Miscellaneous Minecraft Matters

I wanted to host a Minecraft server for me and my daughter to be able to play on. After some research, using a docker container surfaced as the easiest way to do this. Also I wanted to use Steam Link to be able to play, so I needed to add a shortcut to Minecraft in Steam.

Below are the steps that I used to accomplish this

Minecraft Bedrock Docker Server

• https://github.com/itzg/docker-minecraft-bedrock-server
• find your players XUID
• I did this by starting the server connecting and looking at the server output
• create a docker-compose.yml file where OPS has your players XUIDs in a comma separated list and ALLOW_LIST_USERS has the player names and XUIDs that you want to be able to login

version: '3.4'

services:

    bds:

        image: itzg/minecraft-bedrock-server

        environment:

            EULA: "TRUE"

            GAMEMODE: creative

            DIFFICULTY: peaceful

            SERVER_NAME: "Our World"

            OPS: "1234,5678"

            ALLOW_CHEATS: "true"

            ALLOW_LIST: "true"
            ALLOW_LIST_USERS: "player1:1234,player with spaces:5678"

        ports:

            - "19132:19132/udp"

        volumes:

            - /storage/containers/minecraft/world1:/data

        stdin_open: true

        tty: true

• start the container
• docker-compose up
• A permissions.json file will be created giving the specified players ops powers
• Note: even though your server is local the Playstation/Xbox/Switch version will not be able to connect without a PS Plus/Xbox Live/Nintendo Online subscription
• https://bugs.mojang.com/browse/BDS-1634

Adding a shortcut to Minecraft in Steam

• Find out where Minecraft was stored
• Paste the following into an explorer window:
• %LocalAppData%\Packages\
• Find the folder like:
• Microsoft.MinecraftUWP_<seemingly_random_letters_and_numbers>
• The seemingly random letters and numbers are the app id, we will need them for later
• In Steam go to your Library and click "ADD A GAME" and then "Add a Non-Steam Game..."
• Navigate to C:\Windows and select explorer.exe
• You will see a new entry in your library called explorer
• Right click on it -> Properties
• Choose an appropriate icon
• Rename it
• Click "SET LAUNCH OPTIONS"
• type/paste in the following:
• shell:appsFolder\<your-app-id>!App
• Click "OK"
• Click "CLOSE"
• You should now be able to launch Minecraft from Steam

Appendix

Sources:

• https://linustechtips.com/topic/547779-add-universal-apps-and-purchased-windows-store-games-to-steam-library-and-how-to-pin-steam-games-to-windows-taskbar-and-start-menu/

Changing a zpool from ashift=9 to ashift=12

I wanted the additional write speed on my nas drives that come from aligning the ashift value with physical sector size of my hard drives (ashift=9 is 512 bytes and ashift=12 is 4KB). Unfortunately, you cannot change ashift on an existing zpool, so you will have to backup the data, destroy the pool, recreate it, and then restore the data.

Prereq

• pv (to monitor the process/speed)
• sudo apt-get install pv
• encrypted zfs data with the "wrong" ashift value that you want to migrate

Process to move

1. Stop any process that writes to your storage that you want to move
2. Setup temporary storage location
• sudo zpool create external-storage mirror /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-XXXXXXX /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-XXXXXXX
• sudo zfs create -o encryption=aes-256-gcm -o keylocation=prompt -o keyformat=passphrase external-storage/encrypted
3. Create a snapshot
• sudo zfs snapshot storage/encrypted@migrate-20231229
• sudo zfs list -t snapshot
4. Copy snapshot over
• sudo bash -c 'zfs send storage/encrypted@migrate-20231229 | pv | zfs recv external-storage/encrypted/backup'
5. Ensure that all files have been backed up
6. Unmount the datasets
• sudo zfs unmount storage/encrypted
7. Destroy the old zpool
• sudo zpool destroy storage
8. Create the new zpool
• sudo zpool create storage mirror /dev/disk/by-id/ata-WDC_WD60EFZX-68B3FN0_WD-XXXXXXX ata-WDC_WD60EFZX-68B3FN0_WD-XXXXXXX
9. Ensure is setup with the correct ashift value
• sudo zdb -C storage | grep ashift
10. Create a temporary file to contain your passphrase because since zfs recv is using stdin to pull in the data it cannot prompt for it
• echo "super-secret" > /home/example/passphrase.txt
11. Copy snapshot back
• sudo bash -c 'zfs send external-storage/encrypted/backup@migrate-20231229 | pv | zfs recv -o encryption=aes-256-gcm -o keylocation=file:///home/example/passphrase.txt -o keyformat=passphrase storage/encrypted'
12. Change from a file to prompt for password
• sudo zfs change-key -o keylocation=prompt storage/encrypted
13. Remove the temp passphrase
• rm /home/example/passphrase.txt
14. Check that all your files are back in place
15. Now if you want you can destroy the backup or export it and keep the backup
• sudo zpool destroy external-storage
• OR
• sudo zpool export external-storage

Appendix

If you see an error like:

• cannot receive new filesystem stream: zfs receive -F cannot be used to destroy an encrypted filesystem or overwrite an unencrypted one with an encrypted one
• That means that you cannot copy to the encrypted dataset. What I did to get around this was to instead copy to a child of the encrypted dataset.

Sources:

• https://gist.github.com/kapythone/dbdbf7ad1961c606e62e215e5d30de98
• https://mtlynch.io/zfs-encrypted-backups/
• https://unix.stackexchange.com/questions/532619/encryption-of-existing-dataset-in-zfs-zol-0-8/575439#575439
• https://charsiurice.wordpress.com/2016/05/30/checking-ashift-on-existing-pools/

Migrating from eCryptFS to native zfs encryption

I wanted to move from eCryptFS on top of a zfs dataset to a more standard and speedier encryption approach which is native zfs encryption. Here is the process that I went through.

Process

1. Ensure your backups are up to date!
2. Upgrade the zpool
• ensure you are on a recent version of zfs and not zfs-fuse (see previous post)
• sudo zpool upgrade storage
3. Create the destination dataset
• sudo zfs create -o encryption=aes-256-gcm -o keylocation=prompt -o keyformat=passphrase storage/new-encrypt
4. Set/change the mount point (optional)
• sudo zfs set mountpoint=/storage/new-encrypt storage/new-encrypt
5. Move the files over
• sudo rsync -avh --progress --remove-source-files /storage/encrypted/* /storage/new-encrypt/
• -z / --compress is not needed and would slow down a local transfer
6. Remove the left over directories
• sudo find /storage/encrypted/ -type d -empty -delete
7. Verify no files are left:
• ls -al /storage/encrypted
• if any files exist then repeat the rsync
8. Unmount the encryptfs
• sudo umount /storage/encrypted
9. Remove/comment the entry from /etc/fstab
• sudo vi /etc/fstab
10. Unmount the zfs dataset
• sudo zfs unmount storage/.encrypted
11. Test destroying the zfs dataset
• sudo zfs destroy -n storage/.encrypted
12. Destroy the zfs dataset
• sudo zfs destroy storage/.encrypted
13. Change the name of new-encrypt
• sudo zfs rename storage/new-encrypt storage/encrypted
14. Update mountpoint (if required)
• sudo zfs set mountpoint=/storage/encrypted storage/encrypted

If everything works then the new zfs native encrypted dataset slots right into where the old one was and all your samba shares should be fine.

Appendix

Sources:

• https://rucore.net/en/luks-ecryptfs-or-zfs-encryption-choosing-a-way-to-protect-your-data-in-linux/