fix: factorio
This commit is contained in:
parent
3134dd1fb8
commit
0dc05deed4
7 changed files with 90 additions and 19 deletions
|
@ -12,18 +12,6 @@
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
traefik.enable = true;
|
traefik.enable = true;
|
||||||
|
|
||||||
gatus.enable = true;
|
|
||||||
homepage.enable = true;
|
|
||||||
# backrest.enable = true;
|
|
||||||
|
|
||||||
plex.enable = true;
|
|
||||||
tautulli.enable = true;
|
|
||||||
syncthing.enable = true;
|
|
||||||
searxng.enable = true;
|
|
||||||
factorio.freight-forwarding.enable = true; # the factory must grow
|
|
||||||
whoogle.enable = true;
|
|
||||||
|
|
||||||
redlib.enable = true;
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
mySystem.system.motd.networkInterfaces = [ "enp1s0" ];
|
mySystem.system.motd.networkInterfaces = [ "enp1s0" ];
|
||||||
|
|
||||||
mySystem.nasFolder = "/mnt/nas";
|
mySystem.nasFolder = "/mnt/nas";
|
||||||
mySystem.system.resticBackup.local.location = "/tank/backup/nixos/nixos";
|
mySystem.system.resticBackup.local.location = "/mnt/nas/backup/nixos/nixos";
|
||||||
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
@ -36,9 +36,9 @@ rec {
|
||||||
containerExtraOptions = [ ]
|
containerExtraOptions = [ ]
|
||||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
|
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
|
||||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
|
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
|
||||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs ${folders}") tmpfsFolders) ]
|
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ]
|
||||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt no-new-privileges" ]
|
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ]
|
||||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop ALL" ]
|
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ]
|
||||||
|
|
||||||
;
|
;
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,14 @@ in
|
||||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.secrets."services/${app}/env" = {
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
owner = user;
|
||||||
|
group = group;
|
||||||
|
restartUnits = [ "podman-${app}.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers."${app}-${instance}" = {
|
virtualisation.oci-containers.containers."${app}-${instance}" = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
@ -40,6 +48,13 @@ in
|
||||||
"${persistentFolder}:/factorio:rw"
|
"${persistentFolder}:/factorio:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
|
environment =
|
||||||
|
{
|
||||||
|
UPDATE_MODS_ON_START = "false";
|
||||||
|
PORT = "34203";
|
||||||
|
RCON_PORT = "27019";
|
||||||
|
};
|
||||||
|
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||||
ports = [ (builtins.toString port) ]; # expose port
|
ports = [ (builtins.toString port) ]; # expose port
|
||||||
labels = lib.myLib.mkTraefikLabels {
|
labels = lib.myLib.mkTraefikLabels {
|
||||||
name = app;
|
name = app;
|
||||||
|
|
68
nixos/modules/nixos/containers/factorio/secret.sops.yaml
Normal file
68
nixos/modules/nixos/containers/factorio/secret.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
factorio:
|
||||||
|
env: ENC[AES256_GCM,data:mk/GJ725TxKJkNBa0T8YGOpxjthJwZLln5UQW/paElh/8FPt+WrfA3+V7Withu877Fi8jiyn+Pyq+k2mgkaQKtmcog==,iv:kxoD+Xi89Df+pBeIHlwkszbtdxUz5etHYD6rn9uLNxg=,tag:YK0EZ1bKM8AamskktTIDBQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZUxEZnBzdlBoZ245WDZD
|
||||||
|
ZXlrd2RCblR4MEo3NWE2Zk82dHBvemVYNUU4CjBCeWVsZnd6T1g0M2hqaDVWYnJX
|
||||||
|
NFNZNnRmRG9FSm56M0pXN2ljNUlHRWcKLS0tIEFmc2tlY09Qa3A3cXJxaURRNytD
|
||||||
|
UFBKWTlxYkgvUFZVckpoZHdPYUx2RTAKxz904To3LFDsiKdSM5kZylwx/lXooECm
|
||||||
|
WX5439E01p/UPqDnvOjc+5wa4Ynu5XCW5DleTdUFw2fjUrb9yg6Z6Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByenI1WktwWWhhdkdxWDFp
|
||||||
|
Nm1HTGE5U3VRUEYxSFdEOE5XSm1oMThVK0hzCitDSkptSTd4Y3dRTXlxMnJ1eWdH
|
||||||
|
d1pLNUI2T3FLWWlVSEJmb3BzRTFDTXMKLS0tIGcyWG5OSmhKZmJ6VFlJUlE4Nit2
|
||||||
|
MDlkQy9NZEg5WWtseTJFdHU1UWpvZkkKsc+vbn/lkzWtSKEvg4xSgDHM7vblgNAa
|
||||||
|
cbF4+JaMgVsyNox9kuoslzhQoE7eftcBolgRq9m1qhCUfqUhmgsS8A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Vm5UejU3bjU2MmR0bDIw
|
||||||
|
dkw3UG1jdzFwTHVGTVYrRjFNUU5GSmdkcEgwCnk0aTh3QjVWUTMzdFI1UC9XaElk
|
||||||
|
SWtIRktBc2lGOW9jdDBBcmJOSm5qRDgKLS0tIEJSUlY5dFYvcVVEdjl6bHNvazkx
|
||||||
|
QlFkUlpWRHQyanZEQmJtczRra01ibTAKR80FHc37Dnjo6zrnJHkSpYvGv9W/k4nx
|
||||||
|
vPXsNki4q6WJKec+4jebJgdoXeT1ztk1HcZquIUiNkpkx8rMrtnrMQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTlU3OVcxUnFEMmRyeHlX
|
||||||
|
UUtxK1RRM3ZubThkejdMVjRqQVp5K1o4N2ljCk9ZVk1RZmEwNXBMTitZa2NmZ1Y0
|
||||||
|
U2ZqdE81WEhzSHByN2FQMTN2M240bDAKLS0tIDVFOEhwL1I3NnRRTTBqZ1UxbEg3
|
||||||
|
M0paRmNFa3pYakFRRkxtdVAvWk5PT0UKP4nQCuFT2EiLkZUzu/XWj6+v7bdWFj4o
|
||||||
|
4oQ4bmv+hTklYb9KOl3XM089z4ixtgJeGWzUiV3Omqt3sorbG8wOBw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1ekt5xz7u2xgdzgsrffhd9x22n80cn4thxd8zxjy2ey5vq3ca7gnqz25g5r
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMOG5yMVBnSTRLckxXcFVp
|
||||||
|
cHMwcGtleGhPalROVzlIeXN0QUFqcG9YZDNZCnhSRjI2SUdqWk5KaVg5eXJZQjh2
|
||||||
|
ME5iUGNLeUxhbkc3YjczN1lmKzFGa28KLS0tIDBIYXkwSGVhVU12eDJ4Mk1ZUFk0
|
||||||
|
ZVNoUnlwRDhTM1NvZUVYUW5OWm9HdGMKZHO7ouk5xDWfSBeBLAVIYTQc4Zzp2CC8
|
||||||
|
Mxz8Sc7cIxBPb1qtYQud9pg6fxYNhvbZdwL60p6vRT/KegEmPyEgog==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaXZjb283SjFaZDBOQ1Vs
|
||||||
|
S1dEWm13dUFyWm1yUnRmaHdRUndDK3paaFI0CmxpcjJIdDZVR203WUg3dWpjbERu
|
||||||
|
OFZmVGw5Z3BYQVBBQ2VKK2M4RGgwNjAKLS0tIFFGa3V3cUU1N0RyRStJSlNkdzdV
|
||||||
|
QUx5MEkxM2h2S1FucjBhNkFVWDZnQW8Kj/iJslXSS/I019/JjdXYZsCjMHCc6drH
|
||||||
|
0kXZL4itv8pjlVGDcGZXAHiDG4+LP4pI6hx8AElTZTk+9umMtaADzg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-24T23:21:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:lhS6GQLcCUwfmoSa81vN4EkouILMAAJ1sEc/laaUAQVb3Od2olVcJnXa8wJNaqRAhK9+3B2sJ44sjg6QojU1ROqHvfr5x+rnokws2ax3ikTMZThtBeR2srj+OnvbS/Enai3MHH16bQBKmbyHCk4oHnkr7mgMkGjks1uT8pFJwuk=,iv:aZ70kTNPV/JuD4PjlB/wecCv1ynoQQ6VQ9Ob4eu2jlg=,tag:xBZHz2hm+BRfpUK5+25GQA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -41,7 +41,7 @@ in
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
environment = {
|
environment = {
|
||||||
PLEX_ADVERTISE_URL = "https://10.8.20.44:32400,https://${app}.${config.mySystem.domain}:443"; # TODO var ip
|
PLEX_ADVERTISE_URL = "https://10.8.20.42:32400,https://${app}.${config.mySystem.domain}:443"; # TODO var ip
|
||||||
};
|
};
|
||||||
ports = [ "${builtins.toString port}:${builtins.toString port}" ]; # expose port
|
ports = [ "${builtins.toString port}:${builtins.toString port}" ]; # expose port
|
||||||
labels = lib.myLib.mkTraefikLabels {
|
labels = lib.myLib.mkTraefikLabels {
|
||||||
|
|
|
@ -12,7 +12,7 @@ in
|
||||||
|
|
||||||
# fuck /u/spez
|
# fuck /u/spez
|
||||||
config =
|
config =
|
||||||
myLib.mkService
|
mkIf cfg.enable (myLib.mkService
|
||||||
{
|
{
|
||||||
app = "Redlib";
|
app = "Redlib";
|
||||||
description = "Reddit alternate frontend";
|
description = "Reddit alternate frontend";
|
||||||
|
@ -37,7 +37,7 @@ in
|
||||||
dropAll = true;
|
dropAll = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
});
|
||||||
# mkService
|
# mkService
|
||||||
# app: App Name, string, required
|
# app: App Name, string, required
|
||||||
# appUrl: App url, string, default "https://APP.DOMAIN"
|
# appUrl: App url, string, default "https://APP.DOMAIN"
|
||||||
|
|
Reference in a new issue