spotlights-macbook-air: Initialize muvm

hosts/linux/spotlights-macbook-air/configuration.nix

@@ -35,9 +35,9 @@
   };
 
   nixpkgs.overlays = [
-    # We need SMBIOS generation enabled for libvirtd,
-    # as it otherwise stumbles over executing dmidecode.
     (final: prev: {
+      # We need SMBIOS generation enabled for libvirtd,
+      # as it otherwise stumbles over executing dmidecode.
       uboot-asahi = prev.uboot-asahi.overrideAttrs (old: {
         # TODO(spotlightishere): It'd be far more ideal to actually override.
         # However, somehow overriding extraConfig seems to coerce things into a string.
@@ -56,6 +56,21 @@
           CONFIG_GENERATE_SMBIOS_TABLE=y
         '';
       });
+
+      # muvm requires a few things for libkrun.
+      libkrun = prev.callPackage ./libkrun/package.nix { };
+
+      # https://github.com/NixOS/nixpkgs/pull/347792#issuecomment-2667343848
+      virglrenderer = prev.virglrenderer.overrideAttrs (old: {
+        src = final.fetchurl {
+          url = "https://gitlab.freedesktop.org/asahi/virglrenderer/-/archive/asahi-20241205.2/virglrenderer-asahi-20241205.2.tar.bz2";
+          hash = "sha256-mESFaB//RThS5Uts8dCRExfxT5DQ+QQgTDWBoQppU7U=";
+        };
+        mesonFlags = old.mesonFlags ++ [ (final.lib.mesonOption "drm-renderers" "asahi-experimental") ];
+      });
+
+      # https://github.com/NixOS/nixpkgs/pull/347792
+      muvm = prev.callPackage ./muvm/package.nix { };
     })
   ];
 
@@ -78,8 +93,17 @@
     };
   };
 
+  users.users.spotlight.extraGroups = [ "docker" ];
+  virtualisation.docker.enable = true;
+
+  services.syncthing.enable = true;
+
   environment.systemPackages = with pkgs; [
+    # For usage with FEXRootFSFetcher
+    erofs-utils
+    fex
     legcord
+    muvm
     vscode
   ];
 

hosts/linux/spotlights-macbook-air/libkrun/package.nix

@@ -0,0 +1,91 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, rustPlatform
+, cargo
+, pkg-config
+, glibc
+, openssl
+, libepoxy
+, libdrm
+, pipewire
+, virglrenderer
+, libkrunfw
+, rustc
+, withBlk ? false
+, withGpu ? false
+, withSound ? false
+, withNet ? false
+, sevVariant ? false
+,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "libkrun";
+  version = "1.10.1";
+
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "libkrun";
+    rev = "refs/tags/v${finalAttrs.version}";
+    hash = "sha256-yLpn9TpzuLstA4om/xaucoN6F4mItV2RMvjx7p/C/cs=";
+  };
+
+  outputs = [
+    "out"
+    "dev"
+  ];
+
+  cargoDeps = rustPlatform.fetchCargoVendor {
+    inherit (finalAttrs) src;
+    hash = "sha256-jsDFsjzKDzhplq+LDtIos7oCEVTznkKw9hluu+0Gw8Q=";
+  };
+
+  nativeBuildInputs = [
+    rustPlatform.cargoSetupHook
+    rustPlatform.bindgenHook
+    cargo
+    rustc
+  ] ++ lib.optional (sevVariant || withGpu) pkg-config;
+
+  buildInputs =
+    [
+      (libkrunfw.override { inherit sevVariant; })
+      glibc
+      glibc.static
+    ]
+    ++ lib.optionals withGpu [
+      libepoxy
+      libdrm
+      virglrenderer
+    ]
+    ++ lib.optional withSound pipewire
+    ++ lib.optional sevVariant openssl;
+
+  makeFlags =
+    [
+      "PREFIX=${placeholder "out"}"
+    ]
+    ++ lib.optional withBlk "BLK=1"
+    ++ lib.optional withGpu "GPU=1"
+    ++ lib.optional withSound "SND=1"
+    ++ lib.optional withNet "NET=1"
+    ++ lib.optional sevVariant "SEV=1";
+
+  postInstall = ''
+    mkdir -p $dev/lib/pkgconfig
+    mv $out/lib64/pkgconfig $dev/lib/pkgconfig
+    mv $out/include $dev/include
+  '';
+
+  meta = with lib; {
+    description = "Dynamic library providing Virtualization-based process isolation capabilities";
+    homepage = "https://github.com/containers/libkrun";
+    license = licenses.asl20;
+    maintainers = with maintainers; [
+      nickcao
+      RossComputerGuy
+    ];
+    platforms = libkrunfw.meta.platforms;
+  };
+})

hosts/linux/spotlights-macbook-air/muvm/package.nix

@@ -0,0 +1,75 @@
+{ lib
+, fetchFromGitHub
+, rustPlatform
+, dhcpcd
+, libkrun
+, makeWrapper
+, passt
+, pkg-config
+, mesa
+, replaceVars
+, systemd
+, opengl-driver ? mesa.drivers
+,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "muvm";
+  version = "0.3.1";
+
+  src = fetchFromGitHub {
+    owner = "AsahiLinux";
+    repo = pname;
+    rev = "muvm-${version}";
+    hash = "sha256-vacWhCiDwcRT1fNZ0oD2b1Ei2JiZSYEk3f6Mm/2jLmI=";
+  };
+
+  useFetchCargoVendor = true;
+  cargoHash = "sha256-E6p4xVdGF/ec91SE6B981IqhTQ0pNkqWozVYcY4a+tM=";
+
+  patches = [
+    (replaceVars ./replace-udevd.patch {
+      systemd-udevd = "${systemd}/lib/systemd/systemd-udevd";
+    })
+    ./replace-sysctl.patch
+    ./run-passthru.patch
+  ];
+
+  nativeBuildInputs = [
+    rustPlatform.bindgenHook
+    makeWrapper
+    pkg-config
+  ];
+
+  buildInputs = [
+    (libkrun.override {
+      withBlk = true;
+      withGpu = true;
+      withNet = true;
+    })
+    systemd
+  ];
+
+  wrapArgs = [
+    "--prefix PATH : ${
+      lib.makeBinPath [
+        passt
+        dhcpcd
+      ]
+    }"
+  ];
+
+  postFixup = ''
+    wrapProgram $out/bin/muvm $wrapArgs \
+      --set-default OPENGL_DRIVER ${opengl-driver}
+  '';
+
+  meta = {
+    description = "Run programs from your system in a microVM";
+    homepage = "https://github.com/AsahiLinux/muvm";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ RossComputerGuy ];
+    platforms = libkrun.meta.platforms;
+    mainProgram = "krun";
+  };
+}

hosts/linux/spotlights-macbook-air/muvm/replace-sysctl.patch

@@ -0,0 +1,13 @@
+diff --git a/crates/muvm/src/monitor.rs b/crates/muvm/src/monitor.rs
+index 836acd5..a7cee1c 100644
+--- a/crates/muvm/src/monitor.rs
++++ b/crates/muvm/src/monitor.rs
+@@ -49,7 +49,7 @@ fn set_guest_pressure(pressure: GuestPressure) -> Result<()> {
+     let wsf: u32 = pressure.into();
+     debug!("setting watermark_scale_factor to {wsf}");
+ 
+-    let command = PathBuf::from("/sbin/sysctl");
++    let command = PathBuf::from("sysctl");
+     let command_args = vec![format!("vm.watermark_scale_factor={}", wsf)];
+     let env = HashMap::new();
+     request_launch(command, command_args, env, 0, false, true)

hosts/linux/spotlights-macbook-air/muvm/replace-udevd.patch

@@ -0,0 +1,11 @@
+--- a/crates/muvm/src/guest/bin/muvm-guest.rs
++++ b/crates/muvm/src/guest/bin/muvm-guest.rs
+@@ -50,7 +50,7 @@ fn main() -> Result<()> {
+     rustix::stdio::dup2_stdout(console.as_fd())?;
+     rustix::stdio::dup2_stderr(console.as_fd())?;
+ 
+-    Command::new("/usr/lib/systemd/systemd-udevd").spawn()?;
++    Command::new("@systemd-udevd@").spawn()?;
+ 
+     setup_fex()?;
+ 

hosts/linux/spotlights-macbook-air/muvm/run-passthru.patch

@@ -0,0 +1,32 @@
+diff --git a/crates/muvm/src/guest/mount.rs b/crates/muvm/src/guest/mount.rs
+index 02c507d..232299b 100644
+--- a/crates/muvm/src/guest/mount.rs
++++ b/crates/muvm/src/guest/mount.rs
+@@ -14,6 +14,13 @@ use rustix::mount::{
+ use rustix::path::Arg;
+ use serde_json::json;
+ 
++/// A list of directories in /run to be passed through from the host.
++const RUN_PASSTHRU: [&str; 2] = [
++    // NixOS-specific directories.
++    "current-system",
++    "opengl-driver",
++];
++
+ fn make_tmpfs(dir: &str) -> Result<()> {
+     mount2(
+         Some("tmpfs"),
+@@ -313,6 +320,13 @@ pub fn mount_filesystems(merged_rootfs: bool) -> Result<()> {
+     )
+     .context("Failed to mount `/dev/shm`")?;
+ 
++    for dir in RUN_PASSTHRU {
++        let src = Path::new("/run/muvm-host/run").join(dir);
++        if src.exists() {
++            symlink(src, Path::new("/run").join(dir))?;
++        }
++    }
++
+     // Do this last so it can pick up all the submounts made above.
+     if let Err(e) = mount_fex_rootfs(merged_rootfs) {
+         println!("Failed to mount FEX rootfs, carrying on without. Error: {e}");