feat: add cloud-hypervisor and vmsilo-wayland-seccontext to flake.nix

Add buildVmsiloWaylandSeccontext build function and expose vmsilo-wayland-seccontext and cloud-hypervisor (from nixpkgs) as package outputs. Inject both into _internal module options. Remove nvidiaWeakenSandbox-conditional crosvm selection. Note: git.dsg.is/dsg/cloud-hypervisor.git has no flake.nix, so cloud-hypervisor is sourced from nixpkgs instead of a dedicated flake input. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-18 16:21:42 +00:00 · 2026-03-18 16:21:42 +00:00 · e4326c77df
commit e4326c77df
parent 2cd9f50604
1 changed files with 22 additions and 5 deletions
--- a/flake.nix
+++ b/flake.nix
@ -79,6 +79,23 @@
          };
        };

+      # Build vmsilo-wayland-seccontext Rust binary
+      buildVmsiloWaylandSeccontext =
+        system:
+        let
+          pkgs = nixpkgs.legacyPackages.${system};
+        in
+        pkgs.rustPlatform.buildRustPackage {
+          pname = "vmsilo-wayland-seccontext";
+          version = "0.1.0";
+          src = ./vmsilo-wayland-seccontext;
+          cargoLock = {
+            lockFile = ./vmsilo-wayland-seccontext/Cargo.lock;
+          };
+          nativeBuildInputs = with pkgs; [ pkg-config ];
+          buildInputs = with pkgs; [ wayland ];
+        };
+
      # treefmt configuration
      treefmtConfig = {
        projectRootFile = "flake.nix";
@ -96,6 +113,8 @@
        rootfs-nixos = makeRootfsNixos system { };
        vmsilo-balloond = buildVmsiloBalloond system;
        vmsilo-dbus-proxy = buildVmsiloDbusProxy system;
+        vmsilo-wayland-seccontext = buildVmsiloWaylandSeccontext system;
+        "cloud-hypervisor" = nixpkgs.legacyPackages.${system}.cloud-hypervisor;
        decoration-tests =
          let
            pkgs = nixpkgs.legacyPackages.${system};
@ -180,11 +199,9 @@
          # Inject dependencies when module is enabled
          config = lib.mkIf config.programs.vmsilo.enable {
            programs.vmsilo._internal = {
-              crosvm =
-                if config.programs.vmsilo.nvidiaWeakenSandbox then
-                  crosvm.packages.${pkgs.stdenv.hostPlatform.system}.crosvm-nvidia
-                else
-                  crosvm.packages.${pkgs.stdenv.hostPlatform.system}.default;
+              crosvm = crosvm.packages.${pkgs.stdenv.hostPlatform.system}.default;
+              "cloud-hypervisor" = pkgs.cloud-hypervisor;
+              vmsilo-wayland-seccontext = buildVmsiloWaylandSeccontext pkgs.stdenv.hostPlatform.system;
              wayland-proxy-virtwl = wayland-proxy-virtwl.packages.${pkgs.stdenv.hostPlatform.system}.default;
              sommelier = pkgs.callPackage ./packages/sommelier.nix { };
              vhost-device-sound = vhost-device.packages.${pkgs.stdenv.hostPlatform.system}.vhost-device-sound;