feat(nixos): some moves to nixos server

.sops.yaml

@@ -3,6 +3,7 @@ keys:
   - &yukkop       age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
   - &bfs-server   age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
   - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
 
 creation_rules:
   - path_regex: sus/home.xray.yaml$
@@ -22,3 +23,9 @@ creation_rules:
       - age:
         - *yukkop
         - *neuro-server
+
+  - path_regex: sus/games.yaml$
+    key_groups:
+      - age:
+        - *yukkop
+        - *games-server

flake.nix

@@ -83,7 +83,9 @@
       # NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
       # unsupported on aarch64-darwin
       "bfs|x86_64-linux"       = import ./nixos/system/bfs   { inherit flake self inputs; system = "x86_64-linux"; };
+      # FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this 
       "neuro|x86_64-linux"     = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; };
+      "games|x86_64-linux"     = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; };
     };
   };
 }

legacy/helper/default.nix

@@ -1,3 +1,4 @@
 { callPackage }: {
   posix-shell = callPackage ./posix-shell {};
+  steam       = callPackage ./steam       {};
 }

legacy/helper/steam/default.nix

@@ -0,0 +1,27 @@
+{ stdenv, steamcmd }: {
+  buildSteamServer = steamId: stdenv.mkDerivation {
+    pname = "astroneer-dedicated-server";
+    version = "latest";
+  
+    src = null;
+  
+    nativeBuildInputs = [
+      steamcmd
+    ];
+  
+    buildPhase = ''
+      export HOME=$TMPDIR
+      mkdir -p $out
+      steamcmd \
+        +force_install_dir $out \
+        +login anonymous \
+        +app_update ${steamId} validate \
+        +quit
+    '';
+  
+    installPhase = "true";
+  
+    dontFixup = true;
+    dontStrip = true;
+  };
+}

nixos/module/hectic/service/astroneer.nix

@@ -0,0 +1,11 @@
+{ 
+  inputs,
+  flake,
+  self,
+}:
+{ 
+  pkgs,
+  lib,
+  config,
+  ...
+}: let in { }

nixos/system/games/astroneer.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }: let 
+  astroneerServer = pkgs.hectic.helpers.steam.buildSteamServer 728470;
+in {
+  options = {
+
+  };
+  config = {
+    systemd.services."hectic-astroneer-server" = {
+      after    = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path     = with pkgs; [ steamcmd ];
+      script   = ''
+        echo zalupa
+      '';
+    };
+  };
+}

nixos/system/games/default.nix

@@ -0,0 +1,22 @@
+{
+  flake,
+  self,
+  inputs,
+  system,
+  ...
+}: let
+  # Use folder name as name of this system
+  name = builtins.baseNameOf ./.;
+
+in self.lib.nixpkgs-lib.nixosSystem {
+  pkgs = import inputs.nixpkgs {
+    inherit system;
+    overlays = [ self.overlays.default ];
+    config.allowUnfreePredicate = pkg:
+      builtins.elem (inputs.nixpkgs.lib.getName pkg) [ "steamcmd" "steam-unwrapped" ];
+  };
+  modules = [
+    { networking.hostName = name; }
+    (import ./${name}.nix { inherit flake self inputs; })
+  ];
+}

nixos/system/games/games.nix

@@ -0,0 +1,44 @@
+{
+  inputs ? null,
+  flake ? null,
+  self ? null,
+  ...
+}:
+{
+  config ? null,
+  pkgs ? null,
+  lib ? null,
+  modulesPath ? null,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    self.nixosModules.hectic
+    inputs.sops-nix.nixosModules.sops
+    ./astroneer.nix
+  ];
+
+  hectic = {
+    archetype.dev.enable = true;
+    hardware.hetzner-cloud = {
+      enable                 = true;
+      networkMatchConfigName = "enp1s0";
+      ipv4                   = "91.98.127.6";
+      ipv6                   = "2a01:4f8:1c1b:6f10";
+    };
+  };
+
+  sops = {
+    gnupg.sshKeyPaths = [ ];
+    age.sshKeyPaths   = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile   = ../../../sus/games.yaml;
+
+    secrets."env"     = {};
+  };
+
+  environment.systemPackages = (with pkgs; [ rsync git steamcmd hectic.AstroTuxLauncher ]);
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAaObjLBslsdTlqEcYaS1TqX4x9aVJu75y27/8MFevO''
+  ];
+}

package/AstroTuxLauncher.nix

@@ -0,0 +1,96 @@
+{ 
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  astroTuxSrc = pkgs.fetchFromGitHub {
+    owner = "JoeJoeTV";
+    repo = "AstroTuxLauncher";
+    rev = "1.1.11";
+    hash = "sha256-O9ZMwDioP848BXfZaUs/Bp0MyxK8t7ixI+7eAa7xXsc=";
+  };
+  # custom package for pansi
+  pansiCustom = pkgs.python3Packages.buildPythonPackage rec {
+    pname = "pansi";
+    version = "2020.7.3";
+    format = "setuptools";
+
+    src = pkgs.fetchPypi {
+      inherit pname version;
+      hash = "sha256-vRgtUEUo+HBgGssCgq3tQRrQCgFIQnsOU6EhYvTnTc8=";
+    };
+
+    meta = with pkgs.lib; {
+      description = "Text mode rendering library";
+      homepage = "https://github.com/technige/pansi";
+      license = licenses.asl20;
+    };
+  };
+  # python environment
+  astroTuxLauncherEnv = pkgs.python3.withPackages (
+    p: with p; [
+      alive-progress
+      chardet
+      colorlog
+      dataclasses-json
+      ipy
+      packaging
+      pansiCustom
+      pathvalidate
+      psutil
+      requests
+      tomli
+      tomli-w
+    ]
+  );
+  # everything needed to run the server that isn't python
+  pack = [
+    pkgs.wineWowPackages.staging
+    pkgs.dotnet-sdk_8
+    pkgs.depotdownloader
+    pkgs.winetricks
+    pkgs.gnutls
+  ];
+in pkgs.python3Packages.buildPythonApplication rec {
+  pname = "AstroTuxLauncher";
+  version = "1.1.11";
+  src = astroTuxSrc;
+  format = "other";
+  nativeBuildInputs = [
+    astroTuxLauncherEnv
+    pkgs.makeWrapper
+  ];
+  dontBuild = true;
+  installPhase = ''
+    install -d $out/libexec/${pname}
+    cp -r ./* $out/libexec/${pname}/
+    install -d $out/bin
+
+    # bash script to move everything to .local/share/AstroTuxLauncher/
+    cat << EOF > $out/bin/run-helper
+    #!${pkgs.bash}/bin/bash
+    set -euo pipefail
+    REAL_HOME=\$(getent passwd \$(whoami) | cut -d: -f6)
+    DATA_DIR="\''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/AstroTuxLauncher"
+    mkdir -p "\$DATA_DIR"
+    cd "\$DATA_DIR"
+    cp -rf $out/libexec/${pname}/* .
+    ${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py install -d ${pkgs.depotdownloader}/bin/DepotDownloader
+    exec ${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py start
+    EOF
+    chmod +x $out/bin/run-helper
+
+    # install and run server command wrapper
+    makeWrapper $out/bin/run-helper $out/bin/AstroTuxLauncher \
+      --prefix PATH : ${pkgs.lib.makeBinPath pack}
+  '';
+
+  meta = with pkgs.lib; {
+    description = "Fixes AstroTuxLauncher for NixOS so you can run a dedicated ASTRONEER server.";
+    homepage = "https://github.com/JoeJoeTV/AstroTuxLauncher";
+    license = licenses.gpl3Only;
+    platforms = platforms.x86_64;
+    mainProgram = "AstroTuxLauncher";
+  };
+}

package/default.nix

@@ -143,6 +143,7 @@ in {
   migrator                     = pkgs.callPackage ./migrator                          {};
   nbt2json                     = pkgs.callPackage ./nbt2json                          {};
   hemar-parser                 = pkgs.callPackage ./hemar/parser                      {};
+  AstroTuxLauncher              = pkgs.callPackage ./AstroTuxLauncher.nix             {};
   pg-17-ext-http               = buildHttpExt      pkgs "17";
   pg-17-ext-smtp-client        = buildSmtpExt      pkgs "17";
   pg-17-ext-plhaskell          = buildPlHaskellExt pkgs "17";

package/sops.nix

@@ -1,45 +0,0 @@
-{
-  sops,
-  pkgs,
-  lib,
-  ...
-}: let
-  scriptOverride = pkgs.writeShellScriptBin "sops" ''
-    set -uo pipefail
-
-    if [ -n "''${SOPS_AGE_KEY_COMMAND:-}" ]; then
-      dir="$(mktemp -d)"
-      chmod 700 "''${dir}"
-      export SOPS_AGE_KEY_FILE="$(mktemp --tmpdir="$dir")"
-      chmod 600 "''${SOPS_AGE_KEY_FILE}"
-      trap 'rm -f "''${SOPS_AGE_KEY_FILE}"' INT TERM EXIT
-      sh -c "''${SOPS_AGE_KEY_COMMAND}" > "''${SOPS_AGE_KEY_FILE}"
-    else
-      printf >&2 'sops (wrapper): ERROR: environment variable `SOPS_AGE_KEY_COMMAND` is empty or undefined\n'
-      printf >&2 'sops (wrapper): INFO: `SOPS_AGE_KEY_COMMAND` must contain a command that prints `age` private key\n'
-      printf >&2 'sops (wrapper): INFO: example: `pass show sops/myproject/key` (see https://www.passwordstore.org/)\n'
-      exit 1
-    fi
-    ${sops}/bin/sops "''${@}"
-  '';
-in pkgs.symlinkJoin {
-  name = "sops-wrapper";
-  paths = [ scriptOverride sops ];
-  buildInputs = [ pkgs.makeWrapper ];
-  postBuild = ''
-    set -x
-    for bin in $out/bin/*; do
-      wrapProgram "$bin" \
-        --prefix PATH : ${lib.makeBinPath (with pkgs; [
-          coreutils
-        ])} \
-        --suffix PATH : ${lib.makeBinPath (with pkgs; [
-          age # expected to be used by ${SOPS_AGE_KEY_COMMAND}
-        ])}
-    done
-  '';
-
-  meta = sops.meta // {
-    description = "${sops.meta.description} -- wrapper. Provides custom source for `age` master key.";
-  };
-}

sus/games.yaml

@@ -0,0 +1,25 @@
+env: ""
+sops:
+    age:
+        - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTWZ1QnBZV2IrZ0VxSWF4
+            L2RUNmsxekRJMWY0dTVqRDlrb3FPb3o1WUc0CnQ5WGNqQ2MvUFVzQStjb1ZIQ3Nw
+            YlQ1Nk5laDg0ZmQ3YXB4Rm5udE1IVVkKLS0tIDhXSElPQnlQUUo3QmkrSFl4SHFX
+            TFN3T1FiemhzWkF1ZDhPOERYTVNTTjQKfCDTWs76BzfKvSxQO3P23jpIS2mQN0xs
+            J/giCMh1uoPcqHA5hh04dbd1CIaXWcvo//lF6SdDtcoAZ0ilPTAX4Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVlh3OFBscEhjSFEvUHRK
+            TGFRM0xhRDdaMU1xS2hyNXc5c3YyWjU2SFNvCjlLTzF2TFdkeitSYXpUNk4zcHVP
+            NWZQQU1Ra1J0ZjRuS1JXNG82T3RVODAKLS0tIG16NE9WYldSaE9HNWRkSjV1eWY2
+            RXphaHFlUEhXVElNdCtwakVkTmdYbVEKKf2pgGGSy2UX98WgU23+affI7Zs470rf
+            S4AGGLbIn2avEG7VKRM+/cfWZMeQgI+u8OaKs0welfTpFviFP3mSzg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-27T17:55:19Z"
+    mac: ENC[AES256_GCM,data:+9o4io56eObS/yZgngIBI12i7sg3TnOQ1elGVp6yVJiNmgiQ1yz14iFXag9NPnsNqgEjTGlVbzpXWpd1zMycgnjYVK5TTCAFhmLwwB0q1ZWM/13lUoadZpr4nz8BpOZ8QfXVjdBiqgxqti6vdIn4qpS2wZZ7DabLF3ZuHTzowfw=,iv:aDj4VjD8pBsIa0KxDnKhQ2ua27rQhxtNxpxGdAS8fIo=,tag:HRFiXiXoGRkE5MIRUcsF0Q==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2