hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(nixos): some moves to nixos server

Browse Source
This commit is contained in:
yukkop
2025-12-28 19:18:15 +00:00
parent 96782b7b51
commit 4a9bb42015
12 changed files with 253 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@@ -3,6 +3,7 @@ keys:
- &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
- &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
- &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
- &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
creation_rules:
- path_regex: sus/home.xray.yaml$
@@ -22,3 +23,9 @@ creation_rules:
- age:
- *yukkop
- *neuro-server
- path_regex: sus/games.yaml$
key_groups:
- age:
- *yukkop
- *games-server

2
flake.nix
View File

@@ -83,7 +83,9 @@
# NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
# unsupported on aarch64-darwin
"bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; };
# FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this
"neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; };
"games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; };
};
};
}

1
legacy/helper/default.nix
View File

@@ -1,3 +1,4 @@
{ callPackage }: {
posix-shell = callPackage ./posix-shell {};
steam = callPackage ./steam {};
}

27
legacy/helper/steam/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ stdenv, steamcmd }: {
buildSteamServer = steamId: stdenv.mkDerivation {
pname = "astroneer-dedicated-server";
version = "latest";
src = null;
nativeBuildInputs = [
steamcmd
];
buildPhase = ''
export HOME=$TMPDIR
mkdir -p $out
steamcmd \
+force_install_dir $out \
+login anonymous \
+app_update ${steamId} validate \
+quit
'';
installPhase = "true";
dontFixup = true;
dontStrip = true;
};
}

11
nixos/module/hectic/service/astroneer.nix Normal file
View File

@@ -0,0 +1,11 @@
{
inputs,
flake,
self,
}:
{
pkgs,
lib,
config,
...
}: let in { }

17
nixos/system/games/astroneer.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }: let
astroneerServer = pkgs.hectic.helpers.steam.buildSteamServer 728470;
in {
options = {
};
config = {
systemd.services."hectic-astroneer-server" = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ steamcmd ];
script = ''
echo zalupa
'';
};
};
}

22
nixos/system/games/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
flake,
self,
inputs,
system,
...
}: let
# Use folder name as name of this system
name = builtins.baseNameOf ./.;
in self.lib.nixpkgs-lib.nixosSystem {
pkgs = import inputs.nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
config.allowUnfreePredicate = pkg:
builtins.elem (inputs.nixpkgs.lib.getName pkg) [ "steamcmd" "steam-unwrapped" ];
};
modules = [
{ networking.hostName = name; }
(import ./${name}.nix { inherit flake self inputs; })
];
}

44
nixos/system/games/games.nix Normal file
View File

@@ -0,0 +1,44 @@
{
inputs ? null,
flake ? null,
self ? null,
...
}:
{
config ? null,
pkgs ? null,
lib ? null,
modulesPath ? null,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
self.nixosModules.hectic
inputs.sops-nix.nixosModules.sops
./astroneer.nix
];
hectic = {
archetype.dev.enable = true;
hardware.hetzner-cloud = {
enable = true;
networkMatchConfigName = "enp1s0";
ipv4 = "91.98.127.6";
ipv6 = "2a01:4f8:1c1b:6f10";
};
};
sops = {
gnupg.sshKeyPaths = [ ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../../sus/games.yaml;
secrets."env" = {};
};
environment.systemPackages = (with pkgs; [ rsync git steamcmd hectic.AstroTuxLauncher ]);
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAaObjLBslsdTlqEcYaS1TqX4x9aVJu75y27/8MFevO''
];
}

96
package/AstroTuxLauncher.nix Normal file
View File

@@ -0,0 +1,96 @@
{
pkgs,
lib,
config,
...
}: let
astroTuxSrc = pkgs.fetchFromGitHub {
owner = "JoeJoeTV";
repo = "AstroTuxLauncher";
rev = "1.1.11";
hash = "sha256-O9ZMwDioP848BXfZaUs/Bp0MyxK8t7ixI+7eAa7xXsc=";
};
# custom package for pansi
pansiCustom = pkgs.python3Packages.buildPythonPackage rec {
pname = "pansi";
version = "2020.7.3";
format = "setuptools";
src = pkgs.fetchPypi {
inherit pname version;
hash = "sha256-vRgtUEUo+HBgGssCgq3tQRrQCgFIQnsOU6EhYvTnTc8=";
};
meta = with pkgs.lib; {
description = "Text mode rendering library";
homepage = "https://github.com/technige/pansi";
license = licenses.asl20;
};
};
# python environment
astroTuxLauncherEnv = pkgs.python3.withPackages (
p: with p; [
alive-progress
chardet
colorlog
dataclasses-json
ipy
packaging
pansiCustom
pathvalidate
psutil
requests
tomli
tomli-w
]
);
# everything needed to run the server that isn't python
pack = [
pkgs.wineWowPackages.staging
pkgs.dotnet-sdk_8
pkgs.depotdownloader
pkgs.winetricks
pkgs.gnutls
];
in pkgs.python3Packages.buildPythonApplication rec {
pname = "AstroTuxLauncher";
version = "1.1.11";
src = astroTuxSrc;
format = "other";
nativeBuildInputs = [
astroTuxLauncherEnv
pkgs.makeWrapper
];
dontBuild = true;
installPhase = ''
install -d $out/libexec/${pname}
cp -r ./* $out/libexec/${pname}/
install -d $out/bin
# bash script to move everything to .local/share/AstroTuxLauncher/
cat << EOF > $out/bin/run-helper
#!${pkgs.bash}/bin/bash
set -euo pipefail
REAL_HOME=\$(getent passwd \$(whoami) | cut -d: -f6)
DATA_DIR="\''${XDG_DATA_HOME:-\$REAL_HOME/.local/share}/AstroTuxLauncher"
mkdir -p "\$DATA_DIR"
cd "\$DATA_DIR"
cp -rf $out/libexec/${pname}/* .
${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py install -d ${pkgs.depotdownloader}/bin/DepotDownloader
exec ${astroTuxLauncherEnv.interpreter} ./AstroTuxLauncher.py start
EOF
chmod +x $out/bin/run-helper
# install and run server command wrapper
makeWrapper $out/bin/run-helper $out/bin/AstroTuxLauncher \
--prefix PATH : ${pkgs.lib.makeBinPath pack}
'';
meta = with pkgs.lib; {
description = "Fixes AstroTuxLauncher for NixOS so you can run a dedicated ASTRONEER server.";
homepage = "https://github.com/JoeJoeTV/AstroTuxLauncher";
license = licenses.gpl3Only;
platforms = platforms.x86_64;
mainProgram = "AstroTuxLauncher";
};
}

1
package/default.nix
View File

@@ -143,6 +143,7 @@ in {
migrator = pkgs.callPackage ./migrator {};
nbt2json = pkgs.callPackage ./nbt2json {};
hemar-parser = pkgs.callPackage ./hemar/parser {};
AstroTuxLauncher = pkgs.callPackage ./AstroTuxLauncher.nix {};
pg-17-ext-http = buildHttpExt pkgs "17";
pg-17-ext-smtp-client = buildSmtpExt pkgs "17";
pg-17-ext-plhaskell = buildPlHaskellExt pkgs "17";

45
package/sops.nix
View File

@@ -1,45 +0,0 @@
{
sops,
pkgs,
lib,
...
}: let
scriptOverride = pkgs.writeShellScriptBin "sops" ''
set -uo pipefail
if [ -n "''${SOPS_AGE_KEY_COMMAND:-}" ]; then
dir="$(mktemp -d)"
chmod 700 "''${dir}"
export SOPS_AGE_KEY_FILE="$(mktemp --tmpdir="$dir")"
chmod 600 "''${SOPS_AGE_KEY_FILE}"
trap 'rm -f "''${SOPS_AGE_KEY_FILE}"' INT TERM EXIT
sh -c "''${SOPS_AGE_KEY_COMMAND}" > "''${SOPS_AGE_KEY_FILE}"
else
printf >&2 'sops (wrapper): ERROR: environment variable `SOPS_AGE_KEY_COMMAND` is empty or undefined\n'
printf >&2 'sops (wrapper): INFO: `SOPS_AGE_KEY_COMMAND` must contain a command that prints `age` private key\n'
printf >&2 'sops (wrapper): INFO: example: `pass show sops/myproject/key` (see https://www.passwordstore.org/)\n'
exit 1
fi
${sops}/bin/sops "''${@}"
'';
in pkgs.symlinkJoin {
name = "sops-wrapper";
paths = [ scriptOverride sops ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
set -x
for bin in $out/bin/*; do
wrapProgram "$bin" \
--prefix PATH : ${lib.makeBinPath (with pkgs; [
coreutils
])} \
--suffix PATH : ${lib.makeBinPath (with pkgs; [
age # expected to be used by ${SOPS_AGE_KEY_COMMAND}
])}
done
'';
meta = sops.meta // {
description = "${sops.meta.description} -- wrapper. Provides custom source for `age` master key.";
};
}

25
sus/games.yaml Normal file
View File

@@ -0,0 +1,25 @@
env: ""
sops:
age:
- recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTWZ1QnBZV2IrZ0VxSWF4
L2RUNmsxekRJMWY0dTVqRDlrb3FPb3o1WUc0CnQ5WGNqQ2MvUFVzQStjb1ZIQ3Nw
YlQ1Nk5laDg0ZmQ3YXB4Rm5udE1IVVkKLS0tIDhXSElPQnlQUUo3QmkrSFl4SHFX
TFN3T1FiemhzWkF1ZDhPOERYTVNTTjQKfCDTWs76BzfKvSxQO3P23jpIS2mQN0xs
J/giCMh1uoPcqHA5hh04dbd1CIaXWcvo//lF6SdDtcoAZ0ilPTAX4Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVlh3OFBscEhjSFEvUHRK
TGFRM0xhRDdaMU1xS2hyNXc5c3YyWjU2SFNvCjlLTzF2TFdkeitSYXpUNk4zcHVP
NWZQQU1Ra1J0ZjRuS1JXNG82T3RVODAKLS0tIG16NE9WYldSaE9HNWRkSjV1eWY2
RXphaHFlUEhXVElNdCtwakVkTmdYbVEKKf2pgGGSy2UX98WgU23+affI7Zs470rf
S4AGGLbIn2avEG7VKRM+/cfWZMeQgI+u8OaKs0welfTpFviFP3mSzg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-27T17:55:19Z"
mac: ENC[AES256_GCM,data:+9o4io56eObS/yZgngIBI12i7sg3TnOQ1elGVp6yVJiNmgiQ1yz14iFXag9NPnsNqgEjTGlVbzpXWpd1zMycgnjYVK5TTCAFhmLwwB0q1ZWM/13lUoadZpr4nz8BpOZ8QfXVjdBiqgxqti6vdIn4qpS2wZZ7DabLF3ZuHTzowfw=,iv:aDj4VjD8pBsIa0KxDnKhQ2ua27rQhxtNxpxGdAS8fIo=,tag:HRFiXiXoGRkE5MIRUcsF0Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2