Factorio package installation

1stNonInterestUser · March 21, 2026, 1:17pm

As you may know, there’s a factorio package in the nixpkgs. From my understanding and a few talks with LLMs, I know there’re 2 ways to use it: Overwriting the package with your username and factorio token (But the token will leak to the nix store and will be visible in your config) or manually putting factorio tarball in the nix store (which is not ideal from the nixos philosophy perspective.

I could be fine with my token being in the nix store, so I crafted this setup:

       nixpkgs.config.factorio = {
         username = "Asmusin";
         token = config.sops.secrets.factorio_token;
       };

but then I realized that the token is needed in evaluation time, but sops makes it available only at runtime.

How to use this package in a way that is: safe to put in a public config, declarative and automatic.

NobbZ · March 21, 2026, 1:23pm

In my opinion, factorio should rewritten to use requireFile and require manually adding the tarball to the store, exactly how it is done with all the other packages that require logging in before download.

An alternative that definitely leaks your token and also is resistant against updates, would be to install steam and play factorio through steam.

1stNonInterestUser · March 21, 2026, 1:37pm

IIRC factorio can be installed in 2 ways, with requireFile as you described and with user credentials. Former is against nixos philosophy and common sense and latter is unsafe.

Steam installation isn’t better than the requireFile way, but it requires you to install one more proprietary package on your system.

tejing · March 21, 2026, 1:43pm

Write a wrapper script around nixos-rebuild that populates the required store path for requireFile (using credentials from the running environment, however you prefer to do that) before building.

If you don’t mind your factorio credentials going onto your disk world-readable, so long as they stay out of the public config, you can use git-crypt to store them in the config so they’re available at eval time, but not to the public.

NobbZ · March 21, 2026, 1:44pm

I do not see how the former is against the philosophy. It clearly states “I need this but can not get it for you, you have to help me”. The NixOS philosophy is not a “oneclick” install. It is describing what you want want as an endresult, without having to (necessarily) care how to achieve some things.

1stNonInterestUser · March 21, 2026, 6:06pm

Maybe you’re right and I’m just overreacting, because of something really stupid.

Ehhh, I will do it like that and if I really don’t like it, I will try something similar to what @tejing proposed

crertel · March 21, 2026, 8:21pm

Where is this practice documented, for future reference?

(I’m on a bit of a scavenger hunt.)

BlastboomStrice · March 21, 2026, 9:49pm

Edit: Misinfo

I dont know if it helps, but I notice that there is an option to use a file or a token:
https://search.nixos.org/options?channel=unstable&query=factorio&show=services.factorio.extraSettingsFile
https://search.nixos.org/options?channel=unstable&query=factorio&show=services.factorio.token

Mentioning this cuz in your example you dont mrntion services.factorio.enable, only the package, so I dont know if you’re aware of the options.

You still have the encryption issue, but maybe these options will be of help:)

1stNonInterestUser · March 22, 2026, 6:55am

services.factorio is the factorio server, not the client (game), so this method won’t work.