peter-nixos/sunshine.nix

{ config, pkgs, updatePkgs, unstablePkgs, ... }:
{
  systemd.user.services.sunshine = {
    description = "Sunshine self-hosted game stream host for Moonlight";
    wantedBy = ["graphical-session.target"];
    partOf   = ["graphical-session.target"];
    startLimitBurst = 5;
    startLimitIntervalSec = 500;
    serviceConfig = {
      ExecStart = "${config.security.wrapperDir}/sunshine";
      Restart = "on-failure";
      RestartSec = "5s";
    };
  };

  environment.systemPackages = with pkgs; [
    pkgs.sunshine
    pkgs.moonlight-qt
  ];

  security.wrappers.sunshine = {
    owner = "root";
    group = "root";
    capabilities = "cap_sys_admin+p";
    source = "${pkgs.sunshine}/bin/sunshine";
  };

  services.avahi.publish.enable = true;
  services.avahi.publish.userServices = true;

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 47984 47989 47990 48010 ];
    allowedUDPPortRanges = [
      { from = 47998; to = 48010; }
      #{ from = 8000; to = 8010; }
    ];
  };
}