From 60578c5ad0019e42f6cd1564c7c11da16ee6cb61 Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Tue, 12 Nov 2024 20:34:34 +0100
Subject: [PATCH] factorio: Set secrets owner

---
 machines/factorio/configuration.nix | 40 +++++++++++++++++------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/machines/factorio/configuration.nix b/machines/factorio/configuration.nix
index 7916f84..4ce6a9e 100644
--- a/machines/factorio/configuration.nix
+++ b/machines/factorio/configuration.nix
@@ -47,8 +47,27 @@
     firewall.trustedInterfaces = [ "tailscale0" ];
   };
 
+  services = {
+    factorio = {
+      enable = true;
+      game-name = "Blocks";
+      description = "It's cityblocks";
+      lan = true;
+      openFirewall = true;
+      saveName = "Blocks";
+      admins = [ "eboskma" ];
+      allowedPlayers = [ "eboskma" ];
+      extraSettingsFile = config.sops.secrets.factorio-config.path;
+    };
+  };
+
   systemd = {
-    services.logrotate-checkconf.enable = false;
+    services = {
+      factorio.serviceConfig = {
+        User = "factorio";
+      };
+      logrotate-checkconf.enable = false;
+    };
 
     network = {
       enable = true;
@@ -81,23 +100,12 @@
     sudo.enable = false;
   };
 
-  services = {
-    factorio = {
-      enable = true;
-      game-name = "Blocks";
-      description = "It's cityblocks";
-      lan = true;
-      openFirewall = true;
-      saveName = "Blocks";
-      admins = [ "eboskma" ];
-      allowedPlayers = [ "eboskma" ];
-      extraSettingsFile = config.sops.secrets.factorio-config.path;
-    };
-  };
-
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
-    factorio-config = { };
+    factorio-config = {
+      owner = "factorio";
+      group = "factorio";
+    };
   };
 
   system.stateVersion = "24.11";