lwoodard/Omarchy-Stream
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Optimize installer: preflight checks, tuned conf, doctor, faster default

Browse Source 
Layers a few things on top of the initial scaffold:

- Default to sunshine-bin (precompiled, ~seconds) instead of building from
  source. --from-source restores the old behavior.
- Add lib/preflight.sh: catches the gotchas before any work is done —
  Wayland session, NVIDIA driver responsive, nvidia-drm.modeset, amdgpu
  loaded, pipewire-pulse present, SSH-without-session warning.
- Add lib/config.sh: writes a tuned ~/.config/sunshine/sunshine.conf with
  per-vendor encoder settings (NVENC P1+ll+cbr, VAAPI ultralowlatency,
  QuickSync veryfast), KMS capture, pulse audio sink. Uses a
  "# managed-by: omarchy-moonlight" marker; removing it hands ownership
  back to the user and the installer won't touch the file again.
- Add lib/verify.sh: post-install verification of every step
  (cap_sys_admin set, group resolves, udev rule present, /dev/uinput
  exists, encoder reachable, service active, :47990 listening). Same
  checks are reachable standalone via --doctor.
- Install runtime helpers (pipewire-pulse, vulkan-tools, libva-utils)
  alongside Sunshine for diagnostics + audio.
- Uninstall handles both sunshine + sunshine-bin and the -bin moonlight
  variant.
- README documents the tuning table, the new flags, and the modeset
  troubleshooting path.
This commit is contained in:
Levi Woodard
2026-05-18 10:17:11 -06:00
parent a9dcbc1db8
commit d6b0919149
7 changed files with 339 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
README.md
View File

@@ -26,18 +26,22 @@ Then:
## What it does
- Installs `sunshine` and `moonlight-qt` from the AUR via `yay`
- Adds your user to the `input` group
- Drops a `/etc/udev/rules.d/60-uinput.rules` if no equivalent rule exists (so Sunshine can use `/dev/uinput` for virtual gamepad/keyboard/mouse)
- Runs `setcap cap_sys_admin+p` on the `sunshine` binary so KMS screen capture works without root
- Installs GPU-vendor encoder packages:
- NVIDIA: `nvidia-utils`, `libva-nvidia-driver`
- AMD: `libva-mesa-driver`, `mesa-vdpau`, `vulkan-radeon`
- Intel: `intel-media-driver`, `vulkan-intel`
- Opens Sunshine's LAN ports on `firewalld` / `ufw` if either is active (skips silently otherwise)
- Enables `sunshine.service` under systemd `--user` and turns on `loginctl enable-linger` so the host is reachable without a graphical login
In order, each step is "check, then act" — re-running is safe:
Re-running is safe — every step is "check, then act."
1. **Preflight** — confirms Wayland session, GPU driver is loaded, `nvidia-drm.modeset=1` isn't explicitly disabled (would silently break KMS capture), pipewire-pulse is present for audio.
2. **Packages** — installs `sunshine-bin` (precompiled, fast) and `moonlight-qt` from the AUR via `yay`. Plus runtime helpers: `pipewire-pulse`, `vulkan-tools`, `libva-utils`. Use `--from-source` to build Sunshine from source instead.
3. **GPU encoder support**:
- NVIDIA: `nvidia-utils`, `libva-nvidia-driver`
- AMD: `libva-mesa-driver`, `mesa-vdpau`, `vulkan-radeon`
- Intel: `intel-media-driver`, `vulkan-intel`
4. **Permissions**:
- Adds you to the `input` group
- Drops `/etc/udev/rules.d/60-uinput.rules` if no equivalent rule exists (lets Sunshine use `/dev/uinput` for virtual gamepad/keyboard/mouse)
- `setcap cap_sys_admin+p` on the `sunshine` binary so KMS screen capture works without root
5. **Tuned config** — writes `~/.config/sunshine/sunshine.conf` for low-latency LAN streaming. Per-vendor encoder settings (NVENC P1+`ll`, VAAPI ultralowlatency, QuickSync veryfast). Marked with `# managed-by: omarchy-moonlight`; remove that marker to take ownership and the installer will never touch it again.
6. **Firewall** — opens Sunshine's ports on `firewalld` / `ufw` if either is active. Skips silently otherwise.
7. **Service** — enables `sunshine.service` under `systemd --user` and turns on `loginctl enable-linger` so the host is reachable without an active graphical login.
8. **Verify** — runs the same checks as `--doctor` to confirm everything's actually wired up (cap_sys_admin set, group resolved, web UI listening on :47990, encoder reachable).
## Flags
@@ -46,15 +50,24 @@ Re-running is safe — every step is "check, then act."
./install.sh --no-firewall # skip firewall rules
./install.sh --no-moonlight # host-only (no client)
./install.sh --no-sunshine # client-only (no host)
./install.sh --no-config # leave Sunshine to generate its own default config
./install.sh --from-source # build Sunshine from source (slower; uses 'sunshine' AUR pkg)
./install.sh --doctor # run only the verification checks (no install)
```
### Use the precompiled Sunshine package
The doctor flag is the fastest way to debug a degraded install — it'll tell you exactly which piece (group, cap, udev, encoder, service, port) is broken.
The default uses `sunshine` from the AUR, which builds from source (slow on first install). To use the precompiled `sunshine-bin` instead:
### Tuned defaults written to sunshine.conf
```bash
SUNSHINE_PKG=sunshine-bin ./install.sh
```
| Setting | Value | Why |
|---|---|---|
| `capture` | `kms` | Correct backend for Wayland; uses DRM directly. |
| `encoder` (NVIDIA) | `nvenc` + `nvenc_preset=p1`, `nvenc_tune=ll`, `nvenc_rc=cbr` | P1 minimizes encode latency; low-latency tune disables look-ahead; CBR keeps bitrate predictable over LAN. |
| `encoder` (AMD) | `vaapi` + `amd_usage=ultralowlatency`, `amd_rc=cbr` | Mirrors the NVIDIA choices on AMD's encoder. |
| `min_threads` | `4` | Helps keep up at high bitrates / 4K. |
| `audio_sink` | `pulse` | Captures from PipeWire's Pulse compat layer. |
Anything else (resolution, bitrate, paired clients, app launchers) is set via the web UI.
## Uninstall
@@ -74,17 +87,19 @@ SUNSHINE_PKG=sunshine-bin ./install.sh
## Diagnostics
```bash
./install.sh --doctor # run all checks
systemctl --user status sunshine
journalctl --user -u sunshine -f
getcap "$(readlink -f "$(command -v sunshine)")" # should include cap_sys_admin
id -nG | tr ' ' '\n' | grep -x input # confirm group membership
getcap "$(readlink -f "$(command -v sunshine)")" # should include cap_sys_admin
id -nG | tr ' ' '\n' | grep -x input # confirm group membership
```
If Moonlight pairs but the stream is black:
- Confirm you're in the `input` group **in a freshly logged-in session** (not just listed in `/etc/group`).
- Confirm `getcap` shows `cap_sys_admin` on the sunshine binary.
- Check `journalctl --user -u sunshine` for `KMS` / `DRM` errors. On NVIDIA, ensure the proprietary driver is active (`nvidia-smi`).
- Check `journalctl --user -u sunshine` for `KMS` / `DRM` errors.
- On NVIDIA: confirm the proprietary driver is active (`nvidia-smi`) and that `nvidia-drm.modeset=1` is in effect. If you have an older driver (≤555) and modeset isn't on, add `nvidia-drm.modeset=1` to your kernel cmdline and reboot.
## Remote access (planned)
@@ -100,9 +115,12 @@ omarchy-moonlight/
├── lib/
│ ├── common.sh # logging, sudo, idempotency helpers
│ ├── detect.sh # GPU vendor, session type, hostname
│ ├── packages.sh # yay -S sunshine moonlight-qt + GPU encoders
│ ├── preflight.sh # pre-install sanity checks (driver, modeset, audio, session)
│ ├── packages.sh # yay -S sunshine-bin moonlight-qt + GPU encoders
│ ├── permissions.sh # input group, uinput udev, setcap cap_sys_admin
│ ├── config.sh # writes tuned sunshine.conf (managed-by marker)
│ ├── firewall.sh # ufw/firewalld detection + port opening
── service.sh # systemctl --user enable + loginctl enable-linger
── service.sh # systemctl --user enable + loginctl enable-linger
│ └── verify.sh # post-install checks (also reused by --doctor)
└── files/ # (reserved — drop-in config files if needed later)
```