From 71cd46b0e9c02d80dd1884369561c9ab2d4777b4 Mon Sep 17 00:00:00 2001 From: a-kenji Date: Tue, 12 Mar 2024 22:14:47 +0100 Subject: [PATCH] sunshine: add apps, improve uaccess rules --- clanModules/sunshine.nix | 243 +++++++++++++++++++++------------------ 1 file changed, 134 insertions(+), 109 deletions(-) diff --git a/clanModules/sunshine.nix b/clanModules/sunshine.nix index 1086883b..e9d2d08e 100644 --- a/clanModules/sunshine.nix +++ b/clanModules/sunshine.nix @@ -1,13 +1,41 @@ -{ pkgs, config, options, ... }: +{ pkgs, options, ... }: let - cfg = options.services.sunshine; + apps = pkgs.writeText "apps.json" (builtins.toJSON + { + env = { + PATH = "$(PATH):$(HOME)/.local/bin"; + }; + apps = [ + { + name = "Desktop"; + image-path = "desktop.png"; + } + { + name = "Low Res Desktop"; + image-path = "desktop.png"; + prep-cmd = [ + { + do = "xrandr --output HDMI-1 --mode 1920x1080"; + undo = "xrandr --output HDMI-1 --mode 1920x1200"; + } + ]; + } + { + name = "Steam Big Picture"; + detached = [ + "setsid steam steam://open/bigpicture" + ]; + image-path = "steam.png"; + } + ]; + }); sunshineConfiguration = pkgs.writeText "sunshine.conf" '' address_family = both channels = 5 pkey = /var/lib/sunshine/sunshine.key cert = /var/lib/sunshine/sunshine.cert file_state = /var/lib/sunshine/state.json - file_apps = /var/lib/sunshine/apps.json + file_apps = ${apps} credentials_file = /var/lib/sunshine/credentials.json ''; in @@ -16,112 +44,109 @@ in enable = pkgs.lib.mkEnableOption "Sunshine self-hosted game stream host for Moonlight"; }; - config = pkgs.lib.mkMerge [ - (pkgs.lib.mkIf cfg.enable - { - networking.firewall = { - allowedTCPPorts = [ - 47984 - 47989 - 47990 - 48010 - ]; + imports = [ + { + networking.firewall = { + allowedTCPPorts = [ + 47984 + 47989 + 47990 + 48010 + ]; - allowedUDPPorts = [ - 47998 - 47999 - 48000 - 48002 - 48010 + allowedUDPPorts = [ + 47998 + 47999 + 48000 + 48002 + 48010 + ]; + }; + networking.firewall.allowedTCPPortRanges = [ + { + from = 47984; + to = 48010; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 47998; + to = 48010; + } + ]; + + environment.systemPackages = [ + pkgs.sunshine + (pkgs.writers.writeDashBin "sun" '' + ${pkgs.sunshine}/bin/sunshine -1 ${ + pkgs.writeText "sunshine.conf" '' + address_family = both + '' + } "$@" + '') + # Create a dummy account, for easier setup, + # don't use this account in actual production yet. + (pkgs.writers.writeDashBin "init-sun" '' + ${pkgs.sunshine}/bin/sunshine \ + --creds "sun" "sun" + '') + ]; + + # Required to simulate input + hardware.uinput.enable = true; + boot.kernelModules = [ "uinput" ]; + + services.udev.extraRules = '' + KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess" + ''; + + hardware.opengl.driSupport32Bit = true; + hardware.opengl.enable = true; + + security = { + rtkit.enable = true; + wrappers.sunshine = { + owner = "root"; + group = "root"; + capabilities = "cap_sys_admin+p"; + source = "${pkgs.sunshine}/bin/sunshine"; + }; + }; + + + systemd.tmpfiles.rules = [ + "d '/var/lib/sunshine' 0770 'user' 'users' - -" + ]; + + + systemd.user.services.sunshine = { + enable = true; + description = "Sunshine self-hosted game stream host for Moonlight"; + startLimitBurst = 5; + startLimitIntervalSec = 500; + script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "5s"; + ReadWritePaths = [ + "/var/lib/sunshine" ]; }; - networking.firewall.allowedTCPPortRanges = [ - { - from = 47984; - to = 48010; - } - ]; - networking.firewall.allowedUDPPortRanges = [ - { - from = 47998; - to = 48010; - } - ]; - - environment.systemPackages = [ - pkgs.sunshine - (pkgs.writers.writeDashBin "sun" '' - ${pkgs.sunshine}/bin/sunshine -1 ${ - pkgs.writeText "sunshine.conf" '' - address_family = both - '' - } "$@" - '') - # Create a dummy account, for easier setup, - # don't use this account in actual production yet. - (pkgs.writers.writeDashBin "init-sun" '' - ${pkgs.sunshine}/bin/sunshine \ - --creds "sun" "sun" - '') - ]; - - # Required to simulate input - hardware.uinput.enable = true; - boot.kernelModules = [ "uinput" ]; - # services.udev.extraRules = '' - # KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess" - # ''; - services.udev.extraRules = '' - KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput" - ''; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.enable = true; - - security = { - rtkit.enable = true; - wrappers.sunshine = { - owner = "root"; - group = "root"; - capabilities = "cap_sys_admin+p"; - source = "${pkgs.sunshine}/bin/sunshine"; - }; - }; - - - systemd.tmpfiles.rules = [ - "d '/var/lib/sunshine' 0770 'user' 'users' - -" - ]; - - - systemd.user.services.sunshine = { - enable = true; - description = "Sunshine self-hosted game stream host for Moonlight"; - startLimitBurst = 5; - startLimitIntervalSec = 500; - script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}"; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "5s"; - ReadWritePaths = [ - "/var/lib/sunshine" - ]; - }; - wantedBy = [ "graphical-session.target" ]; - }; - } - ) - ] -# xdg.configFile."sunshine/apps.json".text = builtins.toJSON { -# env = "/run/current-system/sw/bin"; -# apps = [ -# { -# name = "Steam"; -# output = "steam.txt"; -# detached = [ -# "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture" -# ]; -# image-path = "steam.png"; -# } -# ]; -# }; -# } + wantedBy = [ "graphical-session.target" ]; + }; + } + ]; + # xdg.configFile."sunshine/apps.json".text = builtins.toJSON { + # env = "/run/current-system/sw/bin"; + # apps = [ + # { + # name = "Steam"; + # output = "steam.txt"; + # detached = [ + # "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture" + # ]; + # image-path = "steam.png"; + # } + # ]; + # }; +}