Initial scaffold: idempotent Sunshine + Moonlight installer for Omarchy

Sets up bidirectional game streaming across Omarchy/Hyprland/Wayland machines (NVIDIA desktop and AMD Framework laptop), with the Macbook as an additional Moonlight client. The same install.sh runs on either machine; GPU vendor is detected at runtime and the appropriate hardware-encode packages are installed. Includes: - KMS capture setup (cap_sys_admin on sunshine, input group, uinput udev rule) - ufw / firewalld port opening when a firewall is active - systemd --user service + loginctl enable-linger for always-on hosting - uninstall.sh with --purge for user data removal - Flags to install host-only or client-only
2026-05-18 10:11:53 -06:00
commit a9dcbc1db8
11 changed files with 572 additions and 0 deletions
--- a/lib/permissions.sh
+++ b/lib/permissions.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# Permissions needed for Sunshine on Wayland:
+#  - user in 'input' group  (so /dev/uinput is usable for virtual gamepad/keyboard/mouse)
+#  - udev rule granting 'input' group access to /dev/uinput
+#  - cap_sys_admin on the sunshine binary (so KMS capture works without root)
+
+UINPUT_RULE_PATH="/etc/udev/rules.d/60-uinput.rules"
+UINPUT_RULE_CONTENT='KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess", OWNER="root", GROUP="input", MODE="0660"'
+
+ensure_input_group() {
+  if id -nG "$USER" | tr ' ' '\n' | grep -qx input; then
+    ok "User '$USER' already in 'input' group"
+    return 0
+  fi
+  info "Adding '$USER' to 'input' group"
+  as_root usermod -aG input "$USER"
+  warn "You must log out and back in (or run 'newgrp input') for this to take effect."
+}
+
+ensure_uinput_udev_rule() {
+  # The sunshine package may ship its own rule under /usr/lib/udev/rules.d/.
+  # If a usable rule already exists anywhere udev looks, do nothing.
+  if grep -rqs 'KERNEL=="uinput"' /etc/udev/rules.d /usr/lib/udev/rules.d /run/udev/rules.d 2>/dev/null; then
+    ok "uinput udev rule already present"
+    return 0
+  fi
+  info "Writing $UINPUT_RULE_PATH"
+  echo "$UINPUT_RULE_CONTENT" | as_root tee "$UINPUT_RULE_PATH" >/dev/null
+  as_root udevadm control --reload-rules
+  as_root udevadm trigger --subsystem-match=misc --action=change || true
+}
+
+set_sunshine_capabilities() {
+  local bin
+  bin="$(command -v sunshine || true)"
+  if [[ -z "$bin" ]]; then
+    err "sunshine binary not found on PATH after install; cannot set capabilities."
+    return 1
+  fi
+  # Follow symlinks (e.g., /usr/bin/sunshine may itself be a real file; harmless to readlink -f).
+  bin="$(readlink -f "$bin")"
+  local current
+  current="$(getcap "$bin" 2>/dev/null || true)"
+  if [[ "$current" == *"cap_sys_admin"* ]]; then
+    ok "sunshine binary already has cap_sys_admin set"
+    return 0
+  fi
+  info "Setting cap_sys_admin+p on $bin (required for KMS capture)"
+  as_root setcap cap_sys_admin+p "$bin"
+}