clan/clan-core
12
4
Fork 19
Code Issues 108 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'sunshine: improve module' (#945) from a-kenji-imp/sunshine into main
All checks were successful
checks / check-links (push) Successful in 21s
Details
checks / checks (push) Successful in 36s
Details
checks / checks-impure (push) Successful in 1m46s
Details

Browse Source
This commit is contained in:
clan-bot 2024-03-12 19:59:09 +00:00
commit a23a64d0f9
1 changed files with 122 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
clanModules/sunshine.nix
View File

@ -1,109 +1,127 @@
{ pkgs, config, ... }: { pkgs, config, options, ... }:
{ let
networking.firewall = { cfg = options.services.sunshine;
allowedTCPPorts = [ sunshineConfiguration = pkgs.writeText "sunshine.conf" ''
47984 address_family = both
47989 channels = 5
47990 pkey = /var/lib/sunshine/sunshine.key
48010 cert = /var/lib/sunshine/sunshine.cert
]; file_state = /var/lib/sunshine/state.json
file_apps = /var/lib/sunshine/apps.json
allowedUDPPorts = [ credentials_file = /var/lib/sunshine/credentials.json
47998
47999
48000
48002
48010
];
};
networking.firewall.allowedTCPPortRanges = [
{
from = 47984;
to = 48010;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 47998;
to = 48010;
}
];
environment.systemPackages = [
pkgs.sunshine
pkgs.avahi
# Convenience script, until we find a better UX
(pkgs.writers.writeDashBin "sun" ''
${pkgs.sunshine}/bin/sunshine -1 ${
pkgs.writeText "sunshine.conf" ''
address_family = both
''
} "$@"
'')
# Create a dummy account, for easier setup,
# don't use this account in actual production yet.
(pkgs.writers.writeDashBin "init-sun" ''
${pkgs.sunshine}/bin/sunshine \
--creds "sun" "sun"
'')
];
# Required to simulate input
boot.kernelModules = [ "uinput" ];
security.rtkit.enable = true;
# services.udev.extraRules = ''
# KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
# '';
services.udev.extraRules = ''
KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
''; '';
in
security.wrappers.sunshine = { {
owner = "root"; options.services.sunshine = {
group = "root"; enable = pkgs.lib.mkEnableOption "Sunshine self-hosted game stream host for Moonlight";
capabilities = "cap_sys_admin+p";
source = "${pkgs.sunshine}/bin/sunshine";
}; };
systemd.user.services.sunshine = { config = pkgs.lib.mkMerge [
description = "sunshine"; (pkgs.lib.mkIf cfg.enable
wantedBy = [ "graphical-session.target" ]; {
environment = { networking.firewall = {
DISPLAY = ":0"; allowedTCPPorts = [
}; 47984
serviceConfig = { 47989
ExecStart = "${config.security.wrapperDir}/sunshine"; 47990
}; 48010
}; ];
# xdg.configFile."sunshine/apps.json".text = builtins.toJSON { allowedUDPPorts = [
# env = "/run/current-system/sw/bin"; 47998
# apps = [ 47999
# { 48000
# name = "Steam"; 48002
# output = "steam.txt"; 48010
# detached = [ ];
# "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture" };
# ]; networking.firewall.allowedTCPPortRanges = [
# image-path = "steam.png"; {
# } from = 47984;
# ]; to = 48010;
# }; }
];
networking.firewall.allowedUDPPortRanges = [
{
from = 47998;
to = 48010;
}
];
services = { environment.systemPackages = [
avahi = { pkgs.sunshine
enable = true; (pkgs.writers.writeDashBin "sun" ''
reflector = true; ${pkgs.sunshine}/bin/sunshine -1 ${
nssmdns = true; pkgs.writeText "sunshine.conf" ''
publish = { address_family = both
enable = true; ''
addresses = true; } "$@"
userServices = true; '')
workstation = true; # Create a dummy account, for easier setup,
}; # don't use this account in actual production yet.
}; (pkgs.writers.writeDashBin "init-sun" ''
}; ${pkgs.sunshine}/bin/sunshine \
} --creds "sun" "sun"
'')
];
# Required to simulate input
hardware.uinput.enable = true;
boot.kernelModules = [ "uinput" ];
# services.udev.extraRules = ''
# KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
# '';
services.udev.extraRules = ''
KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
'';
hardware.opengl.driSupport32Bit = true;
hardware.opengl.enable = true;
security = {
rtkit.enable = true;
wrappers.sunshine = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+p";
source = "${pkgs.sunshine}/bin/sunshine";
};
};
systemd.tmpfiles.rules = [
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
];
systemd.user.services.sunshine = {
enable = true;
description = "Sunshine self-hosted game stream host for Moonlight";
startLimitBurst = 5;
startLimitIntervalSec = 500;
script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}";
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
ReadWritePaths = [
"/var/lib/sunshine"
];
};
wantedBy = [ "graphical-session.target" ];
};
}
)
]
# xdg.configFile."sunshine/apps.json".text = builtins.toJSON {
# env = "/run/current-system/sw/bin";
# apps = [
# {
# name = "Steam";
# output = "steam.txt";
# detached = [
# "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"
# ];
# image-path = "steam.png";
# }
# ];
# };
# }