factorio: stash factorio.com server token in SSM + flip server-settings.json visibility to public #78

New issue

Closed

opened 2026-05-23 20:54:38 +00:00 by coilysiren · 1 comment

coilysiren commented 2026-05-23 20:54:38 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-05-01T11:14:22Z - https://github.com/coilysiren/infrastructure/issues/82

Goal

Flip server-settings.json from visibility: { "public": false, "lan": true } to visibility: { "public": true, "lan": true } so the Sirens factorio server announces itself to the matchmaker (multiplayer.factorio.com).

Why this didn't happen at server bringup

For visibility.public: true, the server has to authenticate against factorio.com using a username + token pair from a factorio.com account that owns the DLC. The expectation per https://github.com/coilysiren/infrastructure/issues/77#issuecomment-4358830085 was to:

• Stash the token in SSM at /factorio/server_token (SecureString)
• Pull it at unit-start time the same way Eco's API tokens are pulled (mirrors infrastructure/src/eco.py:10)
• Reference username + token in server-settings.json

When the server got brought up on 2026-05-01, the credentials had not yet landed. The server was started with visibility: { "public": false, "lan": true } so the server could come up cleanly without credentials. Whitelist enforcement is on, so reachability is not the same thing as joinability.

Action

1. coily aws ssm put-parameter --name /factorio/server_token --type SecureString --value <token> (pre-authorized in SSM.md)
2. Add a wrapper to factorio-server-start.sh that pulls /factorio/server_token at start time and writes it into a runtime-only copy of server-settings.json (do not write the resolved token back to the persistent file).
3. Edit server-settings.json: set username = the factorio.com handle, set token = __FROM_SSM__ placeholder, flip visibility.public to true.
4. Restart factorio-server.
5. Verify the server appears on multiplayer.factorio.com.

Done when

• Server appears in the public matchmaker lobby with name "Sirens Factorio"
• Joining via lobby (not direct IP) works for a whitelisted player
• Token is in SSM, never in git, never in /home/kai/Steam/.../server-settings.json on disk

Tracking from: #77

_Originally filed by @coilysiren on 2026-05-01T11:14:22Z - [https://github.com/coilysiren/infrastructure/issues/82](https://github.com/coilysiren/infrastructure/issues/82)_ ## Goal Flip `server-settings.json` from `visibility: { "public": false, "lan": true }` to `visibility: { "public": true, "lan": true }` so the Sirens factorio server announces itself to the matchmaker (multiplayer.factorio.com). ## Why this didn't happen at server bringup For `visibility.public: true`, the server has to authenticate against factorio.com using a `username` + `token` pair from a factorio.com account that owns the DLC. The expectation per https://github.com/coilysiren/infrastructure/issues/77#issuecomment-4358830085 was to: - Stash the token in SSM at `/factorio/server_token` (SecureString) - Pull it at unit-start time the same way Eco's API tokens are pulled (mirrors `infrastructure/src/eco.py:10`) - Reference `username` + `token` in `server-settings.json` When the server got brought up on 2026-05-01, the credentials had not yet landed. The server was started with `visibility: { "public": false, "lan": true }` so the server could come up cleanly without credentials. Whitelist enforcement is on, so reachability is not the same thing as joinability. ## Action 1. `coily aws ssm put-parameter --name /factorio/server_token --type SecureString --value <token>` (pre-authorized in [SSM.md](../coilyco-ai/SSM.md)) 2. Add a wrapper to `factorio-server-start.sh` that pulls `/factorio/server_token` at start time and writes it into a runtime-only copy of `server-settings.json` (do not write the resolved token back to the persistent file). 3. Edit `server-settings.json`: set `username` = the factorio.com handle, set `token` = `__FROM_SSM__` placeholder, flip `visibility.public` to `true`. 4. Restart factorio-server. 5. Verify the server appears on `multiplayer.factorio.com`. ## Done when - [ ] Server appears in the public matchmaker lobby with name "Sirens Factorio" - [ ] Joining via lobby (not direct IP) works for a whitelisted player - [ ] Token is in SSM, never in git, never in `/home/kai/Steam/.../server-settings.json` on disk Tracking from: #77

coilysiren commented 2026-05-30 05:43:22 +00:00

Author

Owner

Copy link

Iceboxed in the 2026-05-29 backlog burn-down: factorio public visibility flip, hobby toy. Reopen anytime if it becomes real.

Iceboxed in the 2026-05-29 backlog burn-down: factorio public visibility flip, hobby toy. Reopen anytime if it becomes real.

coilysiren closed this issue 2026-05-30 05:43:22 +00:00

coilysiren added the

P4

label 2026-05-31 01:54:41 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-294

tangled-knot

dispatch/issue-216

No results found.

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/infrastructure#78

No description provided.