diff --git a/.sops.yaml b/.sops.yaml index 6d088f1..b5d01e1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h - &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj creation_rules: - path_regex: sus/home.xray.yaml$ @@ -22,3 +23,9 @@ creation_rules: - age: - *yukkop - *neuro-server + + - path_regex: sus/games.yaml$ + key_groups: + - age: + - *yukkop + - *games-server diff --git a/flake.nix b/flake.nix index 57549b5..5df9414 100644 --- a/flake.nix +++ b/flake.nix @@ -83,7 +83,9 @@ # NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that # unsupported on aarch64-darwin "bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; }; + # FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this "neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; }; + "games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; }; }; }; } diff --git a/legacy/helper/default.nix b/legacy/helper/default.nix index 5a68d32..a692624 100644 --- a/legacy/helper/default.nix +++ b/legacy/helper/default.nix @@ -1,3 +1,4 @@ { callPackage }: { posix-shell = callPackage ./posix-shell {}; + steam = callPackage ./steam {}; } diff --git a/legacy/helper/steam/default.nix b/legacy/helper/steam/default.nix new file mode 100644 index 0000000..b727213 --- /dev/null +++ b/legacy/helper/steam/default.nix @@ -0,0 +1,27 @@ +{ stdenv, steamcmd }: { + buildSteamServer = steamId: stdenv.mkDerivation { + pname = "astroneer-dedicated-server"; + version = "latest"; + + src = null; + + nativeBuildInputs = [ + steamcmd + ]; + + buildPhase = '' + export HOME=$TMPDIR + mkdir -p $out + steamcmd \ + +force_install_dir $out \ + +login anonymous \ + +app_update ${steamId} validate \ + +quit + ''; + + installPhase = "true"; + + dontFixup = true; + dontStrip = true; + }; +} diff --git a/nixos/module/hectic/service/astroneer.nix b/nixos/module/hectic/service/astroneer.nix new file mode 100644 index 0000000..e1cb356 --- /dev/null +++ b/nixos/module/hectic/service/astroneer.nix @@ -0,0 +1,11 @@ +{ + inputs, + flake, + self, +}: +{ + pkgs, + lib, + config, + ... +}: let in { } diff --git a/nixos/system/games/astroneer.nix b/nixos/system/games/astroneer.nix new file mode 100644 index 0000000..67d6c0d --- /dev/null +++ b/nixos/system/games/astroneer.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: let + astroneerServer = pkgs.hectic.helpers.steam.buildSteamServer 728470; +in { + options = { + + }; + config = { + systemd.services."hectic-astroneer-server" = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ steamcmd ]; + script = '' + echo zalupa + ''; + }; + }; +} diff --git a/nixos/system/games/default.nix b/nixos/system/games/default.nix new file mode 100644 index 0000000..475c58d --- /dev/null +++ b/nixos/system/games/default.nix @@ -0,0 +1,22 @@ +{ + flake, + self, + inputs, + system, + ... +}: let + # Use folder name as name of this system + name = builtins.baseNameOf ./.; + +in self.lib.nixpkgs-lib.nixosSystem { + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + config.allowUnfreePredicate = pkg: + builtins.elem (inputs.nixpkgs.lib.getName pkg) [ "steamcmd" "steam-unwrapped" ]; + }; + modules = [ + { networking.hostName = name; } + (import ./${name}.nix { inherit flake self inputs; }) + ]; +} diff --git a/nixos/system/games/games.nix b/nixos/system/games/games.nix new file mode 100644 index 0000000..c1ae2d9 --- /dev/null +++ b/nixos/system/games/games.nix @@ -0,0 +1,44 @@ +{ + inputs ? null, + flake ? null, + self ? null, + ... +}: +{ + config ? null, + pkgs ? null, + lib ? null, + modulesPath ? null, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + self.nixosModules.hectic + inputs.sops-nix.nixosModules.sops + ./astroneer.nix + ]; + + hectic = { + archetype.dev.enable = true; + hardware.hetzner-cloud = { + enable = true; + networkMatchConfigName = "enp1s0"; + ipv4 = "91.98.127.6"; + ipv6 = "2a01:4f8:1c1b:6f10"; + }; + }; + + sops = { + gnupg.sshKeyPaths = [ ]; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../../../sus/games.yaml; + + secrets."env" = {}; + }; + + environment.systemPackages = (with pkgs; [ rsync git steamcmd hectic.AstroTuxLauncher ]); + + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAaObjLBslsdTlqEcYaS1TqX4x9aVJu75y27/8MFevO'' + ]; +} diff --git a/package/AstroTuxLauncher.nix b/package/AstroTuxLauncher.nix new file mode 100644 index 0000000..ca95341 --- /dev/null +++ b/package/AstroTuxLauncher.nix @@ -0,0 +1,96 @@ +{ + pkgs, + lib, + config, + ... +}: let + astroTuxSrc = pkgs.fetchFromGitHub { + owner = "JoeJoeTV"; + repo = "AstroTuxLauncher"; + rev = "1.1.11"; + hash = "sha256-O9ZMwDioP848BXfZaUs/Bp0MyxK8t7ixI+7eAa7xXsc="; + }; + # custom package for pansi + pansiCustom = pkgs.python3Packages.buildPythonPackage rec { + pname = "pansi"; + version = "2020.7.3"; + format = "setuptools"; + + src = pkgs.fetchPypi { + inherit pname version; + hash = "sha256-vRgtUEUo+HBgGssCgq3tQRrQCgFIQnsOU6EhYvTnTc8="; + }; + + meta = with pkgs.lib; { + description = "Text mode rendering library"; + homepage = "https://github.com/technige/pansi"; + license = licenses.asl20; + }; + }; + # python environment + astroTuxLauncherEnv = pkgs.python3.withPackages ( + p: with p; [ + alive-progress + chardet + colorlog + dataclasses-json + ipy + packaging + pansiCustom + pathvalidate + psutil + requests + tomli + tomli-w + ] + ); + # everything needed to run the server that isn't python + pack = [ + pkgs.wineWowPackages.staging + pkgs.dotnet-sdk_8 + pkgs.depotdownloader + pkgs.winetricks + pkgs.gnutls + ]; +in pkgs.python3Packages.buildPythonApplication rec { + pname = "AstroTuxLauncher"; + version = "1.1.11"; + src = astroTuxSrc; + format = "other"; + nativeBuildInputs = [ + astroTuxLauncherEnv + pkgs.makeWrapper + ]; + dontBuild = true; + installPhase = '' + install -d $out/libexec/${pname} + cp -r ./* $out/libexec/${pname}/ + install -d $out/bin + + # bash script to move everything to .local/share/AstroTuxLauncher/ + cat << EOF > $out/bin/run-helper + #!${pkgs.bash}/bin/bash + set -euo pipefail + REAL_HOME=\$(getent passwd \$(whoami) | cut -d: -f6) + DATA_DIR="\''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/AstroTuxLauncher" + mkdir -p "\$DATA_DIR" + cd "\$DATA_DIR" + cp -rf $out/libexec/${pname}/* . + ${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py install -d ${pkgs.depotdownloader}/bin/DepotDownloader + exec ${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py start + EOF + chmod +x $out/bin/run-helper + + # install and run server command wrapper + makeWrapper $out/bin/run-helper $out/bin/AstroTuxLauncher \ + --prefix PATH : ${pkgs.lib.makeBinPath pack} + ''; + + meta = with pkgs.lib; { + description = "Fixes AstroTuxLauncher for NixOS so you can run a dedicated ASTRONEER server."; + homepage = "https://github.com/JoeJoeTV/AstroTuxLauncher"; + license = licenses.gpl3Only; + platforms = platforms.x86_64; + mainProgram = "AstroTuxLauncher"; + }; +} diff --git a/package/default.nix b/package/default.nix index 3798763..1d958ff 100644 --- a/package/default.nix +++ b/package/default.nix @@ -143,6 +143,7 @@ in { migrator = pkgs.callPackage ./migrator {}; nbt2json = pkgs.callPackage ./nbt2json {}; hemar-parser = pkgs.callPackage ./hemar/parser {}; + AstroTuxLauncher = pkgs.callPackage ./AstroTuxLauncher.nix {}; pg-17-ext-http = buildHttpExt pkgs "17"; pg-17-ext-smtp-client = buildSmtpExt pkgs "17"; pg-17-ext-plhaskell = buildPlHaskellExt pkgs "17"; diff --git a/package/sops.nix b/package/sops.nix deleted file mode 100644 index 7ecee5d..0000000 --- a/package/sops.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - sops, - pkgs, - lib, - ... -}: let - scriptOverride = pkgs.writeShellScriptBin "sops" '' - set -uo pipefail - - if [ -n "''${SOPS_AGE_KEY_COMMAND:-}" ]; then - dir="$(mktemp -d)" - chmod 700 "''${dir}" - export SOPS_AGE_KEY_FILE="$(mktemp --tmpdir="$dir")" - chmod 600 "''${SOPS_AGE_KEY_FILE}" - trap 'rm -f "''${SOPS_AGE_KEY_FILE}"' INT TERM EXIT - sh -c "''${SOPS_AGE_KEY_COMMAND}" > "''${SOPS_AGE_KEY_FILE}" - else - printf >&2 'sops (wrapper): ERROR: environment variable `SOPS_AGE_KEY_COMMAND` is empty or undefined\n' - printf >&2 'sops (wrapper): INFO: `SOPS_AGE_KEY_COMMAND` must contain a command that prints `age` private key\n' - printf >&2 'sops (wrapper): INFO: example: `pass show sops/myproject/key` (see https://www.passwordstore.org/)\n' - exit 1 - fi - ${sops}/bin/sops "''${@}" - ''; -in pkgs.symlinkJoin { - name = "sops-wrapper"; - paths = [ scriptOverride sops ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - set -x - for bin in $out/bin/*; do - wrapProgram "$bin" \ - --prefix PATH : ${lib.makeBinPath (with pkgs; [ - coreutils - ])} \ - --suffix PATH : ${lib.makeBinPath (with pkgs; [ - age # expected to be used by ${SOPS_AGE_KEY_COMMAND} - ])} - done - ''; - - meta = sops.meta // { - description = "${sops.meta.description} -- wrapper. Provides custom source for `age` master key."; - }; -} diff --git a/sus/games.yaml b/sus/games.yaml new file mode 100644 index 0000000..44d1b86 --- /dev/null +++ b/sus/games.yaml @@ -0,0 +1,25 @@ +env: "" +sops: + age: + - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTWZ1QnBZV2IrZ0VxSWF4 + L2RUNmsxekRJMWY0dTVqRDlrb3FPb3o1WUc0CnQ5WGNqQ2MvUFVzQStjb1ZIQ3Nw + YlQ1Nk5laDg0ZmQ3YXB4Rm5udE1IVVkKLS0tIDhXSElPQnlQUUo3QmkrSFl4SHFX + TFN3T1FiemhzWkF1ZDhPOERYTVNTTjQKfCDTWs76BzfKvSxQO3P23jpIS2mQN0xs + J/giCMh1uoPcqHA5hh04dbd1CIaXWcvo//lF6SdDtcoAZ0ilPTAX4Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVlh3OFBscEhjSFEvUHRK + TGFRM0xhRDdaMU1xS2hyNXc5c3YyWjU2SFNvCjlLTzF2TFdkeitSYXpUNk4zcHVP + NWZQQU1Ra1J0ZjRuS1JXNG82T3RVODAKLS0tIG16NE9WYldSaE9HNWRkSjV1eWY2 + RXphaHFlUEhXVElNdCtwakVkTmdYbVEKKf2pgGGSy2UX98WgU23+affI7Zs470rf + S4AGGLbIn2avEG7VKRM+/cfWZMeQgI+u8OaKs0welfTpFviFP3mSzg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-27T17:55:19Z" + mac: ENC[AES256_GCM,data:+9o4io56eObS/yZgngIBI12i7sg3TnOQ1elGVp6yVJiNmgiQ1yz14iFXag9NPnsNqgEjTGlVbzpXWpd1zMycgnjYVK5TTCAFhmLwwB0q1ZWM/13lUoadZpr4nz8BpOZ8QfXVjdBiqgxqti6vdIn4qpS2wZZ7DabLF3ZuHTzowfw=,iv:aDj4VjD8pBsIa0KxDnKhQ2ua27rQhxtNxpxGdAS8fIo=,tag:HRFiXiXoGRkE5MIRUcsF0Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2