-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathlaunch-garbage
executable file
·130 lines (115 loc) · 3.25 KB
/
launch-garbage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
###############################################################################
# Launch garbage proprietary programs like Zoom or i686 only applications #
# like Steam in a systemd-nspawn container to keep the main system nice and #
# clean. The container is assumed to be on an encrypted block device. #
###############################################################################
set -o errexit
user=steam
label=garbage
mount_path=/mnt/$label
block_device=$(findfs LABEL=$label-crypt)
export SUDO_ASKPASS=${SUDO_ASKPASS:-/usr/lib/git-core/git-gui--askpass}
function unlock_device(){
if [[ ! -b "/dev/mapper/$label" ]]; then
if [[ -t 0 ]]; then
cryptsetup open "$block_device" "$label"
else
local message="Enter passphrase for $block_device:"
cryptsetup open "$block_device" "$label" <<<"$($SUDO_ASKPASS "$message")"
fi
fi
}
function mount_device(){
if ! mountpoint -q "$mount_path"; then
mkdir -p "$mount_path"
mount "/dev/mapper/$label" "$mount_path"
fi
}
function umount_device(){
if mountpoint -q "$mount_path"; then
umount "$mount_path"
rmdir "$mount_path"
fi
}
function is_running(){
if [[ ! $(machinectl --property=State show "$label" 2> /dev/null) = "State=running" ]]; then
return 1
fi
}
function notify_status(){
if is_running; then
local message="The garbage container is still running!"
else
local message="The garbage container is offline!"
fi
if [[ -t 1 ]]; then
echo "$message"
else
notify-send "$message"
fi
}
function kill_container(){
if is_running; then
machinectl -q terminate "$label"
# wait for other session to properly shut down
# FIXME: avoid possible deadlock
while pidof -qo %PPID -x "$0"; do
sleep 1
done
fi
}
function launch_container(){
# if a garbage program didn't terminate like it should in a previous session, kill it
kill_container
# https://wiki.archlinux.org/title/systemd-nspawn#Use_an_X_environment
xhost +local: > /dev/null
# bind most devices apart from block devices and a few others inside
# container for gpu access, camera, ...
local omit='/dev/\(console\|pts/.*\|ptmx\|std.*\)'
mapfile -t < <(find /dev -xtype c,f ! -regex "$omit" -printf "--bind=%p\n")
systemd-nspawn \
--quiet \
--user=$user \
--setenv=DISPLAY="$DISPLAY" \
--setenv=DRI_PRIME="$DRI_PRIME" \
--setenv=__NV_PRIME_RENDER_OFFLOAD="$__NV_PRIME_RENDER_OFFLOAD" \
--setenv=__VK_LAYER_NV_optimus="$__VK_LAYER_NV_optimus" \
--setenv=__GLX_VENDOR_LIBRARY_NAME="$__GLX_VENDOR_LIBRARY_NAME" \
--setenv=PULSE_SERVER=unix:/run/user/host/pulse/native \
--bind=/run/user/1000/pulse:/run/user/host/pulse \
--bind=/tmp/.X11-unix \
"${MAPFILE[@]//:/\\:}" \
--as-pid2 \
--image=/dev/mapper/$label "$@"
xhost -local: > /dev/null
}
function check_user(){
# make sure that the script is run as root
if [[ $EUID -ne 0 ]]; then
exec sudo -E "$0" "$@"
fi
}
case "$1" in
--mount|-m)
check_user "$@"
unlock_device
mount_device
;;
--umount|-u)
check_user "$@"
umount_device
;;
--notify|-n)
notify_status
;;
--kill|-k)
check_user "$@"
kill_container
;;
*)
check_user "$@"
unlock_device
launch_container "$@"
;;
esac