From 452713ca55eba5c3e8eff43450d54cc79175b51c Mon Sep 17 00:00:00 2001 From: xenia Date: Thu, 11 Sep 2025 16:01:23 -0400 Subject: [PATCH] update readme --- README.md | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4623d12..35b2d74 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,7 @@ and ### [`services.satisfactory`](./modules/satisfactory-dedicated-server/default.nix) -The dedicated server for the game [satisfactory](https://satisfactorygame.com) +The dedicated server for the game [Satisfactory](https://satisfactorygame.com) This module provides the needed runtime environment for the dedicated server to run on NixOS, as well as settings which can be automatically applied to provision the server on the first start (eg @@ -333,6 +333,34 @@ server works, but it will be performed securely, before the server is exposed to first time. This means you can safely deploy the server to the public internet without worrying about exposing the "unclaimed" initial server mode, where any user could gain full privileges. +##### development notes + +this module does the following: + +- sets up `satisfactory.service` with some systemd isolation options and + notably, a private mount namespace in which the nix store path for the server + is mounted together with some overmounts for read-write directories within + the installation. this allows the software to "write to its own install + directory" which is required for operation. the real location of the written + files is in `/var/lib/satisfactory` +- if certs are provided, the systemd credentials mechanism is used to make them + available to the server process. another bind overmount is used to put the + credentials dir in the place that the server binary expects. additionally, + `satisfactory-restart-certs.service` is configured to restart the dedicated + server whenever the cert is renewed +- when the first-run options are specified, + `satisfactory-first-time-setup.service` is configured as a dependency with a + condition on the data file the server uses to store its settings. if the file + exists, the first-run setup is skipped. in this service, + `PrivateNetwork=true` is used to isolate the service from the network while a + bash script executes HTTP API calls to perform the requested setup. once this + is done, the server is shut down and execution will proceed to the main + `satisfactory.service` + +this is mostly still in line with [a blog post i wrote on the +topic](https://blog.awoo.systems/posts/2024-01-12-going-win32-scale-packaging-the-satisfactory-dedicated-server-on-nixos) +but there have been some changes since then that are not reflected in the post + #### `services.satisfactory.enable` enables the satisfactory dedicated server service @@ -498,10 +526,14 @@ export ALSA_PLUGIN_DIR=$(nix eval -f '' --raw pipewire)/lib/alsa-lib ### [`satisfactory-dedicated-server`](./pkgs/games/satisfactory-dedicated-server) -The dedicated server for [satisfactory](https://satisfactorygame.com), with packaging steps to make +The dedicated server for [Satisfactory](https://satisfactorygame.com), with packaging steps to make it run correctly on NixOS. This must be used together with the NixOS module (`services.satisfactory`), which sets up the environment needed for the server to execute. +See +[`services.satisfactory`](#services-satisfactory-modules-satisfactory-dedicated-server-default-nix) +for further info and development notes + ### [`eta`](./pkgs/cmdline/eta) Generic tool for monitoring ETA and progress of an arbitrary process.