games: Add steam-sandbox

This commit is contained in:
Simon Bruder 2021-10-04 16:33:40 +02:00
parent 0c4f9a7d73
commit ae8effee39
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
3 changed files with 90 additions and 3 deletions

View file

@ -3,5 +3,10 @@
# ST-Link
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", \
MODE:="0666"
# Steam emulated controller
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
'';
boot.kernelModules = [ "uinput" ];
}

View file

@ -32,8 +32,13 @@ in
"drone-runner-exec" # exception: same as drone.io
"drone.io" # exception: is open source (but has usage restriction)
"fahclient" # exception: for science
"osu-lazer" # exception: is mostly free (just has one unfree dependency) and runs in container
"p7zip" # exception: rar source code is not free, but available; p7zip with `enableUnfree` includes it
# games (okay if they run sandboxed)
"osu-lazer" # also is free except for one dependency
"steam"
"steam-original"
"steam-runtime"
]
));
};

View file

@ -2,6 +2,76 @@
let
cfg = nixosConfig.sbruder.games;
inherit (nixosConfig.sbruder) unfree;
steam-sandbox = pkgs.writeShellScriptBin "steam-sandbox" /* bash */ ''
set -euo pipefail
base_dir="''${XDG_DATA_HOME:-$HOME/.local/share}/steam-sandbox"
mkdir -p "$base_dir"/{.local/share,.steam,data}
bubblewrap_args=(
# sandboxing
--unshare-all
--share-net
--die-with-parent
--new-session
# basic filesystem
--tmpfs /tmp
--proc /proc
--dev /dev
--dir "$HOME"
--dir "$XDG_RUNTIME_DIR"
--ro-bind /nix/store /nix/store
# path
--ro-bind /run/current-system/sw /run/current-system/sw
--ro-bind /etc/profiles/per-user/$USER/bin /etc/profiles/per-user/$USER/bin
# system-wide configuration
--ro-bind /etc/fonts /etc/fonts
--ro-bind /etc/localtime /etc/localtime
--ro-bind /etc/machine-id /etc/machine-id
--ro-bind /etc/os-release /etc/os-release
--ro-bind /etc/resolv.conf /etc/resolv.conf
--ro-bind /etc/ssl/certs /etc/ssl/certs
--ro-bind /etc/static /etc/static
# gui
--ro-bind /tmp/.X11-unix /tmp/.X11-unix
--ro-bind "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
--dev-bind /dev/dri /dev/dri
--ro-bind /sys/dev/char /sys/dev/char
--ro-bind-try /sys/devices/pci0000:00 /sys/devices/pci0000:00 # FIXME: hardcoded path for sayuri
--ro-bind /run/opengl-driver /run/opengl-driver
--ro-bind-try /run/opengl-driver-32 /run/opengl-driver-32
# audio
--ro-bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse"
--setenv PULSE_SERVER "$XDG_RUNTIME_DIR/pulse/native"
--ro-bind "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie" "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie"
--setenv PULSE_COOKIE "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie/pulse/cookie"
--ro-bind-try /etc/asound.conf /etc/asound.conf
--ro-bind-try /etc/alsa/conf.d /etc/alsa/conf.d
--ro-bind-try "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0"
# dbus
--ro-bind /run/dbus/system_bus_socket /run/dbus/system_bus_socket
--ro-bind "$XDG_RUNTIME_DIR/bus" "$XDG_RUNTIME_DIR/bus"
# shared data
--bind "$base_dir/.local/share" "$HOME/.local/share"
--bind "$base_dir/.steam" "$HOME/.steam"
--bind "$base_dir/data" "$HOME/data"
# input
--dev-bind /dev/input /dev/input
--dev-bind-try /dev/uinput /dev/uinput
)
unset SDL_VIDEODRIVER QT_QPA_PLATFORM # games generally dont support wayland
${pkgs.bubblewrap}/bin/bwrap \
"''${bubblewrap_args[@]}" \
''${SANDBOX_COMMAND:-${pkgs.unstable.steam}/bin/steam} \
"$@"
'';
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [ ]
@ -10,6 +80,13 @@ lib.mkIf cfg.enable {
] ++ lib.optionals (cfg.performanceIndex >= 4) [
desmume
dolphinEmuMaster
] ++ lib.optional (unfree.allowAssets && cfg.performanceIndex >= 8) unstable.yuzu-ea
++ lib.optional unfree.allowSoftware unstable.osu-lazer-sandbox;
] ++ lib.optional (unfree.allowAssets && cfg.performanceIndex >= 8) (unstable.yuzu-ea.overrideAttrs (o: o // {
cmakeFlags = o.cmakeFlags ++ [
"-DYUZU_ENABLE_COMPATIBILITY_REPORTING=ON"
];
}))
++ lib.optionals unfree.allowSoftware [
unstable.osu-lazer-sandbox
steam-sandbox
];
}