fix: mount /etc/pipewire in sound service namespace, add debugging aids

Mount the NixOS-generated pipewire config directory at /etc/pipewire inside the confined sound service namespace — libpipewire has /etc/pipewire as a compiled-in config search path. Also add RUST_BACKTRACE=full to all Rust service environments (balloond, VM, sound, dbus-proxy, wayland-seccontext, GPU) and a sound.logLevel option for RUST_LOG control. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 15:50:55 +00:00 · 2026-03-21 15:50:55 +00:00 · 81e6394b78
commit 81e6394b78
parent a55934497c
2 changed files with 18 additions and 2 deletions
--- a/modules/options.nix
+++ b/modules/options.nix
@ -477,6 +477,12 @@ let
            default = false;
            description = "Enable sound capture.";
          };
+          logLevel = lib.mkOption {
+            type = lib.types.nullOr lib.types.str;
+            default = null;
+            description = "RUST_LOG level for the sound device service. null = no override (uses vhost-device-sound default).";
+            example = "debug";
+          };
          seccompPolicy = lib.mkOption {
            type = lib.types.enum [
              "enforcing"
--- a/modules/services.nix
+++ b/modules/services.nix
@ -297,6 +297,9 @@ let
      ExecStart = "${cfg._internal.vmsilo-balloond}/bin/vmsilo-balloond --log-level ${cfg.vmsilo-balloond.logLevel} --poll-interval ${cfg.vmsilo-balloond.pollInterval} --critical-host-percent ${toString cfg.vmsilo-balloond.criticalHostPercent} --critical-guest-available ${cfg.vmsilo-balloond.criticalGuestAvailable} --guest-available-bias ${cfg.vmsilo-balloond.guestAvailableBias} --min-poll-interval ${cfg.vmsilo-balloond.minPollInterval} --psi-ceiling ${toString cfg.vmsilo-balloond.psiCeiling} ${lib.escapeShellArgs cfg.vmsilo-balloond.extraArgs}";
      Restart = "on-failure";
      RestartSec = "5s";
+      Environment = [
+        "RUST_BACKTRACE=full"
+      ];
    };
  };

@ -417,6 +420,9 @@ in
                Type = "simple";
                ExecStart = "${cfg._internal.vmScripts.${vm.name}}";
                ExecStopPost = stopPostScripts;
+                Environment = [
+                  "RUST_BACKTRACE=full"
+                ];
              }
              // lib.optionalAttrs (startPreScripts != [ ]) {
                ExecStartPre = startPreScripts;
@ -574,7 +580,8 @@ in
                Environment = [
                  "XDG_RUNTIME_DIR=/run/user/${toString userUid}"
                  "RUST_BACKTRACE=full"
-                ];
+                ]
+                ++ lib.optional (vm.sound.logLevel != null) "RUST_LOG=${vm.sound.logLevel}";

                # Filesystem: bind mounts on top of confinement chroot
                BindPaths = [
@ -582,7 +589,7 @@ in
                ];
                BindReadOnlyPaths = [
                  "/run/user/${toString userUid}/pipewire-0"
-                  "${pkgs.pipewire}/share/pipewire"
+                  "${config.environment.etc.pipewire.source}:/etc/pipewire"
                ];

                # RT scheduling
@ -665,6 +672,7 @@ in
                  Environment = [
                    "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString userUid}/bus"
                    "XDG_CONFIG_DIRS=${userHome}/.config/kdedefaults"
+                    "RUST_BACKTRACE=full"
                  ];
                  Restart = "on-failure";
                  RestartSec = "2s";
@ -703,6 +711,7 @@ in
                Environment = [
                  "XDG_RUNTIME_DIR=/run/user/${toString userUid}"
                  "RUST_LOG=info"
+                  "RUST_BACKTRACE=full"
                ];
                Restart = "on-failure";
                RestartSec = "1s";
@ -743,6 +752,7 @@ in
              environment = {
                LD_LIBRARY_PATH = "${pkgs.vulkan-loader}/lib";
                __GL_SHADER_DISK_CACHE_PATH = "/run/vmsilo/${vm.name}/gpu/shader-cache";
+                RUST_BACKTRACE = "full";
              };

              serviceConfig = {