DavHau
313db5643f
All checks were successful
buildbot/nix-build .#checks.aarch64-darwin.nixos-test_install_machine Build done.
buildbot/nix-build .#checks.aarch64-linux.nixos-test_install_machine Build done.
buildbot/nix-build .#checks.x86_64-linux.check-for-breakpoints Build done.
buildbot/nix-build .#checks.x86_64-linux.package-clan-ts-api Build done.
buildbot/nix-build .#checks.aarch64-linux.nixos-iso-installer Build done.
buildbot/nix-build .#checks.x86_64-linux.package-default Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-deb Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-fakeroot Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-git Build done.
buildbot/nix-build .#checks.x86_64-linux.package-module-docs Build done.
buildbot/nix-build .#checks.aarch64-darwin.nixos-flash-installer Build done.
buildbot/nix-build .#checks.aarch64-darwin.nixos-iso-installer Build done.
buildbot/nix-build .#checks.aarch64-linux.nixos-flash-installer Build done.
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli-docs Build done.
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-docs Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-archlinux Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-e2fsprogs Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-rpm Build done.
buildbot/nix-build .#checks.aarch64-darwin.nixos-test-backup Build done.
buildbot/nix-build .#checks.x86_64-linux."clan-dep-python3.11-qemu" Build done.
buildbot/nix-build .#checks.aarch64-linux.nixos-test-backup Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-nix Build done.
buildbot/nix-build .#checks.x86_64-linux.renderClanOptions Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-openssh Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-webview-ui Build done.
buildbot/nix-build .#checks.x86_64-linux."clan-dep-python3.11-mypy" Build done.
buildbot/nix-build .#checks.x86_64-linux.deltachat Build done.
buildbot/nix-build .#checks.x86_64-linux.borgbackup Build done.
buildbot/nix-build .#checks.x86_64-linux.matrix-synapse Build done.
buildbot/nix-build .#checks.x86_64-linux.package-editor Build done.
buildbot/nix-build .#checks.x86_64-linux.package-merge-after-ci Build done.
buildbot/nix-build .#checks.x86_64-linux.package-zt-tcp-relay Build done.
buildbot/nix-build .#checks.x86_64-linux.postgresql Build done.
buildbot/nix-build .#checks.x86_64-linux.package-function-schema Build done.
buildbot/nix-build .#checks.x86_64-linux.secrets Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-rsync Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sops Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-bash Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-test-backup Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sshpass Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-zbar Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-apk Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-age Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-dep-tor Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-app-no-breakpoints Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-cli Build done.
buildbot/nix-build .#checks.x86_64-linux.container Build done.
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-example-valid Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-app-pytest Build done.
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-nix-unit-tests Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-test_install_machine Build done.
buildbot/nix-build .#checks.x86_64-linux.package-deploy-docs Build done.
buildbot/nix-build .#checks.x86_64-linux.module-schema Build done.
buildbot/nix-build .#checks.x86_64-linux.package-impure-checks Build done.
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
buildbot/nix-build .#checks.x86_64-linux.package-moonlight-sunshine-accept Build done.
buildbot/nix-build .#checks.x86_64-linux.package-pending-reviews Build done.
buildbot/nix-build .#checks.x86_64-linux.package-tea-create-pr Build done.
buildbot/nix-build .#checks.x86_64-linux.package-zerotier-members Build done.
buildbot/nix-build .#checks.x86_64-linux.package-zerotierone Build done.
buildbot/nix-build .#checks.x86_64-linux.package-docs Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-without-core Build done.
buildbot/nix-build .#checks.x86_64-linux.package-webview-ui Build done.
buildbot/nix-build .#checks.x86_64-linux.package-clan-app Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-flash-installer Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-iso-installer Build done.
buildbot/nix-build .#checks.x86_64-linux.template-minimal Build done.
buildbot/nix-build .#checks.x86_64-linux.package-module-schema Build done.
buildbot/nix-build .#checks.x86_64-linux.wayland-proxy-virtwl Build done.
buildbot/nix-build .#checks.x86_64-linux.zt-tcp-relay Build done.
buildbot/nix-build .#checks.x86_64-linux.package-iso-installer Build done.
buildbot/nix-build .#checks.x86_64-linux.syncthing Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-app Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-with-core Build done.
checks / checks-impure (pull_request) Successful in 2m10s
buildbot/nix-build .#checks.x86_64-linux.package-gui-install-test-ubuntu-22-04 Build done.
buildbot/nix-build .#checks.x86_64-linux.test-backups Build done.
buildbot/nix-build .#checks.x86_64-linux.flash Build done.
buildbot/nix-build .#checks.x86_64-linux.test-installation Build done.
buildbot/nix-eval Build done.
208 lines
5.6 KiB
Nix
208 lines
5.6 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
ms-accept = pkgs.callPackage ../pkgs/moonlight-sunshine-accept { };
|
|
sunshineConfiguration = pkgs.writeText "sunshine.conf" ''
|
|
address_family = both
|
|
channels = 5
|
|
pkey = /var/lib/sunshine/sunshine.key
|
|
cert = /var/lib/sunshine/sunshine.cert
|
|
file_state = /var/lib/sunshine/state.json
|
|
credentials_file = /var/lib/sunshine/credentials.json
|
|
'';
|
|
listenPort = 48011;
|
|
in
|
|
{
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
47984
|
|
47989
|
|
47990
|
|
48010
|
|
48011
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
47998
|
|
47999
|
|
48000
|
|
48002
|
|
48010
|
|
];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPortRanges = [
|
|
{
|
|
from = 47984;
|
|
to = 48010;
|
|
}
|
|
];
|
|
networking.firewall.allowedUDPPortRanges = [
|
|
{
|
|
from = 47998;
|
|
to = 48010;
|
|
}
|
|
];
|
|
networking.firewall.interfaces."zt+".allowedTCPPorts = [
|
|
47984
|
|
47989
|
|
47990
|
|
48010
|
|
listenPort
|
|
];
|
|
networking.firewall.interfaces."zt+".allowedUDPPortRanges = [
|
|
{
|
|
from = 47998;
|
|
to = 48010;
|
|
}
|
|
];
|
|
|
|
environment.systemPackages = [
|
|
ms-accept
|
|
pkgs.sunshine
|
|
pkgs.avahi
|
|
# Convenience script, until we find a better UX
|
|
(pkgs.writers.writeDashBin "sun" ''
|
|
${pkgs.sunshine}/bin/sunshine -0 ${sunshineConfiguration} "$@"
|
|
'')
|
|
# Create a dummy account, for easier setup,
|
|
# don't use this account in actual production yet.
|
|
(pkgs.writers.writeDashBin "init-sun" ''
|
|
${pkgs.sunshine}/bin/sunshine \
|
|
--creds "sunshine" "sunshine"
|
|
'')
|
|
];
|
|
|
|
# Required to simulate input
|
|
boot.kernelModules = [ "uinput" ];
|
|
|
|
services.udev.extraRules = ''
|
|
KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
|
|
'';
|
|
|
|
security = {
|
|
rtkit.enable = true;
|
|
wrappers.sunshine = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_sys_admin+p";
|
|
source = "${pkgs.sunshine}/bin/sunshine";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
|
|
"C '/var/lib/sunshine/sunshine.cert' 0644 'user' 'users' - ${
|
|
config.clan.core.facts.services.sunshine.secret."sunshine.cert".path or ""
|
|
}"
|
|
"C '/var/lib/sunshine/sunshine.key' 0644 'user' 'users' - ${
|
|
config.clan.core.facts.services.sunshine.secret."sunshine.key".path or ""
|
|
}"
|
|
];
|
|
|
|
hardware.opengl.enable = true;
|
|
|
|
systemd.user.services.sunshine = {
|
|
enable = true;
|
|
description = "Sunshine self-hosted game stream host for Moonlight";
|
|
startLimitBurst = 5;
|
|
startLimitIntervalSec = 500;
|
|
script = "/run/current-system/sw/bin/env /run/wrappers/bin/sunshine ${sunshineConfiguration}";
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
ReadWritePaths = [ "/var/lib/sunshine" ];
|
|
ReadOnlyPaths = [
|
|
(config.clan.core.facts.services.sunshine.secret."sunshine.key".path or "")
|
|
(config.clan.core.facts.services.sunshine.secret."sunshine.cert".path or "")
|
|
];
|
|
};
|
|
wantedBy = [ "graphical-session.target" ];
|
|
partOf = [ "graphical-session.target" ];
|
|
wants = [ "graphical-session.target" ];
|
|
after = [
|
|
"sunshine-init-state.service"
|
|
"sunshine-init-credentials.service"
|
|
];
|
|
};
|
|
|
|
systemd.user.services.sunshine-init-state = {
|
|
enable = true;
|
|
description = "Sunshine self-hosted game stream host for Moonlight";
|
|
startLimitBurst = 5;
|
|
startLimitIntervalSec = 500;
|
|
script = ''
|
|
${ms-accept}/bin/moonlight-sunshine-accept sunshine init-state --uuid ${
|
|
config.clan.core.facts.services.sunshine.public.sunshine-uuid.value or null
|
|
} --state-file /var/lib/sunshine/state.json
|
|
'';
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
Type = "oneshot";
|
|
ReadWritePaths = [ "/var/lib/sunshine" ];
|
|
};
|
|
wantedBy = [ "graphical-session.target" ];
|
|
};
|
|
|
|
systemd.user.services.sunshine-init-credentials = {
|
|
enable = true;
|
|
description = "Sunshine self-hosted game stream host for Moonlight";
|
|
startLimitBurst = 5;
|
|
startLimitIntervalSec = 500;
|
|
script = ''
|
|
${lib.getExe pkgs.sunshine} ${sunshineConfiguration} --creds sunshine sunshine
|
|
'';
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
Type = "oneshot";
|
|
ReadWritePaths = [ "/var/lib/sunshine" ];
|
|
};
|
|
wantedBy = [ "graphical-session.target" ];
|
|
};
|
|
|
|
systemd.user.services.sunshine-listener = {
|
|
enable = true;
|
|
description = "Sunshine self-hosted game stream host for Moonlight";
|
|
startLimitBurst = 5;
|
|
startLimitIntervalSec = 500;
|
|
script = ''
|
|
${ms-accept}/bin/moonlight-sunshine-accept sunshine listen --port ${builtins.toString listenPort} --uuid ${
|
|
config.clan.core.facts.services.sunshine.public.sunshine-uuid.value or null
|
|
} --state /var/lib/sunshine/state.json --cert '${
|
|
config.clan.core.facts.services.sunshine.public."sunshine.cert".value or null
|
|
}'
|
|
'';
|
|
serviceConfig = {
|
|
# );
|
|
Restart = "on-failure";
|
|
RestartSec = 5;
|
|
ReadWritePaths = [ "/var/lib/sunshine" ];
|
|
};
|
|
wantedBy = [ "graphical-session.target" ];
|
|
};
|
|
|
|
clan.core.facts.services.ergochat = {
|
|
secret."sunshine.key" = { };
|
|
secret."sunshine.cert" = { };
|
|
public."sunshine-uuid" = { };
|
|
public."sunshine.cert" = { };
|
|
generator.path = [
|
|
pkgs.coreutils
|
|
ms-accept
|
|
];
|
|
generator.script = ''
|
|
moonlight-sunshine-accept sunshine init
|
|
mv credentials/cakey.pem "$secrets"/sunshine.key
|
|
cp credentials/cacert.pem "$secrets"/sunshine.cert
|
|
mv credentials/cacert.pem "$facts"/sunshine.cert
|
|
mv uuid "$facts"/sunshine-uuid
|
|
'';
|
|
};
|
|
}
|