diff --git a/.sops.yaml b/.sops.yaml index 76fe9cb..bdeec1a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,3 +5,13 @@ creation_rules: key_groups: - age: - *primary + + - path_regex: secrets/secrets-yggdrasil.yaml$ + key_groups: + - age: + - *primary + + - path_regex: secrets/secrets-loptland.yaml$ + key_groups: + - age: + - *primary diff --git a/modules/nixos/services/factorio-server/default.nix b/modules/nixos/services/factorio-server/default.nix index de2d419..37a8e97 100644 --- a/modules/nixos/services/factorio-server/default.nix +++ b/modules/nixos/services/factorio-server/default.nix @@ -8,25 +8,33 @@ with lib.${namespace}; let cfg = config.${namespace}.services.factorio-server; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkOption mkEnableOption; in { options.${namespace}.services.factorio-server = { enable = mkEnableOption "Enable Factorio Headless Server"; + sopsFile = mkOption { + type = lib.types.path; + default = lib.snowfall.fs.get-file "secrets/secrets.yaml"; + description = "SecretFile"; + }; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ pkgs.factorio-headless ]; + environment.systemPackages = [ pkgs.factorio-headless ]; sops = { secrets = { factorio_token = { restartUnits = [ "factorio.service" ]; + inherit sopsFile; }; factorio_username = { restartUnits = [ "factorio.service" ]; + inherit sopsFile; }; factorio_game_password = { restartUnits = [ "factorio.service" ]; + inherit sopsFile; }; }; templates."extraSettingsFile.json".content = '' diff --git a/secrets/secrets-loptland.yaml b/secrets/secrets-loptland.yaml new file mode 100644 index 0000000..2713740 --- /dev/null +++ b/secrets/secrets-loptland.yaml @@ -0,0 +1,24 @@ +#ENC[AES256_GCM,data:DhmsYsRs9ig5,iv:waUaAhcSgeolFkC2z3W8aGObT3Gp/oavdFfsEUVJoco=,tag:3nVYMqj+EvOz75b8KSm/8Q==,type:comment] +factorio_username: ENC[AES256_GCM,data:egV5kXtAiw==,iv:Hay0PC2yol5FAJGcWxLkxzNdwpD1V4UfDDnkhsjvjVQ=,tag:QBDS6eAeOswQoHBoi4Gj6A==,type:str] +factorio_token: ENC[AES256_GCM,data:whruEJQCNIqqfMA0A3yQdwwrzpIJBt815Lvex4Au,iv:hh3zZt+UxV9ltSHIAjpTRwtDvPgPU5APrB/1bXtKUkE=,tag:AgUmBYWp+Oyxm8O7yD8vlA==,type:str] +factorio_game_password: ENC[AES256_GCM,data:Gu/p0+Sbd6Y=,iv:6AB1T3JdleiUnusU7hw/0wOFNSBsAsBgP2yD9FB7zXk=,tag:DMgD4csthynuBon+KNZtOw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NFlTd2hOTHBtUDhuT0lF + amtLclY2ZTN0SStZQjFSNkZUd1RmMkdJZ0dJCnB2WU04dk41Qk45aGphMW9GQVJ4 + b2VWQVlOVFFLaGJWaU9FVU5ZUWtlRncKLS0tIGVPYW5DQnJMeW1qdWtINDNlQWFo + NmhrdXhpbVlmUFNsT1VaQjZyYkZkdzgKhL2BKXfPWNWUbFavpmtBQpnNEm/x0xH6 + NsjiV05AcrqPmGjj2kjvTv4ULPSoHiHiC5McUMfFTYIrCJgNvUbmMg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-06T13:41:52Z" + mac: ENC[AES256_GCM,data:Z/CkDDYJQgYasgaXiIZy+Tr5Z8DjlkLg9XxmrC2cvHABpc5g6mxxSrSYG9DforI2hHvpmz5qPZQ1ztCSft9iPetFGPuWGzCNgvp9CUfMfG7sMAF/+/vEYbgU8plNMHuEAAsfsaZA4HUbM3qHEwQdXmJ6bF+AbPGuMt4z4mSuLQA=,iv:59RdAFi1SpgF3WhDFGxjCmSumn5uxgJCPGpcFJiLhzQ=,tag:mtngOX1rM1zx+VKgaZeX3g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index 7719729..4faebcf 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -31,7 +31,10 @@ in }; services = { - factorio-server = enabled; + factorio-server = { + enable = true; + sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml"; + }; }; user.trustedPublicKeys = [