinChoose: "Elegir PNG…",
|
||||||
|
modelLabel: "Modelo",
|
||||||
|
modelClassic: "Clásico",
|
||||||
|
modelSlim: "Fino",
|
||||||
|
skinUpload: "Subir skin",
|
||||||
|
skinUploading: "Subiendo…",
|
||||||
|
skinOk: "¡Skin actualizada!",
|
||||||
|
skinPreviewNote: "El avatar se actualiza en ~1 min.",
|
||||||
|
resetSkin: "Restablecer skin",
|
||||||
|
resetConfirm: "¿Restablecer tu skin a la predeterminada? Esta acción no se puede deshacer.",
|
||||||
|
resetOk: "Skin restablecida.",
|
||||||
|
errFields: "Rellena todos los campos.",
|
||||||
|
errSkinType: "Elige una imagen PNG.",
|
||||||
|
errNetwork: "Error de red: inténtalo de nuevo.",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
eu: {
|
eu: {
|
||||||
htmlLang: "eu",
|
htmlLang: "eu",
|
||||||
copied: "Kopiatuta!",
|
copied: "Kopiatuta!",
|
||||||
nav: { status: "Egoera", features: "Ezaugarriak", join: "Nola sartu", play: "Jokatu orain" },
|
nav: { status: "Egoera", members: "Kideak", features: "Ezaugarriak", mods: "Mods", join: "Nola sartu", play: "Jolastu", register: "Erregistroa", login: "Kontua" },
|
||||||
hero: {
|
hero: {
|
||||||
eyebrow: "Mod-dun LANa · NeoForge",
|
eyebrow: "Mod-dun LANa · NeoForge",
|
||||||
tagline: "Mod ugariko biziraupena, irauteko egina.",
|
tagline: "Mod ugariko biziraupena, irauteko egina.",
|
||||||
sub:
|
sub:
|
||||||
"Koadrilarentzako mod-dun zerbitzari auto-ostatatua: teknologia, magia eta " +
|
"El valle-rentzako mod-dun zerbitzari auto-ostatatua: teknologia, magia eta " +
|
||||||
"esplorazio pack zaindua, zure azalak eta konfigurazioa klik bakarrean. " +
|
"esplorazio pack zaindua, zure azalak eta konfigurazioa klik bakarrean. " +
|
||||||
"Hartu helbidea, inportatu packa eta hasi zulatzen.",
|
"Hartu helbidea, inportatu packa eta hasi zulatzen.",
|
||||||
copyIp: "Kopiatu IPa",
|
copyIp: "Kopiatu IPa",
|
||||||
howToJoin: "Nola sartu",
|
howToJoin: "Nola sartu",
|
||||||
metaModpack: "NeoForge packa",
|
metaModpack: "NeoForge packa",
|
||||||
metaLan: "LAN soilik",
|
|
||||||
},
|
},
|
||||||
status: {
|
status: {
|
||||||
eyebrow: "Zerbitzaria",
|
eyebrow: "Zerbitzaria",
|
||||||
@@ -272,11 +563,17 @@ export const ui: Record<Lang, UI> = {
|
|||||||
modded: "Mod-duna",
|
modded: "Mod-duna",
|
||||||
motd: "NeoForge packa · Simple Voice Chat · LAN soilik",
|
motd: "NeoForge packa · Simple Voice Chat · LAN soilik",
|
||||||
upTo: "gehienez",
|
upTo: "gehienez",
|
||||||
|
empty: "Inor ez dago konektatuta",
|
||||||
|
},
|
||||||
|
members: {
|
||||||
|
eyebrow: "El valle",
|
||||||
|
title: "Nor dago zerbitzarian.",
|
||||||
|
lead: "Ulicraft-en erregistratutako guztiak, bakoitza bere azal auto-ostatatuarekin.",
|
||||||
|
empty: "Oraindik ez dago kiderik — izan zaitez lehena erregistratzen.",
|
||||||
},
|
},
|
||||||
statLabels: ["Modak", "NeoForge", "Plazak", "Munduaren babeskopiak"],
|
|
||||||
features: {
|
features: {
|
||||||
eyebrow: "Zerk egiten du Ulicraft berezi",
|
eyebrow: "Zerk egiten du Ulicraft berezi",
|
||||||
title: "Koadrilarentzat eginda.",
|
title: "El valle-rentzat eginda.",
|
||||||
lead:
|
lead:
|
||||||
"Auto-ostatatua, zaindua eta iraunkorra: zure denbora errespetatzen duen " +
|
"Auto-ostatatua, zaindua eta iraunkorra: zure denbora errespetatzen duen " +
|
||||||
"eta LANa gainditzen duen mod-dun zerbitzaria.",
|
"eta LANa gainditzen duen mod-dun zerbitzaria.",
|
||||||
@@ -291,7 +588,7 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "Konfigurazioa klik batean",
|
h: "Konfigurazioa klik batean",
|
||||||
p: "packwiz-ek modpack osoa instalatu eta eguneratzen du zure launcherrean, denok sinkronizatuta egoteko.",
|
p: "Ulicraft Launcher-ek modpack osoa instalatu eta eguneratzen du gure banaketatik, denok sinkronizatuta egoteko.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
h: "Irauteko eginda",
|
h: "Irauteko eginda",
|
||||||
@@ -299,30 +596,50 @@ export const ui: Record<Lang, UI> = {
|
|||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
mods: {
|
||||||
|
eyebrow: "Packa",
|
||||||
|
title: "Packeko mod guztiak.",
|
||||||
|
lead: "Bezeroaren mod-multzo osoa, launcherrak automatikoki instalatua. Bilaketarik gabe, bertsio-gatazkarik gabe.",
|
||||||
|
empty: "Mod zerrenda oraindik ez da sortu — itzuli laster.",
|
||||||
|
},
|
||||||
join: {
|
join: {
|
||||||
eyebrow: "Nola sartu · 4 urrats",
|
eyebrow: "Nola sartu · 2 urrats",
|
||||||
title: "Zerotik mundura agertzera.",
|
title: "Zerotik mundura agertzera.",
|
||||||
lead: "Behin bakarrik konfiguratu. Gero, launcherrak sinkronizatuta mantenduko zaitu.",
|
lead: "Behin bakarrik konfiguratu. Gero, launcherrak sinkronizatuta mantenduko zaitu.",
|
||||||
s1: {
|
s1: {
|
||||||
|
kicker: "Kontua",
|
||||||
|
h: "Erregistratu",
|
||||||
|
pa: "Sortu zure Ulicraft kontua hemen:",
|
||||||
|
pb: "— erabiltzaile eta pasahitz bat zerbitzarirako eta zure azalerako.",
|
||||||
|
registerLink: "Erregistroa",
|
||||||
|
},
|
||||||
|
s2: {
|
||||||
kicker: "Launcherra",
|
kicker: "Launcherra",
|
||||||
h: "Deskargatu {name}",
|
h: "Deskargatu {name}",
|
||||||
p: "Hartu {name} zure sistemarako: Prism-en oinarritutako launcherra, authlib-injector euskarriarekin.",
|
p: "Hartu {name}, hasi saioa zure Ulicraft kredentzialekin eta sakatu jolastu. Gainerako guztia — modpacka, zerbitzariaren helbidea, eguneraketak — launcherraren barruan kudeatzen da.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
fjord: {
|
||||||
|
navHome: "← Hasiera",
|
||||||
|
eyebrow: "Alternatiba · Fjord Launcher",
|
||||||
|
title: "Jokatu Fjord Launcher-ekin.",
|
||||||
|
lead: "Prism-en oinarritutako launcher vanilla nahiago duzu? Konfiguratu eskuz Fjord-ekin eta inportatu Ulicraft packa.",
|
||||||
|
s1: {
|
||||||
|
kicker: "Launcherra",
|
||||||
|
h: "Deskargatu Fjord",
|
||||||
|
p: "Hartu Fjord Launcher zure sistemarako: Prism-en oinarritutako launcherra, authlib-injector euskarriarekin.",
|
||||||
},
|
},
|
||||||
s2: {
|
s2: {
|
||||||
kicker: "Kontua",
|
kicker: "Kontua",
|
||||||
h: "Gehitu zure kontua",
|
h: "Gehitu zure kontua",
|
||||||
pa: "Launcherrean, gehitu",
|
pa: "Fjord-en, gehitu",
|
||||||
pb: "kontu bat URL honekin, eta gero hasi saioa zure Ulicraft kredentzialekin.",
|
pb: "kontu bat URL honekin, eta gero hasi saioa zure Ulicraft kredentzialekin.",
|
||||||
copy: "Kopiatu",
|
copy: "Kopiatu",
|
||||||
registerPre: "Kredentzialik ez? Erregistratu hemen:",
|
|
||||||
caPre: "Internetik gabeko festa? Deskargatu eta fidatu",
|
|
||||||
caLink: "tokiko CA ziurtagiriaz",
|
|
||||||
caPost: "fitxategi-mirrorrak HTTPS bidez ibil dadin.",
|
|
||||||
},
|
},
|
||||||
s3: {
|
s3: {
|
||||||
kicker: "Modpacka",
|
kicker: "Modpacka",
|
||||||
h: "Inportatu modpacka",
|
h: "Inportatu Ulicraft packa",
|
||||||
p: "Gehitu instantzia berri bat packwiz URL honetatik: pack osoa instalatu eta eguneratzen du.",
|
p: "Deskargatu Ulicraft modpacka eta inportatu Fjord-en instantzia berri gisa: pack osoa instalatzen du.",
|
||||||
},
|
},
|
||||||
s4: {
|
s4: {
|
||||||
kicker: "Konektatu",
|
kicker: "Konektatu",
|
||||||
@@ -331,10 +648,77 @@ export const ui: Record<Lang, UI> = {
|
|||||||
pb: ", itsatsi helbidea eta sartu.",
|
pb: ", itsatsi helbidea eta sartu.",
|
||||||
copy: "Kopiatu IPa",
|
copy: "Kopiatu IPa",
|
||||||
},
|
},
|
||||||
|
noPack: "Packaren deskarga ez dago oraindik eskuragarri — itzuli laster.",
|
||||||
},
|
},
|
||||||
footer: {
|
footer: {
|
||||||
join: "Nola sartu",
|
join: "Nola sartu",
|
||||||
|
status: "Zerbitzariaren egoera",
|
||||||
disc: "Ez dago Mojang edo Microsoft-ekin lotuta. Minecraft Mojang AB-ren marka da.",
|
disc: "Ez dago Mojang edo Microsoft-ekin lotuta. Minecraft Mojang AB-ren marka da.",
|
||||||
},
|
},
|
||||||
|
register: {
|
||||||
|
navHome: "← Hasiera",
|
||||||
|
eyebrow: "Kontua",
|
||||||
|
title: "Sortu zure Ulicraft kontua.",
|
||||||
|
lead: "Erabiltzaile eta pasahitz bat zerbitzarirako, zure azalerako eta kaparako. Minutu batean.",
|
||||||
|
usernameLabel: "Erabiltzailea",
|
||||||
|
usernamePlaceholder: "zure jokoko izena",
|
||||||
|
passwordLabel: "Pasahitza",
|
||||||
|
passwordPlaceholder: "aukeratu pasahitz bat",
|
||||||
|
inviteLabel: "Gonbidapen-kodea",
|
||||||
|
invitePlaceholder: "itsatsi zure gonbidapen-kodea",
|
||||||
|
inviteHint: "Eskatu gonbidapen-kode bat admin bati.",
|
||||||
|
submit: "Sortu kontua",
|
||||||
|
submitting: "Sortzen…",
|
||||||
|
haveAccount: "Baduzu kontua?",
|
||||||
|
loginLink: "Kudeatu hemen",
|
||||||
|
successTitle: "Kontua sortuta.",
|
||||||
|
successBody: "Ongi etorri, {name}. Azala orain jar dezakezu, edo zuzenean Nola sartu atalera joan.",
|
||||||
|
uuidLabel: "Jokalariaren UUIDa",
|
||||||
|
skinTitle: "Jarri zure azala (aukerakoa)",
|
||||||
|
skinLead: "Igo Minecraft azal PNG bat. Beti alda dezakezu gero zure kontuan.",
|
||||||
|
skinChoose: "Aukeratu PNGa…",
|
||||||
|
modelLabel: "Eredua",
|
||||||
|
modelClassic: "Klasikoa",
|
||||||
|
modelSlim: "Mehea",
|
||||||
|
skinUpload: "Igo azala",
|
||||||
|
skinUploading: "Igotzen…",
|
||||||
|
skinOk: "Azala jarrita!",
|
||||||
|
finish: "Jarraitu Nola sartura",
|
||||||
|
errFields: "Bete eremu guztiak.",
|
||||||
|
errSkinType: "Aukeratu PNG irudi bat.",
|
||||||
|
errNetwork: "Sare-errorea: saiatu berriro.",
|
||||||
|
},
|
||||||
|
account: {
|
||||||
|
navHome: "← Hasiera",
|
||||||
|
eyebrow: "Kontua",
|
||||||
|
title: "Kudeatu zure azala.",
|
||||||
|
lead: "Hasi saioa zure Minecraft azala igotzeko edo berrezartzeko.",
|
||||||
|
usernameLabel: "Erabiltzailea",
|
||||||
|
usernamePlaceholder: "zure jokoko izena",
|
||||||
|
passwordLabel: "Pasahitza",
|
||||||
|
passwordPlaceholder: "zure pasahitza",
|
||||||
|
submit: "Hasi saioa",
|
||||||
|
submitting: "Sartzen…",
|
||||||
|
noAccount: "Oraindik konturik ez?",
|
||||||
|
registerLink: "Erregistratu hemen",
|
||||||
|
refresh: "Eguneratu",
|
||||||
|
playerLabel: "Saioa hasita:",
|
||||||
|
skinTitle: "Zure azala",
|
||||||
|
skinLead: "Igo Minecraft azal PNG bat. 3D aurrebista berehala eguneratzen da; jokoko avatarra ~1 minutuan.",
|
||||||
|
skinChoose: "Aukeratu PNGa…",
|
||||||
|
modelLabel: "Eredua",
|
||||||
|
modelClassic: "Klasikoa",
|
||||||
|
modelSlim: "Mehea",
|
||||||
|
skinUpload: "Igo azala",
|
||||||
|
skinUploading: "Igotzen…",
|
||||||
|
skinOk: "Azala eguneratuta!",
|
||||||
|
skinPreviewNote: "Avatarra ~1 min barru eguneratzen da.",
|
||||||
|
resetSkin: "Berrezarri azala",
|
||||||
|
resetConfirm: "Zure azala lehenetsi nahi duzu? Ezin da desegin.",
|
||||||
|
resetOk: "Azala berrezarrita.",
|
||||||
|
errFields: "Bete eremu guztiak.",
|
||||||
|
errSkinType: "Aukeratu PNG irudi bat.",
|
||||||
|
errNetwork: "Sare-errorea: saiatu berriro.",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -1,26 +1,34 @@
|
|||||||
---
|
---
|
||||||
import { site, LITERALS, HEAD_FONTS } from "../data/site";
|
import { site, HEAD_FONTS } from "../data/site";
|
||||||
import { ui, LANGS, LANG_LABEL, LANG_PATH, type Lang } from "../i18n/ui";
|
import { ui, LANGS, LANG_LABEL, LANG_PATH, LANG_REGISTER_PATH, LANG_ACCOUNT_PATH, type Lang } from "../i18n/ui";
|
||||||
import Creeper from "../components/Creeper.astro";
|
|
||||||
import PixelIcon from "../components/PixelIcon.astro";
|
import PixelIcon from "../components/PixelIcon.astro";
|
||||||
import CopyChip from "../components/CopyChip.astro";
|
import ServerCard from "../components/ServerCard.astro";
|
||||||
import ServerListPanel from "../components/ServerListPanel.astro";
|
import PlayerRoster from "../components/PlayerRoster.astro";
|
||||||
|
import ModList from "../components/ModList.astro";
|
||||||
import "../styles/main.css";
|
import "../styles/main.css";
|
||||||
|
|
||||||
// One static page per locale: en at "/", es at "/es/", eu at "/eu/".
|
// One static page per locale: en at "/", es at "/es/", eu at "/eu/".
|
||||||
export function getStaticPaths() {
|
export function getStaticPaths() {
|
||||||
return [
|
return [
|
||||||
{ params: { lang: undefined }, props: { locale: "en" as Lang } },
|
{ params: { lang: undefined }, props: { locale: "es" as Lang } },
|
||||||
{ params: { lang: "es" }, props: { locale: "es" as Lang } },
|
{ params: { lang: "en" }, props: { locale: "en" as Lang } },
|
||||||
{ params: { lang: "eu" }, props: { locale: "eu" as Lang } },
|
{ params: { lang: "eu" }, props: { locale: "eu" as Lang } },
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
const { locale } = Astro.props;
|
const { locale } = Astro.props;
|
||||||
const t = ui[locale];
|
const t = ui[locale];
|
||||||
const { theme, launcher } = site;
|
const { theme, launcherManifest } = site;
|
||||||
const headFont = HEAD_FONTS[theme.headFont] ?? HEAD_FONTS.pixelify;
|
const headFont = HEAD_FONTS[theme.headFont] ?? HEAD_FONTS.pixelify;
|
||||||
const launcherName = launcher.name;
|
const launcherName = launcherManifest.product;
|
||||||
|
const registerPath = LANG_REGISTER_PATH[locale];
|
||||||
|
const accountPath = LANG_ACCOUNT_PATH[locale];
|
||||||
|
|
||||||
|
// Per-OS download buttons (join step 2) are fetched client-side from the live
|
||||||
|
// launcher.json on page load (no build-time baking, no polling) — see the
|
||||||
|
// script below. We only pass the URL; buttons render into the #launcher-dl
|
||||||
|
// skeleton. URL derives from the distribution subdomain.
|
||||||
|
const launcherJsonUrl = `https://distribution.${site.baseDomain}/launcher/launcher.json`;
|
||||||
|
|
||||||
// Build-time floating dust bits (index-derived, no runtime RNG).
|
// Build-time floating dust bits (index-derived, no runtime RNG).
|
||||||
const dustBits = Array.from({ length: 16 }, (_, i) => {
|
const dustBits = Array.from({ length: 16 }, (_, i) => {
|
||||||
@@ -48,7 +56,7 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<title>{site.name} — {t.hero.howToJoin}</title>
|
<title>{site.name} — {t.hero.howToJoin}</title>
|
||||||
<meta name="description" content={`${site.name}: ${t.hero.tagline}`} />
|
<meta name="description" content={`${site.name}: ${t.hero.tagline}`} />
|
||||||
<link rel="icon" type="image/png" href="/logo.png" />
|
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||||
<link rel="stylesheet" href="/fonts/fonts.css" />
|
<link rel="stylesheet" href="/fonts/fonts.css" />
|
||||||
{LANGS.map((l) => <link rel="alternate" hreflang={l} href={LANG_PATH[l]} />)}
|
{LANGS.map((l) => <link rel="alternate" hreflang={l} href={LANG_PATH[l]} />)}
|
||||||
</head>
|
</head>
|
||||||
@@ -57,13 +65,12 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<header class="nav">
|
<header class="nav">
|
||||||
<div class="wrap nav-in">
|
<div class="wrap nav-in">
|
||||||
<a class="brand" href="#top">
|
<a class="brand" href="#top">
|
||||||
<Creeper />
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
<span class="name">ULICRAFT</span>
|
<span class="name">ULICRAFT</span>
|
||||||
</a>
|
</a>
|
||||||
<nav class="nav-links">
|
<nav class="nav-links">
|
||||||
<a href="#status">{t.nav.status}</a>
|
|
||||||
<a href="#features">{t.nav.features}</a>
|
|
||||||
<a href="#join">{t.nav.join}</a>
|
<a href="#join">{t.nav.join}</a>
|
||||||
|
<a href="#status">{t.nav.status}</a>
|
||||||
</nav>
|
</nav>
|
||||||
<span class="nav-spacer"></span>
|
<span class="nav-spacer"></span>
|
||||||
<div class="lang-switch" aria-label="Language">
|
<div class="lang-switch" aria-label="Language">
|
||||||
@@ -71,6 +78,8 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<a href={LANG_PATH[l]} class:list={[l === locale && "on"]} aria-current={l === locale ? "true" : undefined}>{LANG_LABEL[l]}</a>
|
<a href={LANG_PATH[l]} class:list={[l === locale && "on"]} aria-current={l === locale ? "true" : undefined}>{LANG_LABEL[l]}</a>
|
||||||
))}
|
))}
|
||||||
</div>
|
</div>
|
||||||
|
<a class="mc-btn sm" href={registerPath}>{t.nav.register}</a>
|
||||||
|
<a class="mc-btn sm" href={accountPath}>{t.nav.login}</a>
|
||||||
<a class="mc-btn primary sm" href="#join">{t.nav.play}</a>
|
<a class="mc-btn primary sm" href="#join">{t.nav.play}</a>
|
||||||
</div>
|
</div>
|
||||||
</header>
|
</header>
|
||||||
@@ -96,75 +105,25 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<h1 class="hero-tagline">{t.hero.tagline}</h1>
|
<h1 class="hero-tagline">{t.hero.tagline}</h1>
|
||||||
<p class="hero-sub">{t.hero.sub}</p>
|
<p class="hero-sub">{t.hero.sub}</p>
|
||||||
<div class="hero-ip-row">
|
<div class="hero-ip-row">
|
||||||
<CopyChip value={site.serverAddress} variant="ip" label={t.hero.copyIp} copiedLabel={t.copied} />
|
<a class="mc-btn primary" href="#join">{t.hero.howToJoin}</a>
|
||||||
<a class="mc-btn" href="#join">{t.hero.howToJoin}</a>
|
|
||||||
</div>
|
</div>
|
||||||
<div class="hero-meta">
|
<div class="hero-meta">
|
||||||
<span>Java {site.mcVersion}</span>
|
<span>Java {site.mcVersion}</span>
|
||||||
<span class="dot"></span>
|
<span class="dot"></span>
|
||||||
<span>{t.hero.metaModpack}</span>
|
<span>{t.hero.metaModpack}</span>
|
||||||
<span class="dot"></span>
|
|
||||||
<span>{t.hero.metaLan}</span>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="hero-status">
|
<div class="hero-status">
|
||||||
<ServerListPanel
|
<ServerCard
|
||||||
modded={t.status.modded}
|
modded={t.status.modded}
|
||||||
motd={t.status.motd}
|
motd={t.status.motd}
|
||||||
upTo={t.status.upTo}
|
upTo={t.status.upTo}
|
||||||
|
emptyLabel={t.status.empty}
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<!-- STATUS -->
|
|
||||||
<section id="status" class="pad">
|
|
||||||
<div class="wrap">
|
|
||||||
<div class="sec-head reveal">
|
|
||||||
<span class="eyebrow">{t.status.eyebrow}</span>
|
|
||||||
<h2 class="section-title">{t.status.title}</h2>
|
|
||||||
<p class="lead">{t.status.lead}</p>
|
|
||||||
</div>
|
|
||||||
<div class="reveal">
|
|
||||||
<ServerListPanel
|
|
||||||
modded={t.status.modded}
|
|
||||||
motd={t.status.motd}
|
|
||||||
upTo={t.status.upTo}
|
|
||||||
/>
|
|
||||||
</div>
|
|
||||||
<div class="stat-grid">
|
|
||||||
{site.stats.map((s, i) => (
|
|
||||||
<div class="tile reveal" style={`transition-delay:${i * 60}ms`}>
|
|
||||||
<div class="k">{s.key}</div>
|
|
||||||
<div class="l">{t.statLabels[i]}</div>
|
|
||||||
</div>
|
|
||||||
))}
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<!-- FEATURES -->
|
|
||||||
<section id="features" class="pad" style="background: var(--bg-2)">
|
|
||||||
<div class="wrap">
|
|
||||||
<div class="sec-head reveal">
|
|
||||||
<span class="eyebrow">{t.features.eyebrow}</span>
|
|
||||||
<h2 class="section-title">{t.features.title}</h2>
|
|
||||||
<p class="lead">{t.features.lead}</p>
|
|
||||||
</div>
|
|
||||||
<div class="feat-grid">
|
|
||||||
{site.features.map((f, i) => (
|
|
||||||
<div class="feat reveal" style={`transition-delay:${(i % 2) * 80}ms`}>
|
|
||||||
<PixelIcon glyph={f.glyph} gold={f.gold} />
|
|
||||||
<div>
|
|
||||||
<h3>{t.features.items[i].h}</h3>
|
|
||||||
<p>{t.features.items[i].p}</p>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
))}
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<!-- HOW TO JOIN -->
|
<!-- HOW TO JOIN -->
|
||||||
<section id="join" class="pad">
|
<section id="join" class="pad">
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
@@ -180,15 +139,10 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<div class="num">1</div>
|
<div class="num">1</div>
|
||||||
<div class="body">
|
<div class="body">
|
||||||
<span class="kicker">{t.join.s1.kicker}</span>
|
<span class="kicker">{t.join.s1.kicker}</span>
|
||||||
<h3>{t.join.s1.h.replace("{name}", launcherName)}</h3>
|
<h3>{t.join.s1.h}</h3>
|
||||||
<p>{t.join.s1.p.replace(/\{name\}/g, launcherName)}</p>
|
<p>
|
||||||
<div class="actions">
|
{t.join.s1.pa} <a href={registerPath}>{t.join.s1.registerLink}</a> {t.join.s1.pb}
|
||||||
{launcher.downloads.map((d) => (
|
</p>
|
||||||
<a class="mc-btn sm" href={`${launcher.base}/${d.file}`}>
|
|
||||||
{d.os} <span class="hint">· {d.hint}</span>
|
|
||||||
</a>
|
|
||||||
))}
|
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@@ -197,48 +151,88 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<div class="num">2</div>
|
<div class="num">2</div>
|
||||||
<div class="body">
|
<div class="body">
|
||||||
<span class="kicker">{t.join.s2.kicker}</span>
|
<span class="kicker">{t.join.s2.kicker}</span>
|
||||||
<h3>{t.join.s2.h}</h3>
|
<h3>{t.join.s2.h.replace("{name}", launcherName)}</h3>
|
||||||
<p>
|
<p>{t.join.s2.p.replace(/\{name\}/g, launcherName)}</p>
|
||||||
{t.join.s2.pa} <strong style="color:var(--text)">{LITERALS.authlib}</strong> {t.join.s2.pb}
|
<div class="actions" id="launcher-dl" data-src={launcherJsonUrl}>
|
||||||
</p>
|
<span class="mc-btn sm dl-skeleton" aria-hidden="true"></span>
|
||||||
<div class="actions" style="margin-bottom:14px">
|
<span class="mc-btn sm dl-skeleton" aria-hidden="true"></span>
|
||||||
<CopyChip value={site.authlibUrl} variant="url" label={t.join.s2.copy} copiedLabel={t.copied} />
|
<span class="mc-btn sm dl-skeleton" aria-hidden="true"></span>
|
||||||
</div>
|
|
||||||
<p>
|
|
||||||
{t.join.s2.registerPre} <a href={site.authUrl}>{site.authUrl}</a>.
|
|
||||||
</p>
|
|
||||||
<span class="hint">
|
|
||||||
{t.join.s2.caPre} <a href={site.caCertUrl}>{t.join.s2.caLink}</a> {t.join.s2.caPost}
|
|
||||||
</span>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
<!-- STEP 3 -->
|
<!-- STATUS -->
|
||||||
<div class="step reveal">
|
<section id="status" class="pad">
|
||||||
<div class="num">3</div>
|
<div class="wrap">
|
||||||
<div class="body">
|
<div class="sec-head reveal">
|
||||||
<span class="kicker">{t.join.s3.kicker}</span>
|
<span class="eyebrow">{t.status.eyebrow}</span>
|
||||||
<h3>{t.join.s3.h}</h3>
|
<h2 class="section-title">{t.status.title}</h2>
|
||||||
<p>{t.join.s3.p}</p>
|
<p class="lead">{t.status.lead}</p>
|
||||||
<div class="actions">
|
</div>
|
||||||
<CopyChip value={site.packwizUrl} variant="url" label={t.join.s2.copy} copiedLabel={t.copied} />
|
<div class="reveal">
|
||||||
</div>
|
<ServerCard
|
||||||
|
modded={t.status.modded}
|
||||||
|
motd={t.status.motd}
|
||||||
|
upTo={t.status.upTo}
|
||||||
|
emptyLabel={t.status.empty}
|
||||||
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
<!-- STEP 4 -->
|
<!-- MEMBERS (registered players roster) -->
|
||||||
<div class="step reveal">
|
<section id="members" class="pad" style="background: var(--bg-2)">
|
||||||
<div class="num">4</div>
|
<div class="wrap">
|
||||||
<div class="body">
|
<div class="sec-head reveal">
|
||||||
<span class="kicker">{t.join.s4.kicker}</span>
|
<span class="eyebrow">{t.members.eyebrow}</span>
|
||||||
<h3>{t.join.s4.h}</h3>
|
<h2 class="section-title">{t.members.title}</h2>
|
||||||
<p>
|
<p class="lead">{t.members.lead}</p>
|
||||||
{t.join.s4.pa} <kbd>{LITERALS.multiplayer}</kbd> → <kbd>{LITERALS.addServer}</kbd>{t.join.s4.pb}
|
</div>
|
||||||
</p>
|
<div class="reveal">
|
||||||
<div class="actions">
|
<PlayerRoster emptyLabel={t.members.empty} />
|
||||||
<CopyChip value={site.serverAddress} variant="ip" label={t.join.s4.copy} copiedLabel={t.copied} />
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<!-- MODS (installed-pack list, auto-generated) -->
|
||||||
|
<section id="mods" class="pad" style="background: var(--bg-2)">
|
||||||
|
<div class="wrap">
|
||||||
|
<div class="sec-head reveal">
|
||||||
|
<span class="eyebrow">{t.mods.eyebrow}</span>
|
||||||
|
<h2 class="section-title">{t.mods.title}</h2>
|
||||||
|
<p class="lead">{t.mods.lead}</p>
|
||||||
|
</div>
|
||||||
|
<div class="reveal">
|
||||||
|
<ModList emptyLabel={t.mods.empty} />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<!-- FEATURES -->
|
||||||
|
<section id="features" class="pad">
|
||||||
|
<div class="wrap">
|
||||||
|
<div class="sec-head reveal">
|
||||||
|
<span class="eyebrow">{t.features.eyebrow}</span>
|
||||||
|
<h2 class="section-title">{t.features.title}</h2>
|
||||||
|
<p class="lead">{t.features.lead}</p>
|
||||||
|
</div>
|
||||||
|
<div class="feat-split">
|
||||||
|
<div class="feat-grid">
|
||||||
|
{site.features.map((f, i) => (
|
||||||
|
<div class="feat reveal" style={`transition-delay:${(i % 2) * 80}ms`}>
|
||||||
|
<PixelIcon glyph={f.glyph} gold={f.gold} />
|
||||||
|
<div>
|
||||||
|
<h3>{t.features.items[i].h}</h3>
|
||||||
|
<p>{t.features.items[i].p}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
<div class="feat-aside reveal">
|
||||||
|
<img src="/Goat_JE1_BE1.webp" alt="" width="1200" height="1200" loading="lazy" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@@ -249,11 +243,12 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
<footer class="footer">
|
<footer class="footer">
|
||||||
<div class="wrap footer-in">
|
<div class="wrap footer-in">
|
||||||
<a class="brand" href="#top">
|
<a class="brand" href="#top">
|
||||||
<Creeper />
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
<span class="name">ULICRAFT</span>
|
<span class="name">ULICRAFT</span>
|
||||||
</a>
|
</a>
|
||||||
<div class="footer-links">
|
<div class="footer-links">
|
||||||
<a class="mc-btn primary sm" href="#join">{t.footer.join}</a>
|
<a class="mc-btn primary sm" href="#join">{t.footer.join}</a>
|
||||||
|
<a class="mc-btn sm" href={site.statusUrl} target="_blank" rel="noopener">{t.footer.status}</a>
|
||||||
</div>
|
</div>
|
||||||
<p class="disc">
|
<p class="disc">
|
||||||
{t.footer.disc} {site.name} · {site.baseDomain}
|
{t.footer.disc} {site.name} · {site.baseDomain}
|
||||||
@@ -312,6 +307,35 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
|||||||
);
|
);
|
||||||
els.forEach((el) => io.observe(el));
|
els.forEach((el) => io.observe(el));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Launcher downloads — fetch the live launcher.json once on load (no
|
||||||
|
// polling) and render per-OS buttons into the #launcher-dl skeleton.
|
||||||
|
// launcher.json shape: { files: [{ name, os, arch, ext, url }] }.
|
||||||
|
const dl = document.getElementById("launcher-dl");
|
||||||
|
const src = dl?.dataset.src;
|
||||||
|
if (dl && src) {
|
||||||
|
const OS: Record<string, string> = { windows: "Windows", macos: "macOS", linux: "Linux" };
|
||||||
|
fetch(src, { cache: "no-store" })
|
||||||
|
.then((r) => (r.ok ? r.json() : Promise.reject(new Error(`HTTP ${r.status}`))))
|
||||||
|
.then((data) => {
|
||||||
|
const files = Array.isArray(data?.files) ? data.files : [];
|
||||||
|
const frag = document.createDocumentFragment();
|
||||||
|
for (const f of files) {
|
||||||
|
if (!f?.url) continue;
|
||||||
|
const a = document.createElement("a");
|
||||||
|
a.className = "mc-btn sm";
|
||||||
|
a.href = f.url;
|
||||||
|
a.append(`${OS[f.os] ?? f.os ?? "Download"} `);
|
||||||
|
const hint = document.createElement("span");
|
||||||
|
hint.className = "hint";
|
||||||
|
hint.textContent = `· ${[f.arch, f.ext].filter(Boolean).join(" · ")}`;
|
||||||
|
a.append(hint);
|
||||||
|
frag.append(a);
|
||||||
|
}
|
||||||
|
dl.replaceChildren(frag); // empty list → no buttons (skeleton cleared)
|
||||||
|
})
|
||||||
|
.catch(() => dl.replaceChildren()); // unreachable/error → clear skeleton
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
370
landing/src/pages/[...lang]/account.astro
Normal file
370
landing/src/pages/[...lang]/account.astro
Normal file
@@ -0,0 +1,370 @@
|
|||||||
|
---
|
||||||
|
import { site, HEAD_FONTS } from "../../data/site";
|
||||||
|
import {
|
||||||
|
ui,
|
||||||
|
LANGS,
|
||||||
|
LANG_LABEL,
|
||||||
|
LANG_PATH,
|
||||||
|
LANG_ACCOUNT_PATH,
|
||||||
|
LANG_REGISTER_PATH,
|
||||||
|
type Lang,
|
||||||
|
} from "../../i18n/ui";
|
||||||
|
import "../../styles/main.css";
|
||||||
|
|
||||||
|
// One static account page per locale: /account, /es/account, /eu/account.
|
||||||
|
export function getStaticPaths() {
|
||||||
|
return [
|
||||||
|
{ params: { lang: undefined }, props: { locale: "es" as Lang } },
|
||||||
|
{ params: { lang: "en" }, props: { locale: "en" as Lang } },
|
||||||
|
{ params: { lang: "eu" }, props: { locale: "eu" as Lang } },
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
const { locale } = Astro.props;
|
||||||
|
const t = ui[locale];
|
||||||
|
const a = t.account;
|
||||||
|
const { theme } = site;
|
||||||
|
const headFont = HEAD_FONTS[theme.headFont] ?? HEAD_FONTS.pixelify;
|
||||||
|
const homePath = LANG_PATH[locale];
|
||||||
|
const registerPath = LANG_REGISTER_PATH[locale];
|
||||||
|
const accountPath = LANG_ACCOUNT_PATH[locale];
|
||||||
|
|
||||||
|
// Strings the client script needs at runtime (kept minimal, passed via define:vars).
|
||||||
|
const clientCfg = {
|
||||||
|
apiUrl: site.draslApiUrl,
|
||||||
|
avatarUrl: site.avatarUrl,
|
||||||
|
avatarMode: site.avatarMode,
|
||||||
|
submit: a.submit,
|
||||||
|
submitting: a.submitting,
|
||||||
|
skinUpload: a.skinUpload,
|
||||||
|
skinUploading: a.skinUploading,
|
||||||
|
skinOk: a.skinOk,
|
||||||
|
refresh: a.refresh,
|
||||||
|
skinPreviewNote: a.skinPreviewNote,
|
||||||
|
resetSkin: a.resetSkin,
|
||||||
|
resetConfirm: a.resetConfirm,
|
||||||
|
resetOk: a.resetOk,
|
||||||
|
errFields: a.errFields,
|
||||||
|
errSkinType: a.errSkinType,
|
||||||
|
errNetwork: a.errNetwork,
|
||||||
|
};
|
||||||
|
---
|
||||||
|
|
||||||
|
<!doctype html>
|
||||||
|
<html
|
||||||
|
lang={t.htmlLang}
|
||||||
|
data-mood={theme.mood}
|
||||||
|
data-head={theme.headFont}
|
||||||
|
style={`--font-head: ${headFont}`}
|
||||||
|
>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
<title>{site.name} — {a.title}</title>
|
||||||
|
<meta name="description" content={a.lead} />
|
||||||
|
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||||
|
<link rel="stylesheet" href="/fonts/fonts.css" />
|
||||||
|
{LANGS.map((l) => <link rel="alternate" hreflang={l} href={LANG_ACCOUNT_PATH[l]} />)}
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<!-- NAV -->
|
||||||
|
<header class="nav">
|
||||||
|
<div class="wrap nav-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<nav class="nav-links">
|
||||||
|
<a href={homePath}>{a.navHome}</a>
|
||||||
|
</nav>
|
||||||
|
<span class="nav-spacer"></span>
|
||||||
|
<div class="lang-switch" aria-label="Language">
|
||||||
|
{LANGS.map((l) => (
|
||||||
|
<a
|
||||||
|
href={LANG_ACCOUNT_PATH[l]}
|
||||||
|
class:list={[l === locale && "on"]}
|
||||||
|
aria-current={l === locale ? "true" : undefined}
|
||||||
|
>{LANG_LABEL[l]}</a>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
<a class="mc-btn sm" href={registerPath}>{t.nav.register}</a>
|
||||||
|
<a class="mc-btn sm" href={accountPath}>{t.nav.login}</a>
|
||||||
|
<a class="mc-btn primary sm" href={`${homePath}#join`}>{t.nav.play}</a>
|
||||||
|
</div>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<main id="top">
|
||||||
|
<section class="pad">
|
||||||
|
<div class="reg-wrap">
|
||||||
|
<div class="reg-card">
|
||||||
|
<span class="eyebrow">{a.eyebrow}</span>
|
||||||
|
<h1>{a.title}</h1>
|
||||||
|
<p class="lead">{a.lead}</p>
|
||||||
|
|
||||||
|
<!-- LOGIN (hidden once authenticated) -->
|
||||||
|
<div id="acc-login">
|
||||||
|
<form class="reg-form" id="acc-form" novalidate>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label for="acc-username">{a.usernameLabel}</label>
|
||||||
|
<input class="reg-input" id="acc-username" name="username"
|
||||||
|
type="text" autocomplete="username" placeholder={a.usernamePlaceholder} required />
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label for="acc-password">{a.passwordLabel}</label>
|
||||||
|
<input class="reg-input" id="acc-password" name="password"
|
||||||
|
type="password" autocomplete="current-password" placeholder={a.passwordPlaceholder} required />
|
||||||
|
</div>
|
||||||
|
<div class="reg-msg err" id="acc-error" role="alert" hidden></div>
|
||||||
|
<button class="mc-btn primary" id="acc-submit" type="submit">{a.submit}</button>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<p class="reg-foot">
|
||||||
|
{a.noAccount} <a href={registerPath}>{a.registerLink}</a>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- SKIN PANEL (revealed after login) -->
|
||||||
|
<div class="reg-success" id="acc-panel" hidden>
|
||||||
|
<div>
|
||||||
|
<span class="eyebrow" style="color:var(--accent)">{a.playerLabel}</span>
|
||||||
|
<p class="lead" id="acc-player-name" style="margin-top:6px;font-size:20px;color:var(--text)"></p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- Current avatar preview (NMSR) -->
|
||||||
|
<div id="acc-avatar-wrap" style="display:flex;align-items:flex-start;gap:20px;flex-wrap:wrap">
|
||||||
|
<img id="acc-avatar" src="" alt="avatar" width="96" height="96"
|
||||||
|
style="image-rendering:pixelated;width:96px;height:96px;background:var(--slot)" />
|
||||||
|
<div style="flex:1;min-width:0;display:flex;flex-direction:column;gap:10px;align-items:flex-start">
|
||||||
|
<button class="mc-btn sm" id="acc-avatar-refresh" type="button">{a.refresh}</button>
|
||||||
|
<p class="reg-skin" style="border:none;padding-top:0;margin:0;color:var(--dim);font-size:13px" id="acc-preview-note"></p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="reg-skin" id="acc-skin">
|
||||||
|
<div>
|
||||||
|
<h3>{a.skinTitle}</h3>
|
||||||
|
<p class="lead">{a.skinLead}</p>
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label class="mc-btn sm" for="acc-skin-file" style="align-self:flex-start">{a.skinChoose}</label>
|
||||||
|
<input id="acc-skin-file" type="file" accept="image/png" hidden />
|
||||||
|
<span class="reg-file-name" id="acc-skin-name"></span>
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label>{a.modelLabel}</label>
|
||||||
|
<div class="reg-models">
|
||||||
|
<label><input type="radio" name="skin-model" value="classic" checked /> {a.modelClassic}</label>
|
||||||
|
<label><input type="radio" name="skin-model" value="slim" /> {a.modelSlim}</label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="reg-msg" id="acc-skin-msg" role="status" hidden></div>
|
||||||
|
<div style="display:flex;flex-wrap:wrap;gap:12px;align-items:center">
|
||||||
|
<button class="mc-btn primary" id="acc-skin-upload" type="button">{a.skinUpload}</button>
|
||||||
|
<button class="mc-btn" id="acc-skin-reset" type="button" style="color:var(--dim)">{a.resetSkin}</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a class="mc-btn sm" href={homePath}>{a.navHome}</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
<!-- FOOTER -->
|
||||||
|
<footer class="footer">
|
||||||
|
<div class="wrap footer-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<div class="footer-links">
|
||||||
|
<a class="mc-btn sm" href={site.statusUrl} target="_blank" rel="noopener">{t.footer.status}</a>
|
||||||
|
</div>
|
||||||
|
<p class="disc">
|
||||||
|
{t.footer.disc} {site.name} · {site.baseDomain}
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
<script define:vars={{ cfg: clientCfg }}>
|
||||||
|
const $ = (id) => document.getElementById(id);
|
||||||
|
const form = $("acc-form");
|
||||||
|
const loginBox = $("acc-login");
|
||||||
|
const errBox = $("acc-error");
|
||||||
|
const submitBtn = $("acc-submit");
|
||||||
|
const panel = $("acc-panel");
|
||||||
|
const headers = { "Content-Type": "application/json" };
|
||||||
|
|
||||||
|
// Token + player kept in memory only — never stored in localStorage.
|
||||||
|
let apiToken = null;
|
||||||
|
let player = null;
|
||||||
|
|
||||||
|
const showMsg = (box, msg) => {
|
||||||
|
box.textContent = msg;
|
||||||
|
box.hidden = false;
|
||||||
|
};
|
||||||
|
const apiMessage = async (res, fallback) => {
|
||||||
|
try {
|
||||||
|
const data = await res.json();
|
||||||
|
return data && data.message ? data.message : fallback;
|
||||||
|
} catch {
|
||||||
|
return fallback;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
// ---- Login ----
|
||||||
|
form.addEventListener("submit", async (e) => {
|
||||||
|
e.preventDefault();
|
||||||
|
errBox.hidden = true;
|
||||||
|
const username = $("acc-username").value.trim();
|
||||||
|
const password = $("acc-password").value;
|
||||||
|
if (!username || !password) {
|
||||||
|
errBox.classList.add("err");
|
||||||
|
showMsg(errBox, cfg.errFields);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
submitBtn.disabled = true;
|
||||||
|
submitBtn.textContent = cfg.submitting;
|
||||||
|
try {
|
||||||
|
const res = await fetch(`${cfg.apiUrl}/login`, {
|
||||||
|
method: "POST",
|
||||||
|
headers,
|
||||||
|
body: JSON.stringify({ username, password }),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
errBox.classList.add("err");
|
||||||
|
showMsg(errBox, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const data = await res.json();
|
||||||
|
apiToken = data.apiToken;
|
||||||
|
player = data.user.players[0];
|
||||||
|
|
||||||
|
// Show panel — hide the whole login block (form + heading foot).
|
||||||
|
loginBox.hidden = true;
|
||||||
|
$("acc-player-name").textContent = player.name;
|
||||||
|
// Set NMSR avatar
|
||||||
|
const avatarImg = $("acc-avatar");
|
||||||
|
avatarImg.src = `${cfg.avatarUrl}/${cfg.avatarMode}/${player.uuid}?size=96`;
|
||||||
|
avatarImg.alt = player.name;
|
||||||
|
// Show NMSR lag hint
|
||||||
|
$("acc-preview-note").textContent = cfg.skinPreviewNote;
|
||||||
|
panel.hidden = false;
|
||||||
|
} catch {
|
||||||
|
errBox.classList.add("err");
|
||||||
|
showMsg(errBox, cfg.errNetwork);
|
||||||
|
} finally {
|
||||||
|
submitBtn.disabled = false;
|
||||||
|
submitBtn.textContent = cfg.submit;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// ---- Avatar refresh (re-fetch NMSR with a cache-bust) ----
|
||||||
|
$("acc-avatar-refresh").addEventListener("click", () => {
|
||||||
|
if (!player) return;
|
||||||
|
$("acc-avatar").src = `${cfg.avatarUrl}/${cfg.avatarMode}/${player.uuid}?size=96&t=${Date.now()}`;
|
||||||
|
});
|
||||||
|
|
||||||
|
// ---- Skin upload ----
|
||||||
|
const fileInput = $("acc-skin-file");
|
||||||
|
const fileName = $("acc-skin-name");
|
||||||
|
const skinMsg = $("acc-skin-msg");
|
||||||
|
const skinBtn = $("acc-skin-upload");
|
||||||
|
const resetBtn = $("acc-skin-reset");
|
||||||
|
|
||||||
|
fileInput.addEventListener("change", () => {
|
||||||
|
skinMsg.hidden = true;
|
||||||
|
skinMsg.classList.remove("ok", "err");
|
||||||
|
fileName.textContent = fileInput.files && fileInput.files[0] ? fileInput.files[0].name : "";
|
||||||
|
});
|
||||||
|
|
||||||
|
const readBase64 = (file) =>
|
||||||
|
new Promise((resolve, reject) => {
|
||||||
|
const fr = new FileReader();
|
||||||
|
fr.onload = () => resolve(String(fr.result).split(",")[1]);
|
||||||
|
fr.onerror = reject;
|
||||||
|
fr.readAsDataURL(file);
|
||||||
|
});
|
||||||
|
|
||||||
|
skinBtn.addEventListener("click", async () => {
|
||||||
|
skinMsg.hidden = true;
|
||||||
|
skinMsg.classList.remove("ok", "err");
|
||||||
|
const file = fileInput.files && fileInput.files[0];
|
||||||
|
if (!file) {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, cfg.errSkinType);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (file.type !== "image/png") {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, cfg.errSkinType);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const model = document.querySelector('input[name="skin-model"]:checked').value;
|
||||||
|
skinBtn.disabled = true;
|
||||||
|
resetBtn.disabled = true;
|
||||||
|
skinBtn.textContent = cfg.skinUploading;
|
||||||
|
try {
|
||||||
|
const skinBase64 = await readBase64(file);
|
||||||
|
const res = await fetch(`${cfg.apiUrl}/players/${player.uuid}`, {
|
||||||
|
method: "PATCH",
|
||||||
|
headers: { ...headers, Authorization: `Bearer ${apiToken}` },
|
||||||
|
body: JSON.stringify({ skinBase64, skinModel: model }),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// Show the local file immediately as instant confirmation (NMSR lags ~1m).
|
||||||
|
const dataUrl = URL.createObjectURL(file);
|
||||||
|
$("acc-avatar").src = dataUrl;
|
||||||
|
skinMsg.classList.add("ok");
|
||||||
|
showMsg(skinMsg, cfg.skinOk);
|
||||||
|
// Clear file picker
|
||||||
|
fileInput.value = "";
|
||||||
|
fileName.textContent = "";
|
||||||
|
} catch {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, cfg.errNetwork);
|
||||||
|
} finally {
|
||||||
|
skinBtn.disabled = false;
|
||||||
|
resetBtn.disabled = false;
|
||||||
|
skinBtn.textContent = cfg.skinUpload;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// ---- Reset to default ----
|
||||||
|
resetBtn.addEventListener("click", async () => {
|
||||||
|
if (!window.confirm(cfg.resetConfirm)) return;
|
||||||
|
skinMsg.hidden = true;
|
||||||
|
skinMsg.classList.remove("ok", "err");
|
||||||
|
skinBtn.disabled = true;
|
||||||
|
resetBtn.disabled = true;
|
||||||
|
try {
|
||||||
|
const res = await fetch(`${cfg.apiUrl}/players/${player.uuid}`, {
|
||||||
|
method: "PATCH",
|
||||||
|
headers: { ...headers, Authorization: `Bearer ${apiToken}` },
|
||||||
|
body: JSON.stringify({ deleteSkin: true }),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// Reset preview back to NMSR (will eventually show the default skin).
|
||||||
|
$("acc-avatar").src = `${cfg.avatarUrl}/${cfg.avatarMode}/${player.uuid}?size=96&t=${Date.now()}`;
|
||||||
|
skinMsg.classList.add("ok");
|
||||||
|
showMsg(skinMsg, cfg.resetOk);
|
||||||
|
} catch {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showMsg(skinMsg, cfg.errNetwork);
|
||||||
|
} finally {
|
||||||
|
skinBtn.disabled = false;
|
||||||
|
resetBtn.disabled = false;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
231
landing/src/pages/[...lang]/fjord.astro
Normal file
231
landing/src/pages/[...lang]/fjord.astro
Normal file
@@ -0,0 +1,231 @@
|
|||||||
|
---
|
||||||
|
import { site, LITERALS, HEAD_FONTS } from "../../data/site";
|
||||||
|
import {
|
||||||
|
ui,
|
||||||
|
LANGS,
|
||||||
|
LANG_LABEL,
|
||||||
|
LANG_PATH,
|
||||||
|
LANG_FJORD_PATH,
|
||||||
|
LANG_REGISTER_PATH,
|
||||||
|
LANG_ACCOUNT_PATH,
|
||||||
|
type Lang,
|
||||||
|
} from "../../i18n/ui";
|
||||||
|
import CopyChip from "../../components/CopyChip.astro";
|
||||||
|
import "../../styles/main.css";
|
||||||
|
|
||||||
|
// One static Fjord page per locale: /fjord, /es/fjord, /eu/fjord. This is the
|
||||||
|
// alternative manual path — intentionally NOT linked from the homepage nav.
|
||||||
|
export function getStaticPaths() {
|
||||||
|
return [
|
||||||
|
{ params: { lang: undefined }, props: { locale: "es" as Lang } },
|
||||||
|
{ params: { lang: "en" }, props: { locale: "en" as Lang } },
|
||||||
|
{ params: { lang: "eu" }, props: { locale: "eu" as Lang } },
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
const { locale } = Astro.props;
|
||||||
|
const t = ui[locale];
|
||||||
|
const f = t.fjord;
|
||||||
|
const { theme, fjord } = site;
|
||||||
|
const headFont = HEAD_FONTS[theme.headFont] ?? HEAD_FONTS.pixelify;
|
||||||
|
const homePath = LANG_PATH[locale];
|
||||||
|
const registerPath = LANG_REGISTER_PATH[locale];
|
||||||
|
const accountPath = LANG_ACCOUNT_PATH[locale];
|
||||||
|
const fjordPack = site.launcherManifest.fjordPack;
|
||||||
|
---
|
||||||
|
|
||||||
|
<!doctype html>
|
||||||
|
<html
|
||||||
|
lang={t.htmlLang}
|
||||||
|
data-mood={theme.mood}
|
||||||
|
data-head={theme.headFont}
|
||||||
|
style={`--font-head: ${headFont}`}
|
||||||
|
>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
<title>{site.name} — {f.title}</title>
|
||||||
|
<meta name="description" content={f.lead} />
|
||||||
|
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||||
|
<link rel="stylesheet" href="/fonts/fonts.css" />
|
||||||
|
{LANGS.map((l) => <link rel="alternate" hreflang={l} href={LANG_FJORD_PATH[l]} />)}
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<!-- NAV -->
|
||||||
|
<header class="nav">
|
||||||
|
<div class="wrap nav-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<nav class="nav-links">
|
||||||
|
<a href={homePath}>{f.navHome}</a>
|
||||||
|
</nav>
|
||||||
|
<span class="nav-spacer"></span>
|
||||||
|
<div class="lang-switch" aria-label="Language">
|
||||||
|
{LANGS.map((l) => (
|
||||||
|
<a
|
||||||
|
href={LANG_FJORD_PATH[l]}
|
||||||
|
class:list={[l === locale && "on"]}
|
||||||
|
aria-current={l === locale ? "true" : undefined}
|
||||||
|
>{LANG_LABEL[l]}</a>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
<a class="mc-btn sm" href={registerPath}>{t.nav.register}</a>
|
||||||
|
<a class="mc-btn sm" href={accountPath}>{t.nav.login}</a>
|
||||||
|
<a class="mc-btn primary sm" href={`${homePath}#join`}>{t.nav.play}</a>
|
||||||
|
</div>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<main id="top">
|
||||||
|
<section id="join" class="pad">
|
||||||
|
<div class="wrap">
|
||||||
|
<div class="sec-head reveal">
|
||||||
|
<span class="eyebrow">{f.eyebrow}</span>
|
||||||
|
<h2 class="section-title">{f.title}</h2>
|
||||||
|
<p class="lead">{f.lead}</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="steps">
|
||||||
|
<!-- STEP 1 -->
|
||||||
|
<div class="step reveal">
|
||||||
|
<div class="num">1</div>
|
||||||
|
<div class="body">
|
||||||
|
<span class="kicker">{f.s1.kicker}</span>
|
||||||
|
<h3>{f.s1.h}</h3>
|
||||||
|
<p>{f.s1.p}</p>
|
||||||
|
<div class="actions">
|
||||||
|
{fjord.downloads.map((d) => (
|
||||||
|
<a class="mc-btn sm" href={`${fjord.base}/${d.file}`}>
|
||||||
|
{d.os} <span class="hint">· {d.hint}</span>
|
||||||
|
</a>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- STEP 2 -->
|
||||||
|
<div class="step reveal">
|
||||||
|
<div class="num">2</div>
|
||||||
|
<div class="body">
|
||||||
|
<span class="kicker">{f.s2.kicker}</span>
|
||||||
|
<h3>{f.s2.h}</h3>
|
||||||
|
<p>
|
||||||
|
{f.s2.pa} <strong style="color:var(--text)">{LITERALS.authlib}</strong> {f.s2.pb}
|
||||||
|
</p>
|
||||||
|
<div class="actions">
|
||||||
|
<CopyChip value={site.authlibUrl} variant="url" label={f.s2.copy} copiedLabel={t.copied} />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- STEP 3 -->
|
||||||
|
<div class="step reveal">
|
||||||
|
<div class="num">3</div>
|
||||||
|
<div class="body">
|
||||||
|
<span class="kicker">{f.s3.kicker}</span>
|
||||||
|
<h3>{f.s3.h}</h3>
|
||||||
|
<p>{f.s3.p}</p>
|
||||||
|
<div class="actions">
|
||||||
|
{fjordPack ? (
|
||||||
|
<a class="mc-btn sm" href={fjordPack.url}>
|
||||||
|
{fjordPack.filename} <span class="hint">· .mrpack</span>
|
||||||
|
</a>
|
||||||
|
) : (
|
||||||
|
<p class="hint">{f.noPack}</p>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<!-- STEP 4 -->
|
||||||
|
<div class="step reveal">
|
||||||
|
<div class="num">4</div>
|
||||||
|
<div class="body">
|
||||||
|
<span class="kicker">{f.s4.kicker}</span>
|
||||||
|
<h3>{f.s4.h}</h3>
|
||||||
|
<p>
|
||||||
|
{f.s4.pa} <kbd>{LITERALS.multiplayer}</kbd> → <kbd>{LITERALS.addServer}</kbd>{f.s4.pb}
|
||||||
|
</p>
|
||||||
|
<div class="actions">
|
||||||
|
<CopyChip value={site.serverAddress} variant="ip" label={f.s4.copy} copiedLabel={t.copied} />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
<!-- FOOTER -->
|
||||||
|
<footer class="footer">
|
||||||
|
<div class="wrap footer-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<div class="footer-links">
|
||||||
|
<a class="mc-btn primary sm" href={`${homePath}#join`}>{t.footer.join}</a>
|
||||||
|
<a class="mc-btn sm" href={site.statusUrl} target="_blank" rel="noopener">{t.footer.status}</a>
|
||||||
|
</div>
|
||||||
|
<p class="disc">
|
||||||
|
{t.footer.disc} {site.name} · {site.baseDomain}
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
// Copy-to-clipboard for every [data-copy] button (HTTP-LAN safe fallback).
|
||||||
|
// Mirrors the global handler in [...lang].astro (CopyChip depends on it).
|
||||||
|
function copyText(text: string) {
|
||||||
|
try {
|
||||||
|
if (navigator.clipboard && window.isSecureContext) {
|
||||||
|
navigator.clipboard.writeText(text);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} catch {}
|
||||||
|
const ta = document.createElement("textarea");
|
||||||
|
ta.value = text;
|
||||||
|
ta.style.position = "fixed";
|
||||||
|
ta.style.opacity = "0";
|
||||||
|
document.body.appendChild(ta);
|
||||||
|
ta.select();
|
||||||
|
try {
|
||||||
|
document.execCommand("copy");
|
||||||
|
} catch {}
|
||||||
|
document.body.removeChild(ta);
|
||||||
|
}
|
||||||
|
document.querySelectorAll<HTMLButtonElement>("button[data-copy]").forEach((btn) => {
|
||||||
|
let timer: number | undefined;
|
||||||
|
btn.addEventListener("click", () => {
|
||||||
|
copyText(btn.dataset.copy ?? "");
|
||||||
|
const label = btn.dataset.label ?? "Copy";
|
||||||
|
btn.textContent = btn.dataset.copied ?? "Copied!";
|
||||||
|
btn.classList.add("copied");
|
||||||
|
clearTimeout(timer);
|
||||||
|
timer = window.setTimeout(() => {
|
||||||
|
btn.textContent = label;
|
||||||
|
btn.classList.remove("copied");
|
||||||
|
}, 1600);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
// Scroll reveal — visible at rest; .anim added when scrolled into view.
|
||||||
|
if (!window.matchMedia("(prefers-reduced-motion: reduce)").matches) {
|
||||||
|
const els = [...document.querySelectorAll<HTMLElement>(".reveal")];
|
||||||
|
const io = new IntersectionObserver(
|
||||||
|
(entries) => {
|
||||||
|
for (const e of entries) {
|
||||||
|
if (e.isIntersecting) {
|
||||||
|
e.target.classList.add("anim");
|
||||||
|
io.unobserve(e.target);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{ rootMargin: "0px 0px -10% 0px" }
|
||||||
|
);
|
||||||
|
els.forEach((el) => io.observe(el));
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
319
landing/src/pages/[...lang]/register.astro
Normal file
319
landing/src/pages/[...lang]/register.astro
Normal file
@@ -0,0 +1,319 @@
|
|||||||
|
---
|
||||||
|
import { site, HEAD_FONTS } from "../../data/site";
|
||||||
|
import {
|
||||||
|
ui,
|
||||||
|
LANGS,
|
||||||
|
LANG_LABEL,
|
||||||
|
LANG_PATH,
|
||||||
|
LANG_REGISTER_PATH,
|
||||||
|
LANG_ACCOUNT_PATH,
|
||||||
|
type Lang,
|
||||||
|
} from "../../i18n/ui";
|
||||||
|
import "../../styles/main.css";
|
||||||
|
|
||||||
|
// One static register page per locale: /register, /es/register, /eu/register.
|
||||||
|
export function getStaticPaths() {
|
||||||
|
return [
|
||||||
|
{ params: { lang: undefined }, props: { locale: "es" as Lang } },
|
||||||
|
{ params: { lang: "en" }, props: { locale: "en" as Lang } },
|
||||||
|
{ params: { lang: "eu" }, props: { locale: "eu" as Lang } },
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
const { locale } = Astro.props;
|
||||||
|
const t = ui[locale];
|
||||||
|
const r = t.register;
|
||||||
|
const { theme } = site;
|
||||||
|
const headFont = HEAD_FONTS[theme.headFont] ?? HEAD_FONTS.pixelify;
|
||||||
|
const homePath = LANG_PATH[locale];
|
||||||
|
const registerPath = LANG_REGISTER_PATH[locale];
|
||||||
|
const accountPath = LANG_ACCOUNT_PATH[locale];
|
||||||
|
// Visibility of the invite-code field (default hidden). Independent of the
|
||||||
|
// backend gate (site.registrationRequiresInvite / Drasl RequireInvite).
|
||||||
|
const showInvite = site.registrationShowInvite;
|
||||||
|
|
||||||
|
// Strings the client script needs at runtime (kept minimal, passed via define:vars).
|
||||||
|
const clientCfg = {
|
||||||
|
apiUrl: site.draslApiUrl,
|
||||||
|
showInvite,
|
||||||
|
submit: r.submit,
|
||||||
|
submitting: r.submitting,
|
||||||
|
skinUpload: r.skinUpload,
|
||||||
|
skinUploading: r.skinUploading,
|
||||||
|
skinOk: r.skinOk,
|
||||||
|
successBody: r.successBody,
|
||||||
|
errFields: r.errFields,
|
||||||
|
errSkinType: r.errSkinType,
|
||||||
|
errNetwork: r.errNetwork,
|
||||||
|
};
|
||||||
|
---
|
||||||
|
|
||||||
|
<!doctype html>
|
||||||
|
<html
|
||||||
|
lang={t.htmlLang}
|
||||||
|
data-mood={theme.mood}
|
||||||
|
data-head={theme.headFont}
|
||||||
|
style={`--font-head: ${headFont}`}
|
||||||
|
>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
<title>{site.name} — {r.title}</title>
|
||||||
|
<meta name="description" content={r.lead} />
|
||||||
|
<link rel="icon" type="image/png" href="/favicon.png" />
|
||||||
|
<link rel="stylesheet" href="/fonts/fonts.css" />
|
||||||
|
{LANGS.map((l) => <link rel="alternate" hreflang={l} href={LANG_REGISTER_PATH[l]} />)}
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<!-- NAV -->
|
||||||
|
<header class="nav">
|
||||||
|
<div class="wrap nav-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<nav class="nav-links">
|
||||||
|
<a href={homePath}>{r.navHome}</a>
|
||||||
|
</nav>
|
||||||
|
<span class="nav-spacer"></span>
|
||||||
|
<div class="lang-switch" aria-label="Language">
|
||||||
|
{LANGS.map((l) => (
|
||||||
|
<a
|
||||||
|
href={LANG_REGISTER_PATH[l]}
|
||||||
|
class:list={[l === locale && "on"]}
|
||||||
|
aria-current={l === locale ? "true" : undefined}
|
||||||
|
>{LANG_LABEL[l]}</a>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
<a class="mc-btn sm" href={registerPath}>{t.nav.register}</a>
|
||||||
|
<a class="mc-btn sm" href={accountPath}>{t.nav.login}</a>
|
||||||
|
<a class="mc-btn primary sm" href={`${homePath}#join`}>{t.nav.play}</a>
|
||||||
|
</div>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<main id="top">
|
||||||
|
<section class="pad">
|
||||||
|
<div class="reg-wrap">
|
||||||
|
<div class="reg-card">
|
||||||
|
<span class="eyebrow">{r.eyebrow}</span>
|
||||||
|
<h1>{r.title}</h1>
|
||||||
|
<p class="lead">{r.lead}</p>
|
||||||
|
|
||||||
|
<!-- REGISTER FORM -->
|
||||||
|
<form class="reg-form" id="reg-form" novalidate>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label for="reg-username">{r.usernameLabel}</label>
|
||||||
|
<input class="reg-input" id="reg-username" name="username"
|
||||||
|
type="text" autocomplete="username" placeholder={r.usernamePlaceholder} required />
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label for="reg-password">{r.passwordLabel}</label>
|
||||||
|
<input class="reg-input" id="reg-password" name="password"
|
||||||
|
type="password" autocomplete="new-password" placeholder={r.passwordPlaceholder} required />
|
||||||
|
</div>
|
||||||
|
{showInvite && (
|
||||||
|
<div class="reg-field">
|
||||||
|
<label for="reg-invite">{r.inviteLabel}</label>
|
||||||
|
<input class="reg-input" id="reg-invite" name="invite"
|
||||||
|
type="text" placeholder={r.invitePlaceholder} required />
|
||||||
|
<span class="hint">{r.inviteHint}</span>
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
|
<div class="reg-msg err" id="reg-error" role="alert" hidden></div>
|
||||||
|
<button class="mc-btn primary" id="reg-submit" type="submit">{r.submit}</button>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<p class="reg-foot">
|
||||||
|
{r.haveAccount} <a href={LANG_ACCOUNT_PATH[locale]}>{r.loginLink}</a>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<!-- SUCCESS + SKIN -->
|
||||||
|
<div class="reg-success" id="reg-success" hidden>
|
||||||
|
<div>
|
||||||
|
<span class="eyebrow" style="color:var(--accent)">{r.successTitle}</span>
|
||||||
|
<p class="lead" id="reg-success-body" style="margin-top:10px"></p>
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label>{r.uuidLabel}</label>
|
||||||
|
<div class="reg-uuid" id="reg-uuid"></div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="reg-skin" id="reg-skin">
|
||||||
|
<div>
|
||||||
|
<h3>{r.skinTitle}</h3>
|
||||||
|
<p class="lead">{r.skinLead}</p>
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label class="mc-btn sm" for="reg-skin-file" style="align-self:flex-start">{r.skinChoose}</label>
|
||||||
|
<input id="reg-skin-file" type="file" accept="image/png" hidden />
|
||||||
|
<span class="reg-file-name" id="reg-skin-name"></span>
|
||||||
|
</div>
|
||||||
|
<div class="reg-field">
|
||||||
|
<label>{r.modelLabel}</label>
|
||||||
|
<div class="reg-models">
|
||||||
|
<label><input type="radio" name="skin-model" value="classic" checked /> {r.modelClassic}</label>
|
||||||
|
<label><input type="radio" name="skin-model" value="slim" /> {r.modelSlim}</label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="reg-msg" id="reg-skin-msg" role="status" hidden></div>
|
||||||
|
<button class="mc-btn" id="reg-skin-upload" type="button">{r.skinUpload}</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a class="mc-btn primary" href={`${homePath}#join`}>{r.finish}</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
<!-- FOOTER -->
|
||||||
|
<footer class="footer">
|
||||||
|
<div class="wrap footer-in">
|
||||||
|
<a class="brand" href={homePath}>
|
||||||
|
<img class="brand-logo" src="/ulicraft-logo-mini.svg" alt="" width="34" height="34" />
|
||||||
|
<span class="name">ULICRAFT</span>
|
||||||
|
</a>
|
||||||
|
<div class="footer-links">
|
||||||
|
<a class="mc-btn sm" href={site.statusUrl} target="_blank" rel="noopener">{t.footer.status}</a>
|
||||||
|
</div>
|
||||||
|
<p class="disc">
|
||||||
|
{t.footer.disc} {site.name} · {site.baseDomain}
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
<script define:vars={{ cfg: clientCfg }}>
|
||||||
|
const $ = (id) => document.getElementById(id);
|
||||||
|
const form = $("reg-form");
|
||||||
|
const errBox = $("reg-error");
|
||||||
|
const submitBtn = $("reg-submit");
|
||||||
|
const successBox = $("reg-success");
|
||||||
|
const headers = { "Content-Type": "application/json" };
|
||||||
|
|
||||||
|
let apiToken = null;
|
||||||
|
let player = null;
|
||||||
|
|
||||||
|
const showErr = (box, msg) => {
|
||||||
|
box.textContent = msg;
|
||||||
|
box.hidden = false;
|
||||||
|
};
|
||||||
|
const apiMessage = async (res, fallback) => {
|
||||||
|
try {
|
||||||
|
const data = await res.json();
|
||||||
|
return data && data.message ? data.message : fallback;
|
||||||
|
} catch {
|
||||||
|
return fallback;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
form.addEventListener("submit", async (e) => {
|
||||||
|
e.preventDefault();
|
||||||
|
errBox.hidden = true;
|
||||||
|
const username = $("reg-username").value.trim();
|
||||||
|
const password = $("reg-password").value;
|
||||||
|
const inviteEl = $("reg-invite");
|
||||||
|
const invite = inviteEl ? inviteEl.value.trim() : null;
|
||||||
|
if (!username || !password || (cfg.showInvite && !invite)) {
|
||||||
|
showErr(errBox, cfg.errFields);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
submitBtn.disabled = true;
|
||||||
|
submitBtn.textContent = cfg.submitting;
|
||||||
|
try {
|
||||||
|
const body = { username, password, playerName: username };
|
||||||
|
if (invite) body.inviteCode = invite;
|
||||||
|
let res = await fetch(`${cfg.apiUrl}/users`, {
|
||||||
|
method: "POST",
|
||||||
|
headers,
|
||||||
|
body: JSON.stringify(body),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
showErr(errBox, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// Log in to get an API token for the (optional) skin upload.
|
||||||
|
res = await fetch(`${cfg.apiUrl}/login`, {
|
||||||
|
method: "POST",
|
||||||
|
headers,
|
||||||
|
body: JSON.stringify({ username, password }),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
showErr(errBox, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const data = await res.json();
|
||||||
|
apiToken = data.apiToken;
|
||||||
|
player = data.user.players[0];
|
||||||
|
form.hidden = true;
|
||||||
|
$("reg-uuid").textContent = player.uuid;
|
||||||
|
$("reg-success-body").textContent = cfg.successBody.replace("{name}", player.name);
|
||||||
|
successBox.hidden = false;
|
||||||
|
} catch {
|
||||||
|
showErr(errBox, cfg.errNetwork);
|
||||||
|
} finally {
|
||||||
|
submitBtn.disabled = false;
|
||||||
|
submitBtn.textContent = cfg.submit;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// ---- Skin upload ----
|
||||||
|
const fileInput = $("reg-skin-file");
|
||||||
|
const fileName = $("reg-skin-name");
|
||||||
|
const skinMsg = $("reg-skin-msg");
|
||||||
|
const skinBtn = $("reg-skin-upload");
|
||||||
|
|
||||||
|
fileInput.addEventListener("change", () => {
|
||||||
|
skinMsg.hidden = true;
|
||||||
|
fileName.textContent = fileInput.files && fileInput.files[0] ? fileInput.files[0].name : "";
|
||||||
|
});
|
||||||
|
|
||||||
|
const readBase64 = (file) =>
|
||||||
|
new Promise((resolve, reject) => {
|
||||||
|
const fr = new FileReader();
|
||||||
|
fr.onload = () => resolve(String(fr.result).split(",")[1]);
|
||||||
|
fr.onerror = reject;
|
||||||
|
fr.readAsDataURL(file);
|
||||||
|
});
|
||||||
|
|
||||||
|
skinBtn.addEventListener("click", async () => {
|
||||||
|
skinMsg.hidden = true;
|
||||||
|
skinMsg.classList.remove("ok", "err");
|
||||||
|
const file = fileInput.files && fileInput.files[0];
|
||||||
|
if (!file) {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showErr(skinMsg, cfg.errSkinType);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (file.type !== "image/png") {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showErr(skinMsg, cfg.errSkinType);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const model = document.querySelector('input[name="skin-model"]:checked').value;
|
||||||
|
skinBtn.disabled = true;
|
||||||
|
skinBtn.textContent = cfg.skinUploading;
|
||||||
|
try {
|
||||||
|
const skinBase64 = await readBase64(file);
|
||||||
|
const res = await fetch(`${cfg.apiUrl}/players/${player.uuid}`, {
|
||||||
|
method: "PATCH",
|
||||||
|
headers: { ...headers, Authorization: `Bearer ${apiToken}` },
|
||||||
|
body: JSON.stringify({ skinBase64, skinModel: model }),
|
||||||
|
});
|
||||||
|
if (!res.ok) {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showErr(skinMsg, await apiMessage(res, cfg.errNetwork));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
skinMsg.classList.add("ok");
|
||||||
|
showErr(skinMsg, cfg.skinOk);
|
||||||
|
} catch {
|
||||||
|
skinMsg.classList.add("err");
|
||||||
|
showErr(skinMsg, cfg.errNetwork);
|
||||||
|
} finally {
|
||||||
|
skinBtn.disabled = false;
|
||||||
|
skinBtn.textContent = cfg.skinUpload;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
@@ -207,6 +207,26 @@ section { position: relative; z-index: 1; }
|
|||||||
}
|
}
|
||||||
.mc-btn.sm { font-size: 14px; padding: 10px 16px 12px; }
|
.mc-btn.sm { font-size: 14px; padding: 10px 16px 12px; }
|
||||||
|
|
||||||
|
/* Launcher download skeleton (placeholder while launcher.json loads). */
|
||||||
|
.dl-skeleton {
|
||||||
|
min-width: 9.5rem;
|
||||||
|
color: transparent;
|
||||||
|
pointer-events: none;
|
||||||
|
background-image: linear-gradient(
|
||||||
|
90deg,
|
||||||
|
oklch(1 0 0 / 0.04),
|
||||||
|
oklch(1 0 0 / 0.14),
|
||||||
|
oklch(1 0 0 / 0.04)
|
||||||
|
);
|
||||||
|
background-size: 200% 100%;
|
||||||
|
animation: dl-shimmer 1.2s linear infinite;
|
||||||
|
}
|
||||||
|
.dl-skeleton::after { content: "\00a0"; } /* keep height when text is empty */
|
||||||
|
@keyframes dl-shimmer {
|
||||||
|
from { background-position: 200% 0; }
|
||||||
|
to { background-position: -200% 0; }
|
||||||
|
}
|
||||||
|
|
||||||
/* ---- Copy-IP chip ---- */
|
/* ---- Copy-IP chip ---- */
|
||||||
.ip-chip {
|
.ip-chip {
|
||||||
display: inline-flex;
|
display: inline-flex;
|
||||||
@@ -245,7 +265,7 @@ section { position: relative; z-index: 1; }
|
|||||||
.ip-chip button:hover { filter: brightness(1.1); }
|
.ip-chip button:hover { filter: brightness(1.1); }
|
||||||
.ip-chip button.copied { background: var(--gold); color: oklch(0.20 0.05 80); }
|
.ip-chip button.copied { background: var(--gold); color: oklch(0.20 0.05 80); }
|
||||||
|
|
||||||
/* url variant: long auth/packwiz URLs — smaller, wraps instead of overflowing */
|
/* url variant: long auth URLs — smaller, wraps instead of overflowing */
|
||||||
.ip-chip.url { max-width: 100%; }
|
.ip-chip.url { max-width: 100%; }
|
||||||
.ip-chip.url .ip-val {
|
.ip-chip.url .ip-val {
|
||||||
font-family: var(--font-mono);
|
font-family: var(--font-mono);
|
||||||
@@ -275,6 +295,7 @@ section { position: relative; z-index: 1; }
|
|||||||
height: 68px;
|
height: 68px;
|
||||||
}
|
}
|
||||||
.brand { display: flex; align-items: center; gap: 12px; text-decoration: none; color: var(--text); }
|
.brand { display: flex; align-items: center; gap: 12px; text-decoration: none; color: var(--text); }
|
||||||
|
.brand-logo { width: 34px; height: 34px; flex-shrink: 0; }
|
||||||
.brand .name {
|
.brand .name {
|
||||||
font-family: var(--font-head);
|
font-family: var(--font-head);
|
||||||
font-weight: 600;
|
font-weight: 600;
|
||||||
@@ -451,30 +472,69 @@ section { position: relative; z-index: 1; }
|
|||||||
.bars i:nth-child(4){height:85%}
|
.bars i:nth-child(4){height:85%}
|
||||||
.bars i:nth-child(5){height:100%}
|
.bars i:nth-child(5){height:100%}
|
||||||
|
|
||||||
/* stat tiles */
|
/* ============================================================
|
||||||
.stat-grid {
|
PLAYER ROSTER (shared avatar tiles)
|
||||||
|
Used by ServerCard.astro (online row) and PlayerRoster.astro
|
||||||
|
(Members grid). A tile is an NMSR avatar + the player name.
|
||||||
|
============================================================ */
|
||||||
|
.roster {
|
||||||
display: grid;
|
display: grid;
|
||||||
grid-template-columns: repeat(4, 1fr);
|
grid-template-columns: repeat(auto-fill, minmax(140px, 1fr));
|
||||||
gap: 16px;
|
gap: 12px;
|
||||||
margin-top: 28px;
|
|
||||||
}
|
}
|
||||||
.tile {
|
.roster-tile {
|
||||||
background: var(--surface);
|
display: flex;
|
||||||
padding: 22px;
|
flex-direction: column;
|
||||||
box-shadow: inset 2px 2px 0 var(--bevel-hi), inset -2px -2px 0 var(--bevel-lo);
|
align-items: center;
|
||||||
|
gap: 8px;
|
||||||
|
padding: 12px 8px;
|
||||||
|
background: var(--bg-2);
|
||||||
}
|
}
|
||||||
.tile .k { font-family: var(--font-head); font-weight: 600; font-size: 38px; color: var(--text); line-height: 1; font-variant-numeric: tabular-nums; }
|
.roster-tile img {
|
||||||
.tile .k .u { color: var(--accent); font-size: 22px; }
|
width: auto;
|
||||||
.tile .l { margin-top: 8px; color: var(--dim); font-size: 13px; letter-spacing: 0.04em; text-transform: uppercase; font-family: var(--font-pixel); font-size: 9px; line-height: 1.8; }
|
height: 230px;
|
||||||
|
object-fit: contain;
|
||||||
|
image-rendering: pixelated;
|
||||||
|
}
|
||||||
|
.roster-name {
|
||||||
|
max-width: 100%;
|
||||||
|
color: var(--muted);
|
||||||
|
font-size: 18px;
|
||||||
|
text-align: center;
|
||||||
|
white-space: nowrap;
|
||||||
|
overflow: hidden;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
}
|
||||||
|
.roster-empty { margin: 0; color: var(--dim); font-size: 14px; }
|
||||||
|
|
||||||
/* ============================================================
|
/* ============================================================
|
||||||
FEATURES
|
FEATURES
|
||||||
============================================================ */
|
============================================================ */
|
||||||
|
.feat-split {
|
||||||
|
display: grid;
|
||||||
|
grid-template-columns: 1.2fr 1fr;
|
||||||
|
gap: 28px;
|
||||||
|
align-items: center;
|
||||||
|
}
|
||||||
.feat-grid {
|
.feat-grid {
|
||||||
display: grid;
|
display: grid;
|
||||||
grid-template-columns: repeat(2, 1fr);
|
grid-template-columns: 1fr;
|
||||||
gap: 18px;
|
gap: 18px;
|
||||||
}
|
}
|
||||||
|
.feat-aside {
|
||||||
|
display: flex;
|
||||||
|
align-items: center;
|
||||||
|
justify-content: center;
|
||||||
|
}
|
||||||
|
.feat-aside img {
|
||||||
|
width: 100%;
|
||||||
|
max-width: 420px;
|
||||||
|
height: auto;
|
||||||
|
image-rendering: pixelated;
|
||||||
|
}
|
||||||
|
@media (max-width: 760px) {
|
||||||
|
.feat-split { grid-template-columns: 1fr; }
|
||||||
|
}
|
||||||
.feat {
|
.feat {
|
||||||
display: flex;
|
display: flex;
|
||||||
gap: 18px;
|
gap: 18px;
|
||||||
@@ -487,7 +547,7 @@ section { position: relative; z-index: 1; }
|
|||||||
.feat h3 { font-size: 21px; margin-bottom: 8px; }
|
.feat h3 { font-size: 21px; margin-bottom: 8px; }
|
||||||
.feat p { margin: 0; color: var(--muted); font-size: 16px; }
|
.feat p { margin: 0; color: var(--muted); font-size: 16px; }
|
||||||
|
|
||||||
/* pixel icon */
|
/* pixel icon — plain (no bevel) */
|
||||||
.picon {
|
.picon {
|
||||||
width: 52px; height: 52px; flex-shrink: 0;
|
width: 52px; height: 52px; flex-shrink: 0;
|
||||||
display: grid;
|
display: grid;
|
||||||
@@ -495,12 +555,17 @@ section { position: relative; z-index: 1; }
|
|||||||
grid-template-rows: repeat(7, 1fr);
|
grid-template-rows: repeat(7, 1fr);
|
||||||
background: var(--slot);
|
background: var(--slot);
|
||||||
padding: 4px;
|
padding: 4px;
|
||||||
box-shadow: inset 2px 2px 0 var(--bevel-lo), inset -2px -2px 0 var(--bevel-hi);
|
|
||||||
image-rendering: pixelated;
|
image-rendering: pixelated;
|
||||||
}
|
}
|
||||||
.picon i { background: transparent; }
|
.picon i { background: transparent; }
|
||||||
.picon i.on { background: var(--accent); }
|
.picon i.on { background: var(--accent); }
|
||||||
.picon i.go { background: var(--gold); }
|
.picon i.go { background: var(--gold); }
|
||||||
|
/* custom image icon (PixelIcon `img` prop) */
|
||||||
|
.picon-img {
|
||||||
|
width: 52px; height: 52px; flex-shrink: 0;
|
||||||
|
object-fit: contain;
|
||||||
|
image-rendering: pixelated;
|
||||||
|
}
|
||||||
|
|
||||||
/* ============================================================
|
/* ============================================================
|
||||||
HOW TO JOIN — steps
|
HOW TO JOIN — steps
|
||||||
@@ -569,7 +634,6 @@ section { position: relative; z-index: 1; }
|
|||||||
:root[data-head="8bit"] .step .num { font-size: 30px; }
|
:root[data-head="8bit"] .step .num { font-size: 30px; }
|
||||||
:root[data-head="8bit"] .feat h3 { font-size: 15px; line-height: 1.4; }
|
:root[data-head="8bit"] .feat h3 { font-size: 15px; line-height: 1.4; }
|
||||||
:root[data-head="8bit"] .serverlist .title { font-size: 16px; }
|
:root[data-head="8bit"] .serverlist .title { font-size: 16px; }
|
||||||
:root[data-head="8bit"] .tile .k { font-size: 26px; }
|
|
||||||
:root[data-head="8bit"] .ip-chip button { font-size: 12px; }
|
:root[data-head="8bit"] .ip-chip button { font-size: 12px; }
|
||||||
:root[data-head="8bit"] .live-pill { font-size: 12px; }
|
:root[data-head="8bit"] .live-pill { font-size: 12px; }
|
||||||
|
|
||||||
@@ -588,13 +652,70 @@ section { position: relative; z-index: 1; }
|
|||||||
.reveal.anim { animation: reveal-in .6s cubic-bezier(.2,.7,.3,1) both; }
|
.reveal.anim { animation: reveal-in .6s cubic-bezier(.2,.7,.3,1) both; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ============================================================
|
||||||
|
REGISTER PAGE
|
||||||
|
============================================================ */
|
||||||
|
.reg-wrap { width: min(560px, calc(100% - 48px)); margin-inline: auto; }
|
||||||
|
.reg-card {
|
||||||
|
background: var(--surface);
|
||||||
|
padding: clamp(24px, 4vw, 40px);
|
||||||
|
box-shadow: inset 2px 2px 0 var(--bevel-hi), inset -2px -2px 0 var(--bevel-lo), 0 8px 24px oklch(0 0 0 / 0.4);
|
||||||
|
}
|
||||||
|
.reg-card .eyebrow { display: block; margin-bottom: 12px; }
|
||||||
|
.reg-card h1 { font-size: clamp(28px, 4vw, 40px); }
|
||||||
|
.reg-card .lead { margin: 14px 0 0; font-size: 17px; }
|
||||||
|
|
||||||
|
.reg-form { display: flex; flex-direction: column; gap: 18px; margin-top: 28px; }
|
||||||
|
.reg-field { display: flex; flex-direction: column; gap: 7px; }
|
||||||
|
.reg-field label {
|
||||||
|
font-family: var(--font-pixel); font-size: 9px; letter-spacing: 0.1em;
|
||||||
|
color: var(--dim); text-transform: uppercase; line-height: 1.8;
|
||||||
|
}
|
||||||
|
.reg-input {
|
||||||
|
font-family: var(--font-body); font-size: 16px; color: var(--text);
|
||||||
|
background: var(--slot); border: 0; padding: 13px 14px;
|
||||||
|
box-shadow: inset 2px 2px 0 var(--bevel-lo), inset -2px -2px 0 var(--bevel-hi);
|
||||||
|
}
|
||||||
|
.reg-input::placeholder { color: var(--dim); }
|
||||||
|
.reg-input:focus { outline: 2px solid var(--accent); outline-offset: 1px; }
|
||||||
|
.reg-field .hint { color: var(--dim); font-size: 13px; }
|
||||||
|
|
||||||
|
.reg-models { display: flex; gap: 10px; }
|
||||||
|
.reg-models label {
|
||||||
|
display: inline-flex; align-items: center; gap: 8px;
|
||||||
|
font-family: var(--font-body); font-size: 15px; letter-spacing: 0; text-transform: none;
|
||||||
|
color: var(--muted); cursor: pointer;
|
||||||
|
background: var(--slot); padding: 9px 14px;
|
||||||
|
box-shadow: inset 2px 2px 0 var(--bevel-lo), inset -2px -2px 0 var(--bevel-hi);
|
||||||
|
}
|
||||||
|
.reg-models input { accent-color: var(--accent); }
|
||||||
|
|
||||||
|
.reg-msg { font-size: 15px; padding: 12px 14px; box-shadow: inset 2px 2px 0 var(--bevel-lo), inset -2px -2px 0 var(--bevel-hi); }
|
||||||
|
.reg-msg[hidden] { display: none; }
|
||||||
|
.reg-msg.err { background: oklch(0.30 0.10 30); color: oklch(0.92 0.04 40); }
|
||||||
|
.reg-msg.ok { background: var(--slot); color: var(--accent); }
|
||||||
|
|
||||||
|
.reg-foot { margin-top: 22px; color: var(--dim); font-size: 14.5px; }
|
||||||
|
.reg-foot a { color: var(--accent); }
|
||||||
|
|
||||||
|
.reg-success[hidden], .reg-skin[hidden] { display: none; }
|
||||||
|
.reg-success { margin-top: 26px; display: flex; flex-direction: column; gap: 16px; }
|
||||||
|
.reg-uuid {
|
||||||
|
font-family: var(--font-mono); font-size: 17px; color: var(--gold);
|
||||||
|
background: var(--slot); padding: 8px 12px; word-break: break-all;
|
||||||
|
box-shadow: inset 2px 2px 0 var(--bevel-lo), inset -2px -2px 0 var(--bevel-hi);
|
||||||
|
}
|
||||||
|
.reg-skin { margin-top: 8px; display: flex; flex-direction: column; gap: 16px; border-top: 1px solid var(--line); padding-top: 22px; }
|
||||||
|
.reg-skin h3 { font-size: 22px; }
|
||||||
|
.reg-skin .lead { font-size: 15px; }
|
||||||
|
.reg-file-name { color: var(--muted); font-size: 14px; }
|
||||||
|
|
||||||
/* ============================================================
|
/* ============================================================
|
||||||
RESPONSIVE
|
RESPONSIVE
|
||||||
============================================================ */
|
============================================================ */
|
||||||
@media (max-width: 880px) {
|
@media (max-width: 880px) {
|
||||||
:root[data-hero="split"] .hero-grid { grid-template-columns: 1fr; }
|
:root[data-hero="split"] .hero-grid { grid-template-columns: 1fr; }
|
||||||
:root[data-hero="split"] .hero-status { display: block; }
|
:root[data-hero="split"] .hero-status { display: block; }
|
||||||
.stat-grid { grid-template-columns: repeat(2, 1fr); }
|
|
||||||
.feat-grid { grid-template-columns: 1fr; }
|
.feat-grid { grid-template-columns: 1fr; }
|
||||||
.nav-links { display: none; }
|
.nav-links { display: none; }
|
||||||
.serverlist { flex-wrap: wrap; }
|
.serverlist { flex-wrap: wrap; }
|
||||||
@@ -604,5 +725,4 @@ section { position: relative; z-index: 1; }
|
|||||||
.step { grid-template-columns: 1fr; gap: 18px; }
|
.step { grid-template-columns: 1fr; gap: 18px; }
|
||||||
.step .num { width: 64px; height: 64px; font-size: 32px; }
|
.step .num { width: 64px; height: 64px; font-size: 32px; }
|
||||||
.ip-chip .ip-val { font-size: 22px; }
|
.ip-chip .ip-val { font-size: 22px; }
|
||||||
.stat-grid { grid-template-columns: 1fr 1fr; }
|
|
||||||
}
|
}
|
||||||
|
|||||||
163
mods-sides.json
Normal file
163
mods-sides.json
Normal file
@@ -0,0 +1,163 @@
|
|||||||
|
{
|
||||||
|
"BetterF3-11.0.3-NeoForge-1.21.1.jar": "client",
|
||||||
|
"BridgingMod-2.6.2+1.21.1.neoforge-release.jar": "client",
|
||||||
|
"CodeChickenLib-1.21.1-4.6.1.526.jar": "both",
|
||||||
|
"Controlling-neoforge-1.21.1-19.0.5.jar": "client",
|
||||||
|
"CreateDragonsPlus-1.11.2b.jar": "both",
|
||||||
|
"CreativeCore_NEOFORGE_v2.13.41_mc1.21.1.jar": "both",
|
||||||
|
"CustomSkinLoader_Universal-14.28.jar": "client",
|
||||||
|
"EasierSleeping-1.21.1-4.0.1.jar": "both",
|
||||||
|
"EasyAnvils-v21.1.0-1.21.1-NeoForge.jar": "both",
|
||||||
|
"EasyMagic-v21.1.4-1.21.1-NeoForge.jar": "both",
|
||||||
|
"EnderStorage-1.21.1-2.13.0.191.jar": "both",
|
||||||
|
"ExplorersCompass-1.21.1-3.4.0-neoforge.jar": "both",
|
||||||
|
"ExtremeSoundMuffler-3.56_NeoForge-1.21.jar": "client",
|
||||||
|
"FarmersDelight-1.21.1-1.3.2.jar": "both",
|
||||||
|
"HangGlider-v21.1.0-1.21.1-NeoForge.jar": "both",
|
||||||
|
"ImmediatelyFast-NeoForge-1.6.10+1.21.1.jar": "client",
|
||||||
|
"Jade-1.21.1-NeoForge-15.10.5.jar": "both",
|
||||||
|
"JadeAddons-1.21.1-NeoForge-6.1.0.jar": "both",
|
||||||
|
"JustEnoughProfessions-neoforge-1.21.1-4.0.5.jar": "both",
|
||||||
|
"JustEnoughResources-NeoForge-1.21.1-1.6.0.17.jar": "client",
|
||||||
|
"MoogsEndStructures-1.21-2.0.3.jar": "both",
|
||||||
|
"MoogsMissingVillages-1.21-2.1.1.jar": "both",
|
||||||
|
"MoogsNetherStructures-1.21-3.0.0-alpha.2.jar": "both",
|
||||||
|
"MoogsVoyagerStructures-1.21-5.0.11.jar": "both",
|
||||||
|
"MouseTweaks-neoforge-mc1.21-2.26.1.jar": "client",
|
||||||
|
"Neat-1.21-47-NEOFORGE.jar": "both",
|
||||||
|
"Necronomicon-NeoForge-1.6.0+1.21.jar": "both",
|
||||||
|
"Patchouli-1.21.1-93-NEOFORGE.jar": "both",
|
||||||
|
"Ping-Wheel-1.12.2-neoforge-1.21.1.jar": "both",
|
||||||
|
"Placebo-1.21.1-9.9.1.jar": "both",
|
||||||
|
"PuzzlesLib-v21.1.51-1.21.1-NeoForge.jar": "both",
|
||||||
|
"Searchables-neoforge-1.21.1-1.0.2.jar": "client",
|
||||||
|
"TerraBlender-neoforge-1.21.1-4.1.0.8.jar": "both",
|
||||||
|
"ToastControl-1.21.1-9.0.1.jar": "client",
|
||||||
|
"TravelersTitles-1.21.1-NeoForge-5.1.3.jar": "client",
|
||||||
|
"UsefulSlime-neoforge-1.21-1.12.1.jar": "both",
|
||||||
|
"YungsApi-1.21.1-NeoForge-5.1.6.jar": "both",
|
||||||
|
"YungsBetterCaves-1.21.1-NeoForge-3.1.4.jar": "both",
|
||||||
|
"YungsBetterDesertTemples-1.21.1-NeoForge-4.1.5.jar": "both",
|
||||||
|
"YungsBetterDungeons-1.21.1-NeoForge-5.1.4.jar": "both",
|
||||||
|
"YungsBetterEndIsland-1.21.1-NeoForge-3.1.2.jar": "both",
|
||||||
|
"YungsBetterJungleTemples-1.21.1-NeoForge-3.1.2.jar": "both",
|
||||||
|
"YungsBetterMineshafts-1.21.1-NeoForge-5.1.1.jar": "both",
|
||||||
|
"YungsBetterNetherFortresses-1.21.1-NeoForge-3.1.5.jar": "both",
|
||||||
|
"YungsBetterOceanMonuments-1.21.1-NeoForge-4.1.2.jar": "both",
|
||||||
|
"YungsBetterStrongholds-1.21.1-NeoForge-5.1.3.jar": "both",
|
||||||
|
"YungsBetterWitchHuts-1.21.1-NeoForge-4.1.1.jar": "both",
|
||||||
|
"YungsBridges-1.21.1-NeoForge-5.1.1.jar": "both",
|
||||||
|
"YungsCaveBiomes-1.21.1-NeoForge-3.1.1.jar": "both",
|
||||||
|
"amendments-neoforge-1.21-2.1.5.jar": "both",
|
||||||
|
"appleskin-neoforge-mc1.21-3.0.9.jar": "client",
|
||||||
|
"architectury-13.0.8-neoforge.jar": "both",
|
||||||
|
"baguettelib-1.21.1-NeoForge-2.0.3.jar": "both",
|
||||||
|
"balm-neoforge-1.21.1-21.0.58.jar": "both",
|
||||||
|
"buildinggadgets2-1.3.9.jar": "both",
|
||||||
|
"caelus-neoforge-7.0.1+1.21.1.jar": "both",
|
||||||
|
"cardboardboxes-1.21.1-0.1.2.jar": "both",
|
||||||
|
"charginggadgets-1.14.1.jar": "both",
|
||||||
|
"cloth-config-15.0.140-neoforge.jar": "both",
|
||||||
|
"colorfulhearts-neoforge-1.21.1-10.5.9.jar": "client",
|
||||||
|
"comforts-neoforge-9.0.5+1.21.1.jar": "both",
|
||||||
|
"configured-neoforge-1.21.1-2.6.3.jar": "both",
|
||||||
|
"copycats-3.0.4+mc.1.21.1-neoforge.jar": "both",
|
||||||
|
"corpse-neoforge-1.21.1-1.1.13.jar": "both",
|
||||||
|
"corpsecurioscompat-1.21.1-NeoForge-4.0.1.jar": "both",
|
||||||
|
"create-1.21.1-6.0.10.jar": "both",
|
||||||
|
"create-central-kitchen-2.5.0.jar": "both",
|
||||||
|
"create-enchantment-industry-2.4.1.jar": "both",
|
||||||
|
"create-integrated-farming-1.2.6.jar": "both",
|
||||||
|
"create_connected-1.2.2-mc1.21.1.jar": "both",
|
||||||
|
"create_jetpack-forge-5.1.2.jar": "both",
|
||||||
|
"create_jetpack_curios-1.2.0-neoforge-1.21.1.jar": "both",
|
||||||
|
"create_mechanical_chicken-1.21.1-1.3.3-6.0.6.jar": "both",
|
||||||
|
"create_mechanical_extruder-1.21.1-2.2.0-6.0.8.jar": "both",
|
||||||
|
"create_mechanical_spawner-1.21.1-1.3.0-6.0.8.jar": "both",
|
||||||
|
"createaddition-1.6.0.jar": "both",
|
||||||
|
"createdeco-2.1.3.jar": "both",
|
||||||
|
"createornithopterglider-1.2.0-1.21.1.jar": "both",
|
||||||
|
"createsifter-1.21.1-2.2.1.jar": "both",
|
||||||
|
"createultimine-1.21.1-neoforge-1.3.2.jar": "both",
|
||||||
|
"curios-neoforge-9.5.1+1.21.1.jar": "both",
|
||||||
|
"cwb-neoforge-3.0.0+mc1.21.jar": "client",
|
||||||
|
"defaultoptions-neoforge-1.21.1-21.1.6.jar": "both",
|
||||||
|
"drippyloadingscreen_neoforge_3.1.2_MC_1.21.1.jar": "client",
|
||||||
|
"easy-piglins-neoforge-1.21.1-1.1.0.jar": "both",
|
||||||
|
"easy-villagers-neoforge-1.21.1-1.1.42.jar": "both",
|
||||||
|
"easydisenchanting-neoforge-1.0.0-1.21.1.jar": "both",
|
||||||
|
"emotecraft-for-MC1.21.1-2.4.12-neoforge.jar": "both",
|
||||||
|
"enderrf-1.21.1-1.0.1.jar": "both",
|
||||||
|
"entity_model_features-3.2.4-1.21-neoforge.jar": "client",
|
||||||
|
"entity_texture_features_1.21-neoforge-7.1.jar": "client",
|
||||||
|
"entityculling-neoforge-1.10.2-mc1.21.1.jar": "client",
|
||||||
|
"etched-5.1.0.jar": "both",
|
||||||
|
"fancymenu_neoforge_3.9.1_MC_1.21.1.jar": "client",
|
||||||
|
"fastleafdecay-35.jar": "both",
|
||||||
|
"ferritecore-7.0.3-neoforge.jar": "both",
|
||||||
|
"fishingoverhaul-1.21.1-1.2.1.jar": "both",
|
||||||
|
"ftb-chunks-neoforge-2101.1.17.jar": "both",
|
||||||
|
"ftb-essentials-neoforge-2101.1.9.jar": "both",
|
||||||
|
"ftb-library-neoforge-2101.1.31.jar": "both",
|
||||||
|
"ftb-teams-neoforge-2101.1.10.jar": "both",
|
||||||
|
"ftb-ultimine-neoforge-2101.1.14.jar": "both",
|
||||||
|
"functionalstorage-1.21.1-1.5.7.jar": "both",
|
||||||
|
"fusion-1.3.2b-neoforge-mc1.21.1.jar": "client",
|
||||||
|
"fzzy_config-0.7.6+1.21+neoforge.jar": "both",
|
||||||
|
"geckolib-neoforge-1.21.1-4.8.4.jar": "both",
|
||||||
|
"handcrafted-neoforge-1.21.1-4.0.3.jar": "both",
|
||||||
|
"immersive_paintings-neoforge-1.21.1-0.7.8.jar": "both",
|
||||||
|
"inventoryessentials-neoforge-1.21.1-21.1.15.jar": "both",
|
||||||
|
"iris-neoforge-1.8.12+mc1.21.1.jar": "client",
|
||||||
|
"jamlib-neoforge-1.3.6+1.21.1.jar": "both",
|
||||||
|
"jei-1.21.1-neoforge-19.27.0.340.jar": "both",
|
||||||
|
"konkrete_neoforge_1.9.9_MC_1.21.jar": "client",
|
||||||
|
"kotlinforforge-5.11.0-all.jar": "both",
|
||||||
|
"kubejs-create-neoforge-2101.3.1-build.18.jar": "both",
|
||||||
|
"kubejs-neoforge-2101.7.2-build.368.jar": "both",
|
||||||
|
"kubejsdelight-1.1.6.jar": "both",
|
||||||
|
"laserio-1.9.11.jar": "both",
|
||||||
|
"lithium-neoforge-0.15.3+mc1.21.1.jar": "both",
|
||||||
|
"lootjs-neoforge-1.21.1-3.7.0.jar": "both",
|
||||||
|
"lootr-neoforge-1.21.1-1.11.37.120.jar": "both",
|
||||||
|
"mechanical_cow-1.21.1-1.2.0-6.0.8.jar": "both",
|
||||||
|
"mechanicals-1.21.1-1.1.0.jar": "both",
|
||||||
|
"melody_neoforge_1.0.10_MC_1.21.jar": "client",
|
||||||
|
"melter-1.21.1-1.8.2.jar": "both",
|
||||||
|
"mob_grinding_utils-1.1.10+mc1.21.1.jar": "both",
|
||||||
|
"modernfix-neoforge-5.27.12+mc1.21.1.jar": "both",
|
||||||
|
"moogs_structures-neoforge-1.21.1-3.0.0.jar": "both",
|
||||||
|
"moonlight-neoforge-1.21.1-3.0.22.jar": "both",
|
||||||
|
"morefunctionalstorage-1.2.3.jar": "both",
|
||||||
|
"moreoverlays-1.24.2-mc1.21.1-neoforge.jar": "client",
|
||||||
|
"polymorph-neoforge-1.1.0+1.21.1.jar": "both",
|
||||||
|
"ponderjs-neoforge-1.21.1-2.4.0.jar": "client",
|
||||||
|
"rechiseled-1.2.5-neoforge-mc1.21.jar": "both",
|
||||||
|
"resourcefullib-neoforge-1.21-3.0.12.jar": "both",
|
||||||
|
"rhino-2101.2.7-build.85.jar": "both",
|
||||||
|
"rightclickharvest-neoforge-4.6.1+1.21.1.jar": "both",
|
||||||
|
"seamless-loading-screen-2.2.1+1.21-neoforge.jar": "client",
|
||||||
|
"simplemagnets-1.1.12c-neoforge-mc1.21.jar": "both",
|
||||||
|
"sliceanddice-forge-4.2.4.jar": "both",
|
||||||
|
"sodium-extra-neoforge-0.8.7+mc1.21.1.jar": "client",
|
||||||
|
"sodium-neoforge-0.8.12-alpha.4+mc1.21.1.jar": "client",
|
||||||
|
"solcarrot-1.21.1-1.16.6.jar": "both",
|
||||||
|
"sophisticatedbackpacks-1.21.1-3.25.55.1852.jar": "both",
|
||||||
|
"sophisticatedbackpackscreateintegration-1.21.1-0.1.6.99.jar": "both",
|
||||||
|
"sophisticatedcore-1.21.1-1.4.49.1976.jar": "both",
|
||||||
|
"spark-1.10.124-neoforge.jar": "both",
|
||||||
|
"supermartijn642configlib-1.1.8-neoforge-mc1.21.jar": "both",
|
||||||
|
"supermartijn642corelib-1.1.21-neoforge-mc1.21.jar": "both",
|
||||||
|
"tagtooltips-neoforge-1.21.1-1.2.0.jar": "client",
|
||||||
|
"titanium-1.21-4.0.43.jar": "both",
|
||||||
|
"toolsjs-0.1.1.jar": "both",
|
||||||
|
"torchmaster-neoforge-1.21.1-21.1.9.jar": "both",
|
||||||
|
"trashcans-1.0.18c-neoforge-mc1.21.jar": "both",
|
||||||
|
"txnilib-neoforge-1.0.24-1.21.1.jar": "both",
|
||||||
|
"ulicraftmod-1.21.1-1.0.0-6.0.10.jar": "both",
|
||||||
|
"utilitarian-1.21.1-0.19.2.jar": "both",
|
||||||
|
"voicechat-neoforge-1.21.1-2.6.18.jar": "both",
|
||||||
|
"wm_binaries-3.0.0-rc.1.jar": "client",
|
||||||
|
"yeetusexperimentus-neoforge-87.0.0.jar": "client",
|
||||||
|
"yet_another_config_lib_v3-3.8.2+1.21.1-neoforge.jar": "both"
|
||||||
|
}
|
||||||
@@ -1,19 +1,17 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────────
|
||||||
# Ulicraft host nginx — TLS terminator in FRONT of caddy.
|
# Ulicraft host nginx — TLS terminator in FRONT of caddy.
|
||||||
# ──────────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────────
|
||||||
# Alternative to ulicraft.conf.tmpl. Instead of nginx serving the static
|
# caddy (in docker-compose.yml) is the single internal ingress for ALL vhosts;
|
||||||
# files + proxying only drasl, here caddy (the docker container) is the single
|
# this host nginx terminates TLS and reverse-proxies everything to caddy by Host
|
||||||
# ingress for ALL vhosts and nginx just terminates TLS and reverse-proxies
|
# header. Prefer tooling/render-nginx.sh over hand-rendering.
|
||||||
# everything to caddy by Host header.
|
|
||||||
#
|
#
|
||||||
# Caddy must be published on a localhost port — set in .env:
|
# Caddy must be published on a localhost port — set in .env:
|
||||||
# CADDY_HTTP_PORT=8880
|
# CADDY_HTTP_PORT=8880
|
||||||
# CADDY_HTTP_BIND=127.0.0.1
|
# CADDY_HTTP_BIND=127.0.0.1
|
||||||
# and the stack brought up with the caddy override (NOT the nginx override):
|
# and the stack brought up:
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml \
|
# docker compose up -d
|
||||||
# -f docker-compose.static.yml up -d
|
|
||||||
#
|
#
|
||||||
# Render with BOTH vars then install:
|
# Render with the vars then install:
|
||||||
# CADDY_HTTP_PORT=8880 BASE_DOMAIN=ulicraft.net APP_DIR=/home/ubuntu/mc/ulicraft-server-v1 \
|
# CADDY_HTTP_PORT=8880 BASE_DOMAIN=ulicraft.net APP_DIR=/home/ubuntu/mc/ulicraft-server-v1 \
|
||||||
# envsubst '$CADDY_HTTP_PORT $BASE_DOMAIN $APP_DIR' \
|
# envsubst '$CADDY_HTTP_PORT $BASE_DOMAIN $APP_DIR' \
|
||||||
# < nginx/ulicraft-caddy.conf.tmpl | sudo tee /etc/nginx/sites-available/ulicraft.conf
|
# < nginx/ulicraft-caddy.conf.tmpl | sudo tee /etc/nginx/sites-available/ulicraft.conf
|
||||||
@@ -28,25 +26,28 @@ upstream ulicraft_caddy {
|
|||||||
server 127.0.0.1:${CADDY_HTTP_PORT};
|
server 127.0.0.1:${CADDY_HTTP_PORT};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Brute-force throttle for the publicly-exposed Filestash /admin console (it is
|
||||||
|
# the only credential on files.), applied in its location block below.
|
||||||
|
limit_req_zone $binary_remote_addr zone=files_admin:10m rate=6r/m;
|
||||||
|
|
||||||
# HTTP -> HTTPS for every name.
|
# HTTP -> HTTPS for every name.
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name ${BASE_DOMAIN} auth.${BASE_DOMAIN} pack.${BASE_DOMAIN} distribution.${BASE_DOMAIN};
|
server_name ${BASE_DOMAIN} www.${BASE_DOMAIN} auth.${BASE_DOMAIN} distribution.${BASE_DOMAIN} avatar.${BASE_DOMAIN} status.${BASE_DOMAIN} files.${BASE_DOMAIN};
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# One TLS server block per name (each has its own LE cert). All proxy to caddy;
|
# One TLS server block per name (each has its own LE cert). All proxy to caddy;
|
||||||
# caddy routes by the forwarded Host header (apex -> www, auth -> drasl,
|
# caddy routes by the forwarded Host header (apex -> www, auth -> drasl).
|
||||||
# pack -> packwiz files).
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
http2 on;
|
|
||||||
server_name ${BASE_DOMAIN};
|
server_name ${BASE_DOMAIN};
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
|
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
|
||||||
ssl_certificate_key ${APP_DIR}/certs/${BASE_DOMAIN}/key.pem;
|
ssl_certificate_key ${APP_DIR}/certs/${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
client_max_body_size 4m; # skin uploads (auth) reuse the same proxy block
|
client_max_body_size 4m; # skin uploads (auth) reuse the same proxy block
|
||||||
|
|
||||||
@@ -59,14 +60,27 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# www -> apex canonical redirect (needs its own cert; covered by LE_SUBDOMAINS).
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
http2 on;
|
server_name www.${BASE_DOMAIN};
|
||||||
|
|
||||||
|
ssl_certificate ${APP_DIR}/certs/www.${BASE_DOMAIN}/cert.pem;
|
||||||
|
ssl_certificate_key ${APP_DIR}/certs/www.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
|
return 301 https://${BASE_DOMAIN}$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
server_name auth.${BASE_DOMAIN};
|
server_name auth.${BASE_DOMAIN};
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;
|
ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;
|
||||||
ssl_certificate_key ${APP_DIR}/certs/auth.${BASE_DOMAIN}/key.pem;
|
ssl_certificate_key ${APP_DIR}/certs/auth.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
client_max_body_size 4m; # skin uploads
|
client_max_body_size 4m; # skin uploads
|
||||||
|
|
||||||
@@ -80,13 +94,13 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
http2 on;
|
server_name distribution.${BASE_DOMAIN};
|
||||||
server_name pack.${BASE_DOMAIN};
|
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem;
|
ssl_certificate ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/cert.pem;
|
||||||
ssl_certificate_key ${APP_DIR}/certs/pack.${BASE_DOMAIN}/key.pem;
|
ssl_certificate_key ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://ulicraft_caddy;
|
proxy_pass http://ulicraft_caddy;
|
||||||
@@ -98,13 +112,13 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
http2 on;
|
server_name avatar.${BASE_DOMAIN};
|
||||||
server_name distribution.${BASE_DOMAIN};
|
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/cert.pem;
|
ssl_certificate ${APP_DIR}/certs/avatar.${BASE_DOMAIN}/cert.pem;
|
||||||
ssl_certificate_key ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/key.pem;
|
ssl_certificate_key ${APP_DIR}/certs/avatar.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://ulicraft_caddy;
|
proxy_pass http://ulicraft_caddy;
|
||||||
@@ -114,3 +128,64 @@ server {
|
|||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Filestash player file share. Uploads need a real body limit (nginx defaults to
|
||||||
|
# 1m, which rejects almost anything worth sharing) and streaming rather than
|
||||||
|
# spooling — a 2g upload buffered to disk would write it twice on a host whose
|
||||||
|
# disk is already the shared failure domain for Minecraft + Drasl + backups.
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name files.${BASE_DOMAIN};
|
||||||
|
|
||||||
|
ssl_certificate ${APP_DIR}/certs/files.${BASE_DOMAIN}/cert.pem;
|
||||||
|
ssl_certificate_key ${APP_DIR}/certs/files.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
|
client_max_body_size 2g; # uploads; other vhosts stay at 4m
|
||||||
|
proxy_request_buffering off; # stream uploads, don't spool them to disk
|
||||||
|
proxy_read_timeout 300s;
|
||||||
|
proxy_send_timeout 300s;
|
||||||
|
|
||||||
|
# /admin is reachable on purpose, so throttle it: it is the only password
|
||||||
|
# on this vhost. 6 req/min, small burst.
|
||||||
|
location /admin {
|
||||||
|
limit_req zone=files_admin burst=3 nodelay;
|
||||||
|
proxy_pass http://ulicraft_caddy;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://ulicraft_caddy;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name status.${BASE_DOMAIN};
|
||||||
|
|
||||||
|
ssl_certificate ${APP_DIR}/certs/status.${BASE_DOMAIN}/cert.pem;
|
||||||
|
ssl_certificate_key ${APP_DIR}/certs/status.${BASE_DOMAIN}/key.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://ulicraft_caddy;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Uptime Kuma uses websockets (socket.io) for live status updates.
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,93 +0,0 @@
|
|||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Ulicraft host nginx — TLS ingress with Let's Encrypt certs.
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
# Template. Render with BOTH vars then install:
|
|
||||||
#
|
|
||||||
# APP_DIR=/home/ubuntu/mc/ulicraft-server-v1 BASE_DOMAIN=ulicraft.net \
|
|
||||||
# envsubst '$APP_DIR $BASE_DOMAIN' \
|
|
||||||
# < nginx/ulicraft.conf.tmpl | sudo tee /etc/nginx/sites-available/ulicraft.conf
|
|
||||||
# sudo ln -sf /etc/nginx/sites-available/ulicraft.conf /etc/nginx/sites-enabled/
|
|
||||||
# sudo nginx -t && sudo systemctl reload nginx
|
|
||||||
#
|
|
||||||
# Prereqs:
|
|
||||||
# - certs issued: tooling/issue-letsencrypt.sh -> $APP_DIR/certs/<name>/{cert,key}.pem
|
|
||||||
# - the docker stack up with the nginx override (publishes drasl on 127.0.0.1:25585):
|
|
||||||
# docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
|
|
||||||
# - nginx's user (www-data) can READ $APP_DIR/{www,pack,custom,certs}
|
|
||||||
# ──────────────────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
# HTTP -> HTTPS for every name.
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name ${BASE_DOMAIN} auth.${BASE_DOMAIN} pack.${BASE_DOMAIN};
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Apex — static landing page (./www) + launcher downloads (./mirror/launcher).
|
|
||||||
# /ca.crt from the caddy path is intentionally omitted: LE certs are publicly
|
|
||||||
# trusted, so guests need no CA import.
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
http2 on;
|
|
||||||
server_name ${BASE_DOMAIN};
|
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
|
|
||||||
ssl_certificate_key ${APP_DIR}/certs/${BASE_DOMAIN}/key.pem;
|
|
||||||
|
|
||||||
# Launcher downloads (populated by tooling/fetch-launcher.sh -> ./mirror/launcher).
|
|
||||||
location /launcher/ {
|
|
||||||
alias ${APP_DIR}/mirror/launcher/;
|
|
||||||
autoindex on;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root ${APP_DIR}/www;
|
|
||||||
index index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pack — packwiz metadata (./pack) + custom jars (./custom at /custom/).
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
http2 on;
|
|
||||||
server_name pack.${BASE_DOMAIN};
|
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem;
|
|
||||||
ssl_certificate_key ${APP_DIR}/certs/pack.${BASE_DOMAIN}/key.pem;
|
|
||||||
|
|
||||||
# Locally-hosted custom mod jars live outside ./pack; expose them at /custom/.
|
|
||||||
location /custom/ {
|
|
||||||
alias ${APP_DIR}/custom/;
|
|
||||||
autoindex on;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root ${APP_DIR}/pack;
|
|
||||||
autoindex on;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Auth — reverse proxy to drasl (published on localhost by the nginx override).
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
http2 on;
|
|
||||||
server_name auth.${BASE_DOMAIN};
|
|
||||||
|
|
||||||
ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;
|
|
||||||
ssl_certificate_key ${APP_DIR}/certs/auth.${BASE_DOMAIN}/key.pem;
|
|
||||||
|
|
||||||
client_max_body_size 4m; # skin uploads
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:25585;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
51
nmsr/config.toml.tmpl
Normal file
51
nmsr/config.toml.tmpl
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
# NMSR-aas config — renders to nmsr/config.toml (gitignored) via
|
||||||
|
# tooling/render-config.sh. Only ${BASE_DOMAIN} is substituted.
|
||||||
|
#
|
||||||
|
# Skins come from Drasl, NOT Mojang. Drasl exposes Mojang-compatible routes at
|
||||||
|
# the bare BaseURL:
|
||||||
|
# session_server -> {url}/session/minecraft/profile/{uuid}
|
||||||
|
# mojang_api_server -> {url}/users/profiles/minecraft/{name}
|
||||||
|
# and embeds absolute skin URLs (https://auth.${BASE_DOMAIN}/web/texture/skin/…)
|
||||||
|
# in the profile — Drasl's BaseURL is https, so these are https and NMSR must
|
||||||
|
# fetch them over :443. The mcnet alias only resolves auth. -> caddy on :80, so
|
||||||
|
# the nmsr service pins auth.${BASE_DOMAIN} to the host (extra_hosts in
|
||||||
|
# docker-compose.yml) and talks to the host nginx on :443 (real LE cert). Hence
|
||||||
|
# the https:// endpoints below — they must match the scheme of the embedded
|
||||||
|
# skin URLs, or the skin fetch Connect-fails and avatars render the default skin.
|
||||||
|
|
||||||
|
[server]
|
||||||
|
address = "0.0.0.0"
|
||||||
|
port = 8080
|
||||||
|
|
||||||
|
[caching]
|
||||||
|
cleanup_interval = "1h"
|
||||||
|
# resolve_cache_duration caches the uuid -> profile (incl. skin URL) lookup, so
|
||||||
|
# it bounds how long a changed skin keeps showing the OLD avatar. Kept short so
|
||||||
|
# skin changes on the account page propagate within ~1 min (NMSR has no
|
||||||
|
# per-request force-refresh; a `?skin=` override is ignored by this build). Cost
|
||||||
|
# is one extra internal Drasl profile lookup per avatar per minute — trivial over
|
||||||
|
# mcnet for a 4-10 player server. For an instant global flush: restart nmsr.
|
||||||
|
resolve_cache_duration = "60s"
|
||||||
|
# texture cache stays long: Drasl skin URLs are content-hashed
|
||||||
|
# (/web/texture/skin/<sha256>.png), so a new skin = new URL = fresh fetch; this
|
||||||
|
# 48h cache never serves a stale skin.
|
||||||
|
texture_cache_duration = "48h"
|
||||||
|
|
||||||
|
[caching.cache_biases]
|
||||||
|
|
||||||
|
[mojank]
|
||||||
|
# Point every Mojang endpoint at Drasl over https — auth. is pinned to the host
|
||||||
|
# (extra_hosts), so this reaches the host nginx on :443 with the real LE cert.
|
||||||
|
# Must stay https to match the https skin URLs Drasl embeds in the profile.
|
||||||
|
session_server = "https://auth.${BASE_DOMAIN}"
|
||||||
|
textures_server = "https://auth.${BASE_DOMAIN}"
|
||||||
|
mojang_api_server = "https://auth.${BASE_DOMAIN}"
|
||||||
|
session_server_rate_limit = 10
|
||||||
|
# This is an offline-mode (authlib-injector) server — Drasl issues v3 offline
|
||||||
|
# UUIDs, so they must be accepted.
|
||||||
|
allow_offline_mode_uuids = true
|
||||||
|
use_dashless_uuids = false
|
||||||
|
|
||||||
|
[rendering]
|
||||||
|
sample_count = 1
|
||||||
|
use_smaa = true
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
# Template sources for pack metadata/config — rendered to their real files by
|
|
||||||
# tooling/render-pack.sh. packwiz must NOT index the templates themselves.
|
|
||||||
*.tmpl
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"enable": true,
|
|
||||||
"loadlist": [
|
|
||||||
{
|
|
||||||
"name": "Ulicraft Skins",
|
|
||||||
"type": "MojangAPI",
|
|
||||||
"apiRoot": "https://auth.${BASE_DOMAIN}/account/",
|
|
||||||
"sessionRoot": "https://auth.${BASE_DOMAIN}/session/"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
# Ulicraft modpack (packwiz)
|
|
||||||
|
|
||||||
This directory is the **single source of truth** for the modpack (MC 1.21.1, NeoForge 21.1.209). Curate mods from here with `packwiz modrinth add <slug>` (prefer Modrinth over CurseForge); each mod produces a `mods/<slug>.pw.toml` metadata file referencing the upstream CDN. **Client-only mods must be tagged `side = "client"`** in their `.pw.toml` so the itzg server does not pull and crash on them. After adding/removing mods run `packwiz refresh` to recompute `index.toml`; for offline LAN play run `tooling/mirror-mods.sh` to vendor the jars and rewrite the download URLs to the local Caddy mirror. Curation is an ongoing manual task — no mods are added yet.
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "balm-neoforge-1.21.1-21.0.58"
|
|
||||||
filename = "balm-neoforge-1.21.1-21.0.58.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/balm-neoforge-1.21.1-21.0.58.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "aa2463747bad4c2351869226ea7bce7839510dfd2ac387f8d1588b1ce9309c67"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "CustomSkinLoader_Universal-14.28"
|
|
||||||
filename = "CustomSkinLoader_Universal-14.28.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/CustomSkinLoader_Universal-14.28.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "0008fb0a91dd1e84d52162cfe96addb5f6aed3b76d426ea7305d7624e31f1894"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "inventoryessentials-neoforge-1.21.1-21.1.15"
|
|
||||||
filename = "inventoryessentials-neoforge-1.21.1-21.1.15.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/inventoryessentials-neoforge-1.21.1-21.1.15.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "b7a5c5526a45256551543419ba2b5d54e56c585d76a645a8cea8cb8ea843ae2c"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "Jade-1.21.1-NeoForge-15.10.5"
|
|
||||||
filename = "Jade-1.21.1-NeoForge-15.10.5.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/Jade-1.21.1-NeoForge-15.10.5.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "067bb4b007e1d6f6b79f0afe99c91252aa825472b99a76d33a60d24442f9e92d"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "JadeAddons-1.21.1-NeoForge-6.1.0"
|
|
||||||
filename = "JadeAddons-1.21.1-NeoForge-6.1.0.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/JadeAddons-1.21.1-NeoForge-6.1.0.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "5f242668ad710092964d4d9afda8a94fa2401665ea13eea67d55d07e4dff8a64"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "jei-1.21.1-neoforge-19.27.0.340"
|
|
||||||
filename = "jei-1.21.1-neoforge-19.27.0.340.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/jei-1.21.1-neoforge-19.27.0.340.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "8aaf547432f1b4958239b036356b910692fe40f858c3073d996f56bbf7c99826"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "JustEnoughProfessions-neoforge-1.21.1-4.0.5"
|
|
||||||
filename = "JustEnoughProfessions-neoforge-1.21.1-4.0.5.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/JustEnoughProfessions-neoforge-1.21.1-4.0.5.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "b320b47f1791f56df9e1a05138f0e312e6e54541945ff15f2f1fd398cd1d4d9d"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "JustEnoughResources-NeoForge-1.21.1-1.6.0.17"
|
|
||||||
filename = "JustEnoughResources-NeoForge-1.21.1-1.6.0.17.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/JustEnoughResources-NeoForge-1.21.1-1.6.0.17.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "7a47d69b5530704690d5a5f0726cd74a2d6c57df17dd4a8589c4ab5212f91460"
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
name = "MouseTweaks-neoforge-mc1.21-2.26.1"
|
|
||||||
filename = "MouseTweaks-neoforge-mc1.21-2.26.1.jar"
|
|
||||||
side = "both"
|
|
||||||
|
|
||||||
[download]
|
|
||||||
url = "http://pack.${BASE_DOMAIN}/custom/MouseTweaks-neoforge-mc1.21-2.26.1.jar"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "68e6f4201c5de97b77929a7215c9552495696ca6a3bf3ae4eacc34e135f6cc8b"
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
name = "Ulicraft"
|
|
||||||
author = "Oier"
|
|
||||||
version = "1.0.0"
|
|
||||||
pack-format = "packwiz:1.1.0"
|
|
||||||
|
|
||||||
[index]
|
|
||||||
file = "index.toml"
|
|
||||||
hash-format = "sha256"
|
|
||||||
hash = "9bca0b1a4434050835cab46116d7c14aafec971ff5a95a1ee0c4232c8bcbc355"
|
|
||||||
|
|
||||||
[versions]
|
|
||||||
minecraft = "1.21.1"
|
|
||||||
neoforge = "21.1.209"
|
|
||||||
@@ -1,124 +1,160 @@
|
|||||||
# Ulicraft Server — Plan Overview
|
# Ulicraft Server — Plan Overview
|
||||||
|
|
||||||
Self-hosted modded Minecraft LAN-party stack, designed to run **fully offline**
|
Self-hosted modded Minecraft stack — a single Docker Compose file holds the
|
||||||
(air-gapped) during the party while remaining a persistent homelab service.
|
entire thing, fronted by the host's own nginx (Let's Encrypt TLS) and a caddy
|
||||||
|
internal router. Built for a LAN party but runs as a persistent homelab service.
|
||||||
|
Assumes the internet is present.
|
||||||
|
|
||||||
## Single source of configuration
|
## Single source of configuration
|
||||||
|
|
||||||
Everything is driven by two env vars in `.env`:
|
Everything is driven by one env var in `.env`:
|
||||||
|
|
||||||
```
|
```
|
||||||
BASE_DOMAIN=ulicraft.local # all services are subdomains of this
|
BASE_DOMAIN=ulicraft.net # all services are subdomains of this
|
||||||
HOST_LAN_IP=192.168.x.x # the Docker host's LAN IP (dnsmasq target)
|
|
||||||
```
|
```
|
||||||
|
|
||||||
> `.local` collides with mDNS/Bonjour (RFC 6762). macOS + Linux Avahi may resolve
|
`render-config.sh` substitutes `${BASE_DOMAIN}` into the templates (plus the
|
||||||
> `*.local` via multicast and bypass dnsmasq. Accepted risk for now; alternatives
|
derived `REGISTRATION_*` and `FILES_*` values — see `20-files.md`).
|
||||||
> if it bites: `.lan`, `home.arpa`. Flagged, user chose `.local`.
|
DNS is **not** this repo's concern: point `${BASE_DOMAIN}` and all subdomains
|
||||||
|
(`auth.` `avatar.` `status.` `files.` `distribution.` `www.`) at the host running
|
||||||
|
nginx; that is configured outside this repo.
|
||||||
|
|
||||||
## Subdomain / ingress map
|
## Subdomain / ingress map
|
||||||
|
|
||||||
```
|
```
|
||||||
ulicraft.local → caddy → landing page (launcher downloads + guide)
|
ulicraft.net → nginx → caddy → landing page (/srv/www) + /launcher/
|
||||||
auth.ulicraft.local → caddy → drasl:25585 (auth web UI + Yggdrasil API)
|
auth.ulicraft.net → nginx → caddy → drasl:25585 (auth web UI + Yggdrasil API)
|
||||||
packwiz.ulicraft.local → caddy → /srv/pack (pack metadata + mod-jar mirror)
|
avatar.ulicraft.net → nginx → caddy → nmsr:8080 (skin/avatar renderer)
|
||||||
assets.ulicraft.local → caddy → /srv/assets (MC asset-object mirror; HTTPS forced — see 10)
|
status.ulicraft.net → nginx → caddy → uptime-kuma:3001 (status page)
|
||||||
mc.ulicraft.local:25565 → minecraft (NOT http; raw MC protocol)
|
files.ulicraft.net → nginx → caddy → filestash:8334 (player file share, shared login)
|
||||||
|
distribution.ulicraft.net → nginx → caddy → /srv/distribution (static, another repo)
|
||||||
|
mc.ulicraft.net:25565 → minecraft (raw MC protocol, not HTTP)
|
||||||
```
|
```
|
||||||
|
|
||||||
Caddy is the only HTTP ingress (plain `:80` for now, TLS/step-ca later).
|
The host's own nginx is the only public ingress: it terminates TLS with Let's
|
||||||
drasl's host port is removed — internal only, reached through Caddy.
|
Encrypt certs and reverse-proxies every vhost to caddy by Host header. caddy is
|
||||||
|
published on a **localhost-only** port (`CADDY_HTTP_BIND=127.0.0.1`,
|
||||||
|
`CADDY_HTTP_PORT=8880`) and acts as the internal router. drasl, nmsr and
|
||||||
|
uptime-kuma have no host ports — they are reached only through caddy.
|
||||||
|
|
||||||
### Internal resolution trick
|
### Internal resolution trick
|
||||||
|
|
||||||
Containers use the Docker resolver, NOT dnsmasq. Caddy gets network aliases so
|
Containers use the Docker resolver. caddy gets network aliases so the stack
|
||||||
the stack resolves its own subdomains internally:
|
resolves its own subdomains internally:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
caddy:
|
caddy:
|
||||||
networks:
|
networks:
|
||||||
mcnet:
|
mcnet:
|
||||||
aliases: [ "auth.${BASE_DOMAIN}", "packwiz.${BASE_DOMAIN}" ]
|
aliases: [ "auth.${BASE_DOMAIN}" ]
|
||||||
```
|
```
|
||||||
|
|
||||||
Result: `http://auth.ulicraft.local/authlib-injector` and
|
Result: `http://auth.ulicraft.net/authlib-injector` resolves identically inside
|
||||||
`http://packwiz.ulicraft.local/pack.toml` resolve identically inside and outside
|
the stack (minecraft → caddy) as the public name does outside it (client → nginx
|
||||||
the stack. dnsmasq exists **only for guest laptops**.
|
→ caddy).
|
||||||
|
|
||||||
## Online vs offline split
|
#### HTTPS variant (`extra_hosts: host-gateway`)
|
||||||
|
|
||||||
|
The caddy alias only serves **http** on `mcnet` (port 80). Once the stack moved
|
||||||
|
to https URLs (drasl `BaseURL`; the authlib-injector agent must match the
|
||||||
|
client's https endpoint), the internal http alias is no longer enough — the
|
||||||
|
container needs to reach a **TLS** terminator holding a valid cert.
|
||||||
|
|
||||||
|
Caddy does not terminate TLS internally; the host's nginx does (on `0.0.0.0:443`).
|
||||||
|
So pin the public name to the host in the service, not to caddy:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
minecraft:
|
||||||
|
extra_hosts:
|
||||||
|
- "auth.${BASE_DOMAIN}:host-gateway"
|
||||||
|
```
|
||||||
|
|
||||||
|
`/etc/hosts` (extra_hosts) wins over the Docker resolver, so the container reaches
|
||||||
|
the host's nginx (valid LE cert) → caddy → service. This is required because
|
||||||
|
**containers do not inherit the host's `/etc/hosts`** — on cochi the host resolves
|
||||||
|
`auth.` to the public IP, but inside a container the LAN resolver returns a
|
||||||
|
dead address (`192.168.0.3:443`, connection refused), which crash-loops session
|
||||||
|
validation on boot. `host-gateway` sidesteps DNS entirely.
|
||||||
|
|
||||||
|
## Build / run flow
|
||||||
|
|
||||||
```
|
```
|
||||||
PRE-PARTY (internet, run once):
|
PREP (run once, online):
|
||||||
1. curate packwiz pack → see 04-packwiz.md
|
1. render configs → tooling/render-config.sh (08-tooling.md)
|
||||||
2. mirror mod jars + rewrite URLs → tooling/mirror-mods.sh (08-tooling.md)
|
2. build landing page → cd landing && pnpm run build → www/ (09-landing.md)
|
||||||
3. pre-bake server volume → TYPE=NEOFORGE install (05-minecraft.md)
|
3. download launcher releases → tooling/fetch-launcher.sh (06-launcher.md)
|
||||||
4. download launcher releases → tooling/fetch-launcher.sh (06-launcher.md)
|
4. sync server mods → tooling/sync-server-mods.sh (04-mods.md)
|
||||||
5. capture+mirror client air-gap → tooling/mirror-airgap.sh (11-full-airgap-mirror.md)
|
5. (TLS) issue Let's Encrypt certs → tooling/issue-letsencrypt.sh (15-letsencrypt.md)
|
||||||
6. build landing page → cd landing && pnpm run build → www/ (09-landing.md)
|
6. (ingress) render+install nginx → tooling/render-nginx.sh --install (15-letsencrypt.md)
|
||||||
7. render configs from templates → tooling/render-config.sh (08-tooling.md)
|
|
||||||
|
|
||||||
PARTY (air-gapped):
|
UP:
|
||||||
dnsmasq : *.ulicraft.local → HOST_LAN_IP
|
docker compose up -d --build
|
||||||
caddy : local CDN + landing page
|
|
||||||
drasl : password login (NO Keycloak/OIDC for now)
|
|
||||||
minecraft: TYPE=CUSTOM, no Mojang re-resolution
|
|
||||||
guests : install Fjord launcher, import pack, add authlib account → auth subdomain
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bring-up is a single command. There are no run modes and no override compose
|
||||||
|
files — one `docker-compose.yml` holds drasl, minecraft, mc-backup, caddy, nmsr,
|
||||||
|
mc-status, uptime-kuma and filestash.
|
||||||
|
|
||||||
## Why each hard call was made
|
## Why each hard call was made
|
||||||
|
|
||||||
- **No OIDC/Keycloak (for now)** — drasl password login. Keycloak left out of this
|
- **No OIDC/Keycloak (for now)** — drasl password login. Keycloak left out of
|
||||||
stack's scope. Re-add later if desired.
|
this stack's scope. Re-add later if desired.
|
||||||
- **itzg can't air-gap-boot in NEOFORGE mode** (re-resolves Mojang metadata every
|
- **Distribution-fed mods** — the modset's source of truth is the HeliosLauncher
|
||||||
start, issue #2340). Pre-bake then switch to `TYPE=CUSTOM`.
|
distribution repo; clients install the full set, the server loads a filtered
|
||||||
- **packwiz only serves metadata** — `.pw.toml` points at Modrinth CDN. Offline
|
`both`/`server` subset from `./server-mods`. See `04-mods.md`.
|
||||||
needs jars mirrored onto Caddy + URL rewrite.
|
- **Fjord launcher** has authlib-injector built in → no manual JVM agent on
|
||||||
- **Fjord launcher** has authlib-injector built in → no manual JVM agent on clients.
|
clients.
|
||||||
|
- **host nginx in front of caddy** — real Let's Encrypt certs (JVM trusts them
|
||||||
|
with no CA import) and a single public TLS terminator; caddy stays an internal
|
||||||
|
Host-routed multiplexer for the stack's own services.
|
||||||
|
|
||||||
## Target folder layout
|
## Target folder layout
|
||||||
|
|
||||||
```
|
```
|
||||||
.
|
.
|
||||||
├── docker-compose.yml
|
├── docker-compose.yml # the entire stack (no overrides)
|
||||||
├── .env / .env.example # BASE_DOMAIN, HOST_LAN_IP, RCON_PASSWORD
|
├── .env / .env.example # BASE_DOMAIN, RCON_PASSWORD, CADDY_*, LE block
|
||||||
├── caddy/Caddyfile # {$BASE_DOMAIN} vhosts + landing page
|
├── caddy/conf.d/ # per-vhost snippets (00-core, 10-static, …)
|
||||||
├── dnsmasq/dnsmasq.conf.tmpl # wildcard template
|
├── nginx/ulicraft-caddy.conf.tmpl # host nginx → caddy template (TLS terminator)
|
||||||
|
├── certs/<name>/{cert,key}.pem # Let's Encrypt output (gitignored)
|
||||||
├── drasl/config/
|
├── drasl/config/
|
||||||
│ ├── config.toml.tmpl # envsubst source
|
│ ├── config.toml.tmpl # render-config.sh source
|
||||||
│ └── config.toml # generated (gitignored)
|
│ └── config.toml # generated (gitignored)
|
||||||
├── pack/ # packwiz source of truth
|
├── nmsr/ # avatar renderer config + Dockerfile context
|
||||||
├── mirror/ # vendored mod jars + launcher releases (gitignored)
|
├── filestash/
|
||||||
├── runtime/ # authlib-injector.jar (legacy; may be unused w/ Fjord)
|
│ ├── config.json.tmpl # render-config.sh source (files. share)
|
||||||
├── tooling/
|
│ └── config.json # generated, mounted :ro (gitignored — holds hashes)
|
||||||
│ ├── render-config.sh # envsubst templates → real configs, halt if unset
|
├── docker/nmsr/ # nmsr image build context
|
||||||
│ ├── mirror-mods.sh # vendor mod jars + rewrite .pw.toml URLs
|
├── server-mods/ # filtered server modset (synced, gitignored)
|
||||||
│ ├── mirror-assets.sh # mirror MC asset objects for offline clients (10)
|
├── launcher/ # vendored Fjord launcher releases (gitignored)
|
||||||
│ └── fetch-launcher.sh # download all Fjord release assets
|
├── runtime/ # authlib-injector.jar
|
||||||
|
├── tooling/ # render/fetch/issue scripts (see 08-tooling.md)
|
||||||
├── landing/ # Astro+TS landing source (build → www/)
|
├── landing/ # Astro+TS landing source (build → www/)
|
||||||
│ ├── astro.config.mjs # outDir ../www
|
├── www/ # landing build output — caddy apex (gitignored)
|
||||||
│ ├── public/logo.png # stone 3D logo
|
|
||||||
│ └── src/{data/site.ts,pages/index.astro}
|
|
||||||
├── www/ # caddy landing page — GENERATED by landing build (gitignored)
|
|
||||||
├── backups/
|
├── backups/
|
||||||
└── plan/ # these files
|
└── plan/ # these files
|
||||||
```
|
```
|
||||||
|
|
||||||
## Service plan files
|
## Service plan files
|
||||||
|
|
||||||
- `01-dnsmasq.md` — LAN wildcard DNS
|
- `02-caddy.md` — internal router (vhost conf.d snippets) behind host nginx
|
||||||
- `02-caddy.md` — ingress + local CDN + landing page
|
|
||||||
- `03-drasl.md` — auth (password login)
|
- `03-drasl.md` — auth (password login)
|
||||||
- `04-packwiz.md` — modpack source + mod mirror
|
- `04-mods.md` — distribution-fed mod volume + server filtering (supersedes `04-packwiz.md`)
|
||||||
- `05-minecraft.md` — itzg NeoForge server + offline launch
|
- `05-minecraft.md` — itzg NeoForge server
|
||||||
- `06-launcher.md` — Fjord launcher fetch + distribution
|
- `06-launcher.md` — Fjord launcher fetch + distribution
|
||||||
- `07-mc-backup.md` — world backups
|
- `07-mc-backup.md` — world backups
|
||||||
- `08-tooling.md` — render/mirror/fetch scripts
|
- `08-tooling.md` — render/fetch/issue scripts
|
||||||
- `09-landing.md` — Astro+TS guest onboarding page → www/
|
- `09-landing.md` — Astro+TS guest onboarding page → www/
|
||||||
- `10-assets-mirror.md` — lighter alternative: objects-only Fjord Assets Server override
|
|
||||||
- `11-full-airgap-mirror.md` — CHOSEN: DNS+TLS transparent mirror for full client air-gap
|
|
||||||
- `12-build-order.md` — commit-per-task build sequence
|
- `12-build-order.md` — commit-per-task build sequence
|
||||||
- `13-dns-and-run-modes.md` — domain (.lan), online/airgap modes, party DNS, mDNS option
|
- `14-deploy.md` — redeploy to the production host
|
||||||
|
- `15-letsencrypt.md` — Let's Encrypt (OVH DNS-01) + host nginx ingress
|
||||||
|
- `17-mod-shortlist.md` — kitchen-sink gap doc + landing mod-list dataset (PLANNED)
|
||||||
|
- `18-landing-rework.md` — join flow / rosters / account / mod list / footer (PLANNED)
|
||||||
|
- `19-routes.md` — HTTP route reference (nmsr / landing / auth / files + internal)
|
||||||
|
- `20-files.md` — Filestash player file share (`files.`, one shared login)
|
||||||
|
|
||||||
## Boot/dependency order
|
## Boot/dependency order
|
||||||
|
|
||||||
`dnsmasq` → `caddy` (aliases) → `drasl` → `minecraft` (depends on drasl + packwiz served by caddy) → `mc-backup`.
|
`caddy` (aliases) → `drasl` → `minecraft` (depends on drasl) → `mc-backup`.
|
||||||
|
`nmsr`, `mc-status`, `uptime-kuma` and `filestash` are always-on and join `mcnet`
|
||||||
|
(no ordering constraints — none of them are on the auth/boot path).
|
||||||
|
|||||||
@@ -1,63 +0,0 @@
|
|||||||
# dnsmasq — LAN wildcard DNS
|
|
||||||
|
|
||||||
> **SUPERSEDED for the default path — see `13-dns-and-run-modes.md`.** DNS is now
|
|
||||||
> your own party server (records via `tooling/dns-records.sh`); dnsmasq moved to
|
|
||||||
> an optional turnkey layer (`docker-compose.dnsmasq.yml`). Default domain is
|
|
||||||
> `.lan` (not `.local`). The wildcard/spoof template below still applies when you
|
|
||||||
> opt into dnsmasq.
|
|
||||||
|
|
||||||
## Summary
|
|
||||||
|
|
||||||
Provides name resolution for guest laptops so `*.ulicraft.local` resolves to the
|
|
||||||
Docker host. Replaces the homelab's AdGuard (dropped for the LAN party). Image:
|
|
||||||
`jpillora/dnsmasq` (dnsmasq wrapped in webproc, optional web UI on :8080).
|
|
||||||
|
|
||||||
Config is a **file**, not env-driven — `/etc/dnsmasq.conf`, standard dnsmasq
|
|
||||||
format. Rendered from a template by `tooling/render-config.sh`.
|
|
||||||
|
|
||||||
Only guest laptops point their DNS here. Stack-internal resolution is handled by
|
|
||||||
Docker network aliases on Caddy (see `02-caddy.md`), so dnsmasq is not on the
|
|
||||||
critical path for the server's own services.
|
|
||||||
|
|
||||||
## Config template
|
|
||||||
|
|
||||||
`dnsmasq/dnsmasq.conf.tmpl`:
|
|
||||||
```
|
|
||||||
# wildcard: every *.ulicraft.local → host LAN IP
|
|
||||||
address=/${BASE_DOMAIN}/${HOST_LAN_IP}
|
|
||||||
# upstream optional; party is offline so may be omitted
|
|
||||||
no-resolv
|
|
||||||
```
|
|
||||||
|
|
||||||
### Air-gap spoof records (see 11)
|
|
||||||
|
|
||||||
For full client air-gap, this file also spoofs the real upstream hosts → our
|
|
||||||
Caddy mirror (`piston-meta`/`piston-data`/`libraries.minecraft.net`/
|
|
||||||
`maven.neoforged.net`/`resources.download.minecraft.net`/`meta.prismlauncher.org`).
|
|
||||||
Full list + rationale in `11-full-airgap-mirror.md`. Keep in sync with the
|
|
||||||
capture step. Auth hosts (session/textures/api.mojang) are NOT spoofed — drasl
|
|
||||||
handles those via authlib-injector.
|
|
||||||
|
|
||||||
## Gotcha — port 53 conflict
|
|
||||||
|
|
||||||
Linux Docker hosts usually run `systemd-resolved` bound to `:53`. Publishing
|
|
||||||
`53:53` will fail with `address already in use`. Resolve by one of:
|
|
||||||
- Bind dnsmasq only to the LAN IP: publish `${HOST_LAN_IP}:53:53/udp` (+tcp)
|
|
||||||
- Or disable resolved's stub listener (`DNSStubListener=no`) and restart resolved
|
|
||||||
|
|
||||||
## Gotcha — `.local` / mDNS
|
|
||||||
|
|
||||||
See overview. Avahi may shortcut `*.local` to multicast before hitting dnsmasq.
|
|
||||||
Test on a macOS client early; if broken, switch `BASE_DOMAIN` to `.lan`.
|
|
||||||
|
|
||||||
## Tasks
|
|
||||||
|
|
||||||
- [ ] Add `dnsmasq` service to `docker-compose.yml` (`jpillora/dnsmasq`)
|
|
||||||
- [ ] Create `dnsmasq/dnsmasq.conf.tmpl` with wildcard `address=` line
|
|
||||||
- [ ] Wire `render-config.sh` to emit `dnsmasq/dnsmasq.conf` (gitignored)
|
|
||||||
- [ ] Decide port-53 strategy (bind to `HOST_LAN_IP` vs disable resolved stub)
|
|
||||||
- [ ] Publish `53/udp` + `53/tcp`; mount rendered conf read-only
|
|
||||||
- [ ] Optionally expose webproc UI (8080) behind Caddy as `dns.ulicraft.local`
|
|
||||||
- [ ] Document guest DNS setting (set DNS server = `HOST_LAN_IP`)
|
|
||||||
- [ ] Verify `*.local` resolves on Windows + macOS + Linux guests (mDNS check)
|
|
||||||
- [ ] Add air-gap spoof `address=` records (see 11) once capture confirms the host list
|
|
||||||
@@ -1,15 +1,19 @@
|
|||||||
# Caddy — ingress, local CDN, landing page
|
# Caddy — internal router behind host nginx
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
Single HTTP ingress for the stack. Three roles:
|
caddy is the stack's **internal HTTP router**, sitting behind the host's own
|
||||||
1. **Reverse proxy** — `auth.ulicraft.local` → drasl.
|
nginx (which terminates TLS — see `15-letsencrypt.md`). caddy is published only
|
||||||
2. **Local CDN / static** — `packwiz.ulicraft.local` serves pack metadata AND the
|
on a localhost-only port (`CADDY_HTTP_BIND=127.0.0.1`, `CADDY_HTTP_PORT=8880`);
|
||||||
mirrored mod jars (offline installs).
|
nginx reverse-proxies every public vhost to it by Host header. Roles:
|
||||||
3. **Landing page** — apex `ulicraft.local` serves launcher downloads + guest guide.
|
|
||||||
|
|
||||||
Plain `:80` for now (LAN). TLS via step-ca deferred. Image: `caddy:alpine`.
|
1. **Reverse proxy** — `auth.` → drasl, `avatar.` → nmsr, `status.` → uptime-kuma,
|
||||||
Caddy natively reads `{$BASE_DOMAIN}` env placeholders — no template render needed.
|
`files.` → filestash.
|
||||||
|
2. **Static** — apex serves the landing page + `/launcher/` downloads;
|
||||||
|
`distribution.` serves a static site from another repo.
|
||||||
|
|
||||||
|
Image: `caddy:alpine`. caddy natively reads `{$BASE_DOMAIN}` env placeholders —
|
||||||
|
no template render needed.
|
||||||
|
|
||||||
## Network aliases (internal resolution)
|
## Network aliases (internal resolution)
|
||||||
|
|
||||||
@@ -19,51 +23,45 @@ caddy:
|
|||||||
mcnet:
|
mcnet:
|
||||||
aliases:
|
aliases:
|
||||||
- "auth.${BASE_DOMAIN}"
|
- "auth.${BASE_DOMAIN}"
|
||||||
- "packwiz.${BASE_DOMAIN}"
|
|
||||||
```
|
```
|
||||||
Lets `minecraft` reach `http://auth.ulicraft.local/authlib-injector` and
|
Lets `minecraft` reach `http://auth.ulicraft.net/authlib-injector` from inside
|
||||||
`http://packwiz.ulicraft.local/pack.toml` without dnsmasq.
|
the stack.
|
||||||
|
|
||||||
## Caddyfile sketch
|
## conf.d snippets
|
||||||
|
|
||||||
```
|
The Caddyfile imports per-vhost snippets from `caddy/conf.d/`:
|
||||||
{
|
|
||||||
auto_https off
|
|
||||||
}
|
|
||||||
|
|
||||||
http://{$BASE_DOMAIN} {
|
- `00-core.caddy` — `auth.` → drasl.
|
||||||
root * /srv/www
|
- `10-static.caddy` — apex landing (`/srv/www`) + `/launcher/*` (`/srv/launcher`).
|
||||||
file_server
|
- `30-distribution.caddy` — `distribution.` → `/srv/distribution` (static, from
|
||||||
}
|
`DISTRIBUTION_WEB_ROOT`, another repo).
|
||||||
|
- `40-avatar.caddy` — `avatar.` → `nmsr:8080` (skin/avatar renderer).
|
||||||
|
- `50-status.caddy` — `status.` → `uptime-kuma:3001` (status page).
|
||||||
|
- `60-files.caddy` — `files.` → `filestash:8334` (player file share, `20-files.md`).
|
||||||
|
|
||||||
http://auth.{$BASE_DOMAIN} {
|
All vhosts are plain `http://…`; TLS is nginx's job. Mounts: `./www:/srv/www:ro`,
|
||||||
reverse_proxy drasl:25585
|
`./launcher:/srv/launcher:ro`, `${DISTRIBUTION_WEB_ROOT}:/srv/distribution:ro`.
|
||||||
}
|
|
||||||
|
|
||||||
http://packwiz.{$BASE_DOMAIN} {
|
> **Don't rewrite the `Host` header for `files.`** — filestash rejects any
|
||||||
root * /srv/pack
|
> request whose Host doesn't match its configured `general.host`, with *"only
|
||||||
file_server browse
|
> traffic from X is allowed"* (a 403 that reads like an auth failure). nginx
|
||||||
}
|
> forwards the original Host and caddy passes it through untouched. Keep it that
|
||||||
```
|
> way.
|
||||||
|
|
||||||
Mounts: `./www:/srv/www:ro`, `./pack:/srv/pack:ro`, `./mirror/launcher:/srv/www/launcher:ro`.
|
|
||||||
|
|
||||||
## Notes / risks
|
## Notes / risks
|
||||||
|
|
||||||
- drasl behind a proxy: docs don't detail `X-Forwarded-*` trust. On plain HTTP LAN
|
- drasl behind a proxy: with matching `BaseURL` and nginx terminating TLS it is
|
||||||
with matching `BaseURL` it should be fine; revisit when TLS is added.
|
fine; nginx passes the original Host through to caddy → drasl.
|
||||||
- `file_server browse` gives a directory listing — handy for debugging the pack.
|
- `/launcher/` is a sibling mount (`/srv/launcher`), not nested under the
|
||||||
- Mod-jar mirror lives under `/srv/pack/mods/` so packwiz URLs and jars share host.
|
read-only `/srv/www`; `handle_path` strips the prefix.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
- [ ] Add `caddy` service to `docker-compose.yml`, ports `80:80` (+`443` later)
|
- [ ] `caddy` service in `docker-compose.yml`, published `127.0.0.1:${CADDY_HTTP_PORT}:80`
|
||||||
- [ ] Pass `BASE_DOMAIN` into caddy env
|
- [ ] Pass `BASE_DOMAIN` + `DISTRIBUTION_WEB_ROOT` into caddy env
|
||||||
- [ ] Create `caddy/Caddyfile` with apex + auth + packwiz vhosts
|
- [ ] Caddyfile imports `conf.d/*.caddy`
|
||||||
- [ ] Add network aliases for `auth.` and `packwiz.` subdomains
|
- [ ] Network alias for `auth.` subdomain
|
||||||
- [ ] Mount `./www`, `./pack`, `./mirror/launcher`
|
- [ ] Mount `./www`, `./launcher`, `${DISTRIBUTION_WEB_ROOT}`
|
||||||
- [ ] Confirm reverse_proxy to drasl works (auth web UI loads, Yggdrasil API responds)
|
- [ ] Confirm reverse_proxy to drasl works (auth web UI loads, Yggdrasil API responds)
|
||||||
- [ ] Verify internal alias resolution from `minecraft` container (curl pack.toml)
|
- [ ] Verify internal alias resolution from `minecraft` container (curl authlib-injector)
|
||||||
- [ ] Air-gap mirror: add per-host `tls internal` vhosts + aliases + mounts (see 11)
|
- [ ] Verify nmsr + uptime-kuma proxied (`avatar.` renders, `status.` loads)
|
||||||
- [ ] Export Caddy root CA for guest trust (LAN-party TLS = `tls internal`; step-ca deferred)
|
|
||||||
- [ ] Defer (reminder): graduate `tls internal` → step-ca for persistent homelab
|
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
Self-hosted, Yggdrasil-compatible auth + skin server. Drop-in Mojang replacement
|
Self-hosted, Yggdrasil-compatible auth + skin server. Drop-in Mojang replacement
|
||||||
via authlib-injector. Image: `unmojang/drasl:latest`. Reached only through Caddy
|
via authlib-injector. Image: `unmojang/drasl:latest`. Reached only through Caddy
|
||||||
at `auth.ulicraft.local`; no host port.
|
at `auth.ulicraft.net`; no host port.
|
||||||
|
|
||||||
**OIDC/Keycloak is OUT for now** — drasl runs in **password-login** mode
|
**OIDC/Keycloak is OUT for now** — drasl runs in **password-login** mode
|
||||||
(`AllowPasswordLogin = true`). Admin + guests register with a username/password on
|
(`AllowPasswordLogin = true`). Admin + guests register with a username/password on
|
||||||
@@ -16,13 +16,16 @@ Config is **TOML only** (no env var support). So `config.toml` is rendered from
|
|||||||
## config.toml.tmpl (key fields)
|
## config.toml.tmpl (key fields)
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
BaseURL = "http://auth.${BASE_DOMAIN}"
|
BaseURL = "https://auth.${BASE_DOMAIN}" # public scheme is HTTPS (nginx TLS)
|
||||||
Domain = "auth.${BASE_DOMAIN}"
|
Domain = "auth.${BASE_DOMAIN}"
|
||||||
ListenAddress = "0.0.0.0:25585" # internal; Caddy proxies
|
ListenAddress = "0.0.0.0:25585" # internal; Caddy proxies
|
||||||
DefaultAdminUsernames = ["admin"]
|
DefaultAdmins = ["admin"] # NOT DefaultAdminUsernames (see gotchas)
|
||||||
|
|
||||||
AllowPasswordLogin = true
|
AllowPasswordLogin = true
|
||||||
|
|
||||||
|
# Top-level — NOT under any [Section] (see gotchas).
|
||||||
|
CORSAllowOrigins = ["https://${BASE_DOMAIN}"]
|
||||||
|
|
||||||
[ApplicationOwner]
|
[ApplicationOwner]
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
@@ -35,9 +38,31 @@ AllowPasswordLogin = true
|
|||||||
- **1.21+ secure profile**: drasl `SignPublicKeys = false` MUST pair with server
|
- **1.21+ secure profile**: drasl `SignPublicKeys = false` MUST pair with server
|
||||||
`ENFORCE_SECURE_PROFILE=FALSE`. Linked — both or neither.
|
`ENFORCE_SECURE_PROFILE=FALSE`. Linked — both or neither.
|
||||||
- **authlib endpoint** = `BaseURL` + `/authlib-injector` →
|
- **authlib endpoint** = `BaseURL` + `/authlib-injector` →
|
||||||
`http://auth.ulicraft.local/authlib-injector`. Must match on server and client.
|
`http://auth.ulicraft.net/authlib-injector`. Must match on server and client.
|
||||||
Network alias makes this identical inside/outside the stack.
|
Network alias makes this identical inside/outside the stack.
|
||||||
- **`Domain` affects skins** — if wrong, authlib clients may not see skins.
|
- **`Domain` affects skins** — if wrong, authlib clients may not see skins.
|
||||||
|
- **Config keys are validated loosely — wrong keys are silently ignored** (drasl
|
||||||
|
logs `Warning: unknown config option <key>` and moves on). Two that bit us:
|
||||||
|
- Admin list key is **`DefaultAdmins`** (top-level), NOT `DefaultAdminUsernames`
|
||||||
|
(that key never existed → no admin → admin-only routes like `GET /players`
|
||||||
|
return 403).
|
||||||
|
- **`CORSAllowOrigins` must be top-level**, before any `[Section]`. Placed after
|
||||||
|
a table header it parses as `<table>.CORSAllowOrigins`, is ignored, and the
|
||||||
|
API serves no CORS headers → landing register/account browser calls blocked.
|
||||||
|
- `RateLimit.Burst` is valid in drasl master but warns on `unmojang/drasl:latest`
|
||||||
|
(image lags) — harmless.
|
||||||
|
- **First-admin bootstrap with invite mode on is a chicken-egg.** `DefaultAdmins`
|
||||||
|
only promotes the account at startup reconciliation, and `POST /drasl/api/v2/users`
|
||||||
|
is invite-gated (admins do NOT bypass the *register* endpoint). To create the
|
||||||
|
first admin: temporarily set `RequireInvite = false` in the rendered config,
|
||||||
|
`docker compose restart drasl`, `POST /users` to register `admin`, then revert +
|
||||||
|
restart (always trap-revert). API recap: `POST /login {username,password}` →
|
||||||
|
`{apiToken}`; admin-only `GET /players` with `Authorization: Bearer <token>`.
|
||||||
|
- **NMSR avatars need https + a host-gateway pin** (see `plan/19-routes.md`).
|
||||||
|
Drasl's profile embeds **https** skin URLs (BaseURL is https). NMSR reaches
|
||||||
|
those via `extra_hosts: auth.${BASE_DOMAIN}:host-gateway` (host nginx :443, real
|
||||||
|
LE cert) with https mojank endpoints. Without it the skin fetch Connect-fails to
|
||||||
|
caddy:443 and every avatar renders the DEFAULT skin.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
@@ -47,6 +72,7 @@ AllowPasswordLogin = true
|
|||||||
- [ ] Wire `render-config.sh` → `drasl/config/config.toml` (gitignored)
|
- [ ] Wire `render-config.sh` → `drasl/config/config.toml` (gitignored)
|
||||||
- [ ] Remove drasl host port from compose (internal only)
|
- [ ] Remove drasl host port from compose (internal only)
|
||||||
- [ ] Update compose: drasl on `mcnet`, no `25585:25585` publish
|
- [ ] Update compose: drasl on `mcnet`, no `25585:25585` publish
|
||||||
- [ ] Bootstrap admin account on first run; create guest accounts
|
- [x] Bootstrap admin account (`admin`, done 2026-06-10 via invite-flip; creds in
|
||||||
|
cochi `.env` for the mc-status roster). Create guest accounts as needed.
|
||||||
- [ ] Verify authlib endpoint responds through Caddy
|
- [ ] Verify authlib endpoint responds through Caddy
|
||||||
- [ ] Future: re-add `[[RegistrationOIDC]]` Keycloak block + secret file
|
- [ ] Future: re-add `[[RegistrationOIDC]]` Keycloak block + secret file
|
||||||
|
|||||||
@@ -1,80 +0,0 @@
|
|||||||
# Blessing Skin — auth + skin server (Drasl alternative)
|
|
||||||
|
|
||||||
## Summary
|
|
||||||
|
|
||||||
Drop-in alternative to Drasl (`plan/03-drasl.md`). Blessing Skin Server (BSS) is
|
|
||||||
a PHP skin station; the **yggdrasil-api plugin** gives it a Yggdrasil API that
|
|
||||||
authlib-injector talks to — same end result as Drasl, different internals.
|
|
||||||
|
|
||||||
Run it as an override **instead of** Drasl:
|
|
||||||
|
|
||||||
```
|
|
||||||
docker compose -f docker-compose.yml -f docker-compose.blessingskin.yml up -d
|
|
||||||
```
|
|
||||||
|
|
||||||
The override (`docker-compose.blessingskin.yml`) repoints Caddy's `auth.*` vhost
|
|
||||||
at `blessing-skin:80`, adds `mariadb` + `blessing-skin`, and switches the
|
|
||||||
Minecraft authlib endpoint to `/api/yggdrasil`. Drasl stays defined but idle and
|
|
||||||
unreachable (compose merges `depends_on`, so an override can't remove it);
|
|
||||||
`docker compose … stop drasl` after up if you want it down.
|
|
||||||
|
|
||||||
## Drasl vs Blessing Skin — what changes
|
|
||||||
|
|
||||||
| | Drasl | Blessing Skin |
|
|
||||||
|---|---|---|
|
|
||||||
| Backend | single Go binary | PHP app + **MariaDB** (no SQLite) |
|
|
||||||
| Config | rendered `config.toml` | **web install wizard** + DB |
|
|
||||||
| Yggdrasil API | built in | **yggdrasil-api plugin** (install + enable) |
|
|
||||||
| authlib endpoint | `…/authlib-injector` | `…/api/yggdrasil` |
|
|
||||||
| OIDC/Keycloak | supported (future) | not native (OAuth plugins exist) |
|
|
||||||
| Server online-mode | repo used FALSE | **TRUE** (real session validation) |
|
|
||||||
|
|
||||||
## Setup (first run)
|
|
||||||
|
|
||||||
1. `cp .env.example .env`, fill the `BS_*` vars. Generate `BS_APP_KEY`:
|
|
||||||
```
|
|
||||||
docker run --rm azusamikan/blessing-skin-server-docker:latest \
|
|
||||||
php artisan key:generate --show
|
|
||||||
```
|
|
||||||
2. Bring the stack up with the override (command above).
|
|
||||||
3. Open `http://auth.${BASE_DOMAIN}` → BSS install wizard. DB host = `mariadb`,
|
|
||||||
port `3306`, name/user/pass = the `BS_*` values. Create the admin account.
|
|
||||||
4. Admin panel → **Plugins → Plugin Market** → install **yggdrasil-api** →
|
|
||||||
enable it. (Needs internet; for air-gap, pre-place the plugin jar/zip into
|
|
||||||
the `bs_plugins` volume.) After enabling, the API root is live at
|
|
||||||
`http://auth.${BASE_DOMAIN}/api/yggdrasil`.
|
|
||||||
5. Each player: register on the BSS site, add a character whose name == their
|
|
||||||
in-game player name, upload a skin.
|
|
||||||
6. Restart minecraft if it came up before the plugin was enabled.
|
|
||||||
|
|
||||||
## Client (Prism / authlib-injector)
|
|
||||||
|
|
||||||
- authlib-injector URL: `http://auth.${BASE_DOMAIN}/api/yggdrasil`
|
|
||||||
- Login = BSS **email + password** (BSS uses email as the account id).
|
|
||||||
- Must match the server's `-javaagent` arg exactly (same host + path).
|
|
||||||
|
|
||||||
## Gotchas
|
|
||||||
|
|
||||||
- **`/api/yggdrasil`, not `/authlib-injector`.** Wrong path → silent "Invalid
|
|
||||||
session". Server `JVM_OPTS` and every client must agree.
|
|
||||||
- **ONLINE_MODE=TRUE.** authlib-injector only authenticates when online-mode is
|
|
||||||
on; the server then validates the join against BSS. (The Drasl variant in this
|
|
||||||
repo set FALSE — do not copy that here.)
|
|
||||||
- **Secure profile (1.21+).** Override ships `ENFORCE_SECURE_PROFILE=FALSE` for
|
|
||||||
safety. yggdrasil-api *does* sign profile keys, so TRUE may work — flip and
|
|
||||||
test if signed chat matters; revert on "Invalid signature".
|
|
||||||
- **APP_KEY must persist.** Set `BS_APP_KEY` in `.env`. Losing it invalidates
|
|
||||||
all sessions and breaks encrypted data.
|
|
||||||
- **DB is the source of truth.** `bs_db` volume holds accounts; `bs_storage`
|
|
||||||
holds skins; `bs_plugins` holds the yggdrasil-api plugin. Back these up.
|
|
||||||
- **Air-gap:** the plugin market needs internet. Install + enable yggdrasil-api
|
|
||||||
while online (it persists in `bs_plugins`), or stage the plugin manually.
|
|
||||||
|
|
||||||
## Image note
|
|
||||||
|
|
||||||
`azusamikan/blessing-skin-server-docker:latest` is a community image and the
|
|
||||||
env-var names (`DB_*`, `APP_KEY`) may differ slightly by tag — if auto-config
|
|
||||||
doesn't take, the web wizard is the reliable path. Official source:
|
|
||||||
https://github.com/bs-community/blessing-skin-server ,
|
|
||||||
plugin: https://github.com/bs-community/yggdrasil-api , authlib-injector setup:
|
|
||||||
https://github.com/bs-community/blessing-skin-manual/blob/master/man/yggdrasil-api/authlib-injector.md
|
|
||||||
212
plan/04-mods.md
Normal file
212
plan/04-mods.md
Normal file
@@ -0,0 +1,212 @@
|
|||||||
|
# 04 — Mods (custom volume, distribution-fed)
|
||||||
|
|
||||||
|
> **Supersedes `04-packwiz.md`.** packwiz is being removed. This describes the
|
||||||
|
> replacement: the server loads mods from a filtered local volume; clients keep
|
||||||
|
> getting the full set from the HeliosLauncher `distribution.json`.
|
||||||
|
|
||||||
|
## Why drop packwiz
|
||||||
|
|
||||||
|
- The packwiz index tracked only **9** mods while the real modset (76 jars) lives
|
||||||
|
in the distribution repo — packwiz was half-built and stale.
|
||||||
|
- Manual packwiz curation (`.tmpl` render → `refresh` → re-hash) is the flagged
|
||||||
|
pain point, and a single missing file (`custom/.gitkeep`) crashlooped the
|
||||||
|
server (404 → installer aborts → minecraft never starts).
|
||||||
|
- The launcher (HeliosLauncher) already distributes mods to clients via a
|
||||||
|
Nebula-generated `distribution.json`. That is the canonical client mod list.
|
||||||
|
The server just needs the same jars, minus client-only ones.
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
```
|
||||||
|
ulicraft-distribution/dist (another repo, = $DISTRIBUTION_WEB_ROOT)
|
||||||
|
servers/ulicraft-1.21.1/
|
||||||
|
forgemods/required/*.jar ← 76 jars, Nebula-managed (SOURCE OF TRUTH)
|
||||||
|
distribution.json ← generated by Nebula; CLIENT install list
|
||||||
|
│ │
|
||||||
|
│ caddy distribution. vhost │ HeliosLauncher reads it →
|
||||||
|
▼ ▼ installs ALL listed mods (client)
|
||||||
|
guests' launcher ◄───────────────────────────────────
|
||||||
|
|
||||||
|
ulicraft-server (this repo)
|
||||||
|
mods-sides.json ← { "<jar>": "client|server|both" } (committed, editable)
|
||||||
|
tooling/classify-mods ← tomllib: seeds/updates mods-sides.json from jar manifests
|
||||||
|
tooling/sync-server-mods ← copies both+server jars from $DIST → ./server-mods/
|
||||||
|
server-mods/ (gitignored) ──mount──► minecraft /mods (REMOVE_OLD_MODS=TRUE)
|
||||||
|
```
|
||||||
|
|
||||||
|
- **Client distribution: unchanged.** HeliosLauncher installs everything in
|
||||||
|
`distribution.json`. No packwiz, no client zip.
|
||||||
|
- **Server: filtered subset.** Only `both` + `server` jars are copied into the
|
||||||
|
mounted `server-mods/`. `client`-tagged jars never reach the server.
|
||||||
|
- **Single source of jars:** `$DISTRIBUTION_WEB_ROOT/.../forgemods/required/`.
|
||||||
|
This repo stores no jars — only `mods-sides.json`.
|
||||||
|
|
||||||
|
## Classification — tomllib only (no Modrinth)
|
||||||
|
|
||||||
|
`tooling/classify-mods.py` reads each jar's `META-INF/neoforge.mods.toml` with
|
||||||
|
Python `tomllib` and derives a side from the **`minecraft`/`neoforge` dependency
|
||||||
|
`side`** (the field modders use to declare a mod's environment):
|
||||||
|
|
||||||
|
| manifest signal | derived side |
|
||||||
|
|---|---|
|
||||||
|
| `minecraft` (or `neoforge`) dep `side = "CLIENT"` | `client` |
|
||||||
|
| dep `side = "SERVER"` | `server` |
|
||||||
|
| dep `side = "BOTH"`, unspecified, or no manifest | `both` (default) |
|
||||||
|
|
||||||
|
Output is **merged** into `mods-sides.json`: existing (human-edited) entries are
|
||||||
|
**preserved**; only new/unknown jars get a derived default. So the file is a
|
||||||
|
one-time seed + permanent manual override surface. New jars default to `both`
|
||||||
|
(your chosen default) unless their manifest says otherwise.
|
||||||
|
|
||||||
|
### Accuracy + the manual step (important)
|
||||||
|
|
||||||
|
tomllib reliably catches **hard client-only** mods — ones that declare their
|
||||||
|
`minecraft`/`neoforge` dep as `CLIENT` (e.g. `sodium`, `iris`). Those are exactly
|
||||||
|
the mods that refuse/break on a dedicated server, so the must-exclude set is
|
||||||
|
handled automatically.
|
||||||
|
|
||||||
|
It will **not** auto-exclude client-*cosmetic* mods that declare `BOTH` in their
|
||||||
|
manifest (e.g. `BetterF3`, `entityculling`, `sodium-extra`, `entity_texture_features`,
|
||||||
|
`entity_model_features`, `ImmediatelyFast`, `drippyloadingscreen`, `melody`,
|
||||||
|
`welcomescreen`, `Controlling`, `MouseTweaks`, `Searchables`, `tagtooltips`,
|
||||||
|
`JustEnoughResources`, `TravelersTitles`, `BridgingMod`, `ponderjs`,
|
||||||
|
`yeetusexperimentus`). These load on the server harmlessly (wasted RAM, no crash)
|
||||||
|
unless you mark them `client` in `mods-sides.json`. **That manual curation is the
|
||||||
|
"filter manually" step** — `classify-mods` seeds, you trim cosmetic-client mods.
|
||||||
|
|
||||||
|
Also worth an explicit decision in the override file:
|
||||||
|
- `CustomSkinLoader` — server doesn't need it (skins resolve via Drasl/authlib);
|
||||||
|
set `client` to keep it off the server.
|
||||||
|
|
||||||
|
## `mods-sides.json` format
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"jei-1.21.1-neoforge-19.27.0.340.jar": "both",
|
||||||
|
"sodium-neoforge-0.8.12-alpha.4+mc1.21.1.jar": "client",
|
||||||
|
"ftb-essentials-neoforge-2101.1.9.jar": "both",
|
||||||
|
"rightclickharvest-neoforge-4.6.1+1.21.1.jar": "server"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Key = exact jar filename (matches `forgemods/required/*.jar`). Value ∈
|
||||||
|
`client | server | both`. Hand-edit freely; `classify-mods` won't clobber it.
|
||||||
|
|
||||||
|
## Tooling
|
||||||
|
|
||||||
|
### `tooling/classify-mods.py` (dev-time, no network)
|
||||||
|
1. Enumerate `$DISTRIBUTION_WEB_ROOT/servers/ulicraft-1.21.1/forgemods/required/*.jar`.
|
||||||
|
2. For each jar not already in `mods-sides.json`: parse manifest → derive side
|
||||||
|
(table above) → add entry.
|
||||||
|
3. Report: counts per side, and **which jars were defaulted to `both`** (so you
|
||||||
|
know what to review). Never overwrites existing entries.
|
||||||
|
4. Optionally warn on entries in `mods-sides.json` whose jar no longer exists.
|
||||||
|
|
||||||
|
### `tooling/sync-server-mods.sh` (deploy-time, offline) — replaces `render-pack.sh`
|
||||||
|
1. Read `mods-sides.json`.
|
||||||
|
2. `mkdir -p server-mods`; for each `both`/`server` jar, copy from
|
||||||
|
`$DISTRIBUTION_WEB_ROOT/.../forgemods/required/` → `server-mods/`.
|
||||||
|
3. Remove any `server-mods/*.jar` not currently selected (keeps it authoritative;
|
||||||
|
`REMOVE_OLD_MODS=TRUE` in the container also enforces this on `/data/mods`).
|
||||||
|
4. **Halt** (non-zero exit) if a selected jar is missing from `$DIST`, or if
|
||||||
|
`mods-sides.json` is absent — cautious, no silent partial sync.
|
||||||
|
|
||||||
|
## docker-compose.yml changes
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# remove:
|
||||||
|
# PACKWIZ_URL: ...
|
||||||
|
# extra_hosts: pack.${BASE_DOMAIN}:host-gateway (auth. stays — authlib)
|
||||||
|
environment:
|
||||||
|
MODS_FILE: "" # ensure unset
|
||||||
|
REMOVE_OLD_MODS: "TRUE" # mounted folder is authoritative
|
||||||
|
volumes:
|
||||||
|
- mc_data:/data
|
||||||
|
- ./runtime:/extras:ro
|
||||||
|
- ./server-mods:/mods:ro # itzg auto-syncs /mods → /data/mods
|
||||||
|
```
|
||||||
|
|
||||||
|
`depends_on: caddy` can drop (server no longer fetches `pack.` at boot); keep
|
||||||
|
`drasl` (authlib). `pack.` caddy vhost + the `./pack`/`./custom` mounts become
|
||||||
|
dead — remove in the same pass.
|
||||||
|
|
||||||
|
## Deploy flow (updated `plan/14`)
|
||||||
|
|
||||||
|
```
|
||||||
|
git pull --ff-only
|
||||||
|
tooling/render-config.sh # drasl/nmsr/etc. (unchanged)
|
||||||
|
tooling/sync-server-mods.sh # NEW — replaces render-pack.sh
|
||||||
|
tooling/fetch-authlib.sh
|
||||||
|
docker compose down --remove-orphans
|
||||||
|
docker compose up -d --build
|
||||||
|
```
|
||||||
|
|
||||||
|
`$DISTRIBUTION_WEB_ROOT` must be present on the host (already is — caddy mounts
|
||||||
|
it). `classify-mods.py` is a dev step run when the modset changes; it is **not**
|
||||||
|
in the deploy path (keeps deploy offline + deterministic).
|
||||||
|
|
||||||
|
## Decommission checklist (on execution)
|
||||||
|
|
||||||
|
Done at first cutover (commits `27237bc`, `84196d5`, `c249172`):
|
||||||
|
- [x] `tooling/classify-mods.py` + generated initial `mods-sides.json`.
|
||||||
|
- [x] `tooling/sync-server-mods.sh`.
|
||||||
|
- [x] compose: dropped `PACKWIZ_URL`, `pack.` extra_host, `./pack`/`./custom`
|
||||||
|
mounts, `pack.` caddy vhost; added `server-mods` mount + `REMOVE_OLD_MODS`.
|
||||||
|
- [x] deleted `tooling/render-pack.sh` (+ dead `add-custom-mod.sh`).
|
||||||
|
- [x] deleted `pack/` and `custom/` (jars now sourced from `$DIST`).
|
||||||
|
- [x] `.gitignore`: dropped packwiz lines; added `server-mods/`.
|
||||||
|
- [x] superseded `plan/04-packwiz.md`; updated `05-minecraft.md`, `14-deploy.md`,
|
||||||
|
`CLAUDE.md`.
|
||||||
|
- [x] resolved the host-local divergence around `pack/`
|
||||||
|
([[cochi-host-local-divergence]]).
|
||||||
|
- [ ] **STILL OPEN (roadmap):** landing join steps still reference the dead
|
||||||
|
`pack.toml` URL (`site.ts packwizUrl`, `i18n/ui.ts` step 3) — rework around
|
||||||
|
the HeliosLauncher/`distribution.json` flow.
|
||||||
|
- [x] deployed to `cochi`: NeoForge bumped to 21.1.233, 52 server mods, `Done`,
|
||||||
|
mc-status `online:true`.
|
||||||
|
|
||||||
|
## Deployment gotchas (learned 2026-06-10, first cutover)
|
||||||
|
|
||||||
|
### NeoForge version MUST match the distribution
|
||||||
|
The distribution's mods are built against a specific NeoForge (in
|
||||||
|
`distribution.json` → `21.1.233`). Several hard-require it (ferritecore ≥21.1.218,
|
||||||
|
farmersdelight ≥21.1.219, configured ≥21.1.211). A lower `NEOFORGE_VERSION` pin
|
||||||
|
fails pre-load with `Missing or unsupported mandatory dependencies: neoforge`.
|
||||||
|
Keep `docker-compose.yml`'s pin in lockstep with the distribution on every mod
|
||||||
|
update.
|
||||||
|
|
||||||
|
### Client-only mods that declare `BOTH` crash the dedicated server
|
||||||
|
tomllib classifies by the `minecraft`/`neoforge` dependency `side`. Mods that
|
||||||
|
declare **`BOTH`** but are actually client-only (touch `net.minecraft.client.*`)
|
||||||
|
pass through as `both`, load on the server, and crash hard:
|
||||||
|
|
||||||
|
```
|
||||||
|
java.lang.RuntimeException: Attempted to load class
|
||||||
|
net/minecraft/client/gui/screens/Screen for invalid dist DEDICATED_SERVER
|
||||||
|
- <Mod> has failed to load correctly
|
||||||
|
```
|
||||||
|
|
||||||
|
This is **not** mere RAM waste — it's a fatal crashloop. tomllib cannot detect
|
||||||
|
it (the manifest lies). **Fix = hand-set the mod to `client` in
|
||||||
|
`mods-sides.json`, re-sync, recreate minecraft.** First cutover required marking
|
||||||
|
these (leaf client-GUI mods, nothing server-loaded depends on them):
|
||||||
|
`BetterF3, JustEnoughResources, MouseTweaks, Searchables, TravelersTitles,
|
||||||
|
drippyloadingscreen, entityculling, fancymenu, konkrete, melody, ponderjs,
|
||||||
|
welcomescreen, yeetusexperimentus` — on top of the 11 tomllib auto-caught
|
||||||
|
(sodium, sodium-extra, iris, ImmediatelyFast, appleskin, Controlling, BridgingMod,
|
||||||
|
CustomSkinLoader, entity_model_features, entity_texture_features, tagtooltips).
|
||||||
|
|
||||||
|
**Current state: 24 `client` / 52 `both`.** The 52 may still hide a client-only
|
||||||
|
mod that loaded without crashing; if a future restart trips another
|
||||||
|
`invalid dist DEDICATED_SERVER`, flip that one jar to `client` and re-sync — same
|
||||||
|
one-line loop. When excluding, prefer leaf mods; if a `both` mod hard-depends on
|
||||||
|
the one you exclude you'll get a `Missing mandatory dependency` instead — put it
|
||||||
|
back.
|
||||||
|
|
||||||
|
## Open questions / risks
|
||||||
|
|
||||||
|
- **No manifest** in a jar → defaults `both`. Acceptable; review the defaulted
|
||||||
|
list `classify-mods` prints.
|
||||||
|
- **Nebula regen** may rename jars (version bumps) → `mods-sides.json` keys go
|
||||||
|
stale; `classify-mods` re-seeds new names as `both`, and `sync` warns on
|
||||||
|
missing-from-DIST. Re-curate on big mod updates.
|
||||||
@@ -1,48 +1,7 @@
|
|||||||
# packwiz — modpack source of truth + offline mod mirror
|
# packwiz — modpack source of truth (SUPERSEDED)
|
||||||
|
|
||||||
## Summary
|
> **Superseded by [`04-mods.md`](04-mods.md).** packwiz has been removed.
|
||||||
|
> The server now loads a filtered mod subset from a local `server-mods/` volume
|
||||||
`packwiz` (installed at `~/go/bin/packwiz`) authors the modpack. The `./pack`
|
> (synced from the distribution repo by `tooling/sync-server-mods.sh`); clients
|
||||||
directory is the **single source of truth** for mods, consumed by both:
|
> still get the full set from the HeliosLauncher `distribution.json`.
|
||||||
- the **server** (itzg `PACKWIZ_URL`), and
|
> See `04-mods.md` for the current design.
|
||||||
- **clients** (Fjord launcher imports the pack / packwiz-installer).
|
|
||||||
|
|
||||||
Caddy serves `./pack` at `packwiz.ulicraft.local`. packwiz only emits **metadata**
|
|
||||||
(`pack.toml`, `index.toml`, `mods/*.pw.toml`); the `.pw.toml` files reference
|
|
||||||
Modrinth/CF **CDN URLs**, so true offline requires mirroring jars locally.
|
|
||||||
|
|
||||||
## Behaviors confirmed
|
|
||||||
|
|
||||||
- **Prune**: packwiz-installer tracks a manifest and **removes** client mods no
|
|
||||||
longer in the index on re-run. (Server side via itzg likewise re-syncs.)
|
|
||||||
- **Download source**: jars come from CDN URLs in `.pw.toml`, NOT the pack host —
|
|
||||||
unless URLs are rewritten to the local mirror.
|
|
||||||
- **itzg side filtering**: itzg downloads **server-side mods only**. Client-only
|
|
||||||
mods MUST be tagged `side = "client"` (not `both`) or the server may pull and
|
|
||||||
crash on them.
|
|
||||||
|
|
||||||
## Offline mod mirror (the key work)
|
|
||||||
|
|
||||||
`tooling/mirror-mods.sh` (see `08-tooling.md`):
|
|
||||||
1. Parse each `mods/*.pw.toml`, download the jar into `./mirror/mods/`.
|
|
||||||
2. Copy jars into `./pack/mods-files/` (served at `packwiz.ulicraft.local/...`).
|
|
||||||
3. Rewrite each `[download] url` to point at `http://packwiz.ulicraft.local/...`.
|
|
||||||
4. `packwiz refresh` to recompute hashes/index.
|
|
||||||
|
|
||||||
Result: server + clients install mods entirely from the LAN. No CDN at party time.
|
|
||||||
|
|
||||||
## NeoForge pinning
|
|
||||||
|
|
||||||
`pack.toml` pins MC `1.21.1` + NeoForge `21.1.x`. Verify exact NeoForge build
|
|
||||||
against projects.neoforged.net before locking.
|
|
||||||
|
|
||||||
## Tasks
|
|
||||||
|
|
||||||
- [ ] `packwiz init` → `./pack` (MC 1.21.1, modloader neoforge, pinned version)
|
|
||||||
- [ ] Curate mod shortlist (perf/tech/magic/storage/QoL/worldgen/map/voice)
|
|
||||||
- [ ] Tag client-only mods `side = "client"`
|
|
||||||
- [ ] `packwiz refresh`; verify `index.toml` committed (clients fetch it)
|
|
||||||
- [ ] Write `tooling/mirror-mods.sh` (vendor jars + rewrite URLs + refresh)
|
|
||||||
- [ ] Point server `PACKWIZ_URL=http://packwiz.ulicraft.local/pack.toml`
|
|
||||||
- [ ] `.gitignore` the vendored `./mirror/` jars; keep `./pack/*.toml` tracked
|
|
||||||
- [ ] Test offline install end-to-end (cut internet, install on a fresh client)
|
|
||||||
|
|||||||
@@ -1,52 +1,126 @@
|
|||||||
# Minecraft server — itzg NeoForge + offline launch
|
# Minecraft server — itzg NeoForge
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
`itzg/minecraft-server:java21`, NeoForge 1.21.1, offline-mode + authlib-injector
|
`itzg/minecraft-server:java21`, NeoForge 1.21.1, offline-mode + authlib-injector
|
||||||
pointing at drasl. Mods via `PACKWIZ_URL`. The challenge: **itzg re-resolves Mojang
|
pointing at drasl. Mods come from a local `./server-mods` volume (mounted at
|
||||||
version metadata on every boot** (issue #2340), so it cannot air-gap-boot in
|
`/mods`), NOT packwiz — see `04-mods.md`. itzg installs MC + NeoForge + libraries
|
||||||
`TYPE=NEOFORGE` mode. Solved with a pre-bake + custom-launch switch.
|
on first boot and auto-syncs `/mods` → `/data/mods` every boot; the stack assumes
|
||||||
|
the internet is present (for the NeoForge installer), so `TYPE=NEOFORGE` boots
|
||||||
|
normally every time.
|
||||||
|
|
||||||
## Offline strategy (two phases)
|
## Server config
|
||||||
|
|
||||||
**Phase 1 — pre-bake (online, once):**
|
|
||||||
```
|
```
|
||||||
TYPE=NEOFORGE, VERSION=1.21.1, NEOFORGE_VERSION=21.1.x
|
TYPE=NEOFORGE, VERSION=1.21.1, NEOFORGE_VERSION=21.1.x
|
||||||
PACKWIZ_URL=http://packwiz.ulicraft.local/pack.toml
|
REMOVE_OLD_MODS=TRUE # ./server-mods is the authoritative mod set
|
||||||
|
volume ./server-mods:/mods:ro
|
||||||
```
|
```
|
||||||
Boot once with internet → installs MC + NeoForge + libraries + server mods into
|
|
||||||
the `mc_data` volume, generates NeoForge's launch args/`run.sh`.
|
|
||||||
|
|
||||||
**Phase 2 — offline launch (party):**
|
`./server-mods` is populated by `tooling/sync-server-mods.sh` (the `both`/`server`
|
||||||
Switch to `TYPE=CUSTOM` + `CUSTOM_SERVER=<container path>` pointing at the
|
subset of `mods-sides.json`, copied from `$DISTRIBUTION_WEB_ROOT`). First boot
|
||||||
already-installed NeoForge launcher in `/data`. A **container path (not URL)**
|
installs MC + NeoForge + libraries into the `mc_data` volume; every boot itzg
|
||||||
means no download, no Mojang resolution → boots air-gapped, survives restarts.
|
mirrors `/mods` into `/data/mods` and prunes removed ones (`REMOVE_OLD_MODS`).
|
||||||
|
|
||||||
> OPEN: NeoForge 1.21.1 launches via `@libraries/.../unix_args.txt` / `run.sh`,
|
## Auth / config
|
||||||
> not a single fat jar. Exact `CUSTOM_SERVER` target + any `EXTRA_ARGS` must be
|
|
||||||
> verified against a real pre-baked volume. Tracked as a task.
|
|
||||||
|
|
||||||
## Auth / config (carry-over)
|
|
||||||
|
|
||||||
```
|
```
|
||||||
ONLINE_MODE=FALSE
|
ONLINE_MODE=TRUE
|
||||||
ENFORCE_SECURE_PROFILE=FALSE # pairs with drasl SignPublicKeys=false
|
ENFORCE_SECURE_PROFILE=FALSE # pairs with drasl SignPublicKeys=false
|
||||||
JVM_OPTS=-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/authlib-injector
|
JVM_OPTS=-javaagent:/extras/authlib-injector.jar=http://auth.${BASE_DOMAIN}/authlib-injector
|
||||||
```
|
```
|
||||||
authlib URL uses the `auth` subdomain; resolves internally via Caddi alias.
|
authlib URL uses the `auth` subdomain; resolves internally via the caddy alias.
|
||||||
(Server still needs the agent even though Fjord clients have it built in.)
|
(Server still needs the agent even though Fjord clients have it built in.)
|
||||||
|
|
||||||
|
**`ONLINE_MODE` MUST be true.** authlib-injector works by redirecting the
|
||||||
|
server's normal online-auth handshake from Mojang to Drasl. With
|
||||||
|
`ONLINE_MODE=FALSE` the server skips that handshake entirely → players get
|
||||||
|
offline-hash UUIDs, no session validation, and **no skins** (the server never
|
||||||
|
fetches textures from Drasl). The thing that must stay *off* for 1.21+ is the
|
||||||
|
**secure profile** (`ENFORCE_SECURE_PROFILE=FALSE` + Drasl `SignPublicKeys=false`),
|
||||||
|
not online-mode. Symptom of getting this wrong: everyone can join but everyone is
|
||||||
|
Steve, and `usercache.json` shows offline-hash UUIDs.
|
||||||
|
|
||||||
Memory: `INIT_MEMORY 4G`, `MAX_MEMORY 10G`, `USE_AIKAR_FLAGS TRUE`.
|
Memory: `INIT_MEMORY 4G`, `MAX_MEMORY 10G`, `USE_AIKAR_FLAGS TRUE`.
|
||||||
RCON enabled for mc-backup.
|
RCON enabled for mc-backup.
|
||||||
|
|
||||||
|
## Server operators (OP)
|
||||||
|
|
||||||
|
**Do NOT use the itzg `OPS` env var.** It resolves usernames to UUIDs via a
|
||||||
|
Mojang lookup, but this server is `ONLINE_MODE=TRUE` validated against Drasl —
|
||||||
|
Drasl assigns its own UUIDs (not Mojang, not the offline-hash). A Mojang-resolved UUID
|
||||||
|
would not match the player's real session UUID, so the op entry would be inert
|
||||||
|
(and could clobber a correct `ops.json` on reboot).
|
||||||
|
|
||||||
|
**Op via RCON instead.** The player must have connected at least once so their
|
||||||
|
real Drasl UUID is cached in `/data/usercache.json`; then `op <name>` writes that
|
||||||
|
cached UUID to `ops.json`. On the host:
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh cochi
|
||||||
|
docker exec minecraft rcon-cli list # confirm cache / who's on
|
||||||
|
docker exec minecraft sh -c 'cat /data/usercache.json' # verify name→UUID cached
|
||||||
|
docker exec minecraft rcon-cli op <name>
|
||||||
|
docker exec minecraft sh -c 'cat /data/ops.json' # verify level 4 + right UUID
|
||||||
|
```
|
||||||
|
|
||||||
|
`ops.json` lives in the `mc_data` volume → persists across restarts; no reboot
|
||||||
|
needed (takes effect live). Current op: `oier`
|
||||||
|
(`7fbc9adb-bcf4-3913-9a99-46d46acd1009`), level 4, set 2026-06-21.
|
||||||
|
|
||||||
|
## Simple Voice Chat — `voice_host` (NOT repo-tracked)
|
||||||
|
|
||||||
|
Voice chat is UDP `24454/udp`, published in compose. The mod auto-generates
|
||||||
|
`/data/config/voicechat/voicechat-server.properties` in the `mc_data` volume.
|
||||||
|
|
||||||
|
**Gotcha — `voice_host` must be set or remote clients get a red/crossed icon.**
|
||||||
|
Behind any NAT/Docker the server announces an address for clients' UDP
|
||||||
|
connection; if `voice_host=` is empty it auto-detects the internal Docker IP →
|
||||||
|
unreachable → the secret (TCP) is sent but the UDP handshake never completes
|
||||||
|
("Sent secret" with no following "successfully connected to voice chat").
|
||||||
|
|
||||||
|
Set on prod:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker exec minecraft sed -i 's/^voice_host=.*/voice_host=ulicraft.net/' \
|
||||||
|
/data/config/voicechat/voicechat-server.properties
|
||||||
|
docker restart minecraft # mod reads props only at startup
|
||||||
|
```
|
||||||
|
|
||||||
|
**⚠️ This value lives in the `mc_data` volume, NOT auto-managed from this repo.**
|
||||||
|
It survives restarts and `compose down/up`, but a **world wipe / fresh `mc_data`**
|
||||||
|
regenerates the file with `voice_host=` empty → voice silently breaks again.
|
||||||
|
|
||||||
|
A known-good prod snapshot is committed at
|
||||||
|
`server-configs/voicechat-server.properties` (reference copy, `voice_host=ulicraft.net`).
|
||||||
|
After a world reset, either re-run the `sed` + `docker restart` above, or restore
|
||||||
|
the snapshot:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker cp server-configs/voicechat-server.properties \
|
||||||
|
minecraft:/data/config/voicechat/voicechat-server.properties
|
||||||
|
docker restart minecraft
|
||||||
|
```
|
||||||
|
|
||||||
|
(Snapshot is not auto-mounted — to make it durable, add a bind mount of
|
||||||
|
`server-configs/voicechat-server.properties` into `/data/config/voicechat/` in
|
||||||
|
compose.)
|
||||||
|
|
||||||
|
Verify after a client joins:
|
||||||
|
`docker logs minecraft 2>&1 | grep -i "connected to voice"` → expect
|
||||||
|
`Player <name> ... successfully connected to voice chat`.
|
||||||
|
|
||||||
|
Note: a red voice icon can ALSO be client-side — a VPN/zero-trust client
|
||||||
|
(Cloudflare One/WARP, FortiClient) on the player's machine silently drops the
|
||||||
|
voice UDP. Rule out VPNs before touching the server.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
- [ ] Compose: switch authlib URL to `http://auth.${BASE_DOMAIN}/authlib-injector`
|
- [ ] Compose: authlib URL `http://auth.${BASE_DOMAIN}/authlib-injector`
|
||||||
- [ ] Compose: replace `MODRINTH_PROJECTS` with `PACKWIZ_URL` (packwiz subdomain)
|
- [ ] Compose: mount `./server-mods:/mods:ro` + `REMOVE_OLD_MODS=TRUE`
|
||||||
- [ ] Mount renamed `./runtime` (was `./extras`) for authlib-injector.jar
|
- [ ] Run `tooling/sync-server-mods.sh` before bring-up (populates `./server-mods`)
|
||||||
- [ ] `depends_on`: drasl + caddy (pack served before server installs)
|
- [ ] Mount `./runtime` for authlib-injector.jar at `/extras`
|
||||||
- [ ] Pre-bake the volume online; snapshot it
|
- [ ] `depends_on`: drasl (authlib must resolve at boot)
|
||||||
- [ ] Identify exact NeoForge launch target for `TYPE=CUSTOM` / `CUSTOM_SERVER`
|
|
||||||
- [ ] Add a documented "offline mode" compose override (`docker-compose.offline.yml`?)
|
|
||||||
- [ ] Verify air-gapped boot: cut internet, restart container, server comes up
|
|
||||||
- [ ] Confirm `ENFORCE_SECURE_PROFILE=FALSE` ↔ drasl `SignPublicKeys=false`
|
- [ ] Confirm `ENFORCE_SECURE_PROFILE=FALSE` ↔ drasl `SignPublicKeys=false`
|
||||||
|
- [ ] Verify a client joins with their drasl skin
|
||||||
|
- [ ] After any world wipe: re-set `voice_host` (see Simple Voice Chat section)
|
||||||
|
|||||||
@@ -8,8 +8,8 @@ drasl account directly in the launcher (no manual JVM `-javaagent`), import the
|
|||||||
modpack, and play.
|
modpack, and play.
|
||||||
|
|
||||||
We host the launcher installers for **all platforms** on the landing page
|
We host the launcher installers for **all platforms** on the landing page
|
||||||
(`ulicraft.local`), served by Caddy from `./mirror/launcher/`. A script downloads
|
(`ulicraft.net`), served by Caddy from `./launcher/` (mounted at `/srv/launcher`,
|
||||||
the latest release assets ahead of time so the party is fully offline.
|
reachable at `/launcher/`). A script downloads the release assets ahead of time.
|
||||||
|
|
||||||
## Release assets (latest = 11.0.2.0)
|
## Release assets (latest = 11.0.2.0)
|
||||||
|
|
||||||
@@ -26,12 +26,12 @@ Setup `.exe`, macOS `.dmg`, Linux `.AppImage`.
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Download all FjordLauncherUnlocked release assets for offline hosting.
|
# Download all FjordLauncherUnlocked release assets for local hosting.
|
||||||
# Halts on any error or ambiguity (no silent partial downloads).
|
# Halts on any error or ambiguity (no silent partial downloads).
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
REPO="hero-persson/FjordLauncherUnlocked"
|
REPO="hero-persson/FjordLauncherUnlocked"
|
||||||
DEST_ROOT="$(dirname "$0")/../mirror/launcher"
|
DEST_ROOT="$(dirname "$0")/../launcher"
|
||||||
API="https://api.github.com/repos/${REPO}/releases/latest"
|
API="https://api.github.com/repos/${REPO}/releases/latest"
|
||||||
|
|
||||||
command -v curl >/dev/null || { echo "curl required"; exit 1; }
|
command -v curl >/dev/null || { echo "curl required"; exit 1; }
|
||||||
@@ -59,13 +59,13 @@ ln -sfn "$tag" "${DEST_ROOT}/latest"
|
|||||||
echo "Done. ${#urls[@]} assets in ${dest}"
|
echo "Done. ${#urls[@]} assets in ${dest}"
|
||||||
```
|
```
|
||||||
|
|
||||||
Caddy mount: `./mirror/launcher:/srv/www/launcher:ro`.
|
Caddy mount: `./launcher:/srv/launcher:ro` (served at `/launcher/…`).
|
||||||
|
|
||||||
### Stable symlinks (so landing links survive version bumps)
|
### Stable symlinks (so landing links survive version bumps)
|
||||||
|
|
||||||
The landing page (`09-landing.md`) links to **fixed** filenames, not versioned
|
The landing page (`09-landing.md`) links to **fixed** filenames, not versioned
|
||||||
ones. After downloading, `fetch-launcher.sh` must create these symlinks under
|
ones. After downloading, `fetch-launcher.sh` must create these symlinks under
|
||||||
`mirror/launcher/latest/` pointing at the real assets:
|
`launcher/latest/` pointing at the real assets:
|
||||||
|
|
||||||
- `fjord-windows-setup.exe` → Windows Setup `.exe` (x64)
|
- `fjord-windows-setup.exe` → Windows Setup `.exe` (x64)
|
||||||
- `fjord-macos.dmg` → macOS `.dmg`
|
- `fjord-macos.dmg` → macOS `.dmg`
|
||||||
@@ -78,22 +78,19 @@ sync with `landing/src/data/site.ts`.**
|
|||||||
|
|
||||||
## Per-guest flow
|
## Per-guest flow
|
||||||
|
|
||||||
1. Open `http://ulicraft.local`, download launcher for their OS, install.
|
1. Open `https://ulicraft.net`, download launcher for their OS, install.
|
||||||
2. Add account: authlib-injector type, URL
|
2. Add account: authlib-injector type, URL
|
||||||
`http://auth.ulicraft.local/authlib-injector`, drasl username/password.
|
`https://auth.ulicraft.net/authlib-injector`, drasl username/password.
|
||||||
3. (Offline) Settings → APIs → **Assets Server** =
|
3. Import the modpack (packwiz URL `https://pack.ulicraft.net/pack.toml`,
|
||||||
`https://assets.ulicraft.local/` so the heavy asset download comes from the LAN
|
|
||||||
mirror (see 10-assets-mirror.md). Requires trusting the local CA.
|
|
||||||
4. Import the modpack (packwiz URL `http://packwiz.ulicraft.local/pack.toml`,
|
|
||||||
or a shared instance zip).
|
or a shared instance zip).
|
||||||
5. Connect to `mc.ulicraft.local:25565`.
|
4. Connect to `mc.ulicraft.net:25565`.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
- [ ] Create `tooling/fetch-launcher.sh` (above); `chmod +x`
|
- [ ] Create `tooling/fetch-launcher.sh` (above); `chmod +x`
|
||||||
- [ ] Extend script: create stable symlinks (win/mac/linux) in `mirror/launcher/latest/`
|
- [ ] Extend script: create stable symlinks (win/mac/linux) in `launcher/latest/`
|
||||||
- [ ] Run it pre-party while online; verify all assets land in `./mirror/launcher/<tag>/`
|
- [ ] Run it pre-party; verify all assets land in `./launcher/<tag>/`
|
||||||
- [ ] `.gitignore` `./mirror/` (done)
|
- [ ] `.gitignore` `./launcher/` (done)
|
||||||
- [ ] Landing page DONE — `landing/` Astro project, builds to `www/` (see 09-landing.md)
|
- [ ] Landing page DONE — `landing/` Astro project, builds to `www/` (see 09-landing.md)
|
||||||
- [ ] Confirm Fjord authlib-injector account flow against drasl
|
- [ ] Confirm Fjord authlib-injector account flow against drasl
|
||||||
- [ ] Decide whether to ship a pre-built instance zip vs packwiz URL import
|
- [ ] Decide whether to ship a pre-built instance zip vs packwiz URL import
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
`itzg/mc-backup` alongside the server, talking via RCON. Snapshots the world every
|
`itzg/mc-backup` alongside the server, talking via RCON. Snapshots the world every
|
||||||
6h, prunes after 14 days. World-only (no mod jars — mods are reproducible from the
|
6h, prunes after 14 days. World-only (no mod jars — mods are reproducible from the
|
||||||
packwiz pack). Unchanged from the original design; lowest-priority service.
|
distribution). Unchanged from the original design; lowest-priority service.
|
||||||
|
|
||||||
## Config (carry-over)
|
## Config (carry-over)
|
||||||
|
|
||||||
|
|||||||
@@ -1,77 +1,90 @@
|
|||||||
# Tooling — config rendering, mod mirror, launcher fetch
|
# Tooling — config rendering, mod sync, ingress, fetch scripts
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
Three scripts in `./tooling/` turn the two env vars + templates into a working,
|
Scripts in `./tooling/` turn `BASE_DOMAIN` + templates into a working stack and
|
||||||
offline-capable stack. All are **cautious**: they halt on unset vars or missing
|
handle ingress (nginx vhost, TLS certs) and launcher/font fetches. All are
|
||||||
inputs rather than emit half-broken output.
|
**cautious**: they halt on unset vars or missing inputs rather than emit
|
||||||
|
half-broken output.
|
||||||
|
|
||||||
|
Surviving scripts:
|
||||||
|
|
||||||
|
- `render-config.sh` — render `*.tmpl` configs (BASE_DOMAIN only)
|
||||||
|
- `classify-mods.py` — read each jar's `neoforge.mods.toml`, seed `mods-sides.json` (see 04-mods.md)
|
||||||
|
- `sync-server-mods.sh` — copy `both`/`server` jars from the distribution → `./server-mods` (see 04-mods.md)
|
||||||
|
- `build-modlist.py` — generate the landing `mods.json` + extract logos (see 17-mod-shortlist.md)
|
||||||
|
- `render-nginx.sh` — render/install the host nginx vhost (TLS terminator → caddy)
|
||||||
|
- `issue-letsencrypt.sh` — issue LE certs via OVH DNS-01 (see 15-letsencrypt.md)
|
||||||
|
- `fetch-launcher.sh` — download Fjord launcher release assets (see 06-launcher.md)
|
||||||
|
- `fetch-authlib.sh` — vendor the authlib-injector jar → `runtime/`
|
||||||
|
- `fetch-fonts.sh` — vendor the landing page fonts (see 09-landing.md)
|
||||||
|
|
||||||
## render-config.sh
|
## render-config.sh
|
||||||
|
|
||||||
Renders every `*.tmpl` into its real config by substituting `BASE_DOMAIN` /
|
Renders every `*.tmpl` into its real config by substituting **only**
|
||||||
`HOST_LAN_IP`. Caddy is excluded (it reads `{$BASE_DOMAIN}` natively).
|
`${BASE_DOMAIN}` (so literal `$`-syntax belonging to the target file — caddy,
|
||||||
|
toml — is left untouched). Caddy is excluded entirely (it reads `{$BASE_DOMAIN}`
|
||||||
|
natively).
|
||||||
|
|
||||||
Targets:
|
Targets:
|
||||||
- `drasl/config/config.toml.tmpl` → `drasl/config/config.toml`
|
- `drasl/config/config.toml.tmpl` → `drasl/config/config.toml`
|
||||||
- `dnsmasq/dnsmasq.conf.tmpl` → `dnsmasq/dnsmasq.conf`
|
- `nmsr/config.toml.tmpl` → `nmsr/config.toml`
|
||||||
|
|
||||||
|
Mods are **not** rendered — they are synced from the distribution by
|
||||||
|
`sync-server-mods.sh` (see 04-mods.md), no templating involved.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
[ -f .env ] && set -a && . ./.env && set +a
|
cd "$(dirname "$0")/.."
|
||||||
: "${BASE_DOMAIN:?BASE_DOMAIN unset}"
|
[ -f .env ] && { set -a; . ./.env; set +a; }
|
||||||
: "${HOST_LAN_IP:?HOST_LAN_IP unset}"
|
: "${BASE_DOMAIN:?BASE_DOMAIN unset (set in .env)}"
|
||||||
|
|
||||||
render() { # $1=tmpl $2=out
|
render() { # $1=tmpl $2=out
|
||||||
[ -f "$1" ] || { echo "missing template: $1"; exit 1; }
|
[ -f "$1" ] || { echo "missing template: $1" >&2; exit 1; }
|
||||||
envsubst '${BASE_DOMAIN} ${HOST_LAN_IP}' < "$1" > "$2"
|
envsubst '${BASE_DOMAIN}' < "$1" > "$2"
|
||||||
echo "rendered $2"
|
echo "rendered $2"
|
||||||
}
|
}
|
||||||
|
|
||||||
render drasl/config/config.toml.tmpl drasl/config/config.toml
|
render drasl/config/config.toml.tmpl drasl/config/config.toml
|
||||||
render dnsmasq/dnsmasq.conf.tmpl dnsmasq/dnsmasq.conf
|
render nmsr/config.toml.tmpl nmsr/config.toml
|
||||||
```
|
```
|
||||||
|
|
||||||
> Note: `envsubst` with an explicit var list avoids clobbering `$`-syntax that
|
## render-nginx.sh
|
||||||
> belongs to the target file (e.g. dnsmasq/caddy literals).
|
|
||||||
|
|
||||||
## mirror-mods.sh
|
Renders `nginx/ulicraft-caddy.conf.tmpl` (the host nginx that terminates TLS in
|
||||||
|
front of caddy), substituting `$BASE_DOMAIN $APP_DIR $CADDY_HTTP_PORT`. Prints to
|
||||||
|
stdout by default; `--install` writes to sites-available, symlinks sites-enabled,
|
||||||
|
`nginx -t`, and reloads nginx. See `15-letsencrypt.md`.
|
||||||
|
|
||||||
Vendors mod jars for offline install and rewrites packwiz URLs to the LAN host.
|
## issue-letsencrypt.sh
|
||||||
See `04-packwiz.md`. Outline:
|
|
||||||
1. For each `pack/mods/*.pw.toml`, read `[download] url` + `filename`.
|
|
||||||
2. Download jar → `pack/mods-files/` (served by Caddy under packwiz subdomain).
|
|
||||||
3. Rewrite `url` to `http://packwiz.${BASE_DOMAIN}/mods-files/<filename>`.
|
|
||||||
4. `packwiz refresh` to recompute hashes + `index.toml`.
|
|
||||||
Must halt if a download fails or a hash mismatches.
|
|
||||||
|
|
||||||
## mirror-assets.sh
|
Issues a separate cert for the apex and each `LE_SUBDOMAINS` entry via acme.sh +
|
||||||
|
OVH DNS-01 → `certs/<name>/{cert,key}.pem`. See `15-letsencrypt.md`.
|
||||||
Mirrors Minecraft asset objects for offline clients (the ~400 MB+ chunk) and lays
|
|
||||||
them out for Caddy + the Fjord "Assets Server" override. Full design in
|
|
||||||
`10-assets-mirror.md`. Verifies SHA1, idempotent, halts on mismatch.
|
|
||||||
|
|
||||||
## fetch-launcher.sh
|
## fetch-launcher.sh
|
||||||
|
|
||||||
Downloads all FjordLauncherUnlocked release assets → `mirror/launcher/<tag>/`.
|
Downloads FjordLauncherUnlocked release assets → `launcher/<tag>/` and maintains
|
||||||
Full script in `06-launcher.md`.
|
a `latest` symlink + stable per-OS filename symlinks. Full script in
|
||||||
|
`06-launcher.md`.
|
||||||
|
|
||||||
## Generated / gitignored
|
## Generated / gitignored
|
||||||
|
|
||||||
```
|
```
|
||||||
drasl/config/config.toml # rendered
|
drasl/config/config.toml # rendered
|
||||||
dnsmasq/dnsmasq.conf # rendered
|
nmsr/config.toml # rendered
|
||||||
pack/mods-files/ # vendored jars
|
launcher/ # launcher assets
|
||||||
mirror/ # launcher assets + mod mirror
|
www/ # landing build output
|
||||||
|
certs/ # Let's Encrypt certs
|
||||||
.env # secrets + host-specific
|
.env # secrets + host-specific
|
||||||
```
|
```
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
- [ ] Write `tooling/render-config.sh` (above), `chmod +x`
|
- [ ] Write `tooling/render-config.sh` (above), `chmod +x`
|
||||||
- [ ] Write `tooling/mirror-mods.sh` (toml parse + download + rewrite + refresh)
|
- [ ] Write `tooling/sync-server-mods.sh` (see 04-mods.md)
|
||||||
- [ ] Write `tooling/mirror-assets.sh` (see 10)
|
- [ ] Write `tooling/render-nginx.sh` (see 15)
|
||||||
|
- [ ] Write `tooling/issue-letsencrypt.sh` (see 15)
|
||||||
- [ ] Write `tooling/fetch-launcher.sh` (see 06)
|
- [ ] Write `tooling/fetch-launcher.sh` (see 06)
|
||||||
- [ ] Add `gettext` (envsubst) + `jq` to host prereqs doc
|
- [ ] Add `gettext` (envsubst) + `jq` to host prereqs doc
|
||||||
- [ ] Update `.gitignore` for rendered configs + `mirror/` + `pack/mods-files/`
|
- [ ] Update `.gitignore` for rendered configs + `launcher/` + `www/` + `certs/`
|
||||||
- [ ] `build-stack.sh` orchestrator (preflight + `--prep` online + `--up` offline) — DONE, sequences the sub-scripts; see plan/12
|
|
||||||
|
|||||||
@@ -2,17 +2,18 @@
|
|||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
||||||
Apex `ulicraft.local` serves a static page guiding guests through joining:
|
Apex `ulicraft.net` serves a static page guiding guests through joining:
|
||||||
download launcher → add account → import modpack → connect. Built with **Astro +
|
download launcher → add account → import modpack → connect. Built with **Astro +
|
||||||
TypeScript** in `./landing/`; `pnpm run build` emits straight into `./www/`,
|
TypeScript** in `./landing/`; `pnpm run build` emits straight into `./www/`,
|
||||||
which Caddy/nginx serve at the apex. No runtime framework — output is plain
|
which Caddy serves at the apex (behind host nginx). No runtime framework —
|
||||||
HTML/CSS plus one tiny vanilla script (copy-to-clipboard + scroll reveal).
|
output is plain HTML/CSS plus one tiny vanilla script (copy-to-clipboard +
|
||||||
|
scroll reveal).
|
||||||
|
|
||||||
The visual is the **"Carved from stone"** pixel design ("Claude Design",
|
The visual is the **"Carved from stone"** pixel design ("Claude Design",
|
||||||
`landing/design/`): dark overworld palette, MC-GUI bevel buttons, pixel type,
|
`landing/design/`): dark overworld palette, MC-GUI bevel buttons, pixel type,
|
||||||
creeper mark, server-list panel. That design was a React/Babel-via-CDN prototype
|
creeper mark, server-list panel. That design was a React/Babel-via-CDN prototype
|
||||||
for a *fictional public SMP*; it was **ported to static Astro** with the real
|
for a *fictional public SMP*; it was **ported to static Astro** with the real
|
||||||
modded-LAN content and offline-safe assets.
|
modded-LAN content and vendored assets.
|
||||||
|
|
||||||
## Stack & wiring
|
## Stack & wiring
|
||||||
|
|
||||||
@@ -20,8 +21,8 @@ modded-LAN content and offline-safe assets.
|
|||||||
- `astro.config.mjs` → `outDir: "../www"`. Build overwrites `www/`; `www/` is
|
- `astro.config.mjs` → `outDir: "../www"`. Build overwrites `www/`; `www/` is
|
||||||
gitignored (generated artifact).
|
gitignored (generated artifact).
|
||||||
- `BASE_DOMAIN` env read at build time in `src/data/site.ts`
|
- `BASE_DOMAIN` env read at build time in `src/data/site.ts`
|
||||||
(`process.env.BASE_DOMAIN ?? "ulicraft.local"`). Bake before deploy:
|
(`process.env.BASE_DOMAIN ?? "ulicraft.net"`). Bake before deploy:
|
||||||
`BASE_DOMAIN=ulicraft.local pnpm run build`.
|
`BASE_DOMAIN=ulicraft.net pnpm run build`.
|
||||||
- Logo: wide wordmark from the design at `landing/public/logo.png` (hero + favicon).
|
- Logo: wide wordmark from the design at `landing/public/logo.png` (hero + favicon).
|
||||||
`image-rendering: pixelated` keeps it crisp.
|
`image-rendering: pixelated` keeps it crisp.
|
||||||
|
|
||||||
@@ -31,7 +32,7 @@ landing/
|
|||||||
├── design/ # "Claude Design" prototype (reference, not built)
|
├── design/ # "Claude Design" prototype (reference, not built)
|
||||||
├── public/
|
├── public/
|
||||||
│ ├── logo.png # hero wordmark (from design/assets/ulicraft-logo.png)
|
│ ├── logo.png # hero wordmark (from design/assets/ulicraft-logo.png)
|
||||||
│ └── fonts/ # vendored woff2 + fonts.css (offline-safe)
|
│ └── fonts/ # vendored woff2 + fonts.css (self-contained)
|
||||||
└── src/
|
└── src/
|
||||||
├── data/site.ts # single source: content + theme knobs
|
├── data/site.ts # single source: content + theme knobs
|
||||||
├── styles/main.css # ported design system (mood/hero/bevels)
|
├── styles/main.css # ported design system (mood/hero/bevels)
|
||||||
@@ -39,10 +40,11 @@ landing/
|
|||||||
└── pages/index.astro # composition + copy/reveal script + dust
|
└── pages/index.astro # composition + copy/reveal script + dust
|
||||||
```
|
```
|
||||||
|
|
||||||
## Fonts — vendored for offline LAN
|
## Fonts — vendored locally
|
||||||
|
|
||||||
The design pulled fonts from Google Fonts CDN; that breaks on offline LAN day.
|
The design pulled fonts from Google Fonts CDN; we vendor them instead to keep the
|
||||||
`tooling/fetch-fonts.sh` downloads the woff2 + a URL-rewritten `fonts.css` into
|
page self-contained. `tooling/fetch-fonts.sh` downloads the woff2 + a
|
||||||
|
URL-rewritten `fonts.css` into
|
||||||
`landing/public/fonts/`. `index.astro` links `/fonts/fonts.css`. Re-run the
|
`landing/public/fonts/`. `index.astro` links `/fonts/fonts.css`. Re-run the
|
||||||
script only if the font set changes (keep families in sync with `main.css`
|
script only if the font set changes (keep families in sync with `main.css`
|
||||||
`--font-*`): Pixelify Sans, Space Grotesk, Press Start 2P, Silkscreen, VT323.
|
`--font-*`): Pixelify Sans, Space Grotesk, Press Start 2P, Silkscreen, VT323.
|
||||||
@@ -59,11 +61,15 @@ script only if the font set changes (keep families in sync with `main.css`
|
|||||||
|
|
||||||
## Languages (i18n)
|
## Languages (i18n)
|
||||||
|
|
||||||
Three locales, static, build-time, offline-safe — **English** (default, `/`),
|
Three locales, static, build-time — **Spanish** (default, `/`),
|
||||||
**Spanish** (`/es/`), **Euskera** (`/eu/`).
|
**English** (`/en/`), **Euskera** (`/eu/`).
|
||||||
|
|
||||||
- One template `src/pages/[...lang].astro` with `getStaticPaths` emits all three
|
- One template `src/pages/[...lang].astro` with `getStaticPaths` emits all three
|
||||||
routes (`/`, `/es/`, `/eu/`). No runtime/JS routing.
|
routes (`/`, `/en/`, `/eu/`). No runtime/JS routing. The default locale lives at
|
||||||
|
the bare root: its `getStaticPaths` entry is `{ lang: undefined }` → `locale:
|
||||||
|
"es"`; en/eu get an explicit prefix. The `LANG_*_PATH` maps in `ui.ts` mirror
|
||||||
|
this (es → no prefix). Changing the default = swap which locale is `undefined`
|
||||||
|
in all four pages' `getStaticPaths` + the `LANG_*_PATH` maps.
|
||||||
- Translatable copy lives in `src/i18n/ui.ts` (`ui[locale]`), keyed identically
|
- Translatable copy lives in `src/i18n/ui.ts` (`ui[locale]`), keyed identically
|
||||||
across locales. `site.ts` holds only language-neutral config (URLs, theme,
|
across locales. `site.ts` holds only language-neutral config (URLs, theme,
|
||||||
launcher files, stat/feature *structure*).
|
launcher files, stat/feature *structure*).
|
||||||
@@ -85,8 +91,8 @@ Three locales, static, build-time, offline-safe — **English** (default, `/`),
|
|||||||
- Features ×4: kitchen-sink pack · self-hosted Drasl identity+skins · one-click
|
- Features ×4: kitchen-sink pack · self-hosted Drasl identity+skins · one-click
|
||||||
packwiz · built-to-last (homelab + 6h backups).
|
packwiz · built-to-last (homelab + 6h backups).
|
||||||
- How to Join ×4: **1** Fjord launcher (3 OS) → **2** authlib account
|
- How to Join ×4: **1** Fjord launcher (3 OS) → **2** authlib account
|
||||||
(`auth.${BASE_DOMAIN}/authlib-injector`) + register link + CA-cert note →
|
(`auth.${BASE_DOMAIN}/authlib-injector`) + register link →
|
||||||
**3** packwiz import (`packwiz.${BASE_DOMAIN}/pack.toml`) → **4** connect.
|
**3** packwiz import (`pack.${BASE_DOMAIN}/pack.toml`) → **4** connect.
|
||||||
- Footer: Mojang trademark disclaimer.
|
- Footer: Mojang trademark disclaimer.
|
||||||
|
|
||||||
## Launcher download links (Option A — stable symlinks)
|
## Launcher download links (Option A — stable symlinks)
|
||||||
@@ -97,9 +103,33 @@ Page links to fixed names so they survive launcher version bumps:
|
|||||||
- `fjord-linux-x86_64.AppImage`
|
- `fjord-linux-x86_64.AppImage`
|
||||||
|
|
||||||
`tooling/fetch-launcher.sh` must create these as symlinks under
|
`tooling/fetch-launcher.sh` must create these as symlinks under
|
||||||
`mirror/launcher/latest/` pointing at the real versioned assets. **Keep the names
|
`launcher/latest/` pointing at the real versioned assets. **Keep the names in
|
||||||
in sync** between `site.ts` and the script. Mounted so they resolve at
|
sync** between `site.ts` and the script. Mounted so they resolve at
|
||||||
`/launcher/latest/…` (see nginx/Caddy ingress).
|
`/launcher/latest/…` (see Caddy `10-static.caddy`).
|
||||||
|
|
||||||
|
## Assets — where to drop images
|
||||||
|
|
||||||
|
All static images live under `landing/public/` and are referenced by an absolute
|
||||||
|
`/path` (Astro copies `public/` to the site root verbatim). After changing any,
|
||||||
|
rebuild the landing (`pnpm run build`).
|
||||||
|
|
||||||
|
- **Header / hero logo** — `landing/public/logo.png` (current 707×148). Referenced
|
||||||
|
as `/logo.png` in the hero (`[...lang].astro`, the `.hero-logo img`). Replace the
|
||||||
|
file; keep a wide transparent PNG. Update the `width`/`height` attrs if the
|
||||||
|
aspect changes.
|
||||||
|
- **Favicon** — `landing/public/favicon.png` (square, ~175×175). Referenced as
|
||||||
|
`/favicon.png` in the `<link rel="icon">` of all four pages
|
||||||
|
(`[...lang].astro`, `register`, `account`, `fjord`). Replace the file.
|
||||||
|
- **Server-status icon** — NOT a file you place here. The ServerCard pulls the
|
||||||
|
live server icon over the SLP query (`ServerCard.astro`, the favicon data-URI),
|
||||||
|
falling back to the `Creeper.astro` SVG. To change it, set `server-icon.png` on
|
||||||
|
the Minecraft server (64×64), not in the landing.
|
||||||
|
- **Features icons** — two options (`PixelIcon.astro`, fed by `site.ts` `features[]`):
|
||||||
|
1. *Procedural glyph* (default): pick `glyph ∈ shield|diamond|orb|heart` and
|
||||||
|
`gold` per feature in `site.ts`. Add a glyph by editing the 7×7 `GLYPHS` map.
|
||||||
|
2. *Custom image*: drop a file in `landing/public/icons/<name>.(png|svg)` and add
|
||||||
|
`img: "/icons/<name>.png"` to that feature's entry in `site.ts` `features[]`.
|
||||||
|
`PixelIcon` renders the image (`.picon-img`) instead of the glyph.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
@@ -107,9 +137,9 @@ in sync** between `site.ts` and the script. Mounted so they resolve at
|
|||||||
- [x] Port design → static Astro (components + main.css + index.astro)
|
- [x] Port design → static Astro (components + main.css + index.astro)
|
||||||
- [x] Real content in `site.ts`; theme knobs replace TweaksPanel
|
- [x] Real content in `site.ts`; theme knobs replace TweaksPanel
|
||||||
- [x] i18n: en/es/eu via `[...lang].astro` + `i18n/ui.ts`; nav language switcher
|
- [x] i18n: en/es/eu via `[...lang].astro` + `i18n/ui.ts`; nav language switcher
|
||||||
- [x] `BASE_DOMAIN=ulicraft.local pnpm run build` → verified `www/` output + screenshot
|
- [x] `BASE_DOMAIN=ulicraft.net pnpm run build` → verified `www/` output + screenshot
|
||||||
- [ ] Extend `fetch-launcher.sh`: symlink stable names → versioned files
|
- [ ] Extend `fetch-launcher.sh`: symlink stable names → versioned files
|
||||||
- [ ] Confirm ingress serves apex from `./www` and `/launcher/latest/*` from mirror
|
- [ ] Confirm ingress serves apex from `./www` and `/launcher/latest/*` from `./launcher`
|
||||||
- [ ] Optional: try `mood: nether` / `hero: split` for party day
|
- [ ] Optional: try `mood: nether` / `hero: split` for party day
|
||||||
- [ ] Optional: wire real player count (option C) via mc-monitor JSON if wanted
|
- [ ] Optional: wire real player count (option C) via mc-monitor JSON if wanted
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -1,114 +0,0 @@
|
|||||||
# Assets mirror — offline Minecraft asset objects for clients
|
|
||||||
|
|
||||||
## Summary
|
|
||||||
|
|
||||||
Guest launchers (FjordLauncherUnlocked, a Prism soft-fork) download ~400–600 MB of
|
|
||||||
**asset objects** (textures, sounds, lang) from `resources.download.minecraft.net`
|
|
||||||
on first instance launch. For an air-gapped party that's the single biggest
|
|
||||||
client-side download. Fjord/Prism expose an **"Assets Server"** override, so we
|
|
||||||
mirror the objects onto our host and point guests at it.
|
|
||||||
|
|
||||||
`tooling/mirror-assets.sh` downloads + verifies every asset object for the pinned
|
|
||||||
Minecraft version and lays them out so Caddy can serve them in the exact path
|
|
||||||
shape the launcher expects.
|
|
||||||
|
|
||||||
## Fjord/Prism override fields (confirmed)
|
|
||||||
|
|
||||||
Settings → APIs → **Services** tab:
|
|
||||||
|
|
||||||
| Field | Setting key | Default | What it overrides |
|
|
||||||
|---|---|---|---|
|
|
||||||
| **Assets Server** | `ResourceURL` | `https://resources.download.minecraft.net/` | asset **objects only** |
|
|
||||||
| **Metadata Server** | (meta URL) | `https://meta.prismlauncher.org/v1/` | Prism-format version meta |
|
|
||||||
|
|
||||||
- Added in Prism 10.0.0 (PR #3875); inherited by Fjord.
|
|
||||||
- **There is NO libraries-URL field.** Library + client.jar URLs live inside the
|
|
||||||
version/meta JSON; only a meta mirror (or DNS spoof) can redirect them.
|
|
||||||
|
|
||||||
### ⚠️ HTTPS is forced
|
|
||||||
|
|
||||||
PR #3875 validates the Assets Server URL as **HTTPS and auto-rewrites `http://`
|
|
||||||
→ `https://`**. So the assets mirror **must be served over TLS** — plain `:80`
|
|
||||||
Caddy will not work for this endpoint. This pulls local TLS forward for one
|
|
||||||
subdomain ahead of the rest of the stack.
|
|
||||||
|
|
||||||
Options to satisfy it:
|
|
||||||
1. Caddy TLS on `assets.${BASE_DOMAIN}` with a cert from a local CA
|
|
||||||
(step-ca); guests import the CA root once. Cleanest, matches homelab.
|
|
||||||
2. Caddy `internal` CA / self-signed — guests must trust it (more friction, per
|
|
||||||
machine).
|
|
||||||
3. Sidestep entirely with **pre-seed** (below) and skip the Assets Server override.
|
|
||||||
|
|
||||||
## What this mirror does and does NOT cover
|
|
||||||
|
|
||||||
| Client download | Host | Covered here? |
|
|
||||||
|---|---|---|
|
|
||||||
| asset objects (bulk) | resources.download.minecraft.net | ✅ this mirror + Assets Server field |
|
|
||||||
| asset index json | meta/piston | ⚠️ fetched here for completeness; launcher still pulls it from meta unless meta is also mirrored |
|
|
||||||
| libraries | libraries.minecraft.net | ❌ no override field |
|
|
||||||
| client.jar | piston-data.mojang.com | ❌ |
|
|
||||||
| version/meta json | meta.prismlauncher.org | ❌ (separate Metadata Server field) |
|
|
||||||
|
|
||||||
**Full client air-gap therefore needs more than this.** For the uncovered, small
|
|
||||||
(~150 MB) remainder, the pragmatic fallback is **pre-seed**: each guest launches
|
|
||||||
the instance once while online (on arrival, before air-gapping); Prism caches
|
|
||||||
libraries/jar/meta locally. The assets mirror still saves the heavy 400 MB+ per
|
|
||||||
guest. A full meta+libraries mirror (mcm-style / PrismLauncher-meta gen) is the
|
|
||||||
heavyweight alternative, deferred.
|
|
||||||
|
|
||||||
## tooling/mirror-assets.sh — design
|
|
||||||
|
|
||||||
Input: `MC_VERSION` (default `1.21.1`, or read from the pre-baked server's
|
|
||||||
`version.json`). Cautious: verifies SHA1 on every file, halts on mismatch,
|
|
||||||
idempotent (skips already-valid files).
|
|
||||||
|
|
||||||
```
|
|
||||||
1. GET https://piston-meta.mojang.com/mc/game/version_manifest_v2.json
|
|
||||||
→ find entry for $MC_VERSION → version-json URL
|
|
||||||
2. GET version-json → read .assetIndex { id, url, sha1 }
|
|
||||||
3. GET asset index → mirror/assets/indexes/<id>.json (verify sha1)
|
|
||||||
4. For each object in index .objects{}:
|
|
||||||
hash=<sha1>; rel="${hash:0:2}/${hash}"
|
|
||||||
dest="mirror/assets/objects/${rel}"
|
|
||||||
[ -f "$dest" ] && sha1 ok → skip
|
|
||||||
else GET https://resources.download.minecraft.net/${rel} → $dest ; verify sha1
|
|
||||||
5. Report counts; non-zero exit on any failure.
|
|
||||||
```
|
|
||||||
|
|
||||||
Layout served by Caddy:
|
|
||||||
```
|
|
||||||
mirror/assets/
|
|
||||||
├── indexes/<id>.json # e.g. 17.json / 1.21.json (for pre-seed/meta use)
|
|
||||||
└── objects/<2hex>/<sha1> # launcher requests <ResourceURL>/<2hex>/<sha1>
|
|
||||||
```
|
|
||||||
|
|
||||||
### Caddy wiring
|
|
||||||
|
|
||||||
Serve the **objects** dir at the web root of an HTTPS vhost so the launcher's
|
|
||||||
`<ResourceURL>/<2hex>/<hash>` resolves directly:
|
|
||||||
|
|
||||||
```
|
|
||||||
https://assets.{$BASE_DOMAIN} {
|
|
||||||
tls <local-ca-cert> <key> # or `tls internal`
|
|
||||||
root * /srv/assets/objects
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
```
|
|
||||||
Mount `./mirror/assets/objects:/srv/assets/objects:ro`. Add network alias
|
|
||||||
`assets.${BASE_DOMAIN}` to Caddy (same trick as auth/packwiz).
|
|
||||||
Fjord "Assets Server" = `https://assets.${BASE_DOMAIN}/`.
|
|
||||||
|
|
||||||
## Tasks
|
|
||||||
|
|
||||||
- [ ] Write `tooling/mirror-assets.sh` (above); `chmod +x`; deps `curl` + `jq` + `sha1sum`
|
|
||||||
- [ ] Decide MC_VERSION source: hardcode `1.21.1` vs read pre-baked `version.json`
|
|
||||||
- [ ] Run pre-party while online; verify `mirror/assets/objects/` populated + sha1 clean
|
|
||||||
- [ ] Stand up TLS for `assets.${BASE_DOMAIN}` (step-ca or `tls internal`) — REQUIRED (HTTPS forced)
|
|
||||||
- [ ] Add `assets.` Caddy vhost + network alias + mount
|
|
||||||
- [ ] Document guest step: Settings → APIs → Assets Server = `https://assets.${BASE_DOMAIN}/`
|
|
||||||
- [ ] Document guest CA-trust step (import local CA root) if not using a publicly-trusted cert
|
|
||||||
- [ ] Confirm in Fjord's actual UI that the field exists + HTTPS-forcing behavior matches Prism
|
|
||||||
- [ ] Fallback path: pre-seed instructions (launch once online) for libraries/jar/meta
|
|
||||||
- [ ] Defer decision: full meta+libraries mirror (mcm / PrismLauncher-meta) vs pre-seed
|
|
||||||
- [ ] `.gitignore` already covers `mirror/`
|
|
||||||
```
|
|
||||||
63
plan/10-uptime-kuma.md
Normal file
63
plan/10-uptime-kuma.md
Normal file
@@ -0,0 +1,63 @@
|
|||||||
|
# 10 — Uptime Kuma
|
||||||
|
|
||||||
|
> Distinct from **`plan/15-mc-status.md`**: Kuma is the uptime *history* +
|
||||||
|
> alerting backend; mc-status is the live data feed for the landing's server
|
||||||
|
> card. Both ping `minecraft` over `mcnet` but serve different purposes.
|
||||||
|
|
||||||
|
Status monitoring + public status page. Service `uptime-kuma`
|
||||||
|
(`louislam/uptime-kuma:1`), web UI on `:3001`, reached only through caddy at
|
||||||
|
`https://status.${BASE_DOMAIN}`. Joined to `mcnet`, so it can probe every other
|
||||||
|
service by its internal container name.
|
||||||
|
|
||||||
|
## Add a Minecraft monitor
|
||||||
|
|
||||||
|
Uptime Kuma 1.x ships a built-in **Minecraft Server** monitor type. It uses the
|
||||||
|
Server List Ping protocol (the same ping the vanilla multiplayer list uses):
|
||||||
|
unauthenticated, so it works fine with `ONLINE_MODE=FALSE` /
|
||||||
|
`ENFORCE_SECURE_PROFILE=FALSE`. It reports latency, online/max players, and MOTD.
|
||||||
|
|
||||||
|
1. Open `https://status.${BASE_DOMAIN}` and log in (admin account created on
|
||||||
|
first run).
|
||||||
|
2. **+ Add New Monitor**.
|
||||||
|
3. **Monitor Type**: `Minecraft Server`.
|
||||||
|
4. Fill in one of the two probe targets below.
|
||||||
|
5. **Heartbeat Interval**: `60` s (fine for a friends' server).
|
||||||
|
6. **Retries**: `2`, **Retry Interval**: `30` s — avoids flapping on a GC pause.
|
||||||
|
7. **Save**.
|
||||||
|
|
||||||
|
### Two targets — add both
|
||||||
|
|
||||||
|
| Monitor | Server | Port | What it proves |
|
||||||
|
|---|---|---|---|
|
||||||
|
| `MC (internal)` | `minecraft` | `25565` | The server process is up and accepting pings inside `mcnet`. |
|
||||||
|
| `MC (public)` | `mc.${BASE_DOMAIN}` | `25565` | The full path works: DNS → host firewall → docker port publish → server. |
|
||||||
|
|
||||||
|
The **public** monitor is the one that catches "I can't connect" outages —
|
||||||
|
firewall, DNS, or an unpublished port all show red here while the internal
|
||||||
|
monitor stays green. Run both to tell *server down* apart from *path broken*.
|
||||||
|
|
||||||
|
> Internal `minecraft` resolves because uptime-kuma is on `mcnet` (the container
|
||||||
|
> name is the hostname). It is **not** routed through caddy — caddy only fronts
|
||||||
|
> HTTP vhosts, and MC is raw TCP. Do not point the monitor at `caddy` or any
|
||||||
|
> `status.` alias.
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
- The Minecraft monitor pings TCP `25565`; it does **not** check Simple Voice
|
||||||
|
Chat (`24454/udp`). Add a separate **TCP Port** monitor against UDP if you want
|
||||||
|
voice coverage — but Kuma's TCP monitor is TCP-only, so UDP voice has no clean
|
||||||
|
probe; rely on the player report instead.
|
||||||
|
- Put both MC monitors on the public **status page**
|
||||||
|
(Settings → Status Pages) so guests can self-check before pinging you.
|
||||||
|
- Optional companion HTTP monitors for the web stack:
|
||||||
|
`https://auth.${BASE_DOMAIN}`, `https://distribution.${BASE_DOMAIN}`,
|
||||||
|
`https://${BASE_DOMAIN}`, `https://files.${BASE_DOMAIN}` — a red
|
||||||
|
`distribution.` here explains client mod-mismatch join failures.
|
||||||
|
|
||||||
|
> **An HTTP monitor cannot see an SPA break.** It asserts "the server returned
|
||||||
|
> 200", which is a much weaker claim than "the app works". `files.` (Filestash)
|
||||||
|
> proved this on 2026-07-14: a bad `general.host` made every client-side redirect
|
||||||
|
> resolve to `http://https://files…`, so the site was unusable in every browser
|
||||||
|
> while `/` kept returning 200 and the monitor stayed **green**. If you want a
|
||||||
|
> monitor with teeth on a JS app, use Kuma's **Keyword** type against a string
|
||||||
|
> the *rendered* page must contain, and don't read green as "users can log in".
|
||||||
@@ -1,132 +0,0 @@
|
|||||||
# Full client air-gap — DNS + TLS transparent mirror
|
|
||||||
|
|
||||||
## Summary
|
|
||||||
|
|
||||||
Goal: a guest laptop with **zero internet** can install + launch the modded
|
|
||||||
instance entirely from the LAN. The chosen architecture is a **transparent
|
|
||||||
mirror**: dnsmasq points the real upstream hostnames at our host, Caddy serves
|
|
||||||
byte-exact copies of the files at the same paths, and `tls internal` mints certs
|
|
||||||
those hostnames validate against (guests trust the Caddy root CA once).
|
|
||||||
|
|
||||||
The launcher is **unmodified** — it requests the real Mojang/Prism/NeoForge URLs;
|
|
||||||
DNS just resolves them to us. This is cleaner than rewriting Prism-format
|
|
||||||
metadata, and it makes the `10-assets-mirror.md` "Assets Server" field
|
|
||||||
**redundant** (the launcher hits the real resources host, which now resolves to
|
|
||||||
the LAN). `10` is kept as the lighter objects-only alternative.
|
|
||||||
|
|
||||||
## Decision record
|
|
||||||
|
|
||||||
- **TLS for LAN party = Caddy `tls internal`** (not step-ca). Zero extra infra;
|
|
||||||
Caddy is the local CA. step-ca stays a future-homelab reminder (see `02-caddy`
|
|
||||||
open item). Guests import the Caddy root CA once.
|
|
||||||
- **Full air-gap chosen** over pre-seed.
|
|
||||||
|
|
||||||
## Hosts to mirror (NeoForge 1.21.1 instance)
|
|
||||||
|
|
||||||
| Host | Serves | Notes |
|
|
||||||
|---|---|---|
|
|
||||||
| `meta.prismlauncher.org` | Prism-format component meta (MC, LWJGL, NeoForge) | path `/v1/...` |
|
|
||||||
| `piston-meta.mojang.com` | version manifest + version json | |
|
|
||||||
| `piston-data.mojang.com` | client.jar, asset index, some objects | |
|
|
||||||
| `libraries.minecraft.net` | vanilla MC libraries (maven layout) | |
|
|
||||||
| `maven.neoforged.net` | NeoForge libraries | more mavens may appear → capture catches them |
|
|
||||||
| `resources.download.minecraft.net` | asset objects (~400 MB+) | the bulk |
|
|
||||||
|
|
||||||
**Not mirrored — auth runtime** (`session.minecraft.net`, `textures.minecraft.net`,
|
|
||||||
`api.mojang.com`, `sessionserver.mojang.com`): these are redirected to **drasl**
|
|
||||||
by the authlib-injector account already; leave them to drasl.
|
|
||||||
|
|
||||||
## How it works
|
|
||||||
|
|
||||||
```
|
|
||||||
guest laptop (LAN DNS = our dnsmasq, trusts Caddy root CA)
|
|
||||||
│ resolves meta.prismlauncher.org, libraries.minecraft.net, … → HOST_LAN_IP
|
|
||||||
▼
|
|
||||||
dnsmasq ── spoof A-records ──► Caddy (tls internal, cert per host)
|
|
||||||
└─ static file_server, byte-exact path mirror
|
|
||||||
```
|
|
||||||
|
|
||||||
### dnsmasq (extends 01)
|
|
||||||
|
|
||||||
Add explicit spoof records alongside the `*.${BASE_DOMAIN}` wildcard:
|
|
||||||
|
|
||||||
```
|
|
||||||
address=/meta.prismlauncher.org/${HOST_LAN_IP}
|
|
||||||
address=/piston-meta.mojang.com/${HOST_LAN_IP}
|
|
||||||
address=/piston-data.mojang.com/${HOST_LAN_IP}
|
|
||||||
address=/libraries.minecraft.net/${HOST_LAN_IP}
|
|
||||||
address=/maven.neoforged.net/${HOST_LAN_IP}
|
|
||||||
address=/resources.download.minecraft.net/${HOST_LAN_IP}
|
|
||||||
```
|
|
||||||
> Only effective while the guest uses our dnsmasq as resolver. Fully reversible —
|
|
||||||
> off-LAN the real hosts resolve normally. Keep this list in sync with whatever
|
|
||||||
> the capture step (below) actually observed.
|
|
||||||
|
|
||||||
### Caddy (extends 02)
|
|
||||||
|
|
||||||
One vhost per spoofed host, each rooted at its mirror tree, all `tls internal`:
|
|
||||||
|
|
||||||
```
|
|
||||||
piston-data.mojang.com, libraries.minecraft.net, resources.download.minecraft.net,
|
|
||||||
meta.prismlauncher.org, piston-meta.mojang.com, maven.neoforged.net {
|
|
||||||
tls internal
|
|
||||||
root * /srv/mirror/{host}
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
```
|
|
||||||
(Practically: a small snippet per host, or Caddy on-demand TLS + a path-routed
|
|
||||||
`map`. Keep explicit per-host for clarity.) Add each as a **network alias** on
|
|
||||||
Caddy too, so the `minecraft`/tooling containers resolve them internally.
|
|
||||||
|
|
||||||
Mount `./mirror/upstream/<host>:/srv/mirror/<host>:ro`.
|
|
||||||
|
|
||||||
## Capture (the actual work) — `tooling/mirror-airgap.sh`
|
|
||||||
|
|
||||||
Byte-exact mirroring needs the exact URL set. Capture it once, online:
|
|
||||||
|
|
||||||
1. **Record**: launch the instance once with the launcher pointed at a logging
|
|
||||||
forward-proxy (mitmproxy `--mode reverse`/transparent, or even Caddy as a
|
|
||||||
logging reverse proxy). Collect every requested absolute URL.
|
|
||||||
2. **Fetch**: for each URL, download to `mirror/upstream/<host>/<path>`,
|
|
||||||
preserving path exactly. Verify SHA1 where the source json provides it
|
|
||||||
(libraries, assets). Halt on mismatch.
|
|
||||||
3. **Assets shortcut**: the objects (resources.download…) can be filled directly
|
|
||||||
from the asset index (same logic as `10-assets-mirror.md`) without proxy
|
|
||||||
capture — reuse that loop into `mirror/upstream/resources.download.minecraft.net/<2hex>/<hash>`.
|
|
||||||
4. **Verify offline**: re-run a launch on a second machine with internet cut and
|
|
||||||
DNS set to our dnsmasq + CA trusted. Fix any 404 → missing URL → add to fetch.
|
|
||||||
|
|
||||||
> Cautious by design: the proxy-capture enumerates whatever hosts/paths are *truly*
|
|
||||||
> hit (incl. unforeseen maven mirrors), so the mirror is complete rather than
|
|
||||||
> guessed. Re-capture if MC/NeoForge versions change.
|
|
||||||
|
|
||||||
## Guest one-time setup (offline)
|
|
||||||
|
|
||||||
1. Set laptop DNS → our dnsmasq (LAN IP). (Often via DHCP/router, or manual.)
|
|
||||||
2. Import the **Caddy root CA** into the OS/browser trust store.
|
|
||||||
3. Install Fjord, add authlib-injector account (`auth.${BASE_DOMAIN}`), import pack,
|
|
||||||
launch. All downloads resolve to the LAN mirror.
|
|
||||||
|
|
||||||
No launcher API-field overrides needed in this architecture.
|
|
||||||
|
|
||||||
## Open / reminders
|
|
||||||
|
|
||||||
- [ ] **Reminder (kept):** graduate `tls internal` → step-ca for the persistent
|
|
||||||
homelab; revisit cert distribution then.
|
|
||||||
- [ ] Confirm exact `meta.prismlauncher.org` path layout Fjord requests (fork may
|
|
||||||
pin a different meta host/version).
|
|
||||||
- [ ] Verify Caddy `tls internal` certs validate in Fjord's Qt network stack with
|
|
||||||
the root CA imported (no extra pinning).
|
|
||||||
- [ ] mitmproxy vs Caddy-log for the capture step — pick one.
|
|
||||||
- [ ] CA-trust UX per OS (Windows/macOS/Linux) — document for guests.
|
|
||||||
|
|
||||||
## Tasks
|
|
||||||
|
|
||||||
- [ ] Write `tooling/mirror-airgap.sh` (capture + fetch + sha1 verify + offline re-test)
|
|
||||||
- [ ] Add spoof `address=` lines to `dnsmasq/dnsmasq.conf.tmpl` (01)
|
|
||||||
- [ ] Add per-host `tls internal` vhosts + network aliases + mounts to Caddy (02)
|
|
||||||
- [ ] Export Caddy root CA; build a guest CA-import mini-guide (link from landing page)
|
|
||||||
- [ ] Run capture online for MC 1.21.1 + NeoForge 21.1.x; populate `mirror/upstream/`
|
|
||||||
- [ ] Offline acceptance test on a clean machine (internet cut, LAN DNS, CA trusted)
|
|
||||||
- [ ] `.gitignore` already covers `mirror/`
|
|
||||||
```
|
|
||||||
@@ -1,59 +1,75 @@
|
|||||||
# Build order — one commit per task
|
# Build order — one commit per task
|
||||||
|
|
||||||
Dependency-ordered. Each numbered item = one git commit. `main` currently has
|
Dependency-ordered. Each numbered item = one git commit. Operational steps
|
||||||
**zero commits**; item 0 is the baseline. Operational steps (pre-bake, capture,
|
(prep, acceptance test) need internet/hardware and are NOT commits — marked
|
||||||
acceptance test) need internet/hardware and are NOT commits — marked `[ops]`.
|
`[ops]`.
|
||||||
|
|
||||||
> Commit message convention: Conventional Commits, scope = service. Footer:
|
> Commit message convention: Conventional Commits, scope = service. Footer:
|
||||||
> `Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>`.
|
> `Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>`.
|
||||||
|
|
||||||
## Phase 0 — baseline
|
## Phase 0 — baseline
|
||||||
0. `chore: baseline scaffolding` — existing untracked tree (CLAUDE.md, plan/,
|
0. `chore: baseline scaffolding` — CLAUDE.md, plan/, docker-compose.yml,
|
||||||
current docker-compose.yml, extras/, .gitignore, .env.example).
|
runtime/, .gitignore, .env.example.
|
||||||
|
|
||||||
## Phase 1 — config foundation
|
## Phase 1 — config foundation
|
||||||
1. `feat(env): add BASE_DOMAIN + HOST_LAN_IP to .env.example`
|
1. `feat(env): add BASE_DOMAIN + RCON_PASSWORD + CADDY_* to .env.example`
|
||||||
2. `feat(tooling): add render-config.sh (envsubst, halt on unset var)`
|
2. `feat(tooling): add render-config.sh (envsubst BASE_DOMAIN, halt on unset)`
|
||||||
|
|
||||||
## Phase 2 — DNS + ingress (no app yet, but the backbone)
|
## Phase 2 — ingress (caddy internal router)
|
||||||
3. `feat(dnsmasq): add dnsmasq.conf.tmpl (wildcard *.BASE_DOMAIN)`
|
3. `feat(caddy): add conf.d snippets (00-core auth+pack, 10-static apex+launcher)`
|
||||||
4. `feat(caddy): add Caddyfile (apex + auth + packwiz vhosts)`
|
4. `feat(compose): add caddy service (127.0.0.1:CADDY_HTTP_PORT) + network aliases`
|
||||||
5. `feat(compose): add dnsmasq + caddy services + network aliases`
|
|
||||||
|
|
||||||
## Phase 3 — auth
|
## Phase 3 — auth
|
||||||
6. `feat(drasl): add config.toml.tmpl (password login, SignPublicKeys=false)`
|
5. `feat(drasl): add config.toml.tmpl (password login, SignPublicKeys=false)`
|
||||||
7. `refactor(compose): drasl internal-only behind caddy; authlib URL → auth.`
|
6. `refactor(compose): drasl internal-only behind caddy; authlib URL → auth.`
|
||||||
|
|
||||||
## Phase 4 — modpack
|
## Phase 4 — modpack
|
||||||
8. `feat(pack): packwiz init + initial mod curation`
|
7. `feat(pack): packwiz init + initial mod curation`
|
||||||
9. `feat(tooling): add mirror-mods.sh (vendor jars + rewrite .pw.toml URLs)`
|
8. `feat(tooling): add render-pack.sh + add-custom-mod.sh`
|
||||||
10. `refactor(compose): minecraft via PACKWIZ_URL; extras→runtime`
|
9. `refactor(compose): minecraft via PACKWIZ_URL`
|
||||||
|
|
||||||
## Phase 5 — landing
|
## Phase 5 — landing
|
||||||
11. `feat(landing): Astro+TS onboarding site → www/` (files already drafted)
|
10. `feat(landing): Astro+TS onboarding site → www/`
|
||||||
12. `chore(landing): wire logo + .gitignore for www/ + build output`
|
11. `chore(landing): wire logo + .gitignore for www/`
|
||||||
|
11b. `feat(landing): /register page → Drasl API (B1) + REGISTRATION_MODE flag`
|
||||||
|
(CORS/RateLimit/RegistrationNewPlayer in drasl config.toml.tmpl; see
|
||||||
|
`16-landing-registration.md`).
|
||||||
|
|
||||||
## Phase 6 — launcher distribution
|
## Phase 6 — launcher distribution
|
||||||
13. `feat(tooling): add fetch-launcher.sh (all platforms + stable symlinks)`
|
12. `feat(tooling): add fetch-launcher.sh (all platforms + stable symlinks)`
|
||||||
|
|
||||||
## Phase 7 — full client air-gap (chosen path, plan/11)
|
## Phase 7 — extra services
|
||||||
14. `feat(tooling): add mirror-airgap.sh (capture + fetch + sha1 verify)`
|
13. `feat(avatar): add nmsr service (Drasl-backed) + 40-avatar.caddy`
|
||||||
15. `feat(dnsmasq): add air-gap spoof records for upstream hosts`
|
14. `feat(status): add uptime-kuma service + 50-status.caddy`
|
||||||
16. `feat(caddy): add tls internal vhosts for upstream mirror hosts`
|
15. `feat(distribution): add 30-distribution.caddy (static, another repo)`
|
||||||
|
|
||||||
## Phase 8 — backups + orchestration
|
## Phase 8 — backups
|
||||||
17. `feat(compose): add mc-backup service (RCON, 6h)`
|
16. `feat(compose): add mc-backup service (RCON, 6h)`
|
||||||
18. `feat(tooling): add build-stack.sh orchestrator`
|
|
||||||
|
|
||||||
## Phase 9 — operational (no commits)
|
## Phase 9 — production ingress / TLS
|
||||||
- [ops] Run `build-stack.sh --prep` online: render configs, build landing,
|
17. `feat(nginx): add ulicraft-caddy.conf.tmpl + render-nginx.sh`
|
||||||
mirror mods, mirror air-gap, fetch launcher, **pre-bake** server volume.
|
18. `feat(tls): add issue-letsencrypt.sh (OVH DNS-01) + LE env block`
|
||||||
- [ops] Offline acceptance test: clean machine, internet cut, LAN DNS = dnsmasq,
|
|
||||||
Caddy CA trusted → install Fjord, import pack, join.
|
## Phase 11 — file share (DONE, 2026-07-14)
|
||||||
- [ops] If green: tag `v1-lan-ready`.
|
19. `feat(files): add Filestash player file share at files.${BASE_DOMAIN}` —
|
||||||
|
compose service (digest-pinned) + `60-files.caddy` + nginx vhost (2g uploads,
|
||||||
|
`/admin` rate limit) + `filestash/config.json.tmpl` rendered `:ro` +
|
||||||
|
`FILES_*` env block. One shared htpasswd login, writable. See `20-files.md`.
|
||||||
|
- [ops] `files` added to `LE_SUBDOMAINS` → `issue-letsencrypt.sh`, then
|
||||||
|
`render-nginx.sh --install` (a new subdomain needs BOTH; `update-all.sh`
|
||||||
|
does not touch host nginx).
|
||||||
|
|
||||||
|
## Phase 10 — operational (no commits)
|
||||||
|
- [ops] Prep online (once): `tooling/render-config.sh`, build landing
|
||||||
|
(`cd landing && set -a && . ../.env && set +a && pnpm run build` — sources
|
||||||
|
`.env` so `BASE_DOMAIN` + `REGISTRATION_MODE` bake into the static output),
|
||||||
|
`tooling/fetch-launcher.sh`, fetch authlib-injector into `runtime/`.
|
||||||
|
- [ops] TLS: `tooling/issue-letsencrypt.sh`, then
|
||||||
|
`tooling/render-nginx.sh --install`.
|
||||||
|
- [ops] Bring up: `docker compose up -d --build`.
|
||||||
|
- [ops] Acceptance: install Fjord, add drasl account, import pack, join.
|
||||||
|
- [ops] If green: tag `v1-ready`.
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
- Items 3–5 can be smoke-tested (`docker compose up dnsmasq caddy`) before later
|
- Bring-up is a single command — no run modes, no override compose files.
|
||||||
phases exist — Caddy serves a 404/landing, dnsmasq resolves.
|
|
||||||
- Items 14–16 depend on a working online launch to capture the URL set first.
|
|
||||||
- Each commit should leave the tree in a non-broken state (compose still parses).
|
- Each commit should leave the tree in a non-broken state (compose still parses).
|
||||||
|
|||||||
@@ -1,65 +0,0 @@
|
|||||||
# DNS strategy + run modes
|
|
||||||
|
|
||||||
How names resolve and which layers come up. Supersedes the "dnsmasq is core"
|
|
||||||
assumption in `01-dnsmasq.md`.
|
|
||||||
|
|
||||||
## Domain: `.lan`, not `.local`
|
|
||||||
|
|
||||||
`BASE_DOMAIN=ulicraft.lan` by default. `.local` is intercepted by mDNS on
|
|
||||||
macOS/Linux and does **not** resolve through a normal unicast DNS server
|
|
||||||
(that was the `DNS_PROBE_FINISHED_NXDOMAIN`). Use `.local` only with the mDNS
|
|
||||||
path below.
|
|
||||||
|
|
||||||
## Run modes — `tooling/build-stack.sh --up <mode>`
|
|
||||||
|
|
||||||
| Mode | Compose layers | Use |
|
|
||||||
|---|---|---|
|
|
||||||
| `online` | base + static | internet present; landing + launcher; no mirror |
|
|
||||||
| `airgap` | base + static + mirror | no internet; full asset mirror on `:443` (default) |
|
|
||||||
| `core` | base | debugging |
|
|
||||||
|
|
||||||
Base = drasl, minecraft, mc-backup, caddy(auth+packwiz). `static` = apex landing +
|
|
||||||
launcher + `/ca.crt`. `mirror` = upstream spoof vhosts (`tls internal`) + `:443` +
|
|
||||||
caddy aliases. `--up` prints the DNS records for the chosen mode.
|
|
||||||
|
|
||||||
## DNS: your own party server (primary)
|
|
||||||
|
|
||||||
You run the party DNS. Generate records with `tooling/dns-records.sh <mode>`:
|
|
||||||
- `online` → service names (`${BASE_DOMAIN}`, `auth.`, `packwiz.`, `mc.`) → `HOST_LAN_IP`
|
|
||||||
- `airgap` → the above **plus** the spoofed upstreams (`meta.prismlauncher.org`,
|
|
||||||
`piston-meta`/`piston-data.mojang.com`, `libraries.minecraft.net`,
|
|
||||||
`maven.neoforged.net`, `resources.download.minecraft.net`) → `HOST_LAN_IP`
|
|
||||||
|
|
||||||
Output formats: plain, `/etc/hosts`, BIND zone, dnsmasq `address=`, plus the
|
|
||||||
Minecraft SRV line. Minecraft needs no port (`mc.${BASE_DOMAIN}` defaults to 25565).
|
|
||||||
|
|
||||||
## Optional resolver layers
|
|
||||||
|
|
||||||
- **dnsmasq** (`docker-compose.dnsmasq.yml`) — turnkey DNS if you don't run your
|
|
||||||
own. Binds `${HOST_LAN_IP}:53`. Serves the rendered `dnsmasq/dnsmasq.conf`
|
|
||||||
(wildcard + airgap spoofs).
|
|
||||||
- **mDNS / Avahi** (`docker-compose.avahi.yml`, `ENABLE_MDNS=true`) — zero-config
|
|
||||||
`.local` for guests (macOS/Linux native; Windows needs Bonjour). See below.
|
|
||||||
|
|
||||||
## mDNS path (ENABLE_MDNS=true + BASE_DOMAIN=*.local)
|
|
||||||
|
|
||||||
The `avahi` container publishes the service names to the **host's** avahi-daemon
|
|
||||||
over its D-Bus socket (it does NOT run its own daemon — that collides with the
|
|
||||||
host on `:5353`).
|
|
||||||
|
|
||||||
Requirements / gotchas (build-stack warns on these):
|
|
||||||
- host runs `avahi-daemon`; `/run/dbus/system_bus_socket` mounted in.
|
|
||||||
- `security_opt: apparmor=unconfined` on the container (docker-default AppArmor
|
|
||||||
blocks the D-Bus publish).
|
|
||||||
- multi-interface hosts (e.g. many docker bridges) → avahi self-collides
|
|
||||||
("Local name collision"); set `allow-interfaces=<lan-nic>` in
|
|
||||||
`/etc/avahi/avahi-daemon.conf`.
|
|
||||||
- mDNS resolves **only** `.local`, so it cannot serve the air-gap upstream
|
|
||||||
spoofs (real public hostnames) — those always need real DNS.
|
|
||||||
|
|
||||||
## Status (tested 2026-05-24)
|
|
||||||
|
|
||||||
- `.lan` + own-DNS path: verified end-to-end (apex/auth/packwiz/ca.crt/mirror
|
|
||||||
all 200, minecraft healthy).
|
|
||||||
- mDNS publish mechanism: verified reaching host avahi; full green-light blocked
|
|
||||||
on this dev box only by its 38 docker bridges (allow-interfaces fixes it).
|
|
||||||
@@ -7,40 +7,111 @@ Production host for the Ulicraft stack.
|
|||||||
| Host | `cochi` (SSH alias) |
|
| Host | `cochi` (SSH alias) |
|
||||||
| Path | `/home/ubuntu/mc/ulicraft-server-v1` |
|
| Path | `/home/ubuntu/mc/ulicraft-server-v1` |
|
||||||
| Branch | `main` |
|
| Branch | `main` |
|
||||||
| Run mode | `online` (compose files: `docker-compose.yml` + `docker-compose.static.yml`) |
|
| Compose | single `docker-compose.yml` (no overrides) |
|
||||||
| Auth | Drasl (base stack — no Blessing Skin override) |
|
| Auth | Drasl (password login) |
|
||||||
| Restart | **hard** (`compose down` → `build-stack.sh --up`) — brief full downtime |
|
| Ingress | host nginx (Let's Encrypt TLS) → caddy → services (see 15-letsencrypt.md) |
|
||||||
|
| Restart | **hard** (`compose down` → `compose up --build`) — brief full downtime |
|
||||||
|
|
||||||
## Routine redeploy
|
## Routine redeploy
|
||||||
|
|
||||||
```bash
|
`update-all.sh` (repo root) is the **single source of truth** for the post-pull
|
||||||
ssh cochi
|
build + restart steps. Run it AFTER a `git pull` (it never pulls or pushes).
|
||||||
cd /home/ubuntu/mc/ulicraft-server-v1
|
Strict halt on any error — never a partial deploy.
|
||||||
git pull --ff-only
|
|
||||||
# hard restart: tear the stack down, then bring it back up (renders configs first)
|
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml down --remove-orphans
|
|
||||||
tooling/build-stack.sh --up online
|
|
||||||
```
|
|
||||||
|
|
||||||
Or as a one-shot from your workstation:
|
Two modes:
|
||||||
|
|
||||||
|
- `./update-all.sh` — **rolling**: `docker compose up -d --build`, then restart
|
||||||
|
ONLY the services whose mounted inputs changed since a pre-run snapshot
|
||||||
|
(drasl/nmsr on a config re-render, minecraft on a mod change). Minimal
|
||||||
|
downtime. Does **not** detect caddy static-conf (`caddy/conf.d/*.caddy`)
|
||||||
|
changes — apply those with a **recreate**, not a reload/restart (see gotcha
|
||||||
|
below): `docker compose up -d --force-recreate caddy` (no world downtime), or
|
||||||
|
`--hard` for a full redeploy.
|
||||||
|
|
||||||
|
> **Caddy conf bind mounts are inode-pinned — recreate, don't reload.** Each
|
||||||
|
> `caddy/conf.d/*.caddy` is a *single-file* bind mount, which Docker pins to
|
||||||
|
> the host file's inode at container creation. `git pull` rewrites a tracked
|
||||||
|
> file via atomic rename = a NEW inode, so the running container keeps the OLD
|
||||||
|
> config. `docker compose restart caddy` and `caddy reload` reuse the same
|
||||||
|
> container → same stale inode → no effect. Only re-creating the container
|
||||||
|
> (`up -d --force-recreate caddy`, or the `--hard` down/up) re-resolves the
|
||||||
|
> mount. Verify: `docker compose exec caddy cat /etc/caddy/conf.d/<file>`.
|
||||||
|
- `./update-all.sh --hard` — `docker compose down --remove-orphans && up -d
|
||||||
|
--build`. Full restart (Minecraft world downtime); picks up everything.
|
||||||
|
|
||||||
|
One-shot full redeploy from your workstation (the `deploy` skill does exactly
|
||||||
|
this):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh cochi 'set -e
|
ssh cochi 'set -e
|
||||||
cd /home/ubuntu/mc/ulicraft-server-v1
|
cd /home/ubuntu/mc/ulicraft-server-v1
|
||||||
git pull --ff-only
|
git pull --ff-only
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml down --remove-orphans
|
tooling/fetch-authlib.sh # ensure authlib jar (rarely changes; NOT in update-all)
|
||||||
tooling/build-stack.sh --up online'
|
./update-all.sh --hard'
|
||||||
```
|
```
|
||||||
|
|
||||||
`build-stack.sh --up online` runs preflight (checks `.env`), `render-config.sh`
|
Everyday landing/config tweak (no world downtime):
|
||||||
(which renders configs + `render-pack.sh` for the packwiz pack), then
|
|
||||||
`docker compose ... up -d` with the online file set.
|
```bash
|
||||||
|
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && git pull --ff-only && ./update-all.sh'
|
||||||
|
```
|
||||||
|
|
||||||
|
> **Same inode trap for `filestash/config.json`.** It is a single-file bind mount
|
||||||
|
> *and* it is re-rendered on every `update-all.sh` run, so a **rolling** update
|
||||||
|
> after any `FILES_*` change (rotating the shared password, flipping
|
||||||
|
> `FILES_AUTH`) leaves filestash reading the stale inode. Apply with
|
||||||
|
> `docker compose up -d --force-recreate filestash`. `--hard` is unaffected.
|
||||||
|
> Also: never run `docker compose up` on the host without rendering first — a
|
||||||
|
> missing `filestash/config.json` makes Docker create a **directory** at that
|
||||||
|
> path. See `plan/20-files.md`.
|
||||||
|
|
||||||
|
Steps `update-all.sh` runs, in order: `render-config.sh` (drasl/nmsr/filestash
|
||||||
|
from `.env`; halts on a bad `REGISTRATION_MODE`, a bad `FILES_AUTH`, or a
|
||||||
|
`FILES_PASSWORD_HASH` in a format the htpasswd plugin can't verify) →
|
||||||
|
`sync-server-mods.sh` (mirror the
|
||||||
|
`both`/`server` subset from `mods-sides.json` out of `$DISTRIBUTION_WEB_ROOT`
|
||||||
|
into `./server-mods`) → `build-modlist.py` (regen landing `mods.json` + logos;
|
||||||
|
**run under `python>=3.11`** — cochi's default `python3` is 3.10, but
|
||||||
|
`python3.11` is installed and the script auto-selects it) → landing `pnpm build`
|
||||||
|
(sources nvm + `.env`, never `npm`) → docker compose. `$DISTRIBUTION_WEB_ROOT`
|
||||||
|
must resolve on the host (it also backs the caddy `distribution.` mount).
|
||||||
|
|
||||||
|
### Landing site + mod list (generated, not in git)
|
||||||
|
|
||||||
|
Both the static site `www/` AND the landing `mods.json` are gitignored — a `git
|
||||||
|
pull` never updates them. `update-all.sh` regenerates both every run
|
||||||
|
(`mods.json` via `build-modlist.py`, `www/` via `pnpm build`). A flag-only
|
||||||
|
`REGISTRATION_MODE` change just needs a rolling `./update-all.sh`: it rebuilds
|
||||||
|
`www/` (bakes the invite-field on/off) and restarts `drasl` only if
|
||||||
|
`render-config.sh` changed its config (Drasl's `RequireInvite`/CORS/RateLimit) —
|
||||||
|
no world downtime.
|
||||||
|
|
||||||
|
## Host-local divergence on `cochi` — RESOLVED (verified 2026-07-14)
|
||||||
|
|
||||||
|
**There are no longer any tracked modifications on the host.** `git diff HEAD`
|
||||||
|
is empty; `git pull --ff-only` fast-forwards cleanly (confirmed on the filestash
|
||||||
|
deploy). The old divergence — `docker-compose.yml` forced `http`→`https`,
|
||||||
|
`landing/package.json`, `landing/pnpm-workspace.yaml` — has been converged into
|
||||||
|
the repo. The stash–pull–pop dance previously documented here is **no longer
|
||||||
|
needed**.
|
||||||
|
|
||||||
|
What remains on the host is **untracked only**, so it never blocks a pull:
|
||||||
|
|
||||||
|
- `dnsmasq/`, `caddy/caddy-root-ca.crt` — internal DNS + private CA so containers
|
||||||
|
resolve/trust `https://auth.` etc. Host-local infra, deliberately not in git.
|
||||||
|
- `pack/` — **stale leftover** from the packwiz era (packwiz was removed; see
|
||||||
|
`04-mods.md`). Nothing reads it. Safe to delete.
|
||||||
|
|
||||||
|
Still true, and worth keeping: never `git reset --hard` or discard on the host
|
||||||
|
without confirming first, and re-check `git status` there before any deploy that
|
||||||
|
touches tracked files — a *new* host-local edit would reintroduce the abort.
|
||||||
|
|
||||||
## What survives a hard restart
|
## What survives a hard restart
|
||||||
|
|
||||||
Named volumes persist — world and auth data are safe:
|
Named volumes persist — world and auth data are safe:
|
||||||
- `mc_data` — world + installed NeoForge/mods
|
- `mc_data` — world + installed NeoForge/mods
|
||||||
- `drasl_state` — Drasl accounts/skins
|
- `drasl_state` — Drasl accounts/skins
|
||||||
|
- `kuma_data` — Uptime Kuma config/history
|
||||||
- `backups/` — mc-backup snapshots
|
- `backups/` — mc-backup snapshots
|
||||||
|
|
||||||
`down` removes **containers**, not volumes. Players are disconnected during the
|
`down` removes **containers**, not volumes. Players are disconnected during the
|
||||||
@@ -49,22 +120,35 @@ restart (a few minutes); they reconnect once `minecraft` is healthy again.
|
|||||||
## Prerequisites (one-time, on `cochi`)
|
## Prerequisites (one-time, on `cochi`)
|
||||||
|
|
||||||
- SSH access as the `cochi` alias.
|
- SSH access as the `cochi` alias.
|
||||||
- `.env` present and complete: `BASE_DOMAIN`, `HOST_LAN_IP`, `RCON_PASSWORD`
|
- `.env` present and complete: `BASE_DOMAIN`, `RCON_PASSWORD`, `CADDY_HTTP_PORT`,
|
||||||
(`render-config.sh` halts on any unset var, even in online mode).
|
`CADDY_HTTP_BIND`, `DISTRIBUTION_WEB_ROOT`, `REGISTRATION_MODE` (`invite`|`open`,
|
||||||
- Docker + compose plugin, `packwiz`, `envsubst`, `git`.
|
defaults `invite`), the `FILES_*` block (`plan/20-files.md`), and the Let's
|
||||||
- **First deploy only** — heavy online prep (fetch launcher, pre-bake the server
|
Encrypt block. `render-config.sh` halts on an unset `BASE_DOMAIN`, an invalid
|
||||||
volume, etc.):
|
`REGISTRATION_MODE`/`FILES_AUTH`, or a `FILES_PASSWORD_HASH` the htpasswd
|
||||||
```bash
|
plugin can't verify.
|
||||||
tooling/build-stack.sh --prep
|
> **A missing `FILES_*` var takes the WHOLE stack down, not just filestash.**
|
||||||
```
|
> The compose service uses `${FILES_DATA_DIR:?}` / `${FILES_LOCAL_SECRET:?}`
|
||||||
Not needed for routine redeploys; `--up` alone re-syncs the pack and configs.
|
> guards, and compose fails the entire file on an unset required var — so
|
||||||
|
> `up` starts *nothing*, and a `--hard` deploy has already run `down`. Check
|
||||||
|
> `.env` on the host **before** deploying a commit that adds a guarded service.
|
||||||
|
- Docker + compose plugin, `envsubst`, `jq` (used by `sync-server-mods.sh`;
|
||||||
|
falls back to `python3` if absent), `git`.
|
||||||
|
- Host nginx + Let's Encrypt certs installed once — see `15-letsencrypt.md`.
|
||||||
|
- **First deploy only** — online prep (build landing, fetch launcher, fetch
|
||||||
|
authlib into `runtime/`). Not needed for routine redeploys.
|
||||||
|
|
||||||
## Verify
|
## Verify
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml ps
|
docker compose ps # caddy drasl minecraft mc-backup nmsr mc-status uptime-kuma filestash
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml logs -f minecraft # watch for "Done"
|
# self-hosted live status feed (plan/15-mc-status.md):
|
||||||
curl -fsS "http://auth.$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/" >/dev/null && echo "auth ok"
|
curl -fsS "https://$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/api/mcstatus/v2/status/java/$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)" | jq .online
|
||||||
|
# server ready — match the full marker, not a bare "Done" (that also hits mod-load lines)
|
||||||
|
docker compose logs -f minecraft | grep -m1 'Done ([0-9.]*s)! For help'
|
||||||
|
curl -fsS "https://auth.$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/" >/dev/null && echo "auth ok"
|
||||||
|
# files. — 200 = live; anonymous API must be REFUSED (auth is on)
|
||||||
|
curl -s -o /dev/null -w 'files: %{http_code}\n' "https://files.$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/"
|
||||||
|
curl -s -H 'X-Requested-With: XmlHttpRequest' "https://files.$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/api/session" # want "Not authorised"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Rollback
|
## Rollback
|
||||||
@@ -72,15 +156,14 @@ curl -fsS "http://auth.$(grep '^BASE_DOMAIN=' .env | cut -d= -f2)/" >/dev/null &
|
|||||||
```bash
|
```bash
|
||||||
git log --oneline -5 # find the last-good commit
|
git log --oneline -5 # find the last-good commit
|
||||||
git checkout <sha> # or: git reset --hard <sha>
|
git checkout <sha> # or: git reset --hard <sha>
|
||||||
docker compose -f docker-compose.yml -f docker-compose.static.yml down --remove-orphans
|
docker compose down --remove-orphans
|
||||||
tooling/build-stack.sh --up online
|
docker compose up -d --build
|
||||||
```
|
```
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
- **Online mode needs internet** on `cochi` at restart (no air-gap mirror): the
|
- Production needs internet on `cochi` at restart: the server installs/re-syncs
|
||||||
server installs NeoForge + mods over the network. For an internet-less deploy,
|
NeoForge + mods over the network.
|
||||||
switch to `airgap` (needs `--prep` first) — see `plan/13-dns-and-run-modes.md`.
|
- All ingress goes through host nginx → caddy. After a redeploy, nginx config is
|
||||||
- Switching to the **Blessing Skin** auth variant changes the file set to
|
unchanged; only re-run `tooling/render-nginx.sh --install` if `BASE_DOMAIN` /
|
||||||
`-f docker-compose.yml -f docker-compose.blessingskin.yml` (see
|
`CADDY_HTTP_PORT` changed (see `15-letsencrypt.md`).
|
||||||
`plan/03b-blessing-skin.md`); update the `down`/`up` commands accordingly.
|
|
||||||
|
|||||||
123
plan/15-drasl-ui-customization.md
Normal file
123
plan/15-drasl-ui-customization.md
Normal file
@@ -0,0 +1,123 @@
|
|||||||
|
# Drasl Web UI Customization
|
||||||
|
|
||||||
|
> How far you can reskin Drasl's web frontend, and what it costs.
|
||||||
|
> Source repo: <https://github.com/unmojang/drasl> · config docs:
|
||||||
|
> <https://github.com/unmojang/drasl/blob/master/doc/configuration.md>
|
||||||
|
|
||||||
|
## TL;DR
|
||||||
|
|
||||||
|
Drasl has **no theme/plugin system**. You get three tiers, increasing effort:
|
||||||
|
|
||||||
|
1. **Config knobs** (runtime, trivial) — rename instance, toggle footer / 3D bg.
|
||||||
|
2. **Static-asset override** (mount, easy) — swap `style.css`, `logo.svg`, `icon.png`.
|
||||||
|
3. **Template / fork** (build, heavy) — edit `view/*.tmpl`, rebuild the image.
|
||||||
|
|
||||||
|
For a "very noob-friendly UI" the realistic win is **tier 2** (reskin CSS + logo)
|
||||||
|
plus a **dead-simple guide page on the landing site** that walks guests through
|
||||||
|
register → login → upload skin, screenshots included. Drasl's own pages stay the
|
||||||
|
backend; the landing page is where you make it friendly.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Tier 1 — Config knobs (config.toml)
|
||||||
|
|
||||||
|
Live in `drasl/config/config.toml.tmpl`. Already rendered into the container at
|
||||||
|
`/etc/drasl/config.toml`. No rebuild — just `docker compose restart drasl`.
|
||||||
|
|
||||||
|
| Option | Default | Effect |
|
||||||
|
|--------|---------|--------|
|
||||||
|
| `InstanceName` | `"Drasl"` | Site name shown in header/title. Set to `"Ulicraft Accounts"`. |
|
||||||
|
| `ApplicationOwner` | `"Anonymous"` | Owner label (already `"Ulicraft"`). |
|
||||||
|
| `EnableBackgroundEffect` | `true` | 3D animated background. Off = cleaner/faster. |
|
||||||
|
| `EnableFooter` | `true` | Footer block. |
|
||||||
|
| `EnableWebFrontEnd` | `true` | Master switch for the whole web UI. |
|
||||||
|
|
||||||
|
Low effort, low ceiling. Does **not** change layout, colors, or copy.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Tier 2 — Static-asset override (CSS + logo) ← recommended
|
||||||
|
|
||||||
|
Drasl serves static files from **`DataDirectory`** (default `/usr/share/drasl`).
|
||||||
|
The shipped assets live in the image's `public/`:
|
||||||
|
|
||||||
|
- `style.css` — primary stylesheet (all colors/spacing/theme)
|
||||||
|
- `logo.svg` — header logo
|
||||||
|
- `icon.png` — favicon
|
||||||
|
- `openid-logo.svg` — OIDC button icon (unused here, no OIDC)
|
||||||
|
|
||||||
|
### Plan
|
||||||
|
|
||||||
|
1. Pull the upstream `style.css` as a baseline:
|
||||||
|
<https://raw.githubusercontent.com/unmojang/drasl/master/public/style.css>
|
||||||
|
2. Create `drasl/public/` in this repo. Drop in your edited `style.css`,
|
||||||
|
`logo.svg`, `icon.png`.
|
||||||
|
3. Bind-mount over the container's asset dir in `docker-compose.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
drasl:
|
||||||
|
volumes:
|
||||||
|
- ./drasl/config:/etc/drasl:ro
|
||||||
|
- ./drasl/public:/usr/share/drasl/public:ro # <-- add
|
||||||
|
- drasl_state:/var/lib/drasl
|
||||||
|
```
|
||||||
|
|
||||||
|
⚠ **Verify the exact in-container path first** — assets may sit at
|
||||||
|
`/usr/share/drasl/public/` or directly under `/usr/share/drasl/`. Check:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker compose exec drasl sh -c 'find /usr/share/drasl -name style.css'
|
||||||
|
```
|
||||||
|
|
||||||
|
Mount to match whatever that prints. Mount the *directory*, not the single
|
||||||
|
file, so the logo/icon ride along.
|
||||||
|
4. `docker compose up -d drasl`. Hard-refresh browser (CSS cache).
|
||||||
|
|
||||||
|
Ceiling: full restyle of existing pages — colors, fonts, button sizes, hide
|
||||||
|
clutter, big friendly upload button. Cannot add/remove page elements or reword
|
||||||
|
text (that's the templates → tier 3).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Tier 3 — Templates / fork (heavy)
|
||||||
|
|
||||||
|
Page structure + copy live in Go templates `view/*.tmpl`, **embedded into the
|
||||||
|
binary at build time** (Go `embed.FS`) — not overridable by mounting. Files:
|
||||||
|
|
||||||
|
```
|
||||||
|
root.tmpl user.tmpl player.tmpl registration.tmpl
|
||||||
|
complete-registration.tmpl challenge.tmpl admin.tmpl
|
||||||
|
layout.tmpl header.tmpl footer.tmpl error.tmpl
|
||||||
|
```
|
||||||
|
|
||||||
|
To change them you must **fork + rebuild**:
|
||||||
|
|
||||||
|
1. Fork `unmojang/drasl`.
|
||||||
|
2. Edit `view/*.tmpl` (reword, restructure, add help text/links).
|
||||||
|
3. Build a custom image, push to your registry (or build locally).
|
||||||
|
4. Point `image:` in compose at your fork.
|
||||||
|
|
||||||
|
Maintenance cost: you now track upstream and rebase on releases. Only worth it
|
||||||
|
if tier 2 + landing-page guide aren't enough.
|
||||||
|
|
||||||
|
Alternative to forking: **build a thin custom frontend** that talks to Drasl's
|
||||||
|
HTTP API (see `api.go`) for the one flow guests care about (login + skin
|
||||||
|
upload), hosted at e.g. `${BASE_DOMAIN}/skins`. More code, but total UI control
|
||||||
|
and no upstream coupling. Overkill for 4–10 friends.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Recommended path for Ulicraft
|
||||||
|
|
||||||
|
1. **Tier 1**: `InstanceName = "Ulicraft Accounts"`, decide on bg/footer.
|
||||||
|
2. **Tier 2**: reskin `style.css` to match the landing page, swap logo + favicon.
|
||||||
|
3. **Landing-page guide**: add a `/skins` (or `/help`) page on the apex landing
|
||||||
|
site — numbered steps + screenshots: register at `auth.`, log in, upload skin,
|
||||||
|
done. This is what actually makes it noob-friendly; Drasl stays the plumbing.
|
||||||
|
4. Skip tier 3 unless a specific page is confusing enough to justify a fork.
|
||||||
|
|
||||||
|
## Related
|
||||||
|
|
||||||
|
- Skin/cape config flags: see `plan/03-drasl.md` and CLAUDE.md gotchas.
|
||||||
|
- `AllowTextureFromURL = true` lets guests paste a skin URL (e.g. from a skin
|
||||||
|
site) instead of uploading a file — friendlier for non-technical users.
|
||||||
@@ -1,25 +1,17 @@
|
|||||||
# TLS — Let's Encrypt (OVH DNS-01) + host nginx ingress
|
# TLS — Let's Encrypt (OVH DNS-01) + host nginx ingress
|
||||||
|
|
||||||
Production serves real, publicly-trusted certs via the **host's nginx**. Caddy is
|
Production serves real, publicly-trusted certs via the **host's own nginx**.
|
||||||
no longer the production ingress — it moved to its own compose file for the
|
nginx terminates TLS and reverse-proxies every vhost to the caddy container
|
||||||
LAN/air-gap path.
|
(published localhost-only on `${CADDY_HTTP_PORT}`) by Host header. caddy is the
|
||||||
|
internal router; nginx is the public TLS terminator. This is the only ingress
|
||||||
## Two ingress paths
|
path — there are no compose overrides.
|
||||||
|
|
||||||
| Path | Ingress | Compose | TLS |
|
|
||||||
|------|---------|---------|-----|
|
|
||||||
| Production | host **nginx** | `docker-compose.yml` + `docker-compose.nginx.yml` | Let's Encrypt (this doc) |
|
|
||||||
| LAN / air-gap | **caddy** container | `docker-compose.yml` + `docker-compose.caddy.yml` (+ static/mirror) | Caddy internal CA |
|
|
||||||
|
|
||||||
`build-stack.sh` drives the caddy path (adds `docker-compose.caddy.yml`
|
|
||||||
automatically). The nginx path is a manual deploy (below). This supersedes the
|
|
||||||
ingress part of `plan/14-deploy.md` for production.
|
|
||||||
|
|
||||||
## Certs: one per name, via OVH DNS-01
|
## Certs: one per name, via OVH DNS-01
|
||||||
|
|
||||||
`tooling/issue-letsencrypt.sh` issues a **separate** cert for the apex and each
|
`tooling/issue-letsencrypt.sh` issues a **separate** cert for the apex and each
|
||||||
subdomain (`${BASE_DOMAIN}`, `auth.…`, `pack.…`) using acme.sh + the OVH DNS-01
|
subdomain (`${BASE_DOMAIN}`, `auth.…`, plus the rest of
|
||||||
challenge — no inbound ports needed, so it works even on a LAN-only host.
|
`LE_SUBDOMAINS`) using acme.sh + the OVH DNS-01 challenge — no inbound ports
|
||||||
|
needed, so it works regardless of public reachability.
|
||||||
|
|
||||||
### One-time setup
|
### One-time setup
|
||||||
|
|
||||||
@@ -46,31 +38,30 @@ the reload with `RELOAD_CMD=...` if nginx isn't systemd-managed.
|
|||||||
|
|
||||||
## nginx
|
## nginx
|
||||||
|
|
||||||
1. Stack up with the nginx override (publishes drasl on `127.0.0.1:25585`):
|
1. Bring the stack up (caddy publishes on `127.0.0.1:${CADDY_HTTP_PORT}`):
|
||||||
```bash
|
```bash
|
||||||
docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
|
docker compose up -d --build
|
||||||
```
|
```
|
||||||
2. Render + install the vhost (`nginx/ulicraft.conf.tmpl`):
|
2. Render + install the vhost (`nginx/ulicraft-caddy.conf.tmpl`):
|
||||||
```bash
|
```bash
|
||||||
APP_DIR=/home/ubuntu/mc/ulicraft-server-v1 BASE_DOMAIN=ulicraft.net \
|
tooling/render-nginx.sh --install
|
||||||
envsubst '$APP_DIR $BASE_DOMAIN' \
|
|
||||||
< nginx/ulicraft.conf.tmpl | sudo tee /etc/nginx/sites-available/ulicraft.conf
|
|
||||||
sudo ln -sf /etc/nginx/sites-available/ulicraft.conf /etc/nginx/sites-enabled/
|
|
||||||
sudo nginx -t && sudo systemctl reload nginx
|
|
||||||
```
|
```
|
||||||
nginx then: apex + `pack.*` as static files (`www`, `pack`, `custom`),
|
This substitutes `$BASE_DOMAIN $APP_DIR $CADDY_HTTP_PORT`, writes to
|
||||||
`auth.*` → drasl. Ensure `www-data` can read `$APP_DIR/{www,pack,custom,certs}`.
|
`sites-available`, symlinks `sites-enabled`, runs `nginx -t`, and reloads
|
||||||
|
nginx. nginx then terminates TLS per vhost (certs under `$APP_DIR/certs`) and
|
||||||
|
reverse-proxies each Host to caddy on `127.0.0.1:${CADDY_HTTP_PORT}`. Ensure
|
||||||
|
`www-data` can read `$APP_DIR/certs`.
|
||||||
|
|
||||||
## DNS
|
## DNS
|
||||||
|
|
||||||
Point the public/party DNS for `${BASE_DOMAIN}`, `auth.${BASE_DOMAIN}`,
|
Point the public DNS for `${BASE_DOMAIN}` and every subdomain
|
||||||
`pack.${BASE_DOMAIN}` at the host. The Minecraft container reaches them via
|
(`auth.` `avatar.` `status.` `distribution.` `www.`) at the host running
|
||||||
`extra_hosts: host-gateway` (set in `docker-compose.nginx.yml`) and uses HTTPS —
|
nginx. DNS is configured **outside this repo**. The Minecraft container reaches
|
||||||
the JVM trusts Let's Encrypt with no CA import (the big win over the internal CA).
|
the stack's own names via caddy's `mcnet` aliases, not public DNS.
|
||||||
|
|
||||||
## Why DNS-01 (not HTTP-01)
|
## Why DNS-01 (not HTTP-01)
|
||||||
|
|
||||||
`HOST_LAN_IP` shows a LAN host; HTTP-01/TLS-ALPN-01 need public inbound on 80/443.
|
|
||||||
DNS-01 only needs the OVH API, so it issues regardless of public reachability —
|
DNS-01 only needs the OVH API, so it issues regardless of public reachability —
|
||||||
and `ulicraft.net` is a real OVH-managed domain, which LE requires (it never
|
and `ulicraft.net` is a real OVH-managed domain, which LE requires (it never
|
||||||
issues for `.lan`/`.local`).
|
issues for `.lan`/`.local`). HTTP-01/TLS-ALPN-01 would need public inbound on
|
||||||
|
80/443. The JVM trusts the resulting Let's Encrypt certs with no CA import.
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user