From 1fe4161d4d05b4160f1ba7cae7d29fdc06ff768d Mon Sep 17 00:00:00 2001
From: enricobuehler <buehler@unom.io>
Date: Sun, 21 Jun 2026 10:29:40 +0000
Subject: [PATCH] feat(steamdeck): --no-gamestream installer flag for a secure
 native-only SteamOS host
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Completes the GameStream-opt-in posture (54b75c9) on the SteamOS path: the installer keeps
Moonlight compat on by default (`serve --gamestream`, the Deck commonly streams to Moonlight),
but `--no-gamestream` now installs a secure native-only host with no GameStream on-path surface
(plain-HTTP pairing / legacy GCM nonce reuse — security-review #5/#9; native clients only).
Documented in the installer --help; the SteamOS host doc references it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 scripts/steamdeck/install.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/scripts/steamdeck/install.sh b/scripts/steamdeck/install.sh
index 1174346..7f174ae 100755
--- a/scripts/steamdeck/install.sh
+++ b/scripts/steamdeck/install.sh
@@ -10,7 +10,8 @@
 # Run it on the Deck (Desktop Mode "Konsole", or over ssh). Idempotent — safe to re-run to update
 # config or pick up new options. To rebuild after pulling new source, use update.sh.
 #
-#   bash scripts/steamdeck/install.sh                 # secure default: PIN pairing required
+#   bash scripts/steamdeck/install.sh                 # PIN pairing required; Moonlight compat ON
+#   bash scripts/steamdeck/install.sh --no-gamestream # SECURE native-only (no Moonlight/#5/#9 surface)
 #   bash scripts/steamdeck/install.sh --open          # trusted LAN: accept unpaired clients (TOFU)
 #   bash scripts/steamdeck/install.sh --no-web        # skip the management web console
 #   PUNKTFUNK_SRC=~/src/punktfunk bash scripts/steamdeck/install.sh   # source elsewhere
@@ -31,10 +32,12 @@ MGMT_PORT="${PUNKTFUNK_MGMT_PORT:-47990}"
 WEB_PORT="${PUNKTFUNK_WEB_PORT:-3000}"
 OPEN=0
 WITH_WEB=1
+GAMESTREAM=1 # Moonlight/GameStream compat on by default; --no-gamestream for a secure native-only host
 for arg in "$@"; do
     case "$arg" in
         --open) OPEN=1 ;;
         --no-web) WITH_WEB=0 ;;
+        --no-gamestream) GAMESTREAM=0 ;;
         --src=*) SRC="${arg#--src=}" ;;
         -h|--help) sed -n '2,20p' "$0"; exit 0 ;;
         *) die "unknown option: $arg (try --help)" ;;
@@ -170,9 +173,11 @@ fi
 # --- 5. systemd user services ---------------------------------------------
 log "Installing systemd user services"
 mkdir -p "$UNITS"
-# --gamestream keeps the Moonlight-compat planes (the Deck commonly streams to Moonlight too); drop
-# it for a secure native-only host (no #5/#9 surface — native clients only).
-SERVE_ARGS="serve --gamestream --mgmt-bind 0.0.0.0:$MGMT_PORT"
+# The native punktfunk/1 plane is always on; --gamestream additionally enables the Moonlight-compat
+# planes (the Deck commonly streams to Moonlight too). --no-gamestream → secure native-only (no #5/#9
+# surface; native clients only).
+SERVE_ARGS="serve --mgmt-bind 0.0.0.0:$MGMT_PORT"
+[ "$GAMESTREAM" = 1 ] && SERVE_ARGS="$SERVE_ARGS --gamestream"
 [ "$OPEN" = 1 ] && SERVE_ARGS="$SERVE_ARGS --open"
 cat > "$UNITS/punktfunk-host.service" <<EOF
 # Generated by scripts/steamdeck/install.sh — punktfunk Steam Deck host (native binary).