factorio: Add rcon paremeters to NixOS module

[graysonhead]

This adds rcon bind address and password options to the Factorio NixOS module. These unfortunately cannot be set in the config file, so adding these params is the only I'm aware to configure it.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[bmillwood]

Does it make sense to provide one of the options but not the other? If so, ideally we'd document what that means. If not, perhaps we could do something like rcon = { password = "..."; bind = "..."; }; so you're forced to specify both or neither. (An alternative would be to use an assertion, but I think the optional submodule approach is nicer.)

[bmillwood]

Probably remind the user that this will be world-readable in the store. Perhaps consider if we want to provide a from-file option as well or instead?

[graysonhead]

I'll take a stab at those suggestions, I haven't made a module with a submodule like that before but I think it makes sense in this case since both arguments must be present together.

[bmillwood]

thanks; if you find it tricky I'm happy to try to come up with an implementation tomorrow or so; I haven't used submodules before either but I'm pretty sure I've seen examples around

[graysonhead]

I managed to get it working with a submodule, but I am not sure how to get it to read the password from a file. I tried a naive implementation like --rcon-password=$(cat ${password_file}) but Nix kept inserting a backslash in front of the dollar sign for some reason and I wasn't able to figure out why. There is probably a more nix friendly way to accomplish this but I'm not sure what it was and I wasn't able to find any examples.

[bmillwood]

ah, and in fact even if something like that $(cat ...) worked it would be a pretty weak improvement since your process command line is visible in /proc...

Sounds like we can't really make this secure from other users on the same host unless Factorio adds the ability to read the password from a file. Sorry for leading you down a doomed path :)