github-mirrors/netris-nestri
1
0
Fork 0
mirror of https://github.com/nestriness/nestri.git synced 2025-12-12 08:45:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(runner): Container detection and handling, video bit-depth flags and script updates (#303)

Browse Source 
## Description

Works in apptainer now.. podman is still the goat since apptainer needs
docker treatment and even more..

- Added container detection so podman can be used to it's fullest, the
non-sane ones are handled separately..
- Added video bit-depth option, cuz AV1 and 10-bit encoding go well
together.
- Some other package updates to nestri-server.
- General tidying up of scripts to make multi-container-engine handling
less of a pain.
- Updated old wireplumber lua script to new json format.

Further changes:

- Removed unused debug arg from nestri-server.
- Moved configs to config file folder rather than keeping them in
containerfile.
- Improved audio configs, moved some into wireplumber to keep things
tidy.
- Bit better arg handling in nestri-server.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Optional 10‑bit video support and auto‑launch of an app after display
setup.

* **Changes**
* Standardized runtime/user env to NESTRI_* with updated home/cache
paths and explicit LANG; password generation now logged.
* Improved container/GPU detection and startup logging; reduced blanket
root usage during startup; SSH setup surfaced.
* WirePlumber/PipeWire moved to JSON configs; low‑latency clock and
loopback audio policies added; audio capture defaults to PipeWire.
  
* **Chores**
* GStreamer/libp2p dependency upgrades and Rust toolchain pinned; NVIDIA
driver capability exposed.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DatCaptainHorse <DatCaptainHorse@users.noreply.github.com>
This commit is contained in:
Kristian Ollikainen
2025-09-24 20:08:04 +03:00
committed by GitHub
parent aba0bc3be1
commit 590fe5e196
26 changed files with 1508 additions and 1804 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
packages/scripts/common.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
function log {
printf '[%s] %s\n' "$(date +'%Y-%m-%d %H:%M:%S')" "$*"
}
if [[ ! -f /etc/nestri/envs.sh ]]; then
log "Error: Environment variables script not found at /etc/nestri/envs.sh"
exit 1
fi
source /etc/nestri/envs.sh || { log "Error: Failed to source /etc/nestri/envs.sh"; exit 1; }
if [[ ! -f /etc/nestri/container_helpers.sh ]]; then
log "Error: Container helpers script not found at /etc/nestri/container_helpers.sh"
exit 1
fi
source /etc/nestri/container_helpers.sh || { log "Error: Failed to source /etc/nestri/container_helpers.sh"; exit 1; }
if [[ ! -f /etc/nestri/gpu_helpers.sh ]]; then
log "Error: GPU helpers script not found at /etc/nestri/gpu_helpers.sh"
exit 1
fi
source /etc/nestri/gpu_helpers.sh || { log "Error: Failed to source /etc/nestri/gpu_helpers.sh"; exit 1; }

79
packages/scripts/container_helpers.sh Normal file
View File

@@ -0,0 +1,79 @@
#!/bin/bash
set -euo pipefail
declare container_runtime="none"
declare -Ag container_info=()
function detect_container_runtime {
if [[ -n "${SINGULARITY_CONTAINER:-}" ]] || [[ -n "${APPTAINER_CONTAINER:-}" ]] || [[ -d "/.singularity.d" ]]; then
echo "apptainer"
elif [[ "${container:-}" == "podman" ]] || [[ -f "/run/.containerenv" ]]; then
echo "podman"
elif [[ -f "/.dockerenv" ]]; then
echo "docker"
else
# General check for containerization signs
if grep -qE "docker|lxc|kubepods|containerd" "/proc/1/cgroup" 2>/dev/null; then
echo "unknown"
else
echo "none"
fi
fi
}
function collect_container_info {
local runtime="$1"
case "$runtime" in
apptainer)
container_info["runtime"]="apptainer"
container_info["version"]="${SINGULARITY_VERSION:-${APPTAINER_VERSION:-unknown}}"
container_info["image"]="${SINGULARITY_CONTAINER:-${APPTAINER_CONTAINER:-unknown}}"
;;
podman)
container_info["runtime"]="podman"
if [[ -f "/run/.containerenv" ]]; then
if grep -q "name=" "/run/.containerenv" 2>/dev/null; then
container_info["name"]=$(grep "^name=" "/run/.containerenv" | sed 's/^name=//' | tr -d '"' | xargs)
fi
if grep -q "image=" "/run/.containerenv" 2>/dev/null; then
container_info["image"]=$(grep "^image=" "/run/.containerenv" | sed 's/^image=//' | tr -d '"' | xargs)
fi
fi
;;
docker)
container_info["runtime"]="docker"
container_info["detected_via"]="dockerenv"
;;
unknown)
container_info["runtime"]="unknown"
container_info["detected_via"]="cgroup_generic"
;;
esac
}
function get_container_info {
container_runtime=$(detect_container_runtime)
if [[ "${container_runtime}" != "none" ]]; then
collect_container_info "$container_runtime"
fi
}
function debug_container_info {
echo "Container Detection Results:"
echo "> Runtime: $container_runtime"
if [[ "$container_runtime" != "none" ]]; then
for key in "${!container_info[@]}"; do
echo ">> $key: ${container_info[$key]}"
done
else
echo "> Status: Not running in a known container"
fi
}
# # Usage examples:
# get_container_info
# debug_container_info
# # Get runtime
# echo "Container runtime: ${container_runtime}"

130
packages/scripts/entrypoint.sh
View File

@@ -1,20 +1,24 @@
#!/bin/bash
set -euo pipefail
# Common helpers as requirement
if [[ -f /etc/nestri/common.sh ]]; then
source /etc/nestri/common.sh
else
echo "Error: Common script not found at /etc/nestri/common.sh" >&2
exit 1
fi
# Configuration
CACHE_DIR="/home/nestri/.cache/nvidia"
CACHE_DIR="${NESTRI_HOME}/.cache/nestri"
NVIDIA_INSTALLER_DIR="/tmp"
TIMEOUT_SECONDS=10
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
ENTCMD_PREFIX=""
# Ensures user directory ownership
chown_user_directory() {
local user_group="${USER}:${GID}"
if ! chown -h --no-preserve-root "$user_group" "${HOME}" 2>/dev/null; then
echo "Error: Failed to change ownership of ${HOME} to ${user_group}" >&2
if ! $ENTCMD_PREFIX chown "${NESTRI_USER}:${NESTRI_USER}" "${NESTRI_HOME}" 2>/dev/null; then
echo "Error: Failed to change ownership of ${NESTRI_HOME} to ${NESTRI_USER}:${NESTRI_USER}" >&2
return 1
fi
return 0
@@ -38,8 +42,8 @@ wait_for_socket() {
# Prepares environment for namespace-less applications (like Steam)
setup_namespaceless() {
rm -f /run/systemd/container || true
mkdir -p /run/pressure-vessel || true
$ENTCMD_PREFIX rm -f /run/systemd/container || true
$ENTCMD_PREFIX mkdir -p /run/pressure-vessel || true
}
# Ensures cache directory exists
@@ -49,7 +53,7 @@ setup_cache() {
log "Warning: Failed to create cache directory, continuing without cache."
return 1
}
chown nestri:nestri "$CACHE_DIR" 2>/dev/null || {
$ENTCMD_PREFIX chown "${NESTRI_USER}:${NESTRI_USER}" "$CACHE_DIR" 2>/dev/null || {
log "Warning: Failed to set cache directory ownership, continuing..."
}
}
@@ -94,7 +98,7 @@ get_nvidia_installer() {
# Cache the downloaded file
cp "$tmp_file" "$cached_file" 2>/dev/null && \
chown nestri:nestri "$cached_file" 2>/dev/null || \
$ENTCMD_PREFIX chown "${NESTRI_USER}:${NESTRI_USER}" "$cached_file" 2>/dev/null || \
log "Warning: Failed to cache NVIDIA driver, continuing..."
fi
@@ -109,7 +113,7 @@ get_nvidia_installer() {
install_nvidia_driver() {
local filename="$1"
log "Installing NVIDIA driver components from $filename..."
bash ./"$filename" \
$ENTCMD_PREFIX bash ./"$filename" \
--silent \
--skip-depmod \
--skip-module-unload \
@@ -120,24 +124,32 @@ install_nvidia_driver() {
--no-systemd \
--no-rpms \
--no-backup \
--no-distro-scripts \
--no-libglx-indirect \
--no-install-libglvnd \
--no-check-for-alternate-installs || {
log "Error: NVIDIA driver installation failed."
return 1
}
# Install CUDA package
log "Checking if CUDA is already installed"
if ! pacman -Q cuda &>/dev/null; then
log "Installing CUDA package"
pacman -S --noconfirm cuda --assume-installed opencl-nvidia
else
log "CUDA package is already installed, skipping"
fi
log "NVIDIA driver installation completed."
return 0
}
log_container_info() {
if ! declare -p container_runtime &>/dev/null; then
log "Warning: container_runtime is not defined"
return
fi
if [[ "${container_runtime:-none}" != "none" ]]; then
log "Detected container:"
log "> ${container_runtime}"
else
log "No container runtime detected"
fi
}
log_gpu_info() {
if ! declare -p vendor_devices &>/dev/null; then
log "Warning: vendor_devices array is not defined"
@@ -164,23 +176,17 @@ configure_ssh() {
log "Configuring SSH server on port ${SSH_ENABLE_PORT} with public key authentication"
# Ensure SSH host keys exist
ssh-keygen -A 2>/dev/null || {
$ENTCMD_PREFIX ssh-keygen -A 2>/dev/null || {
log "Error: Failed to generate SSH host keys"
return 1
}
# Create .ssh directory and authorized_keys file for nestri user
mkdir -p /home/nestri/.ssh
echo "${SSH_ALLOWED_KEY}" > /home/nestri/.ssh/authorized_keys
chmod 700 /home/nestri/.ssh
chmod 600 /home/nestri/.ssh/authorized_keys
chown -R nestri:nestri /home/nestri/.ssh
# Update SSHD config
sed -i -E "s/^#?Port .*/Port ${SSH_ENABLE_PORT}/" /etc/ssh/sshd_config || {
log "Error: Failed to update SSH port configuration"
return 1
}
mkdir -p "${NESTRI_HOME}/.ssh"
echo "${SSH_ALLOWED_KEY}" > "${NESTRI_HOME}/.ssh/authorized_keys"
chmod 700 "${NESTRI_HOME}/.ssh"
chmod 600 "${NESTRI_HOME}/.ssh/authorized_keys"
chown -R "${NESTRI_USER}:${NESTRI_USER}" "${NESTRI_HOME}/.ssh"
# Configure secure SSH settings
{
@@ -190,12 +196,14 @@ configure_ssh() {
echo "UsePAM no"
echo "PubkeyAuthentication yes"
} | while read -r line; do
grep -qF "$line" /etc/ssh/sshd_config || echo "$line" >> /etc/ssh/sshd_config
if ! grep -qF "$line" /etc/ssh/sshd_config; then
printf '%s\n' "$line" | $ENTCMD_PREFIX tee -a /etc/ssh/sshd_config >/dev/null
fi
done
# Start SSH server
log "Starting SSH server on port ${SSH_ENABLE_PORT}"
/usr/sbin/sshd -D -p "${SSH_ENABLE_PORT}" &
$ENTCMD_PREFIX /usr/sbin/sshd -D -p "${SSH_ENABLE_PORT}" &
SSH_PID=$!
# Verify the process started
@@ -209,6 +217,20 @@ configure_ssh() {
}
main() {
# Wait for required sockets
wait_for_socket "${NESTRI_XDG_RUNTIME_DIR}/dbus-1" "DBus" || exit 1
wait_for_socket "${NESTRI_XDG_RUNTIME_DIR}/pipewire-0" "PipeWire" || exit 1
# Start by getting the container we are running under
get_container_info || {
log "Warning: Failed to detect container information."
}
log_container_info
if [[ "$container_runtime" != "apptainer" ]]; then
ENTCMD_PREFIX="sudo -E"
fi
# Configure SSH
if [ -n "${SSH_ENABLE_PORT+x}" ] && [ "${SSH_ENABLE_PORT:-0}" -ne 0 ] && \
[ -n "${SSH_ALLOWED_KEY+x}" ] && [ -n "${SSH_ALLOWED_KEY}" ]; then
@@ -220,17 +242,7 @@ main() {
log "SSH not configured (missing SSH_ENABLE_PORT or SSH_ALLOWED_KEY)"
fi
# Wait for required sockets
wait_for_socket "/run/dbus/system_bus_socket" "DBus" || exit 1
wait_for_socket "/run/user/${UID}/pipewire-0" "PipeWire" || exit 1
# Load GPU helpers and detect GPU
log "Detecting GPU vendor..."
if [[ ! -f /etc/nestri/gpu_helpers.sh ]]; then
log "Error: GPU helpers script not found at /etc/nestri/gpu_helpers.sh."
exit 1
fi
source /etc/nestri/gpu_helpers.sh
# Get and detect GPU(s)
get_gpu_info || {
log "Error: Failed to detect GPU information."
exit 1
@@ -307,20 +319,26 @@ main() {
log "Ensuring user directory permissions..."
chown_user_directory || exit 1
# Setup namespaceless env
log "Applying namespace-less configuration"
setup_namespaceless
# Setup namespaceless env if needed for container runtime
if [[ "$container_runtime" != "podman" ]]; then
log "Applying namespace-less configuration"
setup_namespaceless
fi
# Switch to nestri user
log "Switching to nestri user for application startup..."
if [[ ! -x /etc/nestri/entrypoint_nestri.sh ]]; then
log "Error: Entry point script /etc/nestri/entrypoint_nestri.sh not found or not executable."
# Switch to nestri runner entrypoint
log "Switching to application startup entrypoint..."
if [[ ! -f /etc/nestri/entrypoint_nestri.sh ]]; then
log "Error: Application entrypoint script /etc/nestri/entrypoint_nestri.sh not found"
exit 1
fi
exec sudo -E -u nestri /etc/nestri/entrypoint_nestri.sh
if [[ "$container_runtime" == "apptainer" ]]; then
exec /etc/nestri/entrypoint_nestri.sh
else
exec sudo -E -u "${NESTRI_USER}" /etc/nestri/entrypoint_nestri.sh
fi
}
# Trap signals for clean exit
trap 'log "Received termination signal, exiting..."; exit 1' SIGINT SIGTERM
main
main

68
packages/scripts/entrypoint_nestri.sh
View File

@@ -1,8 +1,12 @@
#!/bin/bash
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
# Common helpers as requirement
if [[ -f /etc/nestri/common.sh ]]; then
source /etc/nestri/common.sh
else
echo "Error: Common script not found at /etc/nestri/common.sh" >&2
exit 1
fi
# Parses resolution string
parse_resolution() {
@@ -23,20 +27,10 @@ parse_resolution() {
return 0
}
# Loads environment variables
load_envs() {
if [[ -f /etc/nestri/envs.sh ]]; then
log "Sourcing environment variables from envs.sh..."
source /etc/nestri/envs.sh
else
log "Error: envs.sh not found at /etc/nestri/envs.sh"
exit 1
fi
}
# Configuration
MAX_RETRIES=3
RETRY_COUNT=0
WAYLAND_READY_DELAY=3
# Kills process if running
kill_if_running() {
@@ -125,15 +119,15 @@ start_nestri_server() {
WAYLAND_SOCKET="${XDG_RUNTIME_DIR}/wayland-1"
for ((i=1; i<=15; i++)); do
if [[ -e "$WAYLAND_SOCKET" ]]; then
log "Wayland display 'wayland-1' ready."
sleep 3
log "Wayland display 'wayland-1' ready"
sleep "${WAYLAND_READY_DELAY:-3}"
start_compositor
return
fi
sleep 1
done
log "Error: Wayland display 'wayland-1' not available."
log "Error: Wayland display 'wayland-1' not available"
# Workaround for gstreamer being bit slow at times
log "Clearing gstreamer cache.."
@@ -156,8 +150,8 @@ start_compositor() {
NESTRI_LAUNCH_COMPOSITOR="gamescope --backend wayland --force-grab-cursor -g -f --rt --mangoapp -W ${WIDTH} -H ${HEIGHT} -r ${FRAMERATE:-60}"
fi
# Start Steam patcher only if Steam command is present
if [[ -n "${NESTRI_LAUNCH_CMD}" ]] && [[ "$NESTRI_LAUNCH_CMD" == *"steam"* ]]; then
# Start Steam patcher only if Steam command is present and if needed for container runtime
if [[ -n "${NESTRI_LAUNCH_CMD}" ]] && [[ "$NESTRI_LAUNCH_CMD" == *"steam"* ]] && [[ "${container_runtime:-}" != "podman" ]]; then
start_steam_namespaceless_patcher
fi
@@ -200,17 +194,23 @@ start_compositor() {
local OUTPUT_NAME
OUTPUT_NAME=$(WAYLAND_DISPLAY=wayland-0 wlr-randr --json | jq -r '.[] | select(.enabled == true) | .name' | head -n 1)
if [ -z "$OUTPUT_NAME" ]; then
log "Warning: No enabled outputs detected. Skipping wlr-randr resolution patch."
log "Warning: No enabled outputs detected. Skipping wlr-randr resolution patch"
return
fi
WAYLAND_DISPLAY=wayland-0 wlr-randr --output "$OUTPUT_NAME" --custom-mode "$WIDTH"x"$HEIGHT"
log "Patched resolution with wlr-randr."
log "Patched resolution with wlr-randr"
if [[ -n "${NESTRI_LAUNCH_CMD}" ]]; then
log "Starting application: $NESTRI_LAUNCH_CMD"
WAYLAND_DISPLAY=wayland-0 /bin/bash -c "$NESTRI_LAUNCH_CMD" &
APP_PID=$!
fi
fi
return
fi
sleep 1
done
log "Warning: Compositor socket not found after 15 seconds ($COMPOSITOR_SOCKET)."
log "Warning: Compositor socket not found after 15 seconds ($COMPOSITOR_SOCKET)"
else
# Launch standalone application if no compositor
if [[ -n "${NESTRI_LAUNCH_CMD}" ]]; then
@@ -218,7 +218,7 @@ start_compositor() {
WAYLAND_DISPLAY=wayland-1 /bin/bash -c "$NESTRI_LAUNCH_CMD" &
APP_PID=$!
else
log "No compositor or application configured."
log "No compositor or application configured"
fi
fi
}
@@ -228,7 +228,7 @@ increment_retry() {
local component="$1"
((RETRY_COUNT++))
if [[ "$RETRY_COUNT" -ge "$MAX_RETRIES" ]]; then
log "Error: Max retries reached for $component."
log "Error: Max retries reached for $component"
exit 1
fi
}
@@ -259,22 +259,22 @@ main_loop() {
sleep 1
# Check nestri-server
if [[ -n "${NESTRI_PID:-}" ]] && ! kill -0 "${NESTRI_PID}" 2>/dev/null; then
log "nestri-server died."
log "nestri-server died"
increment_retry "nestri-server"
restart_chain
# Check compositor
elif [[ -n "${COMPOSITOR_PID:-}" ]] && ! kill -0 "${COMPOSITOR_PID}" 2>/dev/null; then
log "compositor died."
log "compositor died"
increment_retry "compositor"
start_compositor
# Check application
elif [[ -n "${APP_PID:-}" ]] && ! kill -0 "${APP_PID}" 2>/dev/null; then
log "application died."
log "application died"
increment_retry "application"
start_compositor
# Check patcher
elif [[ -n "${PATCHER_PID:-}" ]] && ! kill -0 "${PATCHER_PID}" 2>/dev/null; then
log "steam-patcher died."
log "steam-patcher died"
increment_retry "steam-patcher"
start_steam_namespaceless_patcher
fi
@@ -282,10 +282,18 @@ main_loop() {
}
main() {
load_envs
parse_resolution "${RESOLUTION:-1920x1080}" || exit 1
get_container_info || {
log "Warning: Failed to detect container information."
}
# Ensure DBus session env exists
if command -v dbus-launch >/dev/null 2>&1 && [[ -z "${DBUS_SESSION_BUS_ADDRESS:-}" ]]; then
eval "$(dbus-launch)"
fi
restart_chain
main_loop
}
main
main

6
packages/scripts/envs.sh
View File

@@ -1,9 +1,11 @@
#!/bin/bash
export XDG_RUNTIME_DIR=/run/user/${UID}/
export USER=${NESTRI_USER}
export LANG=${NESTRI_LANG}
export HOME=${NESTRI_HOME}
export XDG_RUNTIME_DIR=${NESTRI_XDG_RUNTIME_DIR}
export XDG_SESSION_TYPE=x11
export DISPLAY=:0
export $(dbus-launch)
# Causes some setups to break
export PROTON_NO_FSYNC=1

15
packages/scripts/supervisord.conf
View File

@@ -1,24 +1,15 @@
[supervisord]
user=root
nodaemon=true
loglevel=info
logfile=/tmp/supervisord.log
[program:dbus]
user=root
command=dbus-daemon --system --nofork --nopidfile
autorestart=true
autostart=true
startretries=3
priority=1
[program:seatd]
user=root
command=seatd
autorestart=true
autostart=true
startretries=3
priority=2
environment=XDG_RUNTIME_DIR=%(ENV_NESTRI_XDG_RUNTIME_DIR)s
[program:pipewire]
user=nestri
@@ -28,6 +19,7 @@ autostart=true
startretries=3
priority=3
nice=-10
environment=HOME=%(ENV_NESTRI_HOME)s,XDG_RUNTIME_DIR=%(ENV_NESTRI_XDG_RUNTIME_DIR)s
[program:pipewire-pulse]
user=nestri
@@ -37,6 +29,7 @@ autostart=true
startretries=3
priority=4
nice=-10
environment=HOME=%(ENV_NESTRI_HOME)s,XDG_RUNTIME_DIR=%(ENV_NESTRI_XDG_RUNTIME_DIR)s
[program:wireplumber]
user=nestri
@@ -46,9 +39,9 @@ autostart=true
startretries=3
priority=5
nice=-10
environment=HOME=%(ENV_NESTRI_HOME)s,XDG_RUNTIME_DIR=%(ENV_NESTRI_XDG_RUNTIME_DIR)s
[program:entrypoint]
user=root
command=/etc/nestri/entrypoint.sh
autorestart=false
autostart=true