Factorio ecosystem update (advice on secret handling for builders appreciated)

woobilicious · September 4, 2023, 8:17am

The Factorio modding system and modules are out of date, relies on a 3rd party server that is in a copyright gray area, and I don’t think even exist anymore, to get around issues with secrets, they also store your login inside the nix-store in spite of this.

So I spotting some room for improvement, move secrets out of the nix store, use these secrets for downloading mods from the official mod portal, which supply a sha1 via the API so we don’t have to worry about local hashing.

Replace the toy example mods.nix with an external one that includes a comprehensive list of all mods compatible with factorio v1.1 that’s updated daily.

Currently my secret handling is the best I can think of for vanilla nixpkgs, using extra-sandbox-paths to provide the secrets during build, I could look at moving to agenix or something, but I’m unsure on what the nixpkgs policy is for when netrc doesn’t work.

So I have: the mods.nix here: GitHub - YellowOnion/factorio-mods-nix: Factorio mods for Nix

And the updated nixpkgs: factorio: improve modding situation · YellowOnion/nixpkgs@7172223 · GitHub

Adrielus · September 4, 2023, 11:55am

I think for auth, providing a “passowrdFile” option which is read at runtime would be perfect. This way:

people could manually place a file there if they so desire
the system remains compatible with agenix and nix-sops

I skimmed the readme, and it looks like the password is already read from a file, so making the location of said file configurable would be perfect

woobilicious · September 5, 2023, 2:22am

The auth is required at build time for downloading the game, and mods, the issue is getting it in to the sandbox. as the only thing I could auth supported by the builder is basic http auth via netrc.

The current method was trying to be “smart” but ended up putting it globally in the nix store

Edit: I should also mention that the player-data.json file is a huge collection of stuff we can probably specify some runtime scripts that run jq to put secrets in to it, game also needs read-write access to the file (and a few others like mods.dat), so I was thinking about doing some more at runtime stuff.

mightyiam · September 5, 2023, 2:22am

I should be playing this game?

woobilicious · September 5, 2023, 4:52am

Depends if you want to maintain your mental health, external relationships, and career.

Factorio and programming seem to have a lot of overlap in terms of problem solving.

Adrielus · September 5, 2023, 8:11am

ah, ok… I’m not sure what the best way to have auth at compile time is

Is being logged in required to download mods? I know you have to be to do it in game, but I thought the web UI let you manually download the mods without even having an account

As for the game itself, I for one am fine with providing my own steam copy or whatnot.

NobbZ · September 5, 2023, 9:55am

Have you considered using requireFile to circumvent the “login” problem?

woobilicious · September 6, 2023, 11:09am

I’m not too worried about specifying one file for the main game, especially on my desktop, but the code to download it was already there, and It needed to be removed / replaced, and once you download the mods manually, you might as well put them in the stateDir instead and let the game mange them automatically, the added complexity of keeping many mods all up to date manually via the web portal and copy-paste is imho worse. It’s not uncommon to have 30 mods, which doesn’t scale for requireFile at all.