clan-sidebus/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    inputs@{ flake-parts, ... }:
    flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
      ];

      perSystem =
        {
          pkgs,
          system,
          ...
        }:
        let
          overlays = [ (import inputs.rust-overlay) ];
          pkgs' = import inputs.nixpkgs {
            inherit system overlays;
          };

          buildEnvVars = {
            BIN_XDG_PERMISSION_STORE = "${pkgs.xdg-desktop-portal}/libexec/xdg-permission-store";
            BIN_XDG_DOCUMENT_PORTAL = "${pkgs.xdg-desktop-portal}/libexec/xdg-document-portal";
            BIN_VIRTIOFSD = "${pkgs.virtiofsd}/bin/virtiofsd";
          };

          rustToolchain = pkgs'.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
          rustPlatform = pkgs'.makeRustPlatform {
            cargo = rustToolchain;
            rustc = rustToolchain;
          };

          rustPackage =
            crate:
            let
              cargoToml = builtins.fromTOML (builtins.readFile ./${crate}/Cargo.toml);
            in
            rustPlatform.buildRustPackage {
              inherit (cargoToml.package) name version;
              src = ./.;
              cargoLock.lockFile = ./Cargo.lock;
              cargoLock.outputHashes = {
                "zbus-5.9.0" = "sha256-uaHPHdmDWYy0jeKPd0/eCUupID2tswGHmEmscp6fCII=";
                "busd-0.4.0" = "sha256-hIvjt3v6AYc7URLFknXTmSc+NdxOlN/2RGXVsuoNgA4=";
              };
              buildAndTestSubdir = crate;
              env = buildEnvVars;
            };
        in
        {
          devShells.default = pkgs'.mkShell {
            buildInputs = [ rustToolchain ];
            env = buildEnvVars;
          };

          packages.sidebus-agent = rustPackage "sidebus-agent";
          packages.sidebus-broker = rustPackage "sidebus-broker";
        };

      flake = {
        nixosModules.sidebus-vm =
          { ... }:
          {
            environment.sessionVariables.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/sidebus.sock";
            systemd.sockets.sidebus-agent = {
              # SocketMode= is 0666 by default
              listenStreams = [ "/run/sidebus.sock" ];
              wantedBy = [ "sockets.target" ];
              documentation = [ "https://git.clan.lol/valpackett/sidebus" ];
            };
            systemd.services.sidebus-agent = {
              # TODO: confinement (can do a lot)
              serviceConfig = {
                ExecStart = throw "sidebus-vm module requires setting systemd.services.sidebus-agent.serviceConfig.ExecStart to a sidebus-agent package";
                ImportCredential = "sidebus.*";
              };
              documentation = [ "https://git.clan.lol/valpackett/sidebus" ];
            };
            systemd.mounts = [
              {
                type = "virtiofs";
                what = "vm-doc-portal";
                where = "/run/vm-doc-portal";
                wantedBy = [ "multi-user.target" ];
              }
            ];
          };
      };
    };
}
Initial commit Signed-off-by: Val Packett <val@invisiblethingslab.com> 2025-07-03 21:15:49 -03:00			`{`
			`inputs = {`
			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`flake-parts.url = "github:hercules-ci/flake-parts";`
			`flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";`
Initial commit Signed-off-by: Val Packett <val@invisiblethingslab.com> 2025-07-03 21:15:49 -03:00			`rust-overlay = {`
			`url = "github:oxalica/rust-overlay";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`};`

switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`outputs =`
			`inputs@{ flake-parts, ... }:`
			`flake-parts.lib.mkFlake { inherit inputs; } {`
			`systems = [`
			`"x86_64-linux"`
			`"aarch64-linux"`
			`];`
Implement FileChooser portal proxy with virtiofsd mount 2025-08-08 02:51:30 -03:00
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`perSystem =`
			`{`
			`pkgs,`
			`system,`
			`...`
			`}:`
			`let`
			`overlays = [ (import inputs.rust-overlay) ];`
			`pkgs' = import inputs.nixpkgs {`
			`inherit system overlays;`
			`};`
Implement FileChooser portal proxy with virtiofsd mount 2025-08-08 02:51:30 -03:00
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`buildEnvVars = {`
			`BIN_XDG_PERMISSION_STORE = "${pkgs.xdg-desktop-portal}/libexec/xdg-permission-store";`
			`BIN_XDG_DOCUMENT_PORTAL = "${pkgs.xdg-desktop-portal}/libexec/xdg-document-portal";`
			`BIN_VIRTIOFSD = "${pkgs.virtiofsd}/bin/virtiofsd";`
			`};`

			`rustToolchain = pkgs'.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;`
			`rustPlatform = pkgs'.makeRustPlatform {`
			`cargo = rustToolchain;`
			`rustc = rustToolchain;`
			`};`

			`rustPackage =`
			`crate:`
			`let`
			`cargoToml = builtins.fromTOML (builtins.readFile ./${crate}/Cargo.toml);`
			`in`
			`rustPlatform.buildRustPackage {`
			`inherit (cargoToml.package) name version;`
			`src = ./.;`
			`cargoLock.lockFile = ./Cargo.lock;`
			`cargoLock.outputHashes = {`
			`"zbus-5.9.0" = "sha256-uaHPHdmDWYy0jeKPd0/eCUupID2tswGHmEmscp6fCII=";`
			`"busd-0.4.0" = "sha256-hIvjt3v6AYc7URLFknXTmSc+NdxOlN/2RGXVsuoNgA4=";`
			`};`
			`buildAndTestSubdir = crate;`
			`env = buildEnvVars;`
Update busd git dep to include control over whether channel conns skip hello 2025-07-17 19:47:50 -03:00			`};`
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`in`
			`{`
			`devShells.default = pkgs'.mkShell {`
			`buildInputs = [ rustToolchain ];`
Implement FileChooser portal proxy with virtiofsd mount 2025-08-08 02:51:30 -03:00			`env = buildEnvVars;`
Initial commit Signed-off-by: Val Packett <val@invisiblethingslab.com> 2025-07-03 21:15:49 -03:00			`};`
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00
			`packages.sidebus-agent = rustPackage "sidebus-agent";`
			`packages.sidebus-broker = rustPackage "sidebus-broker";`
Basic vsock proxying implementation Currently just connecting to the host's session bus 2025-07-04 21:52:14 -03:00			`};`
Initial commit Signed-off-by: Val Packett <val@invisiblethingslab.com> 2025-07-03 21:15:49 -03:00
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`flake = {`
			`nixosModules.sidebus-vm =`
			`{ ... }:`
			`{`
			`environment.sessionVariables.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/sidebus.sock";`
			`systemd.sockets.sidebus-agent = {`
			`# SocketMode= is 0666 by default`
			`listenStreams = [ "/run/sidebus.sock" ];`
			`wantedBy = [ "sockets.target" ];`
			`documentation = [ "https://git.clan.lol/valpackett/sidebus" ];`
agent: use socket activation, port credential + provide nixos module 2025-07-17 23:16:39 -03:00			`};`
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`systemd.services.sidebus-agent = {`
			`# TODO: confinement (can do a lot)`
			`serviceConfig = {`
			`ExecStart = throw "sidebus-vm module requires setting systemd.services.sidebus-agent.serviceConfig.ExecStart to a sidebus-agent package";`
			`ImportCredential = "sidebus.*";`
			`};`
			`documentation = [ "https://git.clan.lol/valpackett/sidebus" ];`
			`};`
			`systemd.mounts = [`
			`{`
			`type = "virtiofs";`
			`what = "vm-doc-portal";`
			`where = "/run/vm-doc-portal";`
			`wantedBy = [ "multi-user.target" ];`
			`}`
			`];`
agent: use socket activation, port credential + provide nixos module 2025-07-17 23:16:39 -03:00			`};`
switch from flake-utils to flake-parts There is not so much of a difference in this project, but it means adding this project to clan is one less flake input and also more consistent with other projects in clan. 2026-01-16 15:24:40 +01:00			`};`
			`};`
Initial commit Signed-off-by: Val Packett <val@invisiblethingslab.com> 2025-07-03 21:15:49 -03:00			`}`