🐜 fix(runner): Workarounds for NVIDIA drivers (#188)

#### Description

This PR will be fixing issue of runner not working under Ubuntu and
other Debian-based distros with NVIDIA GPUs.
Another fix will be arriving is allowing Steam to run without namespace
requirements, removing the need for `--privileged` flag in certain
situations.

#### Type of Change

- [x] Bug fix (non-breaking change)

---------

Co-authored-by: DatCaptainHorse <DatCaptainHorse@users.noreply.github.com>

containers/runner.Containerfile

@@ -1,10 +1,18 @@
 # Container build arguments #
 ARG BASE_IMAGE=docker.io/cachyos/cachyos:latest
 
+#******************************************************************************
+# Base Stage - Updates system packages
+#******************************************************************************
+FROM ${BASE_IMAGE} AS base
+
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman --noconfirm -Syu
+
 #******************************************************************************
 # Base Builder Stage - Prepares core build environment
 #******************************************************************************
-FROM ${BASE_IMAGE} AS base-builder
+FROM base AS base-builder
 
 # Environment setup for Rust and Cargo
 ENV CARGO_HOME=/usr/local/cargo \
@@ -14,9 +22,12 @@ ENV CARGO_HOME=/usr/local/cargo \
 
 # Install build essentials and caching tools
 RUN --mount=type=cache,target=/var/cache/pacman/pkg \
-    pacman -Sy --noconfirm mold rust && \
+    pacman -Sy --noconfirm mold rustup && \
     mkdir -p "${ARTIFACTS}"
 
+# Install latest Rust using rustup
+RUN rustup default stable
+
 # Install cargo-chef with proper caching
 RUN --mount=type=cache,target=${CARGO_HOME}/registry \
     cargo install -j $(nproc) cargo-chef cargo-c --locked
@@ -28,7 +39,8 @@ FROM base-builder AS nestri-server-deps
 WORKDIR /builder
 
 # Install build dependencies
-RUN pacman -Sy --noconfirm meson pkgconf cmake git gcc make \
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --noconfirm meson pkgconf cmake git gcc make \
     gstreamer gst-plugins-base gst-plugins-good gst-plugin-rswebrtc
 
 #--------------------------------------------------------------------
@@ -107,7 +119,7 @@ RUN --mount=type=cache,target=${CARGO_HOME}/registry \
 #******************************************************************************
 # Final Runtime Stage
 #******************************************************************************
-FROM ${BASE_IMAGE} AS runtime
+FROM base AS runtime
 
 ### System Configuration ###
 RUN sed -i \
@@ -117,27 +129,28 @@ RUN sed -i \
     dirmngr </dev/null > /dev/null 2>&1
 
 ### Package Installation ###
-RUN pacman --noconfirm -Sy && \
-    # Core system components
-    pacman -S --needed --noconfirm \
-        archlinux-keyring vulkan-intel lib32-vulkan-intel mesa \
+# Core system components
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --needed --noconfirm \
+        vulkan-intel lib32-vulkan-intel vpl-gpu-rt mesa \
         steam steam-native-runtime \
-        sudo xorg-xwayland labwc wlr-randr mangohud \
+        sudo xorg-xwayland seatd libinput labwc wlr-randr mangohud \
+        libssh2 curl wget \
         pipewire pipewire-pulse pipewire-alsa wireplumber \
         noto-fonts-cjk supervisor jq chwd lshw pacman-contrib && \
     # GStreamer stack
-    pacman -S --needed --noconfirm \
+    pacman -Sy --needed --noconfirm \
         gstreamer gst-plugins-base gst-plugins-good \
         gst-plugins-bad gst-plugin-pipewire \
-        gst-plugin-rswebrtc gst-plugin-rsrtp && \
+        gst-plugin-webrtchttp gst-plugin-rswebrtc gst-plugin-rsrtp \
+        gst-plugin-va gst-plugin-qsv && \
     # Cleanup
     paccache -rk1 && \
     rm -rf /usr/share/{info,man,doc}/*
 
 ### Application Installation ###
 ARG LUDUSAVI_VERSION="0.28.0"
-RUN pacman -Sy --noconfirm --needed curl && \
-    curl -fsSL -o ludusavi.tar.gz \
+RUN curl -fsSL -o ludusavi.tar.gz \
         "https://github.com/mtkennerly/ludusavi/releases/download/v${LUDUSAVI_VERSION}/ludusavi-v${LUDUSAVI_VERSION}-linux.tar.gz" && \
     tar -xzvf ludusavi.tar.gz && \
     mv ludusavi /usr/bin/ && \

packages/scripts/entrypoint.sh

@@ -31,29 +31,42 @@ if [ ! -e "$PIPEWIRE_SOCKET" ]; then
     exit 1
 fi
 
-echo "Detecting GPU vendor and installing necessary GStreamer plugins..."
+echo "Detecting GPU vendor..."
 source /etc/nestri/gpu_helpers.sh
 
 get_gpu_info
 
-# Check vendors in priority order
+# Check for NVIDIA so we can apply a workaround
 if [[ -n "${vendor_devices[nvidia]:-}" ]]; then
-    echo "NVIDIA GPU detected, assuming driver is linked and applying Vulkan fix..."
-    echo "{\"file_format_version\":\"1.0.0\",\"ICD\":{\"library_path\":\"libGLX_nvidia.so.0\",\"api_version\":\"1.3\"}}" > /usr/share/vulkan/icd.d/nvidia_icd.json
-elif [[ -n "${vendor_devices[intel]:-}" ]]; then
-    echo "Intel GPU detected, installing required packages..."
-    pacman -Sy --noconfirm gstreamer-vaapi gst-plugin-va gst-plugin-qsv
-    pacman -Sy --noconfirm vpl-gpu-rt
-elif [[ -n "${vendor_devices[amd]:-}" ]]; then
-    echo "AMD GPU detected, installing required packages..."
-    pacman -Sy --noconfirm gstreamer-vaapi gst-plugin-va
-else
-    echo "Unknown GPU vendor. No additional packages will be installed"
-fi
+    echo "NVIDIA GPU detected, applying driver fix..."
+    # Determine NVIDIA driver version from host
+    if [ -f "/proc/driver/nvidia/version" ]; then
+        NVIDIA_DRIVER_VERSION=$(head -n1 /proc/driver/nvidia/version | awk '{for(i=1;i<=NF;i++) if ($i ~ /^[0-9]+\.[0-9\.]+/) {print $i; exit}}')
+    elif command -v nvidia-smi &> /dev/null; then
+        NVIDIA_DRIVER_VERSION=$(nvidia-smi --version | grep -i 'driver version' | cut -d: -f2 | tr -d ' ')
+    else
+        echo "Failed to determine NVIDIA driver version. Exiting."
+        exit 1
+    fi
 
-# Clean up remainders
-echo "Cleaning up old package cache..."
-paccache -rk1
+    NVIDIA_DRIVER_ARCH=$(uname -m)
+    filename="NVIDIA-Linux-${NVIDIA_DRIVER_ARCH}-${NVIDIA_DRIVER_VERSION}.run"
+
+    cd /tmp/
+    if [ ! -f "${filename}" ]; then
+        # Attempt multiple download sources
+        if ! wget "https://international.download.nvidia.com/XFree86/Linux-${NVIDIA_DRIVER_ARCH}/${NVIDIA_DRIVER_VERSION}/${filename}"; then
+            if ! wget "https://international.download.nvidia.com/tesla/${NVIDIA_DRIVER_VERSION}/${filename}"; then
+                echo "Failed to download NVIDIA driver from both XFree86 and Tesla repositories"
+                exit 1
+            fi
+        fi
+
+        chmod +x "${filename}"
+        # Install driver components without kernel modules
+        sudo ./"${filename}" --silent --no-kernel-module --install-compat32-libs --no-nouveau-check --no-nvidia-modprobe --no-systemd --no-rpms --no-backup --no-check-for-alternate-installs
+    fi
+fi
 
 echo "Switching to nestri user for application startup..."
 exec sudo -E -u nestri /etc/nestri/entrypoint_nestri.sh

packages/scripts/entrypoint_nestri.sh

@@ -42,7 +42,7 @@ start_nestri_server() {
 
     # Wait for Wayland display (wayland-1) to be ready
     echo "Waiting for Wayland display 'wayland-1' to be ready..."
-    WAYLAND_SOCKET="/run/user/${UID}/wayland-1"
+    WAYLAND_SOCKET="${XDG_RUNTIME_DIR}/wayland-1"
     for _ in {1..15}; do # Wait up to 15 seconds
         if [ -e "$WAYLAND_SOCKET" ]; then
             echo "Wayland display 'wayland-1' is ready."
@@ -69,6 +69,11 @@ start_compositor() {
         kill "${COMPOSITOR_PID}"
     fi
 
+    echo "Pre-configuring compositor..."
+    mkdir -p "${HOME}/.config/labwc/"
+    echo '<?xml version="1.0" encoding="UTF-8"?><labwc_config><keyboard><default/></keyboard><mouse><default/><context name="Root"><mousebind button="Left" action="Press"/><mousebind button="Right" action="Press"/><mousebind button="Middle" action="Press"/></context></mouse></labwc_config>' > ~/.config/labwc/rc.xml
+    echo '<?xml version="1.0" encoding="UTF-8"?><openbox_menu></openbox_menu>' > ~/.config/labwc/menu.xml
+
     echo "Starting compositor..."
     rm -rf /tmp/.X11-unix && mkdir -p /tmp/.X11-unix && chown nestri:nestri /tmp/.X11-unix
     WAYLAND_DISPLAY=wayland-1 WLR_BACKENDS=wayland labwc &
@@ -76,11 +81,11 @@ start_compositor() {
 
     # Wait for compositor to initialize
     echo "Waiting for compositor to initialize..."
-    COMPOSITOR_SOCKET="/run/user/${UID}/wayland-0"
+    COMPOSITOR_SOCKET="${XDG_RUNTIME_DIR}/wayland-0"
     for _ in {1..15}; do
         if [ -e "$COMPOSITOR_SOCKET" ]; then
             echo "compositor is initialized, wayland-0 output ready."
-            sleep 1  # necessary sleep - reduces chance that non-ready socket is used
+            sleep 3  # necessary sleep - reduces chance that non-ready socket is used
             start_wlr_randr
             return
         fi
@@ -101,8 +106,8 @@ start_wlr_randr() {
     echo "Configuring resolution with wlr-randr..."
     OUTPUT_NAME=$(WAYLAND_DISPLAY=wayland-0 wlr-randr --json | jq -r '.[] | select(.enabled == true) | .name' | head -n 1)
     if [ -z "$OUTPUT_NAME" ]; then
-        echo "Error: No enabled outputs detected. Skipping wlr-randr."
-        return
+        echo "Error: No enabled outputs detected, exiting."
+        exit 1
     fi
 
     # Retry logic for wlr-randr
@@ -111,12 +116,13 @@ start_wlr_randr() {
         echo "Error: Failed to configure wlr-randr. Retrying..."
         ((WLR_RETRIES++))
         if [ "$WLR_RETRIES" -ge "$MAX_RETRIES" ]; then
-            echo "Max retries reached for wlr-randr. Moving on without resolution setup."
-            return
+            echo "Max retries reached for wlr-randr, exiting."
+            exit 1
         fi
         sleep 2
     done
     echo "wlr-randr configuration successful."
+    sleep 2  # necessary sleep - makes sure resolution is changed before next step(s)
 }
 
 # Function to start Steam

packages/scripts/envs.sh

@@ -3,11 +3,9 @@ set -euo pipefail
 
 export XDG_RUNTIME_DIR=/run/user/${UID}/
 export WAYLAND_DISPLAY=wayland-0
+export XDG_SESSION_TYPE=wayland
 export DISPLAY=:0
 export $(dbus-launch)
 
-# Fixes freezing issue
-export PROTON_NO_FSYNC=1
-
 # Our preferred prefix
 export WINEPREFIX=/home/${USER}/.nestripfx/