clan/clan-core
12
3
Fork 15
Code Issues 94 Pull Requests 4 Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'sunshine: add apps, improve uaccess rules' (#946) from a-kenji-imp/sunshine into main
All checks were successful
checks / check-links (push) Successful in 21s
Details
checks / checks (push) Successful in 37s
Details
checks / checks-impure (push) Successful in 1m45s
Details

Browse Source
This commit is contained in:
clan-bot 2024-03-12 21:23:06 +00:00
commit 2dd7304b57
1 changed files with 134 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

243
clanModules/sunshine.nix
View File

@ -1,13 +1,41 @@
{ pkgs, config, options, ... }:
{ pkgs, options, ... }:
let
cfg = options.services.sunshine;
apps = pkgs.writeText "apps.json" (builtins.toJSON
{
env = {
PATH = "$(PATH):$(HOME)/.local/bin";
};
apps = [
{
name = "Desktop";
image-path = "desktop.png";
}
{
name = "Low Res Desktop";
image-path = "desktop.png";
prep-cmd = [
{
do = "xrandr --output HDMI-1 --mode 1920x1080";
undo = "xrandr --output HDMI-1 --mode 1920x1200";
}
];
}
{
name = "Steam Big Picture";
detached = [
"setsid steam steam://open/bigpicture"
];
image-path = "steam.png";
}
];
});
sunshineConfiguration = pkgs.writeText "sunshine.conf" ''
address_family = both
channels = 5
pkey = /var/lib/sunshine/sunshine.key
cert = /var/lib/sunshine/sunshine.cert
file_state = /var/lib/sunshine/state.json
file_apps = /var/lib/sunshine/apps.json
file_apps = ${apps}
credentials_file = /var/lib/sunshine/credentials.json
'';
in
@ -16,112 +44,109 @@ in
enable = pkgs.lib.mkEnableOption "Sunshine self-hosted game stream host for Moonlight";
};
config = pkgs.lib.mkMerge [
(pkgs.lib.mkIf cfg.enable
{
networking.firewall = {
allowedTCPPorts = [
47984
47989
47990
48010
];
imports = [
{
networking.firewall = {
allowedTCPPorts = [
47984
47989
47990
48010
];
allowedUDPPorts = [
47998
47999
48000
48002
48010
allowedUDPPorts = [
47998
47999
48000
48002
48010
];
};
networking.firewall.allowedTCPPortRanges = [
{
from = 47984;
to = 48010;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 47998;
to = 48010;
}
];
environment.systemPackages = [
pkgs.sunshine
(pkgs.writers.writeDashBin "sun" ''
${pkgs.sunshine}/bin/sunshine -1 ${
pkgs.writeText "sunshine.conf" ''
address_family = both
''
} "$@"
'')
# Create a dummy account, for easier setup,
# don't use this account in actual production yet.
(pkgs.writers.writeDashBin "init-sun" ''
${pkgs.sunshine}/bin/sunshine \
--creds "sun" "sun"
'')
];
# Required to simulate input
hardware.uinput.enable = true;
boot.kernelModules = [ "uinput" ];
services.udev.extraRules = ''
KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
'';
hardware.opengl.driSupport32Bit = true;
hardware.opengl.enable = true;
security = {
rtkit.enable = true;
wrappers.sunshine = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+p";
source = "${pkgs.sunshine}/bin/sunshine";
};
};
systemd.tmpfiles.rules = [
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
];
systemd.user.services.sunshine = {
enable = true;
description = "Sunshine self-hosted game stream host for Moonlight";
startLimitBurst = 5;
startLimitIntervalSec = 500;
script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}";
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
ReadWritePaths = [
"/var/lib/sunshine"
];
};
networking.firewall.allowedTCPPortRanges = [
{
from = 47984;
to = 48010;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 47998;
to = 48010;
}
];
environment.systemPackages = [
pkgs.sunshine
(pkgs.writers.writeDashBin "sun" ''
${pkgs.sunshine}/bin/sunshine -1 ${
pkgs.writeText "sunshine.conf" ''
address_family = both
''
} "$@"
'')
# Create a dummy account, for easier setup,
# don't use this account in actual production yet.
(pkgs.writers.writeDashBin "init-sun" ''
${pkgs.sunshine}/bin/sunshine \
--creds "sun" "sun"
'')
];
# Required to simulate input
hardware.uinput.enable = true;
boot.kernelModules = [ "uinput" ];
# services.udev.extraRules = ''
# KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
# '';
services.udev.extraRules = ''
KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
'';
hardware.opengl.driSupport32Bit = true;
hardware.opengl.enable = true;
security = {
rtkit.enable = true;
wrappers.sunshine = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+p";
source = "${pkgs.sunshine}/bin/sunshine";
};
};
systemd.tmpfiles.rules = [
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
];
systemd.user.services.sunshine = {
enable = true;
description = "Sunshine self-hosted game stream host for Moonlight";
startLimitBurst = 5;
startLimitIntervalSec = 500;
script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}";
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
ReadWritePaths = [
"/var/lib/sunshine"
];
};
wantedBy = [ "graphical-session.target" ];
};
}
)
]
# xdg.configFile."sunshine/apps.json".text = builtins.toJSON {
# env = "/run/current-system/sw/bin";
# apps = [
# {
# name = "Steam";
# output = "steam.txt";
# detached = [
# "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"
# ];
# image-path = "steam.png";
# }
# ];
# };
# }
wantedBy = [ "graphical-session.target" ];
};
}
];
# xdg.configFile."sunshine/apps.json".text = builtins.toJSON {
# env = "/run/current-system/sw/bin";
# apps = [
# {
# name = "Steam";
# output = "steam.txt";
# detached = [
# "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"
# ];
# image-path = "steam.png";
# }
# ];
# };
}