From 604ebc1356c204a267e230bd5090505e119d1814 Mon Sep 17 00:00:00 2001
From: Val Packett <val@invisiblethingslab.com>
Date: Fri, 27 Feb 2026 02:51:07 -0300
Subject: [PATCH] [BREAKING] Switch to virtgpu-based D-Bus tunneling

This introduces support for drag&drop and printing portals, and later
camera/screencasting should be possible as well. However we break
backwards compatibility with already built closures because the
nixosModule needs to be changed.

In the next commit, the runtime environment related services will be
removed from the nixosModule to prevent unnecessary future breakage.
---
 flake.lock               | 14 +++++++-------
 flake.nix                |  6 ++----
 munix                    | 26 ++++++++++++++++++--------
 nixosModules/default.nix |  7 +++----
 4 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/flake.lock b/flake.lock
index 84f1720..165ec30 100644
--- a/flake.lock
+++ b/flake.lock
@@ -40,17 +40,17 @@
     "muvm-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1769336998,
-        "narHash": "sha256-ZFtAYwr3AaD8WsDmXJ6eU12UojzfMm50UBWmWIXstl0=",
+        "lastModified": 1772176363,
+        "narHash": "sha256-aSWulv3ml4XmMYnFOkZCd2YBLIY0Rr8CUHK1NDYk5jw=",
         "owner": "valpackett",
         "repo": "muvm",
-        "rev": "ae7dbd49aac04e9732a14a424572e99a81eb1298",
+        "rev": "c68742bcedb96deb6f23ed5a83188022d1cdf71d",
         "type": "github"
       },
       "original": {
         "owner": "valpackett",
         "repo": "muvm",
-        "rev": "ae7dbd49aac04e9732a14a424572e99a81eb1298",
+        "rev": "c68742bcedb96deb6f23ed5a83188022d1cdf71d",
         "type": "github"
       }
     },
@@ -89,10 +89,10 @@
         ]
       },
       "locked": {
-        "lastModified": 1770365107,
-        "narHash": "sha256-rp2hDKF3pwHN0lBr09ckMNaMSJnwNolQmiad8C7u41Q=",
+        "lastModified": 1772183103,
+        "narHash": "sha256-9jbqBtaLUdOeT95PVUMz45JdUpVeJ25ZYZHEOQn9XsI=",
         "ref": "main",
-        "rev": "26261306592f6173fb844083b396bebf8140cb2b",
+        "rev": "c42eaef55440e2594677ede5279bd8c3eaf128f2",
         "shallow": true,
         "type": "git",
         "url": "https://git.clan.lol/clan/sidebus"
diff --git a/flake.nix b/flake.nix
index 84c3166..e7904a2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,7 +16,7 @@
 
     # To override with local checkouts during development, use the --override-input CLI flag!
     muvm-src = {
-      url = "github:valpackett/muvm/ae7dbd49aac04e9732a14a424572e99a81eb1298"; # v0.5.0+custom-init
+      url = "github:valpackett/muvm/c68742bcedb96deb6f23ed5a83188022d1cdf71d"; # v0.5.0+custom-init+dbus
       flake = false;
     };
     libkrun-src = {
@@ -49,7 +49,7 @@
       flake = {
         nixosModules.testvm = nixpkgs.lib.modules.importApply ./nixosModules/testvm.nix { };
         nixosModules.default = nixpkgs.lib.modules.importApply ./nixosModules/default.nix {
-          inherit self sidebus;
+          inherit self;
         };
 
         templates.musictest = {
@@ -124,8 +124,6 @@
               sidebus-broker = sidebus.packages.${system}.sidebus-broker;
             };
 
-            sidebus-agent = sidebus.packages.${system}.sidebus-agent;
-
             wl-cross-domain-proxy = pkgs.callPackage ./packages/wl-cross-domain-proxy { };
           };
 
diff --git a/munix b/munix
index 4f26980..ecd7920 100755
--- a/munix
+++ b/munix
@@ -10,6 +10,7 @@ MICROVM_UID=1337
 MICROVM_GID=1337
 BWRAP_ARGS=()
 MUVM_ARGS=()
+SIDEBUS_ARGS=()
 GPU=1
 WAYLAND=1
 PIPEWIRE=1
@@ -31,10 +32,10 @@ while [ "$#" -gt 0 ]; do
     --no-pipewire) PIPEWIRE=0; shift 1;;
     --no-env-defaults) ENV_DEFAULTS=0; shift 1;;
     --x11) X11=1; shift 1;;
-    -b|--bind) BWRAP_ARGS+=("--bind" "$2" "$3"); shift 3;;
-    --ro-bind) BWRAP_ARGS+=("--ro-bind" "$2" "$3"); shift 3;;
-    -e|--expose) BWRAP_ARGS+=("--bind" "$2" "$2"); shift 2;;
-    --ro-expose) BWRAP_ARGS+=("--ro-bind" "$2" "$2"); shift 2;;
+    -b|--bind) BWRAP_ARGS+=("--bind" "$2" "$3"); SIDEBUS_ARGS+=("--path-mapping" "$3=$2"); shift 3;;
+    --ro-bind) BWRAP_ARGS+=("--ro-bind" "$2" "$3"); SIDEBUS_ARGS+=("--path-mapping" "$3=$2"); shift 3;;
+    -e|--expose) BWRAP_ARGS+=("--bind" "$2" "$2"); SIDEBUS_ARGS+=("--path-mapping" "$2=$2"); shift 2;;
+    --ro-expose) BWRAP_ARGS+=("--ro-bind" "$2" "$2"); SIDEBUS_ARGS+=("--path-mapping" "$2=$2"); shift 2;;
     -p|--publish) USING_PUBLISH=1; MUVM_ARGS+=("--publish=$2"); shift 2;;
     --host-opengl-driver) HOST_OPENGL_DRIVER="$2"; shift 2;;
     --munix-bin-dir) SCRIPT_PATH="$2"; shift 2;;
@@ -186,12 +187,20 @@ trap cleanup EXIT INT TERM
 HOST_RUNTIME_DIR="$XDG_RUNTIME_DIR/munix.$$"
 mkdir -p $HOST_RUNTIME_DIR
 rm $HOST_RUNTIME_DIR/*
-sidebus-broker --guest-mountpoint /mnt/munix-doc-portal/doc --runtime-dir "$HOST_RUNTIME_DIR" --unix-path "$HOST_RUNTIME_DIR/port.sock" >/dev/null 2>&1 &
+mkdir -p "$HOST_RUNTIME_DIR/home"
+RUST_LOG=debug sidebus-broker \
+  --path-mapping "/home=$HOST_RUNTIME_DIR/home" \
+  "${SIDEBUS_ARGS[@]}" \
+  --guest-mountpoint /mnt/munix-doc-portal/doc \
+  --runtime-dir "$HOST_RUNTIME_DIR" \
+  --unix-path "$HOST_RUNTIME_DIR/port.sock" & # >/dev/null 2>&1 &
 BG_PIDS+=("$!")
 while [ ! -S "$HOST_RUNTIME_DIR/port.sock" ]; do sleep 0.1; done
-BWRAP_ARGS+=(
+BWRAP_ARGS=( # prepend home mount before other mounts to not override custom bind mounts under /home
+  --bind "$HOST_RUNTIME_DIR/home" /home
+  "${BWRAP_ARGS[@]}"
   --bind "$HOST_RUNTIME_DIR" /mnt/munix-doc-portal
-  --bind "$HOST_RUNTIME_DIR/port.sock" "$XDG_RUNTIME_DIR/krun/socket/port-50000"
+  --setenv "RUTABAGA_DBUS_CLIENT_SOCKET" /mnt/munix-doc-portal/port.sock
 )
 if [ "$ENV_DEFAULTS" -eq 1 ]; then
   MUVM_ARGS+=(
@@ -221,6 +230,7 @@ bwrap --unshare-all --share-net \
   --ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-remote \
   --ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-configure-network \
   --ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-pwbridge \
+  --ro-bind "$MUVM_PATH/muvm-guest" /opt/bin/muvm-dbusbridge \
   --symlink "$MICROVM_CLOSURE/etc" /etc \
   --symlink "$MICROVM_CLOSURE/sw/bin/sh" /bin/sh \
   --symlink "$MICROVM_CLOSURE/sw/bin/env" /usr/bin/env \
@@ -232,7 +242,7 @@ bwrap --unshare-all --share-net \
   --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \
   "${BWRAP_ARGS[@]}" \
   muvm \
-    --custom-init-cmdline "/opt/bin/micro-activate $MICROVM_CLOSURE/sw/sbin/init --log-target=console systemd.set_credential=sidebus.port:50000" \
+    --custom-init-cmdline "/opt/bin/micro-activate $MICROVM_CLOSURE/sw/sbin/init --log-target=console" \
     "${MUVM_ARGS[@]}" \
     -e container=munix \
     -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \
diff --git a/nixosModules/default.nix b/nixosModules/default.nix
index 15a5a08..e670144 100644
--- a/nixosModules/default.nix
+++ b/nixosModules/default.nix
@@ -1,6 +1,5 @@
 {
   self,
-  sidebus,
 }:
 {
   pkgs,
@@ -282,16 +281,16 @@ in
         Group = "appvm";
       };
     };
-    systemd.services.sidebus-agent = {
+    systemd.services.session-bus-bridge = {
       enable = true;
       description = "D-Bus session bus";
       wantedBy = ["microvm.target"];
       requires = ["session-bus.socket" "session-bus.service"];
       after = ["session-bus.service"];
       serviceConfig = {
-        ImportCredential = "sidebus.port";
         Environment = ["DBUS_SESSION_BUS_ADDRESS=unix:path=${runtimeDir}/dbus.sock"];
-        ExecStart = "${sidebus.packages.${system}.sidebus-agent}/bin/sidebus-agent";
+        ExecStartPre = "+/run/current-system/sw/bin/chmod 0666 /dev/dri/card0 /dev/dri/renderD128";
+        ExecStart = "/opt/bin/muvm-dbusbridge";
         User = "appvm";
         Group = "appvm";
       };