kitten.sh / system
Personal Nix setup
fork atom

Extract password to secret file

kitten.sh 4ca4fac6 2d914c0e

options
unified split
Changed files
+22 -4
machines
ramune
configuration.nix
modules
games
palworld
default.nix
encrypt
palworld-passwd.age
secrets.nix
-1
machines/ramune/configuration.nix 
···

       
59

       
59

       
 

       
        ip = "51.38.68.193";


     

       
60

       
60

       
 

       
        settings = {


     

       
61

       
61

       
 

       
          ServerName = "London Boroughs";


     

       
62

       

       
-

       
          ServerPassword = "onlyflans";


     

       
63

       
62

       
 

       
          AllowConnectPlatform = "Xbox";


     

       
64

       
63

       
 

       
          PalEggDefaultHatchingTime = 1;


     

       
65

       
64

       
 

       
        };
+15 -3
modules/games/palworld/default.nix 
···

       
96

       
96

       
 

       
  };


     

       
97

       
97

       
 

       



     

       
98

       
98

       
 

       
  config = mkIf isEnabled {


     

       

       
99

       
+

       
    age.secrets."palworld-passwd.raw" = {


     

       

       
100

       
+

       
      file = ./encrypt/palworld-passwd.age;


     

       

       
101

       
+

       
      group = "${baseCfg.group}";


     

       

       
102

       
+

       
      owner = "${baseCfg.user}";


     

       

       
103

       
+

       
      mode = "770";


     

       

       
104

       
+

       
    };


     

       

       
105

       
+

       



     

       
99

       
106

       
 

       
    modules.router.nftables.capturePorts = [ cfg.port ];


     

       
100

       
107

       
 

       
    networking.firewall.allowedUDPPorts = [ cfg.port ];


     

       
101

       
108

       
 

       



     
···

       
110

       
117

       
 

       
      };


     

       
111

       
118

       
 

       



     

       
112

       
119

       
 

       
      files = let


     

       
113

       

       
-

       
        settings = baseSettings // cfg.settings;


     

       

       
120

       
+

       
        settings = baseSettings // cfg.settings // {


     

       

       
121

       
+

       
          ServerPassword = "@SERVER_PASSWORD@";


     

       

       
122

       
+

       
        };


     

       
114

       
123

       
 

       
      in {


     

       
115

       
124

       
 

       
        "Pal/Binaries/Linux/steamclient.so" = "${pkgs.steamworks-sdk-redist}/lib/steamclient.so";


     

       
116

       
125

       
 

       
        "Pal/Saved/Config/LinuxServer/PalWorldSettings.ini" = generateSettings "PalWorldSettings.ini" settings;


     

       
117

       

       
-

       
        "Pal/Saved/Config/LinuxServer/Engine.ini" = builtins.readFile ./Engine.ini;


     

       

       
126

       
+

       
        "Pal/Saved/Config/LinuxServer/Engine.ini" = ./Engine.ini;


     

       
118

       
127

       
 

       
      };


     

       
119

       
128

       
 

       



     

       
120

       
129

       
 

       
      script = let


     
···

       
137

       
146

       
 

       
      path = with pkgs; [ xdg-user-dirs util-linux ];


     

       
138

       
147

       
 

       



     

       
139

       
148

       
 

       
      inherit script;


     

       
140

       

       
-

       
      preStart = ''


     

       

       
149

       
+

       
      preStart = let


     

       

       
150

       
+

       
        passwordFile = config.age.secrets."palworld-passwd.raw".path;


     

       

       
151

       
+

       
      in ''


     

       

       
152

       
+

       
        export SERVER_PASSWORD=$(cat "${passwordFile}")


     

       
141

       
153

       
 

       
        ${scripts.mkDirs name dirs}


     

       
142

       
154

       
 

       
        ${scripts.mkFiles name files}


     

       
143

       
155

       
 

       
      '';
+5
modules/games/palworld/encrypt/palworld-passwd.age 
···

       

       
1

       
+

       
age-encryption.org/v1


     

       

       
2

       
+

       
-> ssh-ed25519 QwbpPw QN+UCu72rNSGKgnZpCiAgMQGx7NgnCAvRH+7PHb01F0


     

       

       
3

       
+

       
VxjDtBg5oFfHLcvDEzJ+gU/MVaqJKhHPVkBxlA+TMkU


     

       

       
4

       
+

       
--- JQbohsuqLyCVe+muSKagiWVdfrk8XO2tIjGq/U4GtoM


     

       

       
5

       
+

       
����ϹX���E���߁�a������uɛ���������
+2
secrets.nix 
···

       
24

       
24

       
 

       



     

       
25

       
25

       
 

       
  "./modules/automation/certs/mqtt.key.age".publicKeys = keys;


     

       
26

       
26

       
 

       
  "./modules/automation/certs/mqtt.crt.age".publicKeys = keys;


     

       

       
27

       
+

       



     

       

       
28

       
+

       
  "./modules/games/palworld/encrypt/palworld-passwd.age".publicKeys = keys;


     

       
27

       
29

       
 

       
}