!KEJUbONnoBpiYKGWEq:nixos.org

NixOS Gaming

688 Members
Gaming things, my hands are typing words.178 Servers

Load older messages

SenderMessageTime
10 Jun 2021
@kranzes:matrix.orgkranzesHmmm10:25:15
@kranzes:matrix.orgkranzeswait there is not real point, all this option essentially does to make it work is install both steam and steam.run10:32:52
@kranzes:matrix.orgkranzesimage.png
Download image.png		10:33:17
@tengkuizdihar:matrix.orgIzdiharI still don't get the point of home manager if you're a single user computer10:38:37
@tengkuizdihar:matrix.orgIzdiharIs it better?10:38:47
@kranzes:matrix.orgkranzesyes 10:55:02
@kranzes:matrix.orgkranzeshas plenty of options and modules which the systemwide configuration does not have10:55:26
@kranzes:matrix.orgkranzeshttps://rycee.gitlab.io/home-manager/options.html10:55:34
@kranzes:matrix.orgkranzesBtw ive just checked Steam/proton again, and yes it does work if i just download steam.run and steam, but the problem is that some games launch while others dont10:56:20
@kranzes:matrix.orgkranzesborderlands 1 did launch10:56:25
@kranzes:matrix.orgkranzeswhile Pit People did not10:56:29
@kranzes:matrix.orgkranzesimage.png
Download image.png		10:56:36
@kranzes:matrix.orgkranzesimage.png
Download image.png		10:56:46
@kranzes:matrix.orgkranzestested on over 4 proton versions10:57:00
@kraftnix:matrix.orgkraftnixHey all, I have a quick question about the state of gaming on NixOS. How well are the games + steam isolated from the rest of your desktop? Are they bubblewrapped, apparmored or chrooted? I like to game on my main workstation (as its my most powerful machine), so isolation is quite important for me, for now I've just been running a windows VM with passthrough, but I'd rather move fully to native Linux if possible.13:27:47
@tengkuizdihar:matrix.orgIzdihar
In reply to @kraftnix:matrix.org
Hey all, I have a quick question about the state of gaming on NixOS. How well are the games + steam isolated from the rest of your desktop? Are they bubblewrapped, apparmored or chrooted? I like to game on my main workstation (as its my most powerful machine), so isolation is quite important for me, for now I've just been running a windows VM with passthrough, but I'd rather move fully to native Linux if possible.
Well its running via Proton right now and its pretty good. Don't know about isolation though, but I'm sure you could do it via sandboxing. 		14:05:58
@hexa:lossy.networkhexathey are bubblewrapped15:21:50
@hexa:lossy.networkhexabecause we need to simulate a FHS-env for steam15:21:59
@philipp:xndr.dephilippBut for example the entire users home directory remains exposed to steam and the games.15:33:43
@jonringer:matrix.orgjonringerProton is supposed to handle launching games with a thin slice of needed access15:41:25
11 Jun 2021
@kraftnix:matrix.orgkraftnixSo games are bubblewrapped and then whatever Proton does on top in terms of limiting access? If the users directory is exposed is there a way to limit/prevent that?00:01:32
@kity:kity.wtfashkitten (it/its) 🏳️‍⚧️i mean... that sounds like a job for a container00:03:00
@kity:kity.wtfashkitten (it/its) 🏳️‍⚧️which is separate from packaging00:03:17
@kity:kity.wtfashkitten (it/its) 🏳️‍⚧️you could also try flatpak00:03:29
@kity:kity.wtfashkitten (it/its) 🏳️‍⚧️nixpkgs does not explicitly isolate anything on its own00:03:51
@jonringer:matrix.orgjonringeryes, but the steam package does because it eventually calls bubblewrap and "only" mounts certain directories00:09:00
@kity:kity.wtfashkitten (it/its) 🏳️‍⚧️the intent is not for sandboxing though, it's just to get steam to work00:09:54
@jonringer:matrix.orgjonringer

sorry for long paste

cmd=(
  /nix/store/zri5czxwi0gmipi8mxc2j5samg39ncdl-bubblewrap-0.4.1/bin/bwrap
  --dev-bind /dev /dev
  --proc /proc
  --chdir "$(pwd)"
  --unshare-user
  
  
  
  --unshare-uts
  --unshare-cgroup
  --die-with-parent
  --ro-bind /nix /nix
  # Our glibc will look for the cache in its own path in `/nix/store`.
  # As such, we need a cache to exist there, because pressure-vessel
  # depends on the existence of an ld cache. However, adding one
  # globally proved to be a bad idea (see #100655), the solution we
  # settled on being mounting one via bwrap.
  # Also, the cache needs to go to both 32 and 64 bit glibcs, for games
  # of both architectures to work.
  --tmpfs /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc \
  --symlink /etc/ld.so.conf /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/ld.so.cache \
  --ro-bind /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/rpc /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc/rpc \
  --remount-ro /nix/store/sbbifs2ykc05inws26203h0xwcadnf0l-glibc-2.32-46/etc \
  --tmpfs /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc \
  --symlink /etc/ld.so.conf /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/ld.so.cache \
  --ro-bind /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/rpc /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc/rpc \
  --remount-ro /nix/store/yq8af95fn63gzg43npg4wj9kwq37dd28-glibc-2.32-46/etc \
  --ro-bind-try /etc/static /etc/static
  --ro-bind-try /etc/nix /etc/nix
  --ro-bind-try /etc/bashrc /etc/bashrc
  --ro-bind-try /etc/zshenv /etc/zshenv
  --ro-bind-try /etc/zshrc /etc/zshrc
  --ro-bind-try /etc/zinputrc /etc/zinputrc
  --ro-bind-try /etc/zprofile /etc/zprofile
  --ro-bind-try /etc/passwd /etc/passwd
  --ro-bind-try /etc/group /etc/group
  --ro-bind-try /etc/shadow /etc/shadow
  --ro-bind-try /etc/hosts /etc/hosts
  --ro-bind-try /etc/resolv.conf /etc/resolv.conf
  --ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf
  --ro-bind-try /etc/profiles /etc/profiles
  --ro-bind-try /etc/login.defs /etc/login.defs
  --ro-bind-try /etc/sudoers /etc/sudoers
  --ro-bind-try /etc/sudoers.d /etc/sudoers.d
  --ro-bind-try /etc/localtime /etc/localtime
  --ro-bind-try /etc/zoneinfo /etc/zoneinfo
  --ro-bind-try /etc/machine-id /etc/machine-id
  --ro-bind-try /etc/os-release /etc/os-release
  --ro-bind-try /etc/pam.d /etc/pam.d
  --ro-bind-try /etc/fonts /etc/fonts
  --ro-bind-try /etc/asound.conf /etc/asound.conf
  --ro-bind-try /etc/ssl/certs /etc/ssl/certs
  --ro-bind-try /etc/pki /etc/pki
  "${ro_mounts[@]}"
  "${symlinks[@]}"
  "${auto_mounts[@]}"
  /nix/store/ibg4am7f75lvzy1hn980v13hd2fy59xz-steam-init/bin/steam-init "$@"
)
exec "${cmd[@]}"
00:09:57
@jonringer:matrix.orgjonringer
In reply to @kity:kity.wtf
the intent is not for sandboxing though, it's just to get steam to work
sure that's fair. But proton does have context of what is meant to be used, so it's better able to determine what should be introduced. for nixpkgs, we don't so kind of everything gets thrown in there. 		00:11:17
@jonringer:matrix.orgjonringerUnless you're saying this generically, in which case, yes. Nixpkgs doesn't provide any native containerization, and I wouldn't want it to00:11:46

Show newer messages

Back to Room ListRoom Version: 6