erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

factorio: init container

Browse source
This commit is contained in:
Erwin Boskma 2024-11-12 20:11:52 +01:00
parent aad8139fdc
commit 4800ae998d
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
4 changed files with 159 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &erwin_horus age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg - &erwin_horus age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
- &loki age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5 - &loki age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
- &ci age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l - &ci age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
- &factorio age1j3456p2yhs82wcxp33r8nr7zc70shuusqnpyfxe6992w28rg5ywq83es27
- &frigate age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf - &frigate age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf
- &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd - &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
- &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2 - &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2
@ -29,6 +30,12 @@ creation_rules:
- *erwin - *erwin
- *erwin_horus - *erwin_horus
- *ci - *ci
- path_regex: machines/factorio/[^/]+\.yaml$
key_groups:
- age:
- *erwin
- *erwin_horus
- *factorio
- path_regex: machines/frigate/[^/]+\.yaml$ - path_regex: machines/frigate/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:

9
machines/default.nix
View file

@ -10,6 +10,15 @@ inputs: {
# tags = [ "container" ]; # tags = [ "container" ];
# }; # };
}; };
factorio = {
config = import ./factorio/configuration.nix inputs;
deploy = {
host = "10.0.0.233";
# host = "factorio.barn-beaver.ts.net";
targetUser = "erwin";
tags = [ "container" ];
};
};
frigate = { frigate = {
config = import ./frigate/configuration.nix inputs; config = import ./frigate/configuration.nix inputs;
deploy = { deploy = {

104
machines/factorio/configuration.nix Normal file
View file

@ -0,0 +1,104 @@
{
self,
...
}:
{
modulesPath,
config,
...
}:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
rust-motd.enable = true;
tailscale.enable = true;
};
boot = {
isContainer = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "read";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd = {
services.logrotate-checkconf.enable = false;
network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.208/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
services = {
factorio = {
enable = true;
game-name = "Blocks";
description = "It's cityblocks";
lan = true;
openFirewall = true;
saveName = "Blocks";
admins = [ "eboskma" ];
allowedPlayers = [ "eboskma" ];
extraSettingsFile = config.sops.secrets.factorio-config.path;
};
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
factorio-config = { };
};
system.stateVersion = "24.11";
}

39
machines/factorio/secrets.yaml Normal file
View file

@ -0,0 +1,39 @@
factorio-config: ENC[AES256_GCM,data:IBC7LYC+QpWMbPs9vpdIrtOld/qPyt+PaVHQKmbFl5iGVkKru0d9iIlV5ZQ=,iv:ArIUnPu1KoNN3o76iyvka3A1g2GEEMQLFT1F6hYE+gs=,tag:kQtoGUAo1fLEH98UY0r2LQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic2p1NFBXZTJra09NQjY5
YzcrTnY1dzl1eFJuYWZVMHUwWS9wSVc0Q0RRCkdnSFJnS3lIUWVJd2s2R0hqRzlE
dW9VSVhTZFE5a2taWVdxMzE5RlBsd3cKLS0tIDJSTTY3eTA0R2RyOEpsV0dGYndR
WEhLMEZiWEFSTDJEbU9CbU5jbU9DeVUK4hJHJz3m/lqDkW/MK/4yMoMfp0LPpmmL
S48qlzHsBP0NxbBkR6cxYgd/cI6ppVCgOkQWBAyV1wiAqyNPKAgO+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBld09PSlFjbnpkT2tqaVI4
R0RPUlk4bUdjR2lENHdVOHhJV2lWamFnTlVrCnBYSE1tRnZKb0dhMzViUCtIOVVO
QjFZMlVFV04vY0JiQ0E2K21LTGdIYU0KLS0tIGYrUzd2VXN5NFBMWmljN2pnWml4
T1pqb1dtdlAzdmNLNDBjUGFHajVCdmsKmwiA1FuwfiPG2YLUQHhFDITahl6jcwz9
CBKRPArsDXqRFQgG3DTievvPS7VmfXbyhHYyUHa5Soarr1PFYBqQ8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j3456p2yhs82wcxp33r8nr7zc70shuusqnpyfxe6992w28rg5ywq83es27
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQUxyZkFoWjJaQ0g2ZSs3
SU1Qd1c3MFp5S0piM244MTFiM0ppVWp4YjB3CkplNVp3ZUFSQ2xobnZYYkEwMS8x
NmtHMkNHQmxTTytNVXFvSzM4NWp2eWMKLS0tIGovL3pGV253QWQxdGRIKy9KdlpC
K041NXVyYjZabGQzbG9HaExYRVJ3VEkKM1pL72IU2thhKg/irj7t1m5gx3078DD7
HmyWa6+/A25fsWBHuHktUBMlOy5Jw+4ViysSNyzLMJegYRKBJAVpQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-12T18:54:05Z"
mac: ENC[AES256_GCM,data:BbA9o2hdVkhQWX4fcTUqvVWE1reo2bHVCXxFwbvF8xeXdFzFh+ijO4gqm3AoqCO8xA1nP7C3PwmQ5nx9oYMIukD1V/tW2A5WzIkbvkENva5WMvgiur34HT7TpY9GG6sDBNm2ZznEn3y9vMBOSZKQ5CKeCrMbbrXfDt7PYL1T1QY=,iv:0PhnwdK0Z9o6ffWX0cVuOxggsDBbE0S8pS0l+u4dfS8=,tag:mCBAoebs1rfdb/FzSL/6XQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1