!KEJUbONnoBpiYKGWEq:nixos.org

NixOS Gaming

698 Members
Gaming things, my hands are typing words.180 Servers

Load older messages

SenderMessageTime
11 Jun 2021
@kraftnix:matrix.orgkraftnixSo games are bubblewrapped and then whatever Proton does on top in terms of limiting access? If the users directory is exposed is there a way to limit/prevent that?00:01:32
@kity:kity.wtfash (it/its) 🏳️‍⚧️i mean... that sounds like a job for a container00:03:00
@kity:kity.wtfash (it/its) 🏳️‍⚧️which is separate from packaging00:03:17
@kity:kity.wtfash (it/its) 🏳️‍⚧️you could also try flatpak00:03:29
@kity:kity.wtfash (it/its) 🏳️‍⚧️nixpkgs does not explicitly isolate anything on its own00:03:51
@jonringer:matrix.orgjonringeryes, but the steam package does because it eventually calls bubblewrap and "only" mounts certain directories00:09:00
@kity:kity.wtfash (it/its) 🏳️‍⚧️the intent is not for sandboxing though, it's just to get steam to work00:09:54
@jonringer:matrix.orgjonringer

sorry for long paste

cmd=(
  /nix/store/zri5czxwi0gmipi8mxc2j5samg39ncdl-bubblewrap-0.4.1/bin/bwrap
  --dev-bind /dev /dev
  --proc /proc
  --chdir "$(pwd)"
  --unshare-user
  
  
  
  --unshare-uts
  --unshare-cgroup
  --die-with-parent
  --ro-bind /nix /nix
  # Our glibc will look for the cache in its own path in `/nix/store`.
  # As such, we need a cache to exist there, because pressure-vessel
  # depends on the existence of an ld cache. However, adding one
  # globally proved to be a bad idea (see #100655), the solution we
  # settled on being mounting one via bwrap.
  # Also, the cache needs to go to both 32 and 64 bit glibcs, for games
  # of both architectures to work.
  --tmpfs /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc \
  --symlink /etc/ld.so.conf /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/ld.so.cache \
  --ro-bind /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/rpc /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/rpc \
  --remount-ro /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc \
  --tmpfs /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc \
  --symlink /etc/ld.so.conf /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/ld.so.cache \
  --ro-bind /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/rpc /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/rpc \
  --remount-ro /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc \
  --ro-bind-try /etc/static /etc/static
  --ro-bind-try /etc/nix /etc/nix
  --ro-bind-try /etc/bashrc /etc/bashrc
  --ro-bind-try /etc/zshenv /etc/zshenv
  --ro-bind-try /etc/zshrc /etc/zshrc
  --ro-bind-try /etc/zinputrc /etc/zinputrc
  --ro-bind-try /etc/zprofile /etc/zprofile
  --ro-bind-try /etc/passwd /etc/passwd
  --ro-bind-try /etc/group /etc/group
  --ro-bind-try /etc/shadow /etc/shadow
  --ro-bind-try /etc/hosts /etc/hosts
  --ro-bind-try /etc/resolv.conf /etc/resolv.conf
  --ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf
  --ro-bind-try /etc/profiles /etc/profiles
  --ro-bind-try /etc/login.defs /etc/login.defs
  --ro-bind-try /etc/sudoers /etc/sudoers
  --ro-bind-try /etc/sudoers.d /etc/sudoers.d
  --ro-bind-try /etc/localtime /etc/localtime
  --ro-bind-try /etc/zoneinfo /etc/zoneinfo
  --ro-bind-try /etc/machine-id /etc/machine-id
  --ro-bind-try /etc/os-release /etc/os-release
  --ro-bind-try /etc/pam.d /etc/pam.d
  --ro-bind-try /etc/fonts /etc/fonts
  --ro-bind-try /etc/asound.conf /etc/asound.conf
  --ro-bind-try /etc/ssl/certs /etc/ssl/certs
  --ro-bind-try /etc/pki /etc/pki
  "${ro_mounts[@]}"
  "${symlinks[@]}"
  "${auto_mounts[@]}"
  /nix/store/ibg4am7f75lvzy1hn980v13hd2fy59xz-steam-init/bin/steam-init "$@"
)
exec "${cmd[@]}"
00:09:57
@jonringer:matrix.orgjonringer
In reply to @kity:kity.wtf
the intent is not for sandboxing though, it's just to get steam to work
sure that's fair. But proton does have context of what is meant to be used, so it's better able to determine what should be introduced. for nixpkgs, we don't so kind of everything gets thrown in there. 		00:11:17
@jonringer:matrix.orgjonringerUnless you're saying this generically, in which case, yes. Nixpkgs doesn't provide any native containerization, and I wouldn't want it to00:11:46
@kranzes:matrix.orgkranzesJon what games do you play? 🧐00:13:05
@kity:kity.wtfash (it/its) 🏳️‍⚧️the question was about isolating it from the home directory, which our steam package doesn't do00:13:16
@tengkuizdihar:matrix.orgIzdihar
In reply to @jonringer:matrix.org
Unless you're saying this generically, in which case, yes. Nixpkgs doesn't provide any native containerization, and I wouldn't want it to
reminds me of that one OS that vm-ized every single application that you have and add color to the border. forgot what the name of it though 		00:13:44
@kraftnix:matrix.orgkraftnix
In reply to @tengkuizdihar:matrix.org
reminds me of that one OS that vm-ized every single application that you have and add color to the border. forgot what the name of it though
QubesOS 		00:13:57
@jonringer:matrix.orgjonringer
In reply to @kranzes:matrix.org
Jon what games do you play? 🧐
mostly csgo and factorio 		00:14:14
@kraftnix:matrix.orgkraftnixThis has been very helpful btw, thanks00:14:22
@kranzes:matrix.orgkranzes
In reply to @jonringer:matrix.org
mostly csgo and factorio
Do you play ranked in csgo? I have not touched the game in over 5 years... 		00:15:07
@kraftnix:matrix.orgkraftnix
In reply to @kity:kity.wtf
i mean... that sounds like a job for a container
what kind of containers do you use for games/gui style applications, I've been using nspawn containers for anything headless and haven't though about how you'd do it for GUI software 		00:15:24
@jonringer:matrix.orgjonringer kranzes: I do, but it's mostly to mess around, too tired usually to play "well" 00:15:56
@jonringer:matrix.orgjonringer~silver elite, probably gold nova if I try-hard00:16:24
@kity:kity.wtfash (it/its) 🏳️‍⚧️
In reply to @kraftnix:matrix.org
what kind of containers do you use for games/gui style applications, I've been using nspawn containers for anything headless and haven't though about how you'd do it for GUI software
i don't, because i'm not concerned about it. maybe i should be, idk 		00:16:34
@kity:kity.wtfash (it/its) 🏳️‍⚧️you might want to look at spectrum os00:16:52
@kranzes:matrix.orgkranzes
In reply to @jonringer:matrix.org
kranzes: I do, but it's mostly to mess around, too tired usually to play "well"
That's very understandable, the current state of the game is too depressing to make you want to grind it 		00:16:55
@kity:kity.wtfash (it/its) 🏳️‍⚧️which is based on nixos and virtualizes everything00:17:09
@jonringer:matrix.orgjonringer kranzes: not to mention that matchmaking has been weird recently 00:17:30
@jonringer:matrix.orgjonringerranks.jpg
Download ranks.jpg		00:17:41
@jonringer:matrix.orgjonringerone of my recent matches00:17:49
@kranzes:matrix.orgkranzesYeah it is a mess from what my friends told me00:17:58
@jonringer:matrix.orgjonringertop 8% of players against bottom 20%00:18:09
@kraftnix:matrix.orgkraftnix
In reply to @kity:kity.wtf
you might want to look at spectrum os

This has caught my eye a few times as I've used Qubes in the past, but I haven't looked into it yet.

Given that I want to use my working machine for gaming, I haven't been comfortable yet running games alongside work data/apps, which is why I've just defaulted to kvm/qemu with passthrough for now

00:18:19

Show newer messages

Back to Room ListRoom Version: 6