From 9f0f835fce6efa3054a65448bfeefd62df2360cf Mon Sep 17 00:00:00 2001 From: Val Packett Date: Fri, 14 Nov 2025 06:20:44 -0300 Subject: [PATCH] Add sidebus integration --- devShells/default.nix | 3 +- flake.lock | 81 +++++++++++++++++++++++++++++++++++++- flake.nix | 8 +++- munix | 35 +++++++++++++--- nixosModules/default.nix | 34 +++++++++++++++- packages/munix/default.nix | 4 +- 6 files changed, 152 insertions(+), 13 deletions(-) diff --git a/devShells/default.nix b/devShells/default.nix index 9cc518d..7648228 100644 --- a/devShells/default.nix +++ b/devShells/default.nix @@ -1,4 +1,4 @@ -{ mkShell, lib, systemd, cargo, rust-analyzer, rustfmt, passt, bubblewrap, libkrun, muvm }: +{ mkShell, lib, systemd, cargo, rust-analyzer, rustfmt, passt, bubblewrap, libkrun, muvm, sidebus-broker }: let projects = [ libkrun muvm ]; @@ -12,5 +12,6 @@ in mkShell { rustfmt passt bubblewrap + sidebus-broker ]; } diff --git a/flake.lock b/flake.lock index d60e81e..ac9f9ce 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,24 @@ "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -56,9 +74,55 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", + "sidebus": "sidebus", "virtwl": "virtwl" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "sidebus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763087910, + "narHash": "sha256-eB9Z1mWd1U6N61+F8qwDggX0ihM55s4E0CluwNukJRU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "cf4a68749733d45c0420726596367acd708eb2e8", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sidebus": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1763111523, + "narHash": "sha256-IVhoKXRTU46W94zfdx9QAJk806RXMfWhxG8bJBzIoyg=", + "ref": "main", + "rev": "fa0bf056d03d764ca742e89018a0e38d52db9473", + "shallow": true, + "type": "git", + "url": "https://git.clan.lol/clan/sidebus" + }, + "original": { + "ref": "main", + "shallow": true, + "type": "git", + "url": "https://git.clan.lol/clan/sidebus" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -89,9 +153,24 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "virtwl": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index c06aa16..5ac3b0f 100644 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,13 @@ flake-utils.url = "github:numtide/flake-utils"; virtwl.url = "git+https://github.com/valpackett/wayland-proxy-virtwl?shallow=1&submodules=1&ref=wip"; virtwl.inputs.nixpkgs.follows = "nixpkgs"; + sidebus.url = "git+https://git.clan.lol/clan/sidebus?shallow=1&ref=main"; + sidebus.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, flake-utils, virtwl, ... }: { + outputs = { self, nixpkgs, flake-utils, virtwl, sidebus, ... }: { nixosModules.testvm = nixpkgs.lib.modules.importApply ./nixosModules/testvm.nix { inherit virtwl; }; - nixosModules.default = nixpkgs.lib.modules.importApply ./nixosModules/default.nix { inherit self virtwl; }; + nixosModules.default = nixpkgs.lib.modules.importApply ./nixosModules/default.nix { inherit self virtwl sidebus; }; nixosConfigurations.testvm-x86_64 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -69,12 +71,14 @@ munix = pkgs.callPackage ./packages/munix { muvm = self.packages.${system}.muvm; + sidebus-broker = sidebus.packages.${system}.sidebus-broker; }; }; devShells.default = pkgs.callPackage ./devShells { libkrun = self.packages.${system}.libkrun; muvm = self.packages.${system}.muvm; + sidebus-broker = sidebus.packages.${system}.sidebus-broker; }; }); } diff --git a/munix b/munix index 4c5e9c4..649f1ba 100755 --- a/munix +++ b/munix @@ -131,10 +131,37 @@ else unset DISPLAY XAUTHORITY fi -exec bwrap --unshare-all --share-net \ +declare -a BG_PIDS + +cleanup() { + for pid in "${BG_PIDS[@]}"; do + if kill -0 "$pid" 2>/dev/null; then + echo "Killing process $pid" + kill -INT "$pid" + wait "$pid" 2>/dev/null + fi + done + exit +} + +trap cleanup EXIT INT TERM + +HOST_RUNTIME_DIR="$XDG_RUNTIME_DIR/munix.$$" +mkdir -p $HOST_RUNTIME_DIR +rm $HOST_RUNTIME_DIR/* +sidebus-broker --guest-mountpoint /mnt/munix-doc-portal/doc --runtime-dir "$HOST_RUNTIME_DIR" --unix-path "$HOST_RUNTIME_DIR/port.sock" >/dev/null 2>&1 & +BG_PIDS+=("$!") +while [ ! -S "$HOST_RUNTIME_DIR/port.sock" ]; do sleep 0.1; done +BWRAP_ARGS+=( + --bind "$HOST_RUNTIME_DIR" /mnt/munix-doc-portal + --bind "$HOST_RUNTIME_DIR/port.sock" "$XDG_RUNTIME_DIR/krun/socket/port-50000" +) + +# do not 'exec' because of cleanup :) +bwrap --unshare-all --share-net \ --uid $MICROVM_UID --gid $MICROVM_GID \ --tmpfs / \ - --dir /run --dir /var --symlink /run /var/run --dir /tmp \ + --dir /run --dir /var --symlink /run /var/run --dir /tmp --dir /mnt \ --proc /proc --ro-bind /sys /sys \ --dev /dev --dir /dev/input --dev-bind /dev/kvm /dev/kvm \ --ro-bind "$MUVM_PATH" /run/munix/muvm \ @@ -152,7 +179,7 @@ exec bwrap --unshare-all --share-net \ --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \ "${BWRAP_ARGS[@]}" \ muvm \ - --custom-init-cmdline "$MICROVM_CLOSURE/sw/sbin/init --log-target=console" \ + --custom-init-cmdline "$MICROVM_CLOSURE/sw/sbin/init --log-target=console systemd.set_credential=sidebus.port:50000" \ "${MUVM_ARGS[@]}" \ -e container=munix \ -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \ @@ -169,5 +196,3 @@ nogroup:x:65534: EOF ) \ 13< /etc/resolv.conf - -# --log-level=debug diff --git a/nixosModules/default.nix b/nixosModules/default.nix index a69ba3d..03e3cea 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -1,4 +1,4 @@ -{ self, virtwl }: +{ self, virtwl, sidebus }: { pkgs, lib, utils, config, ... }: let useTTY = { TTYPath = "/dev/hvc0"; @@ -130,7 +130,12 @@ in { serviceConfig = { Type = "exec"; PassEnvironment = ["TERM" "MUVM_REMOTE_CONFIG"]; # "KRUN_CONFIG"]; - Environment = ["XDG_RUNTIME_DIR=${runtimeDir}" "WAYLAND_DISPLAY=wayland-1" "PATH=/run/current-system/sw/bin"]; + Environment = [ + "XDG_RUNTIME_DIR=${runtimeDir}" + "WAYLAND_DISPLAY=wayland-1" + "DBUS_SESSION_BUS_ADDRESS=unix:path=${runtimeDir}/sidebus.sock" + "PATH=/run/current-system/sw/bin" + ]; User = "appvm"; Group = "appvm"; ExecStart = "/opt/bin/muvm-remote"; @@ -179,6 +184,7 @@ in { ]; }; }; + systemd.sockets.wayland-proxy-virtwl = { enable = true; description = "Wayland cross-domain proxy socket"; @@ -204,6 +210,30 @@ in { }; }; + systemd.sockets.sidebus-agent = { + enable = true; + description = "D-Bus cross-domain proxy socket"; + wantedBy = ["microvm.target"]; + partOf = ["sidebus-agent.service"]; + listenStreams = [ "${runtimeDir}/sidebus.sock" ]; + socketConfig = { + SocketUser = "appvm"; + SocketGroup = "appvm"; + }; + }; + systemd.services.sidebus-agent = { + enable = true; + description = "D-Bus cross-domain proxy"; + requires = ["sidebus-agent.socket"]; + serviceConfig = { + ImportCredential = "sidebus.port"; + ExecStartPre = "/run/current-system/sw/bin/env"; + ExecStart = "${sidebus.packages.${pkgs.system}.sidebus-agent}/bin/sidebus-agent"; + User = "appvm"; + Group = "appvm"; + }; + }; + hardware.graphics.enable = true; hardware.graphics.package = self.packages.${pkgs.system}.mesa; } diff --git a/packages/munix/default.nix b/packages/munix/default.nix index 13aac3e..175b82c 100644 --- a/packages/munix/default.nix +++ b/packages/munix/default.nix @@ -1,4 +1,4 @@ -{ writeScriptBin, symlinkJoin, makeWrapper, muvm, passt, bubblewrap }: +{ writeScriptBin, symlinkJoin, makeWrapper, muvm, passt, bubblewrap, sidebus-broker }: let munixScript = (writeScriptBin "munix" (builtins.readFile ../../munix)).overrideAttrs(old: { @@ -6,7 +6,7 @@ let }); in symlinkJoin { name = "munix"; - paths = [ munixScript muvm passt bubblewrap ]; + paths = [ munixScript muvm passt bubblewrap sidebus-broker ]; buildInputs = [ makeWrapper ]; postBuild = '' wrapProgram $out/bin/munix --prefix PATH : $out/bin