Use new colmena option so it can handle a dirty flake

.sops.yaml

@@ -3,6 +3,7 @@ keys:
   - &erwin_horus age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
   - &loki age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
   - &ci age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
+  - &factorio age1vvxx738y8aq6sgvagz4rrjgnzuekdl20vltmp026qfnax7mdldrs3j4nrf
   - &frigate age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf
   - &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
   - &gitea-runner age19jrte20w4e5u83m5s8m8c2ca6sha6e2l2k66g28jz4mpkfs0f3jq26rdp2
@@ -29,6 +30,12 @@ creation_rules:
         - *erwin
         - *erwin_horus
         - *ci
+  - path_regex: machines/factorio/[^/]+\.yaml$
+    key_groups:
+      - age:
+        - *erwin
+        - *erwin_horus
+        - *factorio
   - path_regex: machines/frigate/[^/]+\.yaml$
     key_groups:
       - age:

Justfile

@@ -29,8 +29,8 @@ fmt:
     nix fmt
 
 deploy host:
-    colmena apply --on {{host}}
+    colmena apply --on {{host}} --experimental-flake-eval
 
 [confirm]
 cold-deploy host:
-    colmena apply --on {{host}} --reboot
+    colmena apply --on {{host}} --reboot --experimental-flake-eval

flake.nix

@@ -171,6 +171,8 @@
           }) (builtins.attrNames machines)
         );
 
+        colmenaHive = inputs.colmena.lib.makeHive self.outputs.colmena;
+
         colmena =
           {
             meta = {

machines/default.nix

@@ -10,6 +10,15 @@ inputs: {
     #   tags = [ "container" ];
     # };
   };
+  factorio = {
+    config = import ./factorio/configuration.nix inputs;
+    deploy = {
+      # host = "10.0.0.82";
+      host = "factorio.barn-beaver.ts.net";
+      targetUser = "erwin";
+      tags = [ "container" ];
+    };
+  };
   frigate = {
     config = import ./frigate/configuration.nix inputs;
     deploy = {

machines/factorio/configuration.nix

@@ -0,0 +1,96 @@
+{
+  self,
+  ...
+}:
+{
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+
+    ../../users/root
+    ../../users/erwin
+
+    ./factorio.nix
+  ];
+
+  eboskma = {
+    users.erwin = {
+      enable = true;
+      server = true;
+    };
+    nix-common = {
+      enable = true;
+      remote-builders = true;
+    };
+    rust-motd.enable = true;
+    tailscale.enable = true;
+  };
+
+  boot = {
+    isContainer = true;
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "factorio";
+    useDHCP = false;
+    useHostResolvConf = false;
+    networkmanager.enable = false;
+    useNetworkd = true;
+    nftables.enable = true;
+
+    firewall.trustedInterfaces = [ "tailscale0" ];
+  };
+
+  systemd = {
+    services = {
+      logrotate-checkconf.enable = false;
+    };
+
+    network = {
+      enable = true;
+
+      wait-online.anyInterface = true;
+
+      networks = {
+        "40-eth0" = {
+          matchConfig = {
+            Name = "eth0";
+          };
+
+          networkConfig = {
+            Address = "10.0.0.208/24";
+            Gateway = "10.0.0.1";
+            DNS = "10.0.0.206";
+            DHCP = "no";
+          };
+        };
+      };
+    };
+  };
+
+  security = {
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+      wheelNeedsPassword = false;
+    };
+    sudo.enable = false;
+  };
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = {
+    # factorio-config = {
+    #   owner = "factorio";
+    #   group = "factorio";
+    # };
+  };
+
+  system.stateVersion = "24.11";
+}

machines/factorio/factorio.nix

@@ -0,0 +1,62 @@
+{ pkgs, lib, ... }:
+let
+  modDir = ./mods;
+  modList = lib.pipe modDir [
+    builtins.readDir
+    (lib.filterAttrs (_: v: v == "regular"))
+    (lib.mapAttrsToList (k: _: k))
+    (builtins.filter (lib.hasSuffix ".zip"))
+  ];
+
+  validPath =
+    modFileName:
+    builtins.path {
+      path = "${modDir}/${modFileName}";
+      name = lib.strings.sanitizeDerivationName modFileName;
+    };
+
+  modToDrv =
+    modFileName:
+    pkgs.runCommand "copy-factorio-mods" { } ''
+      mkdir $out
+      ln -s '${validPath modFileName}' $out/'${modFileName}'
+    ''
+    // {
+      deps = [ ];
+    };
+
+  disableSpaceAge = pkgs.writeShellScript "disable-space-age" ''
+    space_age_mods=("elevated-rails" "quality" "space-age")
+
+    for mod in "''${space_age_mods[@]}"; do
+      ${lib.getExe pkgs.jaq} --arg mod_name "''${mod}" 'if .mods | map(.name) | index($mod_name) then .mods |= map(if .name == $mod_name and .enabled == true then .enabled = false else . end) else .mods += [{"name": $mod_name, "enabled": false}] end' /var/lib/factorio/mod-list.json > /var/lib/factorio/mod-list.json.tmp
+      mv /var/lib/factorio/mod-list.json.tmp /var/lib/factorio/mod-list.json
+    done
+  '';
+in
+{
+  services = {
+    factorio = {
+      enable = true;
+      game-name = "stats-export-test";
+      saveName = "stats-export-test";
+      mods = builtins.map modToDrv modList;
+      mods-dat = ./mods/mod-settings.dat;
+      lan = true;
+      admins = [ "eboskma" ];
+      nonBlockingSaving = true;
+      requireUserVerification = false;
+    };
+  };
+
+  systemd = {
+    services = {
+      factorio.serviceConfig = {
+        User = "factorio";
+        ExecStartPre = [
+          disableSpaceAge
+        ];
+      };
+    };
+  };
+}

machines/factorio/mods/mod-list.json

@@ -0,0 +1,70 @@
+{
+  "mods": 
+  [
+    
+    {
+      "name": "base",
+      "enabled": true
+    },
+    
+    {
+      "name": "elevated-rails",
+      "enabled": false
+    },
+    
+    {
+      "name": "quality",
+      "enabled": false
+    },
+    
+    {
+      "name": "space-age",
+      "enabled": false
+    },
+    
+    {
+      "name": "calculator-ui",
+      "enabled": true
+    },
+    
+    {
+      "name": "car-finder",
+      "enabled": true
+    },
+    
+    {
+      "name": "even-distribution",
+      "enabled": true
+    },
+    
+    {
+      "name": "flib",
+      "enabled": true
+    },
+    
+    {
+      "name": "OrePatchOrganizer",
+      "enabled": true
+    },
+    
+    {
+      "name": "power-grid-comb",
+      "enabled": true
+    },
+    
+    {
+      "name": "RateCalculator",
+      "enabled": true
+    },
+    
+    {
+      "name": "squeak-through-2",
+      "enabled": true
+    },
+    
+    {
+      "name": "VehicleSnap",
+      "enabled": true
+    }
+  ]
+}

machines/factorio/secrets.yaml

@@ -0,0 +1,39 @@
+factorio-config: ENC[AES256_GCM,data:Nso4QXpdmTL7jzWYJfv4TwZ68VQ8GflOpiuQx2t9kWEgeAQ1Ajq7TlG61gLKROKKGLt2FOok9tJb63Hm+HPiIyI=,iv:eMjhMhJ7kkxfJyZ0PIA72tygOFFamKneHHm5Ee+xYjs=,tag:flOiObW4RZ1ZTv/3TrWszw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMDJ4clJoa01OVmxYZVVL
+            Skxuc25VN2FNaXFDc2R3VXBrSWxBRmRlREcwClhoV3NlQkU5NHpKRStkWldZMXJK
+            ZVVDRE84c3NpUDJuTzZZa1hYMkIvQXcKLS0tIG5kYUx6L01JSDg3aklnVlY5bnNP
+            MUwvbzlackF2MW43R0k1M0piNEJtOEEKSuni5C7DZj8wmmLLvNg/TzaC8RNYr+kL
+            44rMX6m34fl9dNjSthsYrc21ygXTYgDvQ2AxeRqKZtFQLOTUxcXerQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UllsRkx1MG9QM0U4aTdl
+            TUtySG9BamdmcjBKOWdSakdORTdaZ2pVNXhNCnhWRlBxT2p6Yyt5RXZRR3c5endR
+            cXlobm5oRERzMEZvTkNEVHBsNWZMemMKLS0tIGVablNKMnVnaGxYVXpGZENic3p4
+            UDVBZEZBREMveXJSZHJNTk5vT05WMWMKKzwG7SXFEqhr4xYXVYTMkkhuRHkUcpt/
+            I/f991vQHNpBP0ogOIx8O8wLa8fhzaBCcHwh3a2sdSLJJk7C22lBDQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1vvxx738y8aq6sgvagz4rrjgnzuekdl20vltmp026qfnax7mdldrs3j4nrf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZnQ3MlE1eDU5ZXdIelAr
+            NXZkWDhlaFFGSUd4ZHdUL1U0TStCS281RDBjCjJpclJTdWNVSUxQUFhENWU5M01u
+            RTNjcy8zK1pYcjE1cWIwNDJMQ25TcjgKLS0tIEs5NHh4QXB2M3pnSXkzYStVeGU1
+            a1hiTjkvSHNWbFg0bWVHMHRtYVAxeEkKjZu0JJLN8gvEOnRuNVZjNEei83NGAJVW
+            YX0/keyoJmkq+y7A4em17NVlEwXrGL5lUpLkx+Ziwx1+uUYH6QV6Ag==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-12T19:30:54Z"
+    mac: ENC[AES256_GCM,data:PQ7b7fTauWCmI9TOujBDT4RO6WyPsBOEKL9AAYh06Xoczb4n9b1n/jMX5JN4vx4ZKq7CanlA0D9SzF5CwkoYYQPwD/R5Zg3ln14i6uQ85z5zmoizxwHrhqAJyRUniYKFqZQvQ8XelcXEbteZ32EejeTaM3TMALivFDMgSBHc+To=,iv:xQKfg9mCXjee1AetwSk17r9Uchpgy62p3Zk19COgyOw=,tag:0tqAmzUZ5dRwgI/nMRvWYA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

users/erwin/home.nix

@@ -102,7 +102,7 @@ in
             enable = true;
             name = "Erwin Boskma";
             email = "erwin@datarift.nl";
-            signingKey = "~/.ssh/id_ed25519_sk_personal.pub";
+            signingKey = "${homeCfg.home.homeDirectory}/.ssh/id_ed25519_sk_personal.pub";
             signingBackend = "ssh";
           };
           mpd.enable = true;
@@ -196,7 +196,7 @@ in
         };
         services = {
           wayvnc = {
-            enable = false;
+            enable = true;
             gpuAcceleration = true;
           };
         };