Personal Nix setup
Extract password to secret file
+22
-4
-1
machines/ramune/configuration.nix
-1
machines/ramune/configuration.nix
+15
-3
modules/games/palworld/default.nix
+15
-3
modules/games/palworld/default.nix
···
96
96
};
97
97
98
98
config = mkIf isEnabled {
99
+
age.secrets."palworld-passwd.raw" = {
100
+
file = ./encrypt/palworld-passwd.age;
101
+
group = "${baseCfg.group}";
102
+
owner = "${baseCfg.user}";
103
+
mode = "770";
104
+
};
105
+
99
106
modules.router.nftables.capturePorts = [ cfg.port ];
100
107
networking.firewall.allowedUDPPorts = [ cfg.port ];
101
108
···
110
117
};
111
118
112
119
files = let
113
-
settings = baseSettings // cfg.settings;
120
+
settings = baseSettings // cfg.settings // {
121
+
ServerPassword = "@SERVER_PASSWORD@";
122
+
};
114
123
in {
115
124
"Pal/Binaries/Linux/steamclient.so" = "${pkgs.steamworks-sdk-redist}/lib/steamclient.so";
116
125
"Pal/Saved/Config/LinuxServer/PalWorldSettings.ini" = generateSettings "PalWorldSettings.ini" settings;
117
-
"Pal/Saved/Config/LinuxServer/Engine.ini" = builtins.readFile ./Engine.ini;
126
+
"Pal/Saved/Config/LinuxServer/Engine.ini" = ./Engine.ini;
118
127
};
119
128
120
129
script = let
···
137
146
path = with pkgs; [ xdg-user-dirs util-linux ];
138
147
139
148
inherit script;
140
-
preStart = ''
149
+
preStart = let
150
+
passwordFile = config.age.secrets."palworld-passwd.raw".path;
151
+
in ''
152
+
export SERVER_PASSWORD=$(cat "${passwordFile}")
141
153
${scripts.mkDirs name dirs}
142
154
${scripts.mkFiles name files}
143
155
'';
+5
modules/games/palworld/encrypt/palworld-passwd.age
+5
modules/games/palworld/encrypt/palworld-passwd.age