erwin/sunshine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add firewall config

Browse source
This commit is contained in:
Erwin Boskma 2022-09-26 12:05:41 +02:00
parent 26cd4f804c
commit 5777182658
Signed by: erwin
GPG key ID: 270B20D17394F7E5
1 changed files with 122 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

229
flake.nix
View file

@ -7,119 +7,134 @@
}; };
outputs = { self, nixpkgs, flake-utils }: outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachSystem [ "x86_64-linux" ] (system: flake-utils.lib.eachSystem [ "x86_64-linux" ]
let (system:
pkgs = nixpkgs.legacyPackages.${system}; let
lib = nixpkgs.lib; pkgs = nixpkgs.legacyPackages.${system};
in lib = nixpkgs.lib;
{ in
formatter = pkgs.nixpkgs-fmt; {
packages = { formatter = pkgs.nixpkgs-fmt;
sunshine = pkgs.stdenv.mkDerivation { packages = {
pname = "sunshine"; sunshine = pkgs.stdenv.mkDerivation {
version = "0.14.1"; pname = "sunshine";
version = "0.14.1";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "LizardByte"; owner = "LizardByte";
repo = "Sunshine"; repo = "Sunshine";
rev = "6000b85b1a4ec574d93fbc7545f5bf48f3d5aaa7"; rev = "6000b85b1a4ec574d93fbc7545f5bf48f3d5aaa7";
sha256 = "SB2DAOYf2izIwwRWEw2wt5L5oCDbb6YOqXw/z/PD1pQ="; sha256 = "SB2DAOYf2izIwwRWEw2wt5L5oCDbb6YOqXw/z/PD1pQ=";
fetchSubmodules = true; fetchSubmodules = true;
};
buildInputs = with pkgs; [
avahi
(boost.override { enableStatic = true; })
ffmpeg
libevdev
libpulseaudio
xorg.libX11
xorg.libxcb
xorg.libXfixes
xorg.libXrandr
xorg.libXtst
openssl
libopus
udev
libdrm
valgrind.dev
wayland
libffi
icu
];
hardeningDisable = [ "format" ];
nativeBuildInputs = with pkgs; [
cmake
pkgconf
makeWrapper
];
cmakeFlags = [
"-DSUNSHINE_ASSETS_DIR=${placeholder "out"}/etc/sunshine"
"-DSUNSHINE_CONFIG_DIR=${placeholder "out"}/etc/sunshine"
];
# patches = [ ./001-cmake-find-evdev.patch ];
patches = [ ./sunshine.patch ];
preConfigure = ''
substituteInPlace CMakeLists.txt \
--replace "/usr/include/libevdev-1.0" "${pkgs.libevdev}/include/libevdev-1.0" \
--replace "/etc/udev/rules.d" "$out/etc/udev/rules.d" \
--replace "/usr/bin" "$out/bin" \
--replace "/usr/lib/systemd/user" "$out/lib/systemd/user"
'';
postInstall = ''
wrapProgram $out/bin/sunshine --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath (with pkgs; [ avahi mesa libGL ])}"
'';
};
};
packages.default = self.packages.${system}.sunshine;
devShells.default = with pkgs; mkShell {
nativeBuildInputs = [ nix-prefetch-scripts nix-prefetch-github cmake-language-server ];
inputsFrom = [ self.packages.${system}.sunshine ];
};
}) // {
nixosModule.sunshine = { pkgs, config, lib, ... }:
with lib;
let
cfg = config.services.sunshine;
sunshine = self.packages.${pkgs.system}.sunshine;
in
{
options.services.sunshine = {
enable = mkEnableOption "sunshine";
user = mkOption {
description = "The user using sunshine";
type = types.str;
}; };
openFirewall = mkOption { buildInputs = with pkgs; [
description = "Open the necessary ports for sunshine"; avahi
type = types.bool; (boost.override { enableStatic = true; })
default = false; ffmpeg
}; libevdev
}; libpulseaudio
xorg.libX11
xorg.libxcb
xorg.libXfixes
xorg.libXrandr
xorg.libXtst
openssl
libopus
udev
libdrm
valgrind.dev
wayland
libffi
icu
];
config = mkIf cfg.enable { hardeningDisable = [ "format" ];
environment.systemPackages = [ sunshine ];
hardware.uinput = true; nativeBuildInputs = with pkgs; [
cmake
pkgconf
makeWrapper
];
users.extraUsers.${cfg.user}.extraGroups = [ "uinput" "video" ]; cmakeFlags = [
security.wrappers.sunshine = { "-DSUNSHINE_ASSETS_DIR=${placeholder "out"}/etc/sunshine"
owner = "root"; "-DSUNSHINE_CONFIG_DIR=${placeholder "out"}/etc/sunshine"
group = "root"; ];
capabilities = "cap_sys_admin+p";
source = "${sunshine}/bin/sunshine"; # patches = [ ./001-cmake-find-evdev.patch ];
}; patches = [ ./sunshine.patch ];
preConfigure = ''
substituteInPlace CMakeLists.txt \
--replace "/usr/include/libevdev-1.0" "${pkgs.libevdev}/include/libevdev-1.0" \
--replace "/etc/udev/rules.d" "$out/etc/udev/rules.d" \
--replace "/usr/bin" "$out/bin" \
--replace "/usr/lib/systemd/user" "$out/lib/systemd/user"
'';
postInstall = ''
wrapProgram $out/bin/sunshine --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath (with pkgs; [ avahi mesa libGL ])}"
'';
}; };
}; };
}; packages.default = self.packages.${system}.sunshine;
devShells.default = with pkgs; mkShell {
nativeBuildInputs = [ nix-prefetch-scripts nix-prefetch-github cmake-language-server ];
inputsFrom = [ self.packages.${system}.sunshine ];
};
}) // {
nixosModule.sunshine = { pkgs, config, lib, ... }:
with lib;
let
cfg = config.services.sunshine;
sunshine = self.packages.${pkgs.system}.sunshine;
in
{
options.services.sunshine = {
enable = mkEnableOption "sunshine";
user = mkOption {
description = "The user using sunshine";
type = types.str;
};
openFirewall = mkOption {
description = "Open the necessary ports for sunshine";
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ sunshine ];
hardware.uinput = true;
users.extraUsers.${cfg.user}.extraGroups = [ "uinput" "video" ];
security.wrappers.sunshine = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+p";
source = "${sunshine}/bin/sunshine";
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
48010
];
allowedTCPPortRanges = [
{ from = 47984; to = 47990; }
];
allowedUDPPortRanges = [
{ from = 47998; to = 48000; }
];
};
};
};
};
} }