Sunshine self-hosted game stream

Nosirus · February 19, 2023, 10:27pm

Hi,
Has anyone had success getting sunshine to work?

For the moment, I have not created a service, I am stuck on:

Error: Could not create Sunshine Mouse: No such device

Here’s what I’ve been doing now

  environment.systemPackages = with pkgs; [
    sunshine
  ];

  users.groups.input.members = [ "nosirus" ];

  services.udev.extraRules = ''
      Sunshine
      KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
    '';

I did not understand how to apply

sudo setcap cap_sys_admin+p $(readlink -f $(which sunshine))

Any help would be appreciated I would really like to get it working
I’m on wayland and using wayfire

adamcstephens · February 20, 2023, 12:01am

cap_sys_admin is effectively root permissions, which is quite concerning.

If you create the systemd service, you can grant this (or ideally a more restricted set) using Capabilities. systemd.exec

nixinator · February 21, 2023, 12:02am

for some reason, this reminded me of this.

https://insecure.org/sploits/quake.backdoor.html

ah … the good old day, which sound like they are still with us.

devusb · February 21, 2023, 2:16am

I run it as a systemd user service via home-manager. Have not spent the time to explicitly define capabilities – probably a little too broad as-is.
Very basic module I use is here:

github.com

devusb/nix-config/blob/23613ecbe90148cf0e9573b0772f4bfea35bbfc8/modules/home-manager/sunshine.nix

{ config, pkgs, lib, ... }:
with lib;
let
  cfg = config.services.sunshine;
in
{
  options.services.sunshine = {
    enable = mkEnableOption "sunshine";

    package = mkPackageOption pkgs "sunshine" { };
  };

  config = mkIf cfg.enable {

    systemd.user.services = {
      sunshine = {
        Unit.Description = "Sunshine is a Game stream host for Moonlight.";
        Service.ExecStart = "${cfg.package}/bin/sunshine";
        Install.WantedBy = [ "graphical-session.target" ];
      };

This file has been truncated. show original

nixinator · February 21, 2023, 2:28am

Ah, I see what the software does now, pretty cool, thanks for trying to get this into nix.

I can also guess why it needs root privileges … it probably has do all sorts of things with the frame buffer or 3d card for video compression acceleration. or maybe not?

cool!

Nosirus · February 22, 2023, 9:03pm

So I found why it refused to start, the module was not loaded

  boot.kernelModules = [ "uinput" ];

the service does not start, I can only do it in a terminal

remains to find how to do with my not compatible screen resolutions (pc screen 21:9, tablet 4:3)

nixinator · February 22, 2023, 10:57pm

It’s an ‘extrarules’ option, which basically just creates ‘a symbolic link’ in /etc/blah/blah…

The nix code that setup up the extraRules could do a bit of parsing of the OPTIONS+= , and warn the users that they are going to need a related kernel module to get it to work.

However, there are very few OPTIONS that need a kernel module , then it’s probably not worth doing.

I checked the udev docs
static_node= SNIP SNIP SNIP The static nodes might not have a corresponding kernel device; they are used to trigger automatic kernel module loading when they are accessed.

So, normal udev, automatically loads this driver into the kernel, I bet nix isn’t doing that.

if you create a service for sunshine and i hope they you do … you just need get the service to add this kernel module by default.

github.com/NixOS/nixpkgs

nixos hardware.steam-hardware.enable should add the uinput module to kernelModules

opened 03:24PM - 05 Oct 19 UTC

closed 08:24AM - 13 Oct 19 UTC

cdepillabout

0.kind: bug 6.topic: hardware

**Describe the bug** I use a PlayStation 3 controller over bluetooth to contr…ol steam. I recently updated to nixos-19.09. In previous releases of nixos, I've had to add the following udev rule to be able to use my controller with _some_ steam games: ```nix services.udev.extraRules = '' KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput", GROUP="input", MODE="0660" ''; ``` This rule changes `/dev/uinput` so it is read-write by people in the `input` group. Some info about this is described in the following issue: https://github.com/NixOS/nixpkgs/pull/50901 With a recent version of Steam (which is in 19.09), this udev rule is apparently no longer needed: https://github.com/NixOS/nixpkgs/pull/66916 However, now that I have updated to 19.09, I've found that this still doesn't work for me. The reason appears to be that until the `uinput` kernel module is loaded, the correct permissions are not applied to `/dev/uinput`. I figured this out through the following comment: https://github.com/chrippa/ds4drv/issues/93#issuecomment-265300511 My workaround has been to explicitly enable the `uinput` module: ```nix boot.kernelModules = [ "uinput" ]; ``` My suggestion is to add `uinput` to `boot.kernelModules` whenever `hardware.steam-hardware.enable` is enabled. I will send a PR for this if it will be accepted. **Metadata** - system: `"x86_64-linux"` - host os: `Linux 4.19.76, NixOS, 19.09beta606.3ba0d9f75cc (Loris)` - multi-user?: `yes` - sandbox: `yes` - version: `nix-env (Nix) 2.3` - channels(illabout): `""` - channels(root): `"nixos-19.09beta606.3ba0d9f75cc"` - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos` Maintainer information: ```yaml # a list of nixpkgs attributes affected by the problem attribute: steam # a list of nixos modules affected by the problem module: hardware.steam-hardware.enable ``` cc @nyanloutre @mmahut @vcunat @globin (who all have interacted on steam-releated PRs)

and

github.com/NixOS/nixpkgs

nixos/steam-hardware: add uinput to boot.kernelModules

NixOS:master ← cdepillabout:add-uinput-to-steam-hardware

opened 02:39AM - 06 Oct 19 UTC

cdepillabout

+7 -0

The `uinput` kernel module needs to be added to loaded in order for the udev rul…es defined by steam to be run and set permissions correctly on `/dev/uinput`. Closes https://github.com/NixOS/nixpkgs/issues/70471. ###### Things done - [X] Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS) - Built on platform(s) - [X] NixOS - [ ] macOS - [ ] other Linux distributions - [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"` - [ ] Tested execution of all binary files (usually in `./result/bin/`) - [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after) - [ ] Ensured that relevant documentation is up to date - [X] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md). ###### Notify maintainers cc @nyanloutre @vcunat @lhindir

has all the details (not gory at all) and something you can adapt your service to do.

Then you’ll probably have the perfect service, perfect package, and perfect PR.

Nosirus · February 27, 2023, 11:30am

Unfortunately, after many attempts I have errors with wayfire to create a fake screen

if i add WLR_BACKENDS=headless
Couldn't find matching mode 1600x2176@60 for output HEADLESS-1. Trying to use custom mode

or if i add WLR_BACKENDS=libinput,drm,headless
Could not add backend: multiple renderers at the same time aren't supported
failled to add backend 'headless'

nixinator · February 27, 2023, 4:52pm

Sounds like your close, I’m not familiar with wayfire, so can’t offer any idea there. Maybe the wayfire author can chime in with a solution?

or maybe not.

francocalvo · April 22, 2023, 4:07am

Hey! I’m trying to make this work. This is my current config:

file in repo

It spits two errors when I execute it:

[2023:04:22:01:04:34]: Error: avahi::entry_group_new() failed: Not permitted

(sunshine:73678): Gdk-CRITICAL **: 01:04:37.152: gdk_window_thaw_toplevel_updates: assertion 'window->update_and_descendants_freeze_count > 0' failed

I think the last one is regarding widgets/tray icons, etc. The other one I understand is for descovery in the WLAN. Anyways, I start Sunshine, open Moonlight on my phone, enter my IP and it says it can’t connect, that I might have to check the ports are open. I have this:

❯ ss -lptn
State      Recv-Q      Send-Q           Local Address:Port            Peer Address:Port     Process
LISTEN     0           128                    0.0.0.0:22                   0.0.0.0:*
LISTEN     0           4096                   0.0.0.0:48010                0.0.0.0:*
LISTEN     0           4096                   0.0.0.0:47984                0.0.0.0:*
LISTEN     0           4096                   0.0.0.0:47989                0.0.0.0:*
LISTEN     0           4096                   0.0.0.0:47990                0.0.0.0:*
LISTEN     0           128                       [::]:22                      [::]:*

These are the range for Sunshine, so it should be working. Any help/pointers?

francocalvo · April 23, 2023, 6:22pm

Hey! Sorry I bother you. I saw that you are the one that wrote the PR for this pkg. Could you give me a hand on what could be going wrong?

devusb · April 24, 2023, 11:09am

For the first error, believe services.avahi.publish.userServices = true is needed since you are running Sunshine as a user unit.

As for your connectivity issue, are you sure the ports are open on your firewall? Check with iptables -L or equivalent and make sure you see them? Alternatively you can try Moonlight locally and just make sure it can see the Sunshine instance.

francocalvo · April 25, 2023, 1:50am

Yep, I read through most of your config and saw the avahi config. I wasn’t using it before so I added it to mine.

About the ports, I was sure I had them open as I had the proper ports configured in the flake, but alas, I disabled the firewall and it worked!

I’m just two steps away from completely setting it up. First, it’s not opening apps! I’ll add a log in an hour or so of what’s happening, but if I execute the command to open Steam in Big Picture from the console, it works. When I do it from Moonlight, I get this:

[2023:04:24:22:48:50]: Info: Spawning [setsid steam steam://open/bigpicture] in ["/run/current-system/sw/bin"]
[2023:04:24:22:48:50]: Warning: run_unprivileged() is not yet implemented for this platform. The new process will run with Sunshine's permissions.

On the other hand, I have to work on optimizing the gaming experience. It stutters and lags playing Star Wars Fallen Order with an 6800xt in 1080p at medium settings, so I think there is room to improve.

Anyways, thanks for the package and the help! I love this from this community

bphenriques · June 16, 2023, 8:38pm

Were you able to discover why steam bigpiccture is not opening?

I even tried to nixify apps.json with no success…

{ config, lib, pkgs, ... }:

let
  apps = {
    env = "/run/current-system/sw/bin";
    apps = [
      {
         name = "Steam";
         output = "steam.txt";
         detached = ["setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"];
         image-path = "steam.png";
      }
    ];
  };
in
{
  xdg.configFile = {
    "sunshine/sunshine.conf".source = ./sunshine.conf;
    "sunshine/apps.json".text = builtins.toJSON apps;
  };
}

Basically I have this error:

[2023:06:16:21:32:42]: Info: Spawning [setsid /nix/store/b7zgnxgzmmfmwixxb9gw3m86rj5brzwb-steam/bin/steam steam://open/bigpicture] in [""]
[2023:06:16:21:32:42]: Warning: run_unprivileged() is not yet implemented for this platform. The new process will run with Sunshine's permissions.
[2023:06:16:21:32:42]: Warning: Couldn't spawn [setsid /nix/store/b7zgnxgzmmfmwixxb9gw3m86rj5brzwb-steam/bin/steam steam://open/bigpicture]: System: No such file or directory
[2

Btw, thank for sharing the avahi tip. I was having trouble figuring out why I could not find the device. I have read more about what is avahi.

Edit: I find it odd it cant find setsid as I specified the env

bphenriques · June 16, 2023, 10:33pm

Update:

Managed to run big picture with:

let
  apps = {
    env = "/run/current-system/sw/bin";
    apps = [
      {
         name = "Steam";
         output = "steam.txt";
         detached = ["${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"];
         image-path = "steam.png";
      }
    ];
  };
in
{
  xdg.configFile = {
    "sunshine/sunshine.conf".source = ./sunshine.conf;
    "sunshine/apps.json".text = builtins.toJSON apps;
  };
}

Still need to figure out why env does not work but this for now does the trick.

Btw, regarding big picture being slow: enable hardware acceleration under settings.

NixUser80 · June 20, 2023, 11:36pm

How do I use this?

I’ve been trying to figure out how to get steam to load as an app without much luck. But I’m not sure where to put the above referenced code to be able to use it properly.

I’m running Sunshine as a user service using this nix config file and using the import function into the main nix config file:

github.com

RandomNinjaAtk/nixos/blob/d2480c148e882f49e5caa6267060fd2d9e10af9b/services.sunshine.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.sunshine;

in

{
  options = {

    services.sunshine = {
      enable = mkEnableOption (mdDoc "Sunshine");
    };

  };

  config = mkIf config.services.sunshine.enable {

This file has been truncated. show original

Would I just be adding this to this existing file? Or do I need to create a new .nix config file. I’m fairly new to Nix in general and would appreciate any help.

Edit: This service file was mainly pulled from another one I found on github, so it may not be correct. Sunshine does start and I can connect. But I’m unable to edit the apps.json file without using a root account. I’m not using home-manager.

bphenriques · June 21, 2023, 9:21am

You will need the generate the file using Nix, you can use for example home-manager, see my snippet here:

Sunshine self-hosted game stream - #15 by bphenriques (you can ignore the sunshine.conf)

My service setup is similar (followed some examples and official docs). Needs some cleanup though: dotfiles/nixos/modules/services/sunshine.nix at d04005dac57b00923e16252c84b34f57be1ae44c · bphenriques/dotfiles · GitHub. I was able to connect to sunshine and use my controller.

I have to manually introduce the IP but I prefer that over more complex configs (avahi works but I dont know enough about it to include it yet).

Edit: Answering your question specifically. There are many ways:

(simpler IMHO) In the same file where you enable the service, you can:

{
    ...
    services.sunshine.enable = true; # Enable service
    home-manager.users.<username> = {
       xdg.configFile."sunshine/apps.json".text = builtins.toJSON
    {
      env = "/run/current-system/sw/bin";
      apps = [
        {
           name = "Steam";
           output = "steam.txt";
           detached = ["${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"];
           image-path = "steam.png";
        }
      ];
    };
    };    
}

Create a separate file just to manage home and then import it under the right key.
(harder), use nixos to create the file but you will need to change the service to pass file_app=<generated_file> (docs) when running sunshine. Would require changing how the service runs to support additional arguments.

NixUser80 · June 21, 2023, 8:11pm

That helped some, I got a bit closer. Steam won’t start, but I am generating the configs via home-manager.

I got resolution switching working, but it seems steam won’t open due to a permissions error most likely…

Error from steam.txt

bwrap: Unexpected capabilities but not setuid, old file caps config?

Sunshine log:

[2023:06:21:16:07:33]: Info: Spawning [/nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin/setsid /nix/store/jx6aiqgwvxp6kmxhwrl4ipg9971m8q8w-steam/bin/steam steam://open/bigpicture] in ["/nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin"]
[2023:06:21:16:07:33]: Warning: run_unprivileged() is not yet implemented for this platform. The new process will run with Sunshine's permissions.

Edit: Here is the home-manager config:

home-manager.users.<username> = { pkgs, ... }: {  
    home.stateVersion = "23.05";  
    home.packages = [pkgs.libreoffice];
    xdg.configFile."sunshine/apps.json".text = builtins.toJSON
    {
      env = "/run/current-system/sw/bin";
      apps = [
        {
           name = "Steam";
           output = "steam.txt";
           detached = ["${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"];
           image-path = "steam.png";
        }
      ];
    };
    xdg.configFile."sunshine/sunshine.conf".text = ''
      global_prep_cmd = [{"do":"${pkgs.libsForQt5.libkscreen}/bin/kscreen-doctor output.1.mode.12","undo":"${pkgs.libsForQt5.libkscreen}/bin/kscreen-doctor output.1.mode.0"}]
      output_name = 1
    '';

    nixpkgs.config = {
      allowUnfree = true;
    };
  };

bphenriques · June 22, 2023, 7:47am

The run_unprivileged() log I also have (dont know exactly… but is not bothering me yet). Let me know if you find out how to fix it.

Regarding the bwrap: Unexpected capabilities but not setuid, old file caps config?, I am not sure but it might be related with some settings required and documented.

I am also fairly new to the scene, but can you try including the remaining setup parts ?

{
   ...
       # Make it work for KMS.
    # TODO: Should I migrate cap_sys_admin+p to CapabilityBoundingSet within the systemd?
    security.wrappers.sunshine = {
      owner = "root";
      group = "root";
      capabilities = "cap_sys_admin+p";
      source = "${pkgs.sunshine}/bin/sunshine";
    };

    # Requires to simulate input
    boot.kernelModules = [ "uinput" ];
    services.udev.extraRules = ''
      KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
    '';
}

I am under the impression that that the KMS setup is not required for X11 but does not hurt (much) having it as far as I can tell.

NixUser80 · June 22, 2023, 12:35pm

Updated configs:
Home-Manager: nixos/home-manager.nix at 2ea96ee86254d4b0728e538c7e75f3d7754cb51e · RandomNinjaAtk/nixos · GitHub
Sunshine Service: nixos/services.sunshine.nix at 2ea96ee86254d4b0728e538c7e75f3d7754cb51e · RandomNinjaAtk/nixos · GitHub

Still the same error:

[2023:06:22:08:25:59]: Info: Avahi service Sunshine successfully established.
[2023:06:22:08:26:59]: Info: Executing Do Cmd: [/nix/store/v9k2l6g2hl7kb2f5dw5zl5vxbiyrw43w-libkscreen-5.27.5/bin/kscreen-doctor output.1.mode.12]
[2023:06:22:08:26:59]: Warning: run_unprivileged() is not yet implemented for this platform. The new process will run with Sunshine's permissions.
[2023:06:22:08:26:59]: Info: Spawning [/nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin/setsid /nix/store/jx6aiqgwvxp6kmxhwrl4ipg9971m8q8w-steam/bin/steam steam://open/bigpicture] in ["/nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin"]
[2023:06:22:08:26:59]: Warning: run_unprivileged() is not yet implemented for this platform. The new process will run with Sunshine's permissions.
[2023:06:22:08:26:59]: Info: Executing [Desktop]
[2023:06:22:08:26:59]: Info: CLIENT CONNECTED

kscreen-doctor works, but steam does not. If I run the listed command:

/nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin/setsid /nix/store/jx6aiqgwvxp6kmxhwrl4ipg9971m8q8w-steam/bin/steam steam://open/bigpicture

From the terminal, it works as expected. But if I attempt to run the same command from the root user, it does not work and outputs:

[root@workstation-01:/etc/nixos]# /nix/store/87mfa22rgff50l6fafclzkhy9b9s0b0a-util-linux-2.38.1-bin/bin/setsid /nix/store/jx6aiqgwvxp6kmxhwrl4ipg9971m8q8w-steam/bin/steam steam://open/bigpicture
[root@workstation-01:/etc/nixos]# bwrap: Can't chdir to /etc/nixos: No such file or directory

Edit:
From some additional experimentation, the problem is caused by the security wrapper. If I remove the wrapper, the application loads normally as you’d expect but then you get the cap_sys_admin+p error in sunshine and cannot connect…