This combined with su makes it possible to automatically start a user
environment with sakaya-server running, thus eliminating the need to
spawn a shell with machinectl.
This works, which is pretty cool. One unfortunate consequence is that
networking with the host is required, thus an alternative approach needs
to be considered if one still wants to eliminate internet access from
certain wine applications.
wineWowPackages.stagingFull has better compatibility than waylandFull
and runs more applications without black screens. The difference between
stagingFull and wine-ge is that wine-ge doesn't crash when encountering
an error like ELFCLASS64 and usually opens windows larger and
fullscreen-like.
The reason stagingFull is preferred over wine-ge in this case is that
stagingFull is a part of nixpkgs and doesn't suffer from a black screen
bug when a hidden menu pushes the content in the window viewport down.
Additionally, although wine-ge avoids crashes in more cases, this
results in applications running that may or may not fully work, and
sometimes results in black screens where there should be graphics
instead.
This was a different wine version that let me achieve better
compatibility with Unity3D programs. Although it doesn't crash when
encountering a ELFCLASS64 error, for example, it does have other issues
like a black screen flash when opening a hidden menu (the kind that
become available with the alt key on a keyboard).
This fixes an issue where containers caused the boot process to slow
down, especially those that relied on mounting directories only
available once a graphical session has already started.
I figured out how to get wine working on Nix, and it works surprisingly
well, however I'd like to avoid programs from writing wherever they want
and don't want to rely on a solution like firejail.
As it turns out, systemd-nspawn containers enable us to run wine applications
in a reasonably private container without access to neither the files of the
host nor its internet connection.