From 81e6394b78b70ccce3edb905dfe3b0c19ff7cb08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dav=C3=AD=C3=B0=20Steinn=20Geirsson?= <david@dsg.is>
Date: Sat, 21 Mar 2026 15:50:55 +0000
Subject: [PATCH] fix: mount /etc/pipewire in sound service namespace, add
 debugging aids
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Mount the NixOS-generated pipewire config directory at /etc/pipewire
inside the confined sound service namespace — libpipewire has
/etc/pipewire as a compiled-in config search path.

Also add RUST_BACKTRACE=full to all Rust service environments
(balloond, VM, sound, dbus-proxy, wayland-seccontext, GPU) and a
sound.logLevel option for RUST_LOG control.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 modules/options.nix  |  6 ++++++
 modules/services.nix | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/modules/options.nix b/modules/options.nix
index a73b599..f8657d7 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -477,6 +477,12 @@ let
             default = false;
             description = "Enable sound capture.";
           };
+          logLevel = lib.mkOption {
+            type = lib.types.nullOr lib.types.str;
+            default = null;
+            description = "RUST_LOG level for the sound device service. null = no override (uses vhost-device-sound default).";
+            example = "debug";
+          };
           seccompPolicy = lib.mkOption {
             type = lib.types.enum [
               "enforcing"
diff --git a/modules/services.nix b/modules/services.nix
index 7b71519..cdc3fde 100644
--- a/modules/services.nix
+++ b/modules/services.nix
@@ -297,6 +297,9 @@ let
       ExecStart = "${cfg._internal.vmsilo-balloond}/bin/vmsilo-balloond --log-level ${cfg.vmsilo-balloond.logLevel} --poll-interval ${cfg.vmsilo-balloond.pollInterval} --critical-host-percent ${toString cfg.vmsilo-balloond.criticalHostPercent} --critical-guest-available ${cfg.vmsilo-balloond.criticalGuestAvailable} --guest-available-bias ${cfg.vmsilo-balloond.guestAvailableBias} --min-poll-interval ${cfg.vmsilo-balloond.minPollInterval} --psi-ceiling ${toString cfg.vmsilo-balloond.psiCeiling} ${lib.escapeShellArgs cfg.vmsilo-balloond.extraArgs}";
       Restart = "on-failure";
       RestartSec = "5s";
+      Environment = [
+        "RUST_BACKTRACE=full"
+      ];
     };
   };
 
@@ -417,6 +420,9 @@ in
                 Type = "simple";
                 ExecStart = "${cfg._internal.vmScripts.${vm.name}}";
                 ExecStopPost = stopPostScripts;
+                Environment = [
+                  "RUST_BACKTRACE=full"
+                ];
               }
               // lib.optionalAttrs (startPreScripts != [ ]) {
                 ExecStartPre = startPreScripts;
@@ -574,7 +580,8 @@ in
                 Environment = [
                   "XDG_RUNTIME_DIR=/run/user/${toString userUid}"
                   "RUST_BACKTRACE=full"
-                ];
+                ]
+                ++ lib.optional (vm.sound.logLevel != null) "RUST_LOG=${vm.sound.logLevel}";
 
                 # Filesystem: bind mounts on top of confinement chroot
                 BindPaths = [
@@ -582,7 +589,7 @@ in
                 ];
                 BindReadOnlyPaths = [
                   "/run/user/${toString userUid}/pipewire-0"
-                  "${pkgs.pipewire}/share/pipewire"
+                  "${config.environment.etc.pipewire.source}:/etc/pipewire"
                 ];
 
                 # RT scheduling
@@ -665,6 +672,7 @@ in
                   Environment = [
                     "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString userUid}/bus"
                     "XDG_CONFIG_DIRS=${userHome}/.config/kdedefaults"
+                    "RUST_BACKTRACE=full"
                   ];
                   Restart = "on-failure";
                   RestartSec = "2s";
@@ -703,6 +711,7 @@ in
                 Environment = [
                   "XDG_RUNTIME_DIR=/run/user/${toString userUid}"
                   "RUST_LOG=info"
+                  "RUST_BACKTRACE=full"
                 ];
                 Restart = "on-failure";
                 RestartSec = "1s";
@@ -743,6 +752,7 @@ in
               environment = {
                 LD_LIBRARY_PATH = "${pkgs.vulkan-loader}/lib";
                 __GL_SHADER_DISK_CACHE_PATH = "/run/vmsilo/${vm.name}/gpu/shader-cache";
+                RUST_BACKTRACE = "full";
               };
 
               serviceConfig = {