alihan/docker-steam-headless
1
0
Fork 0
mirror of https://github.com/Steam-Headless/docker-steam-headless.git synced 2023-08-28 13:41:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Run container unprivileged by default using a macvlan

Browse Source
This commit is contained in:
Josh.5
2023-08-22 15:23:26 +12:00
committed by Josh Sunnex
parent c731e2e0a0
commit fed3000700
3 changed files with 138 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/compose-files/docker-compose.default.yml
View File

@@ -4,28 +4,44 @@ services:
image: josh5/steam-headless:latest
restart: unless-stopped
runtime: ${DOCKER_RUNTIME}
## NOTE: Requires privileged access to host to be able to access the required devices
privileged: true
shm_size: ${SHM_SIZE}
ipc: host # Could also be set to 'shareable'
ulimits:
nofile:
soft: 1024
hard: 524288
cap_add:
- NET_ADMIN
- SYS_ADMIN
- SYS_NICE
security_opt:
- seccomp:unconfined
- apparmor:unconfined
# NETWORK:
## NOTE: Steam headless always requires the use of the host network.
## If we do not use the host network, then device input is not possible
## and your controllers will not work in steam games.
network_mode: host
hostname: ${NAME}
extra_hosts:
- "${NAME}:127.0.0.1"
networks:
external-macvlan:
ipv4_address: ${CONTAINER_IP_ADDRESS}
# ENVIRONMENT:
## Read all config variables from the .env file
env_file: .env
# DEVICES:
devices:
# Use the host fuse device.
- /dev/fuse
# Add the host uinput device.
- /dev/uinput
# Add AMD/Intel HW accelerated video encoding/decoding devices (optional)
#- /dev/dri
# Ensure container access to devices 13:*
device_cgroup_rules:
- 'c 13:* rmw'
# VOLUMES:
volumes:
# The location of your home directory.
@@ -37,24 +53,28 @@ services:
- /mnt/games/:/mnt/games/:rw
# The Xorg socket. This will be shared with other containers so they can access the X server.
# Select only one option:
# Select only one option or leave commented out to not share the Xorg socket with any other Docker containers.
# Option #1) Start a X server in the container to share with any other containers.
- /opt/container-data/steam-headless/.X11-unix/:/tmp/.X11-unix/:rw
#- /opt/container-data/steam-headless/.X11-unix/:/tmp/.X11-unix/:rw
# Option #2) Use an existing X server running on the host.
#- /tmp/.X11-unix/:/tmp/.X11-unix/:rw
# Pulse audio socket. This will be shared with other containers so they can access the audio sink.
- /opt/container-data/steam-headless/pulse/:/tmp/pulse/:rw
# Leave commented out to not share the pulse socket with any other Docker containers.
#- /opt/container-data/steam-headless/pulse/:/tmp/pulse/:rw
# Input devices used for mouse and joypad support inside the container.
- /dev/input/:/dev/input/:ro
# Store dind var files in a volume.
- steam-headless-var-lib-docker:/var/lib/docker/:rw
# Host udev data required for input devices
- /run/udev/data/:/run/udev/data/:ro
# Store flatpak var files in a volume.
- steam-headless-var-lib-flatpak:/var/lib/flatpak/:rw
volumes:
steam-headless-var-lib-docker:
steam-headless-var-lib-flatpak:
networks:
external-macvlan:
external: true
name: ${NETWORK_NAME}

56
docs/compose-files/docker-compose.privileged.yml Normal file
View File

@@ -0,0 +1,56 @@
---
services:
steam-headless:
image: josh5/steam-headless:latest
restart: unless-stopped
runtime: ${DOCKER_RUNTIME}
## NOTE: This config uses privileged to access to host to be able to access the required devices
privileged: true
shm_size: ${SHM_SIZE}
ipc: host # Could also be set to 'shareable'
ulimits:
nofile:
soft: 1024
hard: 524288
# NETWORK:
## NOTE: If we do not use the host network, then physical device input is not possible
## and your USB connected controllers will not work in steam games.
network_mode: host
hostname: ${NAME}
extra_hosts:
- "${NAME}:127.0.0.1"
# ENVIRONMENT:
## Read all config variables from the .env file
env_file: .env
# VOLUMES:
volumes:
# The location of your home directory.
- /opt/container-data/steam-headless/home/:/home/default/:rw
# The location where all games should be installed.
# This path needs to be set as a library path in Steam after logging in.
# Otherwise, Steam will store games in the home directory above.
- /mnt/games/:/mnt/games/:rw
# The Xorg socket. This will be shared with other containers so they can access the X server.
# Select only one option:
# Option #1) Start a X server in the container to share with any other containers.
#- /opt/container-data/steam-headless/.X11-unix/:/tmp/.X11-unix/:rw
# Option #2) Use an existing X server running on the host.
#- /tmp/.X11-unix/:/tmp/.X11-unix/:rw
# Pulse audio socket. This will be shared with other containers so they can access the audio sink.
# Leave commented out to not share the pulse socket with any other Docker containers.
#- /opt/container-data/steam-headless/pulse/:/tmp/pulse/:rw
# Input devices used for mouse and joypad support inside the container.
- /dev/input/:/dev/input/:ro
# Store flatpak var files in a volume.
- steam-headless-var-lib-flatpak:/var/lib/flatpak/:rw
volumes:
steam-headless-var-lib-flatpak:

49
docs/docker-compose.md
View File

@@ -41,6 +41,55 @@ Create a Steam Headless `/opt/container-services/steam-headless/docker-compose.y
Populate this file with the contents of the default [Docker Compose File](./compose-files/docker-compose.default.yml).
## CONFIGURE HOST:
It is recommended that you configure this container to use a Macvlan network. If you know what you are doing, you can also use an IPvlan or Host, but I will not be covering that setup in this documentation.
To simplify the setup process and allow you to reuse the created Macvlan for other containers, we will create this Macvlan manually rather than have Docker compose handle it. If you know what you are doing with Docker compose and you would rather have the Macvlan managed there, feel free to do so. Otherwise run this command and carry on with the setup:
### 1) Discover your parent network:
To find the parent network device, run the command `ip address show`. Find the device that has the IP address of your Host server.
```
root@Tower:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq master br0 state UP group default qlen 1000
link/ether 7c:11:a9:b1:15:b9 brd ff:ff:ff:ff:ff:ff
4: eth0.1@eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0.1 state UP group default qlen 1000
link/ether 7c:11:a9:b1:15:b9 brd ff:ff:ff:ff:ff:ff
5: eth0.3@eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0.3 state UP group default qlen 1000
link/ether 7c:11:a9:b1:15:b9 brd ff:ff:ff:ff:ff:ff
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7c:11:a9:b1:15:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global dynamic noprefixroute br0
valid_lft 440sec preferred_lft 365sec
```
In this example output, I will select br0 as the parent network device which has the IP address of "192.168.1.43".
### 2) Create a macvlan Docker network
```
# Set the parent network device.
NETWORK_PARTENT=br0
# Name this whatever you like, but ensure you update the `.env` file below to match.
NETWORK_NAME=steam-headless-vlan
# Choose a network subnet and gateway that matches your host network
NETWORK_SUBNET=192.168.1.0/24
NETWORK_GATEWAY=192.168.1.1
# Execute the docker network create command
sudo docker network create -d macvlan \
--subnet=${NETWORK_SUBNET:?} \
--gateway=${NETWORK_GATEWAY:?} \
-o parent=${NETWORK_PARTENT:?} \
${NETWORK_NAME:?}
```
## CONFIGURE ENV:
Create a Steam Headless `/opt/container-services/steam-headless/.env` file with the contents found in this example [Environment File](./compose-files/.env).