diff --git a/factorio-mods/snek/VehicleSnap_2.0.2.zip b/factorio-mods/snek/VehicleSnap_2.0.2.zip new file mode 100644 index 0000000..62e26bb Binary files /dev/null and b/factorio-mods/snek/VehicleSnap_2.0.2.zip differ diff --git a/factorio-mods/snek/factoryplanner_2.0.30.zip b/factorio-mods/snek/factoryplanner_2.0.30.zip new file mode 100644 index 0000000..38dc08a Binary files /dev/null and b/factorio-mods/snek/factoryplanner_2.0.30.zip differ diff --git a/factorio-mods/snek/flib_0.16.3.zip b/factorio-mods/snek/flib_0.16.3.zip new file mode 100644 index 0000000..eab4f7e Binary files /dev/null and b/factorio-mods/snek/flib_0.16.3.zip differ diff --git a/factorio-mods/snek/visible-planets_1.4.8.zip b/factorio-mods/snek/visible-planets_1.4.8.zip new file mode 100644 index 0000000..e1b3ce6 Binary files /dev/null and b/factorio-mods/snek/visible-planets_1.4.8.zip differ diff --git a/fili/services/default.nix b/fili/services/default.nix index 444d7b2..6a55bcc 100644 --- a/fili/services/default.nix +++ b/fili/services/default.nix @@ -6,6 +6,8 @@ _: { ./forgejo.nix ./obsidian-sync.nix + ./factorio.nix + ./media ./websites ./auth diff --git a/fili/services/factorio.nix b/fili/services/factorio.nix new file mode 100644 index 0000000..f25a4b3 --- /dev/null +++ b/fili/services/factorio.nix @@ -0,0 +1,104 @@ +{lib, pkgs, config, ...}: let + factorioVersion = version: sha: pkgs.factorio-headless.overrideAttrs (_: { + inherit version; + src = pkgs.fetchurl { + url = "https://factorio.com/get-download/${version}/headless/linux64"; + name = "factorio-headless-${version}.tar.xz"; + sha256 = sha; + }; + }); + getMods = modDir: let + modList = lib.pipe modDir [ + builtins.readDir + (lib.filterAttrs (k: v: v == "regular")) + (lib.mapAttrsToList (k: v: k)) + (builtins.filter (lib.hasSuffix ".zip")) + ]; + validPath = modFileName: + builtins.path { + path = modDir + "/${modFileName}"; + name = lib.strings.sanitizeDerivationName modFileName; + }; + modToDrv = modFileName: + pkgs.runCommand "copy-factorio-mods" {} '' + mkdir $out + ln -s '${validPath modFileName}' $out/'${modFileName}' + '' + // { deps = []; }; + in + builtins.map modToDrv modList; + factorioContainer = name: factorio-config: { + "factorio-${name}" = { + autoStart = true; + bindMounts = { + "/var/lib/factorio" = { + hostPath = "/factorio/${name}"; + isReadOnly = false; + }; + "/run/secrets" = { + hostPath = "/run/secrets"; + isReadOnly = true; + }; + "/etc/resolv.conf" = { + hostPath = "/etc/resolv.conf"; + isReadOnly = true; + }; + }; + privateUsers = "no"; + + config = { config, pkgs, lib, ... }: { + systemd.services.factorio.serviceConfig.User = "factorio"; + services.factorio = factorio-config // { + enable = true; + openFirewall = true; + + game-name = name; + saveName = name; + stateDirName = "factorio"; + }; + + nixpkgs.config = { + allowUnfree = true; + }; + + system.stateVersion = "23.11"; + + networking = { + firewall.enable = false; + }; + }; + }; + }; +in +{ + users.groups.factorio = { }; + users.users.factorio = { + isSystemUser = true; + group = "factorio"; + extraGroups = [ "storage" ]; + }; + + sops.secrets.factorio = { + sopsFile = ../../secrets/factorio.json; + format = "json"; + key = ""; + owner = "factorio"; + }; + + containers = factorioContainer "tawney" { + autosave-interval = 20; + admins = [ "jonay2000" "computerdruid" "pineapple" ]; + extraSettingsFile = config.sops.secrets.factorio.path; + # mods = getMods ../../factorio-mods/tawney; + package = factorioVersion "2.0.66" "sha256-8bOXbqzE4jOADTmdkABsNW+jZvXWQ0HFBMlcDLoyHAY="; + port = 20001; + } + // factorioContainer "snek" { + autosave-interval = 20; + admins = [ "jonay2000" "computerdruid" "pineapple" ]; + extraSettingsFile = config.sops.secrets.factorio.path; + mods = getMods ../../factorio-mods/snek; + package = factorioVersion "2.0.66" "sha256-8bOXbqzE4jOADTmdkABsNW+jZvXWQ0HFBMlcDLoyHAY="; + port = 20002; + }; +} diff --git a/fili/services/websites/mapf.nix b/fili/services/websites/mapf.nix index 5fb3a7c..a86e087 100644 --- a/fili/services/websites/mapf.nix +++ b/fili/services/websites/mapf.nix @@ -1,9 +1,9 @@ -{ flakes, ... }: +{ config +, flakes +, pkgs +, ... +}: { - # imports = [ - # flakes.mapf.nixosModules.default - # ]; - sops.secrets.mapf = { sopsFile = ../../../secrets/mapf-prod.env; }; @@ -20,11 +20,30 @@ }; }; - # donsz.services.mapf = { - # enable = true; - # envfile = "/run/secrets/sops/mapf"; - # db_name = "mapfprod"; - # db_user = "mapfprod"; - # db_password = ""; - # }; + systemd.services.mapf-server = + let + package = flakes.mapf.packages.${pkgs.system}.default; + in + { + description = "mapf-server"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + DynamicUser = "yes"; + ExecStart = "${package}/mapf_server_bin"; + Restart = "on-failure"; + RestartSec = "5s"; + EnvironmentFile = config.sops.secrets.mapf.path; + WorkingDirectory = "${package}"; + }; + + environment = { + MAPF_TEMPLATEFOLDER = "${package}/templates"; + MAPF_DBUSER = "mapfprod"; + MAPF_DBPASSWORD = ""; + MAPF_DBPORT = "3306"; + MAPF_DBHOST = "localhost"; + MAPF_DBDATABASE = "mapfprod"; + }; + }; } diff --git a/flake.lock b/flake.lock index 1194130..7245d06 100644 --- a/flake.lock +++ b/flake.lock @@ -191,11 +191,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1721482233, - "narHash": "sha256-zNTFyWdpOOTSXfCtcvdU7MjHohnKQpZcSlhCPS/C93Y=", + "lastModified": 1757529600, + "narHash": "sha256-QSubvX4HaBx1LoePLBesrQqq0UuLuL4tM0uT0ipWlu8=", "ref": "refs/heads/master", - "rev": "aa47dd1bc41ba25d14b1ac62edcee14f6fec1aa5", - "revCount": 677, + "rev": "85e88fdc8f9947cb847db49e59e3ab1b5befac97", + "revCount": 678, "type": "git", "url": "ssh://git@github.com/jdonszelmann/mapf-server" }, @@ -276,22 +276,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1703950681, - "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0aad9113182747452dbfc68b93c86e168811fa6c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1738680400, @@ -426,11 +410,11 @@ "nixpkgs-mozilla": "nixpkgs-mozilla" }, "locked": { - "lastModified": 1755627228, - "narHash": "sha256-0BiTSjVWxgFnhOFxM1hpeMoMZcQBsgZTeVIgXOSUMcg=", + "lastModified": 1758149969, + "narHash": "sha256-D1K7UQSj4A62nGS08AWK6NcN5YJzEAx3vO7MX4prhn0=", "owner": "jdonszelmann", "repo": "review-queue", - "rev": "e2cf27dea96d2fde03c913d4b4462d3785019b36", + "rev": "1ff3b6f897885af1fb4f7d98b9acb1e030a6affd", "type": "github" }, "original": { @@ -472,19 +456,18 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1704122840, - "narHash": "sha256-K+ubwROTgvoMzBe6h/JExJTdDSrX3gWNHX2XNOsybB0=", - "owner": "jdonszelmann", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "owner": "Mic92", "repo": "sops-nix", - "rev": "162696bebe125a43aaaf6a249aea16fab6925762", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { - "owner": "jdonszelmann", + "owner": "Mic92", "repo": "sops-nix", "type": "github" } diff --git a/flake.nix b/flake.nix index a458091..1ce8b3d 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ nixpkgs.url = "github:NixOS/nixpkgs/release-25.05"; colmena.url = "github:zhaofengli/colmena"; flake-utils.url = "github:numtide/flake-utils"; - sops-nix.url = "github:jdonszelmann/sops-nix"; + sops-nix.url = "github:Mic92/sops-nix"; vpn-confinement.url = "github:Maroka-chan/VPN-Confinement"; # websites @@ -16,15 +16,14 @@ reviewqueue.url = "github:jdonszelmann/review-queue"; }; outputs = - { - self, - nixpkgs, - colmena, - flake-utils, - sops-nix, - vpn-confinement, - mapf, - ... + { self + , nixpkgs + , colmena + , flake-utils + , sops-nix + , vpn-confinement + , mapf + , ... }@inputs: let pkgsForSystem = diff --git a/secrets/factorio.json b/secrets/factorio.json new file mode 100644 index 0000000..01aaf57 --- /dev/null +++ b/secrets/factorio.json @@ -0,0 +1,15 @@ +{ + "game-password": "ENC[AES256_GCM,data:2bXZIw==,iv:kJgmaUefLHo4OrBC1a1Pvc+gixKdI8ZI4yWMTOcN59A=,tag:4K8EOgslO5qVRWDZbmafkA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdE1kazRGVVpQaFlSL1Ji\nNHlNSklRbUd0aHhLUjZVSEVJQkljK2ZFT0JVCm93U3U4dkpQZ0tHYis4QnJKcEtS\nMFNUMi9WK042aFlXWHQxOVVhWjRHMFUKLS0tIHVCNHFmYThUUmt3YWhqRkFHK1l2\nR2lPWnJNV1pkU09MYi9BTDdqSmJYeDQKsS93AT1x6v07GZxrGImvH1wijJIqtBCC\nABgfLrD8XhtwQLLKGdDubOjDErbNk6xZYLJC8rAQmCGJH4iv8JcpSg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-27T19:59:38Z", + "mac": "ENC[AES256_GCM,data:QXoanBtvK2OJOBidSEDKvOILXKdD8/te0k6mnSZRhEpE4a6JOkwzTFCqJKz2KmAWWMTcAdimj5vC4NSsDoMOiUtpRGfPcxMdS1xfIU6QI1uAq+/aVuQMf5aqp2B5JieEvgDjGC0WaeZ5ebRqt5svwbQhemL7KUnukfwqVAUD6og=,iv:kINnJ9RDEQZ83pHmRClWC+X9je8EL9y8akFm7IDkEvs=,tag:XXZxJ8aCnbXBA+89mtCKlw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}