Kreyren/gist:308b0a4b99ac998192f30da52623162c

## gistfile1.txt
λ nix shell nixpkgs#steam-run-native nixpkgs#bashInteractive -c bash

[~]$ cat "$(command -v steam-run)"
#!/nix/store/phqa311klldrcbwid1i22dwnpfc9dnma-bash-5.1-p8/bin/bash
blacklist=(/nix /dev /proc /etc)
ro_mounts=()
symlinks=()
for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/*; do
  path="/${i##*/}"
  if [[ $path == '/etc' ]]; then
    :
  elif [[ -L $i ]]; then
    symlinks+=(--symlink "$(/nix/store/qmn7m3wk8b1v1ljhb2dzyjh41d6ingp6-coreutils-9.0/bin/readlink "$i")" "$path")
    blacklist+=("$path")
  else
    ro_mounts+=(--ro-bind "$i" "$path")
    blacklist+=("$path")
  fi
done

if [[ -d /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc ]]; then
  for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc/*; do
    path="/${i##*/}"
    # NOTE: we're binding /etc/fonts and /etc/ssl/certs from the host so we
    # don't want to override it with a path from the FHS environment.
    if [[ $path == '/fonts' || $path == '/ssl' ]]; then
      continue
    fi
    ro_mounts+=(--ro-bind "$i" "/etc$path")
  done
fi

declare -a auto_mounts
# loop through all directories in the root
for dir in /*; do
  # if it is a directory and it is not in the blacklist
  if [[ -d "$dir" ]] && [[ ! "${blacklist[@]}" =~ "$dir" ]]; then
    # add it to the mount list
    auto_mounts+=(--bind "$dir" "$dir")
  fi
done

cmd=(
  /nix/store/qyypaxg1yawp42jljl3jrhv0f37vp3gk-bubblewrap-0.5.0/bin/bwrap
  --dev-bind /dev /dev
  --proc /proc
  --chdir "$(pwd)"
  --unshare-user


  --unshare-uts
  --unshare-cgroup
  --die-with-parent
  --ro-bind /nix /nix
  # Our glibc will look for the cache in its own path in `/nix/store`.
  # As such, we need a cache to exist there, because pressure-vessel
  # depends on the existence of an ld cache. However, adding one
  # globally proved to be a bad idea (see #100655), the solution we
  # settled on being mounting one via bwrap.
  # Also, the cache needs to go to both 32 and 64 bit glibcs, for games
  # of both architectures to work.
  --tmpfs /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
  --symlink /etc/ld.so.conf /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.cache \
  --ro-bind /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc \
  --remount-ro /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
  --tmpfs /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
  --symlink /etc/ld.so.conf /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.conf \
  --symlink /etc/ld.so.cache /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.cache \
  --ro-bind /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc \
  --remount-ro /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
  --ro-bind-try /etc/static /etc/static
  --ro-bind-try /etc/nix /etc/nix
  --ro-bind-try /etc/bashrc /etc/bashrc
  --ro-bind-try /etc/zshenv /etc/zshenv
  --ro-bind-try /etc/zshrc /etc/zshrc
  --ro-bind-try /etc/zinputrc /etc/zinputrc
  --ro-bind-try /etc/zprofile /etc/zprofile
  --ro-bind-try /etc/passwd /etc/passwd
  --ro-bind-try /etc/group /etc/group
  --ro-bind-try /etc/shadow /etc/shadow
  --ro-bind-try /etc/hosts /etc/hosts
  --ro-bind-try /etc/resolv.conf /etc/resolv.conf
  --ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf
  --ro-bind-try /etc/profiles /etc/profiles
  --ro-bind-try /etc/login.defs /etc/login.defs
  --ro-bind-try /etc/sudoers /etc/sudoers
  --ro-bind-try /etc/sudoers.d /etc/sudoers.d
  --ro-bind-try /etc/localtime /etc/localtime
  --ro-bind-try /etc/zoneinfo /etc/zoneinfo
  --ro-bind-try /etc/machine-id /etc/machine-id
  --ro-bind-try /etc/os-release /etc/os-release
  --ro-bind-try /etc/pam.d /etc/pam.d
  --ro-bind-try /etc/fonts /etc/fonts
  --ro-bind-try /etc/alsa /etc/alsa
  --ro-bind-try /etc/asound.conf /etc/asound.conf
  --ro-bind-try /etc/ssl/certs /etc/ssl/certs
  --ro-bind-try /etc/pki /etc/pki
  "${ro_mounts[@]}"
  "${symlinks[@]}"
  "${auto_mounts[@]}"
  /nix/store/chj84h84j2wcf3a0b4lrys31bm28zhym-steam-run-init/bin/steam-run-init "$@"
)
exec "${cmd[@]}"
	λ nix shell nixpkgs#steam-run-native nixpkgs#bashInteractive -c bash

	[~]$ cat "$(command -v steam-run)"
	#!/nix/store/phqa311klldrcbwid1i22dwnpfc9dnma-bash-5.1-p8/bin/bash
	blacklist=(/nix /dev /proc /etc)
	ro_mounts=()
	symlinks=()
	for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/*; do
	path="/${i##*/}"
	if [[ $path == '/etc' ]]; then
	:
	elif [[ -L $i ]]; then
	symlinks+=(--symlink "$(/nix/store/qmn7m3wk8b1v1ljhb2dzyjh41d6ingp6-coreutils-9.0/bin/readlink "$i")" "$path")
	blacklist+=("$path")
	else
	ro_mounts+=(--ro-bind "$i" "$path")
	blacklist+=("$path")
	fi
	done

	if [[ -d /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc ]]; then
	for i in /nix/store/af2jm007nws9xvwwa9vqzri7g0gg3f1s-steam-run-fhs/etc/*; do
	path="/${i##*/}"
	# NOTE: we're binding /etc/fonts and /etc/ssl/certs from the host so we
	# don't want to override it with a path from the FHS environment.
	if [[ $path == '/fonts' \|\| $path == '/ssl' ]]; then
	continue
	fi
	ro_mounts+=(--ro-bind "$i" "/etc$path")
	done
	fi

	declare -a auto_mounts
	# loop through all directories in the root
	for dir in /*; do
	# if it is a directory and it is not in the blacklist
	if [[ -d "$dir" ]] && [[ ! "${blacklist[@]}" =~ "$dir" ]]; then
	# add it to the mount list
	auto_mounts+=(--bind "$dir" "$dir")
	fi
	done

	cmd=(
	/nix/store/qyypaxg1yawp42jljl3jrhv0f37vp3gk-bubblewrap-0.5.0/bin/bwrap
	--dev-bind /dev /dev
	--proc /proc
	--chdir "$(pwd)"
	--unshare-user



	--unshare-uts
	--unshare-cgroup
	--die-with-parent
	--ro-bind /nix /nix
	# Our glibc will look for the cache in its own path in `/nix/store`.
	# As such, we need a cache to exist there, because pressure-vessel
	# depends on the existence of an ld cache. However, adding one
	# globally proved to be a bad idea (see #100655), the solution we
	# settled on being mounting one via bwrap.
	# Also, the cache needs to go to both 32 and 64 bit glibcs, for games
	# of both architectures to work.
	--tmpfs /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
	--symlink /etc/ld.so.conf /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.conf \
	--symlink /etc/ld.so.cache /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/ld.so.cache \
	--ro-bind /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc/rpc \
	--remount-ro /nix/store/2zchy9mdx3kk166i98cx5sriq2c1bdsn-glibc-2.33-55/etc \
	--tmpfs /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
	--symlink /etc/ld.so.conf /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.conf \
	--symlink /etc/ld.so.cache /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/ld.so.cache \
	--ro-bind /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc/rpc \
	--remount-ro /nix/store/k6vj0zyqqhpqzmn32jb4hbxgazkz23pr-glibc-2.33-55/etc \
	--ro-bind-try /etc/static /etc/static
	--ro-bind-try /etc/nix /etc/nix
	--ro-bind-try /etc/bashrc /etc/bashrc
	--ro-bind-try /etc/zshenv /etc/zshenv
	--ro-bind-try /etc/zshrc /etc/zshrc
	--ro-bind-try /etc/zinputrc /etc/zinputrc
	--ro-bind-try /etc/zprofile /etc/zprofile
	--ro-bind-try /etc/passwd /etc/passwd
	--ro-bind-try /etc/group /etc/group
	--ro-bind-try /etc/shadow /etc/shadow
	--ro-bind-try /etc/hosts /etc/hosts
	--ro-bind-try /etc/resolv.conf /etc/resolv.conf
	--ro-bind-try /etc/nsswitch.conf /etc/nsswitch.conf
	--ro-bind-try /etc/profiles /etc/profiles
	--ro-bind-try /etc/login.defs /etc/login.defs
	--ro-bind-try /etc/sudoers /etc/sudoers
	--ro-bind-try /etc/sudoers.d /etc/sudoers.d
	--ro-bind-try /etc/localtime /etc/localtime
	--ro-bind-try /etc/zoneinfo /etc/zoneinfo
	--ro-bind-try /etc/machine-id /etc/machine-id
	--ro-bind-try /etc/os-release /etc/os-release
	--ro-bind-try /etc/pam.d /etc/pam.d
	--ro-bind-try /etc/fonts /etc/fonts
	--ro-bind-try /etc/alsa /etc/alsa
	--ro-bind-try /etc/asound.conf /etc/asound.conf
	--ro-bind-try /etc/ssl/certs /etc/ssl/certs
	--ro-bind-try /etc/pki /etc/pki
	"${ro_mounts[@]}"
	"${symlinks[@]}"
	"${auto_mounts[@]}"
	/nix/store/chj84h84j2wcf3a0b4lrys31bm28zhym-steam-run-init/bin/steam-run-init "$@"
	)
	exec "${cmd[@]}"