Add steam headless apps with security docs and verification guide
This commit is contained in:
Joachim Friberg
@@ -0,0 +1,107 @@
|
||||
# How To Verify
|
||||
|
||||
Detta dokument verifierar båda Steam-apparna i repo:
|
||||
|
||||
- `Apps/steam-headless`
|
||||
- `Apps/steam-moonlight`
|
||||
|
||||
## 1) Repo-validering
|
||||
|
||||
Kör från repo-roten:
|
||||
|
||||
```bash
|
||||
./scripts/validate-appstore.sh --enforce-risk-docs
|
||||
```
|
||||
|
||||
Förväntat: `Validation OK` eller `Validation OK with ... warning(s)`.
|
||||
|
||||
## 2) Verifiera steam-headless (browser-first)
|
||||
|
||||
Rendera compose:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-headless/docker-compose.yaml config
|
||||
```
|
||||
|
||||
Starta:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-headless/docker-compose.yaml up -d steam
|
||||
```
|
||||
|
||||
Kontroller:
|
||||
|
||||
1. `docker compose -f Apps/steam-headless/docker-compose.yaml ps` visar `steam` som running.
|
||||
2. Web UI nås på `${STEAM_HTTP_PORT:-3000}` eller `${STEAM_HTTPS_PORT:-3001}`.
|
||||
3. Inga extra högriskflaggor används (`privileged`, `host network`, `docker.sock`).
|
||||
|
||||
Stoppa:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-headless/docker-compose.yaml down
|
||||
```
|
||||
|
||||
## 3) Verifiera steam-moonlight defaultprofil
|
||||
|
||||
Rendera compose (default):
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml config
|
||||
```
|
||||
|
||||
Starta default service:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml up -d steam
|
||||
```
|
||||
|
||||
Kontroller:
|
||||
|
||||
1. `steam` är running.
|
||||
2. Webdesktop nås på `${STEAM_WEB_PORT:-8083}`.
|
||||
3. Defaultprofilen kör med låg-risk baseline (`cap_drop: ALL`, ingen `host network`).
|
||||
|
||||
Stoppa:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml down
|
||||
```
|
||||
|
||||
## 4) Verifiera steam-moonlight moonlight-profil (opt-in)
|
||||
|
||||
Preflight:
|
||||
|
||||
1. Sätt starkt `SUNSHINE_PASS`.
|
||||
2. Verifiera GPU devices (`GPU_CARD_DEVICE`, `GPU_RENDER_DEVICE`).
|
||||
3. Verifiera `/dev/fuse` och `/dev/uinput` på host.
|
||||
|
||||
Rendera moonlight-profil:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml --profile moonlight config
|
||||
```
|
||||
|
||||
Starta:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml --profile moonlight up -d steam-moonlight
|
||||
```
|
||||
|
||||
Kontroller:
|
||||
|
||||
1. `steam-moonlight` är running.
|
||||
2. Sunshine kräver autentisering.
|
||||
3. Moonlight-klient kan ansluta från LAN/VPN.
|
||||
4. Ingen oavsiktlig internetexponering av Sunshine-portar.
|
||||
|
||||
Stoppa/rollback:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml --profile moonlight down
|
||||
```
|
||||
|
||||
Vid problem, återgå till defaultprofil:
|
||||
|
||||
```bash
|
||||
docker compose -f Apps/steam-moonlight/docker-compose.yaml up -d steam
|
||||
```
|
||||
Reference in New Issue
Block a user