games: Add steam-sandbox
This commit is contained in:
parent
0c4f9a7d73
commit
ae8effee39
GPG key ID:
8D3C82F9F309F8EC
|
|
@ -3,5 +3,10 @@
|
||||||
# ST-Link
|
# ST-Link
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", \
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", \
|
||||||
MODE:="0666"
|
MODE:="0666"
|
||||||
|
|
||||||
|
# Steam emulated controller
|
||||||
|
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
boot.kernelModules = [ "uinput" ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,8 +32,13 @@ in
|
||||||
"drone-runner-exec" # exception: same as drone.io
|
"drone-runner-exec" # exception: same as drone.io
|
||||||
"drone.io" # exception: is open source (but has usage restriction)
|
"drone.io" # exception: is open source (but has usage restriction)
|
||||||
"fahclient" # exception: for science
|
"fahclient" # exception: for science
|
||||||
"osu-lazer" # exception: is mostly free (just has one unfree dependency) and runs in container
|
|
||||||
"p7zip" # exception: rar source code is not free, but available; p7zip with `enableUnfree` includes it
|
"p7zip" # exception: rar source code is not free, but available; p7zip with `enableUnfree` includes it
|
||||||
|
|
||||||
|
# games (okay if they run sandboxed)
|
||||||
|
"osu-lazer" # also is free except for one dependency
|
||||||
|
"steam"
|
||||||
|
"steam-original"
|
||||||
|
"steam-runtime"
|
||||||
]
|
]
|
||||||
));
|
));
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,76 @@
|
||||||
let
|
let
|
||||||
cfg = nixosConfig.sbruder.games;
|
cfg = nixosConfig.sbruder.games;
|
||||||
inherit (nixosConfig.sbruder) unfree;
|
inherit (nixosConfig.sbruder) unfree;
|
||||||
|
|
||||||
|
steam-sandbox = pkgs.writeShellScriptBin "steam-sandbox" /* bash */ ''
|
||||||
|
set -euo pipefail
|
||||||
|
base_dir="''${XDG_DATA_HOME:-$HOME/.local/share}/steam-sandbox"
|
||||||
|
mkdir -p "$base_dir"/{.local/share,.steam,data}
|
||||||
|
bubblewrap_args=(
|
||||||
|
# sandboxing
|
||||||
|
--unshare-all
|
||||||
|
--share-net
|
||||||
|
--die-with-parent
|
||||||
|
--new-session
|
||||||
|
|
||||||
|
# basic filesystem
|
||||||
|
--tmpfs /tmp
|
||||||
|
--proc /proc
|
||||||
|
--dev /dev
|
||||||
|
--dir "$HOME"
|
||||||
|
--dir "$XDG_RUNTIME_DIR"
|
||||||
|
--ro-bind /nix/store /nix/store
|
||||||
|
# path
|
||||||
|
--ro-bind /run/current-system/sw /run/current-system/sw
|
||||||
|
--ro-bind /etc/profiles/per-user/$USER/bin /etc/profiles/per-user/$USER/bin
|
||||||
|
# system-wide configuration
|
||||||
|
--ro-bind /etc/fonts /etc/fonts
|
||||||
|
--ro-bind /etc/localtime /etc/localtime
|
||||||
|
--ro-bind /etc/machine-id /etc/machine-id
|
||||||
|
--ro-bind /etc/os-release /etc/os-release
|
||||||
|
--ro-bind /etc/resolv.conf /etc/resolv.conf
|
||||||
|
--ro-bind /etc/ssl/certs /etc/ssl/certs
|
||||||
|
--ro-bind /etc/static /etc/static
|
||||||
|
|
||||||
|
# gui
|
||||||
|
--ro-bind /tmp/.X11-unix /tmp/.X11-unix
|
||||||
|
--ro-bind "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
|
||||||
|
--dev-bind /dev/dri /dev/dri
|
||||||
|
--ro-bind /sys/dev/char /sys/dev/char
|
||||||
|
--ro-bind-try /sys/devices/pci0000:00 /sys/devices/pci0000:00 # FIXME: hardcoded path for sayuri
|
||||||
|
--ro-bind /run/opengl-driver /run/opengl-driver
|
||||||
|
--ro-bind-try /run/opengl-driver-32 /run/opengl-driver-32
|
||||||
|
|
||||||
|
# audio
|
||||||
|
--ro-bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse"
|
||||||
|
--setenv PULSE_SERVER "$XDG_RUNTIME_DIR/pulse/native"
|
||||||
|
--ro-bind "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie" "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie"
|
||||||
|
--setenv PULSE_COOKIE "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie/pulse/cookie"
|
||||||
|
--ro-bind-try /etc/asound.conf /etc/asound.conf
|
||||||
|
--ro-bind-try /etc/alsa/conf.d /etc/alsa/conf.d
|
||||||
|
--ro-bind-try "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0"
|
||||||
|
|
||||||
|
# dbus
|
||||||
|
--ro-bind /run/dbus/system_bus_socket /run/dbus/system_bus_socket
|
||||||
|
--ro-bind "$XDG_RUNTIME_DIR/bus" "$XDG_RUNTIME_DIR/bus"
|
||||||
|
|
||||||
|
# shared data
|
||||||
|
--bind "$base_dir/.local/share" "$HOME/.local/share"
|
||||||
|
--bind "$base_dir/.steam" "$HOME/.steam"
|
||||||
|
--bind "$base_dir/data" "$HOME/data"
|
||||||
|
|
||||||
|
# input
|
||||||
|
--dev-bind /dev/input /dev/input
|
||||||
|
--dev-bind-try /dev/uinput /dev/uinput
|
||||||
|
)
|
||||||
|
|
||||||
|
unset SDL_VIDEODRIVER QT_QPA_PLATFORM # games generally don’t support wayland
|
||||||
|
|
||||||
|
${pkgs.bubblewrap}/bin/bwrap \
|
||||||
|
"''${bubblewrap_args[@]}" \
|
||||||
|
''${SANDBOX_COMMAND:-${pkgs.unstable.steam}/bin/steam} \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
lib.mkIf cfg.enable {
|
lib.mkIf cfg.enable {
|
||||||
home.packages = with pkgs; [ ]
|
home.packages = with pkgs; [ ]
|
||||||
|
|
@ -10,6 +80,13 @@ lib.mkIf cfg.enable {
|
||||||
] ++ lib.optionals (cfg.performanceIndex >= 4) [
|
] ++ lib.optionals (cfg.performanceIndex >= 4) [
|
||||||
desmume
|
desmume
|
||||||
dolphinEmuMaster
|
dolphinEmuMaster
|
||||||
] ++ lib.optional (unfree.allowAssets && cfg.performanceIndex >= 8) unstable.yuzu-ea
|
] ++ lib.optional (unfree.allowAssets && cfg.performanceIndex >= 8) (unstable.yuzu-ea.overrideAttrs (o: o // {
|
||||||
++ lib.optional unfree.allowSoftware unstable.osu-lazer-sandbox;
|
cmakeFlags = o.cmakeFlags ++ [
|
||||||
|
"-DYUZU_ENABLE_COMPATIBILITY_REPORTING=ON"
|
||||||
|
];
|
||||||
|
}))
|
||||||
|
++ lib.optionals unfree.allowSoftware [
|
||||||
|
unstable.osu-lazer-sandbox
|
||||||
|
steam-sandbox
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue