-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
factorio: Add rcon paremeters to NixOS module #352267
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to provide one of the options but not the other? If so, ideally we'd document what that means. If not, perhaps we could do something like rcon = { password = "..."; bind = "..."; };
so you're forced to specify both or neither. (An alternative would be to use an assertion, but I think the optional submodule approach is nicer.)
type = lib.types.nullOr lib.types.str; | ||
default = null; | ||
description = '' | ||
Sets the rcon server password. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably remind the user that this will be world-readable in the store. Perhaps consider if we want to provide a from-file option as well or instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll take a stab at those suggestions, I haven't made a module with a submodule like that before but I think it makes sense in this case since both arguments must be present together.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks; if you find it tricky I'm happy to try to come up with an implementation tomorrow or so; I haven't used submodules before either but I'm pretty sure I've seen examples around
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I managed to get it working with a submodule, but I am not sure how to get it to read the password from a file. I tried a naive implementation like --rcon-password=$(cat ${password_file})
but Nix kept inserting a backslash in front of the dollar sign for some reason and I wasn't able to figure out why. There is probably a more nix friendly way to accomplish this but I'm not sure what it was and I wasn't able to find any examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, and in fact even if something like that $(cat ...)
worked it would be a pretty weak improvement since your process command line is visible in /proc
...
Sounds like we can't really make this secure from other users on the same host unless Factorio adds the ability to read the password from a file. Sorry for leading you down a doomed path :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see also: https://forums.factorio.com/viewtopic.php?f=6&t=51325&p=413867
(I decided not to ping it since I don't personally use rcon anyway)
db5469d
to
1254050
Compare
description = "Rcon submodule"; | ||
type = lib.types.submodule { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description = "Rcon submodule"; | |
type = lib.types.submodule { | |
description = "Rcon submodule"; | |
default = null; | |
type = lib.types.nullOr (lib.types.submodule { |
(I think this is what you intended, based on you testing rConSettings != null
below)
example = "127.0.0.1:25575"; | ||
}; | ||
}; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
}; | |
}); |
(this goes along with my nullOr
change since that introduces an opening paren)
password = lib.mkOption { | ||
type = lib.types.str; | ||
description = '' | ||
Rcon server password (warning, this password will be visible in the nix store) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rcon server password (warning, this password will be visible in the nix store) | |
Rcon server password (warning, this password will be world-readable in the nix store) |
@@ -327,6 +348,8 @@ in | |||
(playerListOption "server-adminlist" cfg.admins) | |||
(playerListOption "server-whitelist" cfg.allowedPlayers) | |||
(lib.optionalString (cfg.allowedPlayers != []) "--use-server-whitelist") | |||
(lib.optionalString (cfg.rConSettings != null) "--rcon-password=${cfg.rConSettings.password}") | |||
(lib.optionalString (cfg.rConSettings != null) "--rcon-bind=${cfg.rConSettings.bind_address}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(lib.optionalString (cfg.rConSettings != null) "--rcon-bind=${cfg.rConSettings.bind_address}") | |
(lib.optionalString (cfg.rConSettings != null) "--rcon-bind=${cfg.rConSettings.bindAddress}") |
(to go along with my change to the definition)
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/do-i-need-to-explicitly-signpost-my-pr-review-as-nonbinding/55613/1 |
1254050
to
022324e
Compare
@bmillwood Do you know how to figure out who the owners of this module that can approve this PR are? Would it be the same as the maintainers for the Factorio package? I haven't done much contributing to the module side of nixpkgs. |
@lukegb merged my PR #350769, so perhaps they'd be able to help here? |
This adds rcon bind address and password options to the Factorio NixOS module. These unfortunately cannot be set in the config file, so adding these params is the only I'm aware to configure it.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.