feat(hosts/taygeta/factorio-server): init

Author: Misterio77

hosts/taygeta/secrets.yaml

@@ -1,9 +1,6 @@
 minecraft-secrets: ENC[AES256_GCM,data:hLwPnL+7vK5jQJGYe4ngBrU6XPeD9IzLPrGlKde7KLUQDh3zl6ewgZc6cqTfRFGxM0bs8JQKy98TqzbJ5FyhOIw39+D2znnldbPGb5TbKu5GdM63eJwM68TiTtmHhQKhaebVOz7QjsLXv4PuitSnqs4c38KZHxOVXmkqORjKKw==,iv:A7fTWZdkQvGEtATzB6bfOVFRU8gISw9NF3ILqt1WlFE=,tag:CLHzt/4wedw2qZvtFPTv/g==,type:str]
+factorio-server-password: ENC[AES256_GCM,data:PlrQnU9iQOEh,iv:s/02HaXC9VifwRlmSV6TV6W+bRe6C+O3kgT4zvbNrUY=,tag:gA7gjPXFxuDVafj+Jwq0Og==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1szxq4pz3wuxrs5ynqt3gys4wxslg27lr67smsqvg5guhap800szs3y73vd
           enc: |
@@ -14,8 +11,8 @@ sops:
             ZmZuSTJKeTU1Vzdzcnp4b1NpQnRnYlkKxzNqnDG55P1j3ZwQCpoLzYmIMMLlgAfO
             pw//QqqFD4Y1tO/sUCHvdES1AJK/itAkOuuEdJ1YA6H4VN5NmKgrDg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-30T18:53:13Z"
-    mac: ENC[AES256_GCM,data:Pm+XocUV/WInEabQxPoHUbNWxDKvYnrQwO3lS37A3ncdCevBmT1F/r18Se7pPFLU2FNwmTKbSS8JyCJoLUskG/prbzm7zqZfwy3t4dI0Mjn52VzD+6HJo/KcG34av0l5tIpLVhO/w/OiWtHmYvY6quZeVONlfDYHN646bQ5kzgY=,iv:FInXB7Nu2jintW19T/HJTTM/rE1shTlhFES1ACApvS0=,tag:5DE44rPMQ6htEqMowL7U8A==,type:str]
+    lastmodified: "2026-01-01T15:55:59Z"
+    mac: ENC[AES256_GCM,data:brA1FfNBm3UkxxU4EnB0c4XKvoaGFdWQhwrqfbZSVVVMTpgv6eVKsNeoxajiMrykAiXX+4QZElj/zPrP04ax93SykBITuwI2L/+C+qLYdF/AaFokZMgfOgSbLRsWPUN1AvRfG+bRgdL4sWBuvo5zgMf7zwlDFW9IDY7L/V+R1c4=,iv:j9tLgz7jS+R/2RL28PWDKvILFfXYc0UFBZBhTlv57Qk=,tag:p7s5nMbKYhPPlPjC98vw1g==,type:str]
     pgp:
         - created_at: "2024-12-30T18:52:52Z"
           enc: |-
@@ -36,4 +33,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 7088C7421873E0DB97FF17C2245CAB70B4C225E9
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.11.0

hosts/taygeta/services/default.nix

@@ -2,5 +2,6 @@
   imports = [
     ../../common/optional/mysql.nix
     ./minecraft
+    ./factorio.nix
   ];
 }

hosts/taygeta/services/factorio.nix

@@ -0,0 +1,47 @@
+{config, lib, ...}: let
+  stateDir = "/var/lib/${config.services.factorio.stateDirName}";
+in {
+  services.factorio = {
+    enable = true;
+    bind = "172.18.0.42";
+    loadLatestSave = true;
+    openFirewall = true;
+    extraSettings = {
+      require_user_verification = false;
+      non_blocking_saving = true;
+    };
+    extraSettingsFile = config.sops.templates.factorio-extra-settings.path;
+  };
+  sops = {
+    secrets.factorio-server-password = {
+      owner = "factorio";
+      sopsFile = ../secrets.yaml;
+    };
+    templates.factorio-extra-settings.content = builtins.toJSON {
+      game_password = config.sops.placeholder.factorio-server-password;
+    };
+  };
+
+  # Disable DynamicUser
+  systemd.services.factorio.serviceConfig = {
+    DynamicUser = lib.mkForce false;
+    User = "factorio";
+    Group = "factorio";
+  };
+  users = {
+    users.factorio = {
+      home = stateDir;
+      group = "factorio";
+      isSystemUser = true;
+    };
+    groups.factorio = {};
+  };
+  environment.persistence = {
+    "/persist".directories = [{
+      directory = stateDir;
+      user = "factorio";
+      group = "factorio";
+      mode = "0700";
+    }];
+  };
+}