fix: factorio
This commit is contained in:
parent
3134dd1fb8
commit
0dc05deed4
7 changed files with 90 additions and 19 deletions
|
@ -12,18 +12,6 @@
|
|||
podman.enable = true;
|
||||
traefik.enable = true;
|
||||
|
||||
gatus.enable = true;
|
||||
homepage.enable = true;
|
||||
# backrest.enable = true;
|
||||
|
||||
plex.enable = true;
|
||||
tautulli.enable = true;
|
||||
syncthing.enable = true;
|
||||
searxng.enable = true;
|
||||
factorio.freight-forwarding.enable = true; # the factory must grow
|
||||
whoogle.enable = true;
|
||||
|
||||
redlib.enable = true;
|
||||
|
||||
|
||||
};
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
mySystem.system.motd.networkInterfaces = [ "enp1s0" ];
|
||||
|
||||
mySystem.nasFolder = "/mnt/nas";
|
||||
mySystem.system.resticBackup.local.location = "/tank/backup/nixos/nixos";
|
||||
mySystem.system.resticBackup.local.location = "/mnt/nas/backup/nixos/nixos";
|
||||
|
||||
|
||||
boot = {
|
||||
|
|
|
@ -36,9 +36,9 @@ rec {
|
|||
containerExtraOptions = [ ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs ${folders}") tmpfsFolders) ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt no-new-privileges" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop ALL" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ]
|
||||
|
||||
;
|
||||
|
||||
|
|
|
@ -33,6 +33,14 @@ in
|
|||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||
];
|
||||
|
||||
sops.secrets."services/${app}/env" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = user;
|
||||
group = group;
|
||||
restartUnits = [ "podman-${app}.service" ];
|
||||
};
|
||||
|
||||
|
||||
virtualisation.oci-containers.containers."${app}-${instance}" = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
|
@ -40,6 +48,13 @@ in
|
|||
"${persistentFolder}:/factorio:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
environment =
|
||||
{
|
||||
UPDATE_MODS_ON_START = "false";
|
||||
PORT = "34203";
|
||||
RCON_PORT = "27019";
|
||||
};
|
||||
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||
ports = [ (builtins.toString port) ]; # expose port
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
|
|
68
nixos/modules/nixos/containers/factorio/secret.sops.yaml
Normal file
68
nixos/modules/nixos/containers/factorio/secret.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
factorio:
|
||||
env: ENC[AES256_GCM,data:mk/GJ725TxKJkNBa0T8YGOpxjthJwZLln5UQW/paElh/8FPt+WrfA3+V7Withu877Fi8jiyn+Pyq+k2mgkaQKtmcog==,iv:kxoD+Xi89Df+pBeIHlwkszbtdxUz5etHYD6rn9uLNxg=,tag:YK0EZ1bKM8AamskktTIDBQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZUxEZnBzdlBoZ245WDZD
|
||||
ZXlrd2RCblR4MEo3NWE2Zk82dHBvemVYNUU4CjBCeWVsZnd6T1g0M2hqaDVWYnJX
|
||||
NFNZNnRmRG9FSm56M0pXN2ljNUlHRWcKLS0tIEFmc2tlY09Qa3A3cXJxaURRNytD
|
||||
UFBKWTlxYkgvUFZVckpoZHdPYUx2RTAKxz904To3LFDsiKdSM5kZylwx/lXooECm
|
||||
WX5439E01p/UPqDnvOjc+5wa4Ynu5XCW5DleTdUFw2fjUrb9yg6Z6Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByenI1WktwWWhhdkdxWDFp
|
||||
Nm1HTGE5U3VRUEYxSFdEOE5XSm1oMThVK0hzCitDSkptSTd4Y3dRTXlxMnJ1eWdH
|
||||
d1pLNUI2T3FLWWlVSEJmb3BzRTFDTXMKLS0tIGcyWG5OSmhKZmJ6VFlJUlE4Nit2
|
||||
MDlkQy9NZEg5WWtseTJFdHU1UWpvZkkKsc+vbn/lkzWtSKEvg4xSgDHM7vblgNAa
|
||||
cbF4+JaMgVsyNox9kuoslzhQoE7eftcBolgRq9m1qhCUfqUhmgsS8A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Vm5UejU3bjU2MmR0bDIw
|
||||
dkw3UG1jdzFwTHVGTVYrRjFNUU5GSmdkcEgwCnk0aTh3QjVWUTMzdFI1UC9XaElk
|
||||
SWtIRktBc2lGOW9jdDBBcmJOSm5qRDgKLS0tIEJSUlY5dFYvcVVEdjl6bHNvazkx
|
||||
QlFkUlpWRHQyanZEQmJtczRra01ibTAKR80FHc37Dnjo6zrnJHkSpYvGv9W/k4nx
|
||||
vPXsNki4q6WJKec+4jebJgdoXeT1ztk1HcZquIUiNkpkx8rMrtnrMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTlU3OVcxUnFEMmRyeHlX
|
||||
UUtxK1RRM3ZubThkejdMVjRqQVp5K1o4N2ljCk9ZVk1RZmEwNXBMTitZa2NmZ1Y0
|
||||
U2ZqdE81WEhzSHByN2FQMTN2M240bDAKLS0tIDVFOEhwL1I3NnRRTTBqZ1UxbEg3
|
||||
M0paRmNFa3pYakFRRkxtdVAvWk5PT0UKP4nQCuFT2EiLkZUzu/XWj6+v7bdWFj4o
|
||||
4oQ4bmv+hTklYb9KOl3XM089z4ixtgJeGWzUiV3Omqt3sorbG8wOBw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ekt5xz7u2xgdzgsrffhd9x22n80cn4thxd8zxjy2ey5vq3ca7gnqz25g5r
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMOG5yMVBnSTRLckxXcFVp
|
||||
cHMwcGtleGhPalROVzlIeXN0QUFqcG9YZDNZCnhSRjI2SUdqWk5KaVg5eXJZQjh2
|
||||
ME5iUGNLeUxhbkc3YjczN1lmKzFGa28KLS0tIDBIYXkwSGVhVU12eDJ4Mk1ZUFk0
|
||||
ZVNoUnlwRDhTM1NvZUVYUW5OWm9HdGMKZHO7ouk5xDWfSBeBLAVIYTQc4Zzp2CC8
|
||||
Mxz8Sc7cIxBPb1qtYQud9pg6fxYNhvbZdwL60p6vRT/KegEmPyEgog==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaXZjb283SjFaZDBOQ1Vs
|
||||
S1dEWm13dUFyWm1yUnRmaHdRUndDK3paaFI0CmxpcjJIdDZVR203WUg3dWpjbERu
|
||||
OFZmVGw5Z3BYQVBBQ2VKK2M4RGgwNjAKLS0tIFFGa3V3cUU1N0RyRStJSlNkdzdV
|
||||
QUx5MEkxM2h2S1FucjBhNkFVWDZnQW8Kj/iJslXSS/I019/JjdXYZsCjMHCc6drH
|
||||
0kXZL4itv8pjlVGDcGZXAHiDG4+LP4pI6hx8AElTZTk+9umMtaADzg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-24T23:21:20Z"
|
||||
mac: ENC[AES256_GCM,data:lhS6GQLcCUwfmoSa81vN4EkouILMAAJ1sEc/laaUAQVb3Od2olVcJnXa8wJNaqRAhK9+3B2sJ44sjg6QojU1ROqHvfr5x+rnokws2ax3ikTMZThtBeR2srj+OnvbS/Enai3MHH16bQBKmbyHCk4oHnkr7mgMkGjks1uT8pFJwuk=,iv:aZ70kTNPV/JuD4PjlB/wecCv1ynoQQ6VQ9Ob4eu2jlg=,tag:xBZHz2hm+BRfpUK5+25GQA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -41,7 +41,7 @@ in
|
|||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
environment = {
|
||||
PLEX_ADVERTISE_URL = "https://10.8.20.44:32400,https://${app}.${config.mySystem.domain}:443"; # TODO var ip
|
||||
PLEX_ADVERTISE_URL = "https://10.8.20.42:32400,https://${app}.${config.mySystem.domain}:443"; # TODO var ip
|
||||
};
|
||||
ports = [ "${builtins.toString port}:${builtins.toString port}" ]; # expose port
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
|
|
|
@ -12,7 +12,7 @@ in
|
|||
|
||||
# fuck /u/spez
|
||||
config =
|
||||
myLib.mkService
|
||||
mkIf cfg.enable (myLib.mkService
|
||||
{
|
||||
app = "Redlib";
|
||||
description = "Reddit alternate frontend";
|
||||
|
@ -37,7 +37,7 @@ in
|
|||
dropAll = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
# mkService
|
||||
# app: App Name, string, required
|
||||
# appUrl: App url, string, default "https://APP.DOMAIN"
|
||||
|
|
Reference in a new issue