flake/modules/nixos/server/containers/steam.nix

{ pkgs, lib, config, ... }: let 
  steam-xinit = pkgs.writeShellScriptBin "steam-xinit" ''
    ${lib.getExe pkgs.steam} &       
    exec ${lib.getExe pkgs.openbox} &
    exec ${lib.getExe pkgs.xterm}
  '';

in {
  options.mods.containers.steam = {
    enable = lib.mkEnableOption {
      default = false;
      description = "enables steam container";
    };
  };

  config = lib.mkIf config.mods.containers.steam.enable {
    mods.containers.enable = true;

    containers.steam = {
      privateNetwork = true;
      # hostAddress = "192.168.100.10";
      # localAddress = "192.168.100.11";
      hostBridge = "br0"; # Specify the bridge name
      localAddress = "192.168.1.171/24";

      bindMounts = {
        "/home/steam/.steam/steam/steamapps/common/SMITE" = {
          hostPath = "/mnt/bulk/SteamLibrary/steamapps/common/SMITE";
          isReadOnly = true;
        };
        "/home/steam/.steam/steam/steamapps/shadercache/386360" = {
          hostPath = "/mnt/bulk/SteamLibrary/steamapps/shadercache/386360";
          isReadOnly = true;
        };
        "/home/steam/.steam/steam/steamapps/appmanifest_386360.acf" = {
          hostPath = "/mnt/bulk/SteamLibrary/steamapps/appmanifest_386360.acf";
          isReadOnly = true;
        };
        "/home/steam/smoop" = {
          hostPath = "/home/muon/projects/smoop";
          isReadOnly = true;
        };
      };

      config = { config, pkgs, lib, ... }: {
        nixpkgs.config.allowUnfreePredicate = pkg:
          builtins.elem (lib.getName pkg) [
            "steam"
            "steam-original"
            "steam-run"
          ];

        programs.steam = {
          enable = true;
          remotePlay.openFirewall = true;
        };

        programs.direnv = {
          enable = true;
          nix-direnv.enable = true;
        };

        environment.systemPackages = with pkgs; [
          xterm
          glxinfo
          wget
          bottles
          ungoogled-chromium
          zellij

          openbox
          steam-xinit
          novnc
          xorg.xinit
    
        ];

        services.xserver.enable = true;

        networking.firewall.allowedTCPPorts = [ 6080 ];
        systemd.services.tiger-vnc = {
          wantedBy = [ "multi-user.target" ];
          serviceConfig = {
            ExecStart = ''${pkgs.xorg.xinit}/bin/xinit ${steam-xinit}/bin/steam-xinit -- ${pkgs.tigervnc}/bin/Xvnc :1 SecurityTypes=None'';
            User = "steam";
          };
        };
 
        systemd.services.no-vnc = {
          wantedBy = [ "multi-user.target" ];
          path = [ pkgs.ps pkgs.hostname ];
          serviceConfig = {
            ExecStart = ''${pkgs.novnc}/bin/novnc --vnc localhost:5901'';
            User = "steam";
          };
        };

        hardware.opengl = {
          enable = true;
          driSupport32Bit = true;
        };

        # programs.ssh.forwardX11 = true;
        services.openssh = {
          enable = true;
          # settings.X11Forwarding = true;
        };

        users.users.steam = {
          isNormalUser = true;
          extraGroups = [ "wheel" ];
          initialPassword = "changeme";
        };

        networking = {
          # Use systemd-resolved inside the container
          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
          useHostResolvConf = lib.mkForce false;
        };
    
        services.resolved.enable = true;

        system.stateVersion = "23.11";
      };
    };
  };
}