| 16 Feb 2024 |
 @sigmasquadron:matrix.org | I’ve been trying to run starsector on a tmpfs system recently, and I’m having trouble using a large amount of mods. At some point, starsector seems to hit the open file limit when loading mods from a bind-mounted folder at .local/share/starsector. I’ve tried to use security.pam.loginLimits to set the nofile limit to unlimited, but it still hits the open file limit with only a few thousand files open. | 17:50:52 |
| @sigmasquadron:matrix.org | Do bind mounts have another open file limit I don’t know about? | 17:51:15 |
 @atemu12:matrix.org | How exactly is this folder bind mounted? | 17:52:02 |
| @atemu12:matrix.org | * How exactly is this folder bind-mounted? | 17:52:08 |
| @sigmasquadron:matrix.org | I’m using impermanence. | 17:54:07 |
| @atemu12:matrix.org | That does not answer my question. | 17:54:18 |
| @sigmasquadron:matrix.org | Right, sorry. It’s a FUSE mount from a bcachefs volume into a folder created in a tmpfs. The mount options are rw,nosuid,nodev,relatime,user_id=1000,group_id=100,default_permissions. | 17:56:07 |
| @atemu12:matrix.org | I suspected that's the case. Do away with the hacky fuse thingy | 17:56:29 |
| @sigmasquadron:matrix.org | symlink it is then | 17:56:41 |
| @atemu12:matrix.org | Use proper bind mounts or a symlink | 17:56:43 |
| @sigmasquadron:matrix.org | I do wonder if there’s a FUSE configuration somewhere for file limits | 17:57:22 |
 @atka:matrix.org | anyone running steam in a sandbox on nixos? nspawn container or some other way (not flatpak)? I mainly want steam to only have rw access to its own directory not my entire home. | 19:33:45 |
| @atemu12:matrix.org | Well, technically everyone is | 20:24:14 |
| @atemu12:matrix.org | But it does not promise any separation | 20:25:30 |
| @atemu12:matrix.org | Why not Flatpak though? | 20:25:45 |
| @atemu12:matrix.org | That's one of it's purposes | 20:26:04 |
| @atka:matrix.org | I just wanted to do it a more "nixos" way, I figured there would be a nixos-container or bubblewrap way without using flatpak | 20:28:24 |
| @atka:matrix.org | I like having my system managed by my single configuration.nix (can flatpaks be declared that way?) | 20:29:04 |
| @atka:matrix.org | maybe I'm mistaken though, I can do flatpak if I have to, or just keep my work computer separate like I've been doing and game solely on the deck | 20:33:44 |
| @atka:matrix.org | if I do go the flatpak route this may be useful | 20:36:32 |
| @atka:matrix.org | https://github.com/GermanBread/declarative-flatpak | 20:36:34 |
|  @multisn8-idk:matrix.org changed their display name from multisn8 to multisn8 (migrated to without the -idk). | 21:49:27 |
| @multisn8-idk:matrix.org changed their display name from multisn8 (migrated to without the -idk) to multisn8-idk (migrated to without the -idk). | 21:50:22 |
|  @multisn8:matrix.org joined the room. | 22:04:44 |
| @multisn8-idk:matrix.org left the room. | 22:07:04 |
| 17 Feb 2024 |
 @aidalgol:matrix.org | You could override the steam derivation to pass extra arguments to buildFHSEnv, which uses bwrap, to harden the sandboxing. | 00:44:49 |
| @aidalgol:matrix.org | bwrap is the same thing flatpak uses, btw. | 00:45:01 |
| @atka:matrix.org | thanks, that's more in line what I'm looking for | 00:48:17 |
| @atemu12:matrix.org | atka: Note that none of it is set up to offer separation. You'd effectively be re-implementing Flatpak and likely miss an obvious hole | 08:47:39 |
 Rampoina | does teeworlds work for you guys? | 17:50:28 |
