Add sidebus integration

devShells/default.nix

@@ -1,4 +1,4 @@
-{ mkShell, lib, systemd, cargo, rust-analyzer, rustfmt, passt, bubblewrap, libkrun, muvm }:
+{ mkShell, lib, systemd, cargo, rust-analyzer, rustfmt, passt, bubblewrap, libkrun, muvm, sidebus-broker }:
 
 let
   projects = [ libkrun muvm ];
@@ -12,5 +12,6 @@ in mkShell {
     rustfmt
     passt
     bubblewrap
+    sidebus-broker
   ];
 }

flake.lock

@@ -22,6 +22,24 @@
       "inputs": {
         "systems": "systems_2"
       },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_3"
+      },
       "locked": {
         "lastModified": 1710146030,
         "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@@ -56,9 +74,55 @@
       "inputs": {
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs",
+        "sidebus": "sidebus",
         "virtwl": "virtwl"
       }
     },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "sidebus",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763087910,
+        "narHash": "sha256-eB9Z1mWd1U6N61+F8qwDggX0ihM55s4E0CluwNukJRU=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "cf4a68749733d45c0420726596367acd708eb2e8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "sidebus": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1763111523,
+        "narHash": "sha256-IVhoKXRTU46W94zfdx9QAJk806RXMfWhxG8bJBzIoyg=",
+        "ref": "main",
+        "rev": "fa0bf056d03d764ca742e89018a0e38d52db9473",
+        "shallow": true,
+        "type": "git",
+        "url": "https://git.clan.lol/clan/sidebus"
+      },
+      "original": {
+        "ref": "main",
+        "shallow": true,
+        "type": "git",
+        "url": "https://git.clan.lol/clan/sidebus"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -89,9 +153,24 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "virtwl": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixpkgs"
         ]

flake.nix

@@ -11,11 +11,13 @@
     flake-utils.url = "github:numtide/flake-utils";
     virtwl.url = "git+https://github.com/valpackett/wayland-proxy-virtwl?shallow=1&submodules=1&ref=wip";
     virtwl.inputs.nixpkgs.follows = "nixpkgs";
+    sidebus.url = "git+https://git.clan.lol/clan/sidebus?shallow=1&ref=main";
+    sidebus.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, nixpkgs, flake-utils, virtwl, ... }: {
+  outputs = { self, nixpkgs, flake-utils, virtwl, sidebus, ... }: {
     nixosModules.testvm = nixpkgs.lib.modules.importApply ./nixosModules/testvm.nix { inherit virtwl; };
-    nixosModules.default = nixpkgs.lib.modules.importApply ./nixosModules/default.nix { inherit self virtwl; };
+    nixosModules.default = nixpkgs.lib.modules.importApply ./nixosModules/default.nix { inherit self virtwl sidebus; };
 
     nixosConfigurations.testvm-x86_64 = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
@@ -69,12 +71,14 @@
 
           munix = pkgs.callPackage ./packages/munix {
             muvm = self.packages.${system}.muvm;
+            sidebus-broker = sidebus.packages.${system}.sidebus-broker;
           };
         };
 
         devShells.default = pkgs.callPackage ./devShells {
           libkrun = self.packages.${system}.libkrun;
           muvm = self.packages.${system}.muvm;
+          sidebus-broker = sidebus.packages.${system}.sidebus-broker;
         };
       });
 }

munix

@@ -131,10 +131,37 @@ else
   unset DISPLAY XAUTHORITY
 fi
 
-exec bwrap --unshare-all --share-net \
+declare -a BG_PIDS
+
+cleanup() {
+    for pid in "${BG_PIDS[@]}"; do
+        if kill -0 "$pid" 2>/dev/null; then
+            echo "Killing process $pid"
+            kill -INT "$pid"
+            wait "$pid" 2>/dev/null
+        fi
+    done
+    exit
+}
+
+trap cleanup EXIT INT TERM
+
+HOST_RUNTIME_DIR="$XDG_RUNTIME_DIR/munix.$$"
+mkdir -p $HOST_RUNTIME_DIR
+rm $HOST_RUNTIME_DIR/*
+sidebus-broker --guest-mountpoint /mnt/munix-doc-portal/doc --runtime-dir "$HOST_RUNTIME_DIR" --unix-path "$HOST_RUNTIME_DIR/port.sock" >/dev/null 2>&1 &
+BG_PIDS+=("$!")
+while [ ! -S "$HOST_RUNTIME_DIR/port.sock" ]; do sleep 0.1; done
+BWRAP_ARGS+=(
+  --bind "$HOST_RUNTIME_DIR" /mnt/munix-doc-portal
+  --bind "$HOST_RUNTIME_DIR/port.sock" "$XDG_RUNTIME_DIR/krun/socket/port-50000"
+)
+
+# do not 'exec' because of cleanup :)
+bwrap --unshare-all --share-net \
   --uid $MICROVM_UID --gid $MICROVM_GID \
   --tmpfs / \
-  --dir /run --dir /var --symlink /run /var/run --dir /tmp \
+  --dir /run --dir /var --symlink /run /var/run --dir /tmp --dir /mnt \
   --proc /proc --ro-bind /sys /sys \
   --dev /dev --dir /dev/input --dev-bind /dev/kvm /dev/kvm \
   --ro-bind "$MUVM_PATH" /run/munix/muvm \
@@ -152,7 +179,7 @@ exec bwrap --unshare-all --share-net \
   --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \
   "${BWRAP_ARGS[@]}" \
   muvm \
-    --custom-init-cmdline "$MICROVM_CLOSURE/sw/sbin/init --log-target=console" \
+    --custom-init-cmdline "$MICROVM_CLOSURE/sw/sbin/init --log-target=console systemd.set_credential=sidebus.port:50000" \
     "${MUVM_ARGS[@]}" \
     -e container=munix \
     -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \
@@ -169,5 +196,3 @@ nogroup:x:65534:
 EOF
 ) \
   13< /etc/resolv.conf
-
-#  --log-level=debug

nixosModules/default.nix

@@ -1,4 +1,4 @@
-{ self, virtwl }:
+{ self, virtwl, sidebus }:
 { pkgs, lib, utils, config, ... }: let
   useTTY = {
     TTYPath = "/dev/hvc0";
@@ -130,7 +130,12 @@ in {
     serviceConfig = {
       Type = "exec";
       PassEnvironment = ["TERM" "MUVM_REMOTE_CONFIG"]; # "KRUN_CONFIG"];
-      Environment = ["XDG_RUNTIME_DIR=${runtimeDir}" "WAYLAND_DISPLAY=wayland-1" "PATH=/run/current-system/sw/bin"];
+      Environment = [
+        "XDG_RUNTIME_DIR=${runtimeDir}"
+        "WAYLAND_DISPLAY=wayland-1"
+        "DBUS_SESSION_BUS_ADDRESS=unix:path=${runtimeDir}/sidebus.sock"
+        "PATH=/run/current-system/sw/bin"
+      ];
       User = "appvm";
       Group = "appvm";
       ExecStart = "/opt/bin/muvm-remote";
@@ -179,6 +184,7 @@ in {
       ];
     };
   };
+
   systemd.sockets.wayland-proxy-virtwl = {
     enable = true;
     description = "Wayland cross-domain proxy socket";
@@ -204,6 +210,30 @@ in {
     };
   };
 
+  systemd.sockets.sidebus-agent = {
+    enable = true;
+    description = "D-Bus cross-domain proxy socket";
+    wantedBy = ["microvm.target"];
+    partOf = ["sidebus-agent.service"];
+    listenStreams = [ "${runtimeDir}/sidebus.sock" ];
+    socketConfig = {
+      SocketUser = "appvm";
+      SocketGroup = "appvm";
+    };
+  };
+  systemd.services.sidebus-agent = {
+    enable = true;
+    description = "D-Bus cross-domain proxy";
+    requires = ["sidebus-agent.socket"];
+    serviceConfig = {
+      ImportCredential = "sidebus.port";
+      ExecStartPre = "/run/current-system/sw/bin/env";
+      ExecStart = "${sidebus.packages.${pkgs.system}.sidebus-agent}/bin/sidebus-agent";
+      User = "appvm";
+      Group = "appvm";
+    };
+  };
+
   hardware.graphics.enable = true;
   hardware.graphics.package = self.packages.${pkgs.system}.mesa;
 }

packages/munix/default.nix

@@ -1,4 +1,4 @@
-{ writeScriptBin, symlinkJoin, makeWrapper, muvm, passt, bubblewrap }:
+{ writeScriptBin, symlinkJoin, makeWrapper, muvm, passt, bubblewrap, sidebus-broker }:
 
 let
   munixScript = (writeScriptBin "munix" (builtins.readFile ../../munix)).overrideAttrs(old: {
@@ -6,7 +6,7 @@ let
   });
 in symlinkJoin {
   name = "munix";
-  paths = [ munixScript muvm passt bubblewrap ];
+  paths = [ munixScript muvm passt bubblewrap sidebus-broker ];
   buildInputs = [ makeWrapper ];
   postBuild = ''
     wrapProgram $out/bin/munix --prefix PATH : $out/bin