factorio: init container

2024-11-12 20:11:52 +01:00 · 2024-11-12 20:11:52 +01:00 · 4800ae998d
commit 4800ae998d
parent aad8139fdc
4 changed files with 159 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &erwin_horus age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
  - &loki age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
  - &ci age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
+  - &factorio age1j3456p2yhs82wcxp33r8nr7zc70shuusqnpyfxe6992w28rg5ywq83es27
  - &frigate age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf
  - &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
  - &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2
@ -29,6 +30,12 @@ creation_rules:
        - *erwin
        - *erwin_horus
        - *ci
+  - path_regex: machines/factorio/[^/]+\.yaml$
+    key_groups:
+      - age:
+        - *erwin
+        - *erwin_horus
+        - *factorio
  - path_regex: machines/frigate/[^/]+\.yaml$
    key_groups:
      - age:
--- a/machines/default.nix
+++ b/machines/default.nix
@ -10,6 +10,15 @@ inputs: {
    #   tags = [ "container" ];
    # };
  };
+  factorio = {
+    config = import ./factorio/configuration.nix inputs;
+    deploy = {
+      host = "10.0.0.233";
+      # host = "factorio.barn-beaver.ts.net";
+      targetUser = "erwin";
+      tags = [ "container" ];
+    };
+  };
  frigate = {
    config = import ./frigate/configuration.nix inputs;
    deploy = {
--- a/machines/factorio/configuration.nix
+++ b/machines/factorio/configuration.nix
@ -0,0 +1,104 @@
+{
+  self,
+  ...
+}:
+{
+  modulesPath,
+  config,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+
+    ../../users/root
+    ../../users/erwin
+  ];
+
+  eboskma = {
+    users.erwin = {
+      enable = true;
+      server = true;
+    };
+    nix-common = {
+      enable = true;
+      remote-builders = true;
+    };
+    rust-motd.enable = true;
+    tailscale.enable = true;
+  };
+
+  boot = {
+    isContainer = true;
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "read";
+    useDHCP = false;
+    useHostResolvConf = false;
+    networkmanager.enable = false;
+    useNetworkd = true;
+    nftables.enable = true;
+
+    firewall.trustedInterfaces = [ "tailscale0" ];
+  };
+
+  systemd = {
+    services.logrotate-checkconf.enable = false;
+
+    network = {
+      enable = true;
+
+      wait-online.anyInterface = true;
+
+      networks = {
+        "40-eth0" = {
+          matchConfig = {
+            Name = "eth0";
+          };
+
+          networkConfig = {
+            Address = "10.0.0.208/24";
+            Gateway = "10.0.0.1";
+            DNS = "10.0.0.206";
+            DHCP = "no";
+          };
+        };
+      };
+    };
+  };
+
+  security = {
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+      wheelNeedsPassword = false;
+    };
+    sudo.enable = false;
+  };
+
+  services = {
+    factorio = {
+      enable = true;
+      game-name = "Blocks";
+      description = "It's cityblocks";
+      lan = true;
+      openFirewall = true;
+      saveName = "Blocks";
+      admins = [ "eboskma" ];
+      allowedPlayers = [ "eboskma" ];
+      extraSettingsFile = config.sops.secrets.factorio-config.path;
+    };
+  };
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = {
+    factorio-config = { };
+  };
+
+  system.stateVersion = "24.11";
+}
--- a/machines/factorio/secrets.yaml
+++ b/machines/factorio/secrets.yaml
@ -0,0 +1,39 @@
+factorio-config: ENC[AES256_GCM,data:IBC7LYC+QpWMbPs9vpdIrtOld/qPyt+PaVHQKmbFl5iGVkKru0d9iIlV5ZQ=,iv:ArIUnPu1KoNN3o76iyvka3A1g2GEEMQLFT1F6hYE+gs=,tag:kQtoGUAo1fLEH98UY0r2LQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic2p1NFBXZTJra09NQjY5
+            YzcrTnY1dzl1eFJuYWZVMHUwWS9wSVc0Q0RRCkdnSFJnS3lIUWVJd2s2R0hqRzlE
+            dW9VSVhTZFE5a2taWVdxMzE5RlBsd3cKLS0tIDJSTTY3eTA0R2RyOEpsV0dGYndR
+            WEhLMEZiWEFSTDJEbU9CbU5jbU9DeVUK4hJHJz3m/lqDkW/MK/4yMoMfp0LPpmmL
+            S48qlzHsBP0NxbBkR6cxYgd/cI6ppVCgOkQWBAyV1wiAqyNPKAgO+g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBld09PSlFjbnpkT2tqaVI4
+            R0RPUlk4bUdjR2lENHdVOHhJV2lWamFnTlVrCnBYSE1tRnZKb0dhMzViUCtIOVVO
+            QjFZMlVFV04vY0JiQ0E2K21LTGdIYU0KLS0tIGYrUzd2VXN5NFBMWmljN2pnWml4
+            T1pqb1dtdlAzdmNLNDBjUGFHajVCdmsKmwiA1FuwfiPG2YLUQHhFDITahl6jcwz9
+            CBKRPArsDXqRFQgG3DTievvPS7VmfXbyhHYyUHa5Soarr1PFYBqQ8Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1j3456p2yhs82wcxp33r8nr7zc70shuusqnpyfxe6992w28rg5ywq83es27
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQUxyZkFoWjJaQ0g2ZSs3
+            SU1Qd1c3MFp5S0piM244MTFiM0ppVWp4YjB3CkplNVp3ZUFSQ2xobnZYYkEwMS8x
+            NmtHMkNHQmxTTytNVXFvSzM4NWp2eWMKLS0tIGovL3pGV253QWQxdGRIKy9KdlpC
+            K041NXVyYjZabGQzbG9HaExYRVJ3VEkKM1pL72IU2thhKg/irj7t1m5gx3078DD7
+            HmyWa6+/A25fsWBHuHktUBMlOy5Jw+4ViysSNyzLMJegYRKBJAVpQQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-12T18:54:05Z"
+    mac: ENC[AES256_GCM,data:BbA9o2hdVkhQWX4fcTUqvVWE1reo2bHVCXxFwbvF8xeXdFzFh+ijO4gqm3AoqCO8xA1nP7C3PwmQ5nx9oYMIukD1V/tW2A5WzIkbvkENva5WMvgiur34HT7TpY9GG6sDBNm2ZznEn3y9vMBOSZKQ5CKeCrMbbrXfDt7PYL1T1QY=,iv:0PhnwdK0Z9o6ffWX0cVuOxggsDBbE0S8pS0l+u4dfS8=,tag:mCBAoebs1rfdb/FzSL/6XQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1