add

.gitignore

@@ -7,10 +7,10 @@ out.log
 democlan
 example_clan
 result*
-/pkgs/clan-cli/clan_cli/nixpkgs
 /pkgs/clan-cli/clan_cli/webui/assets
 nixos.qcow2
 **/*.glade~
+.flatpak-builder/
 
 # python
 __pycache__

pkgs/clan-cli/clan_cli/__init__.py

@@ -120,6 +120,10 @@ def create_parser(prog: str | None = None) -> argparse.ArgumentParser:
 # this will be the entrypoint under /bin/clan (see pyproject.toml config)
 @profile
 def main() -> None:
+    from .flatpak import is_flatpak
+
+    print("Is flatpak?", is_flatpak())
+
     parser = create_parser()
     args = parser.parse_args()
 

pkgs/clan-cli/clan_cli/dirs.py

@@ -106,6 +106,7 @@ def module_root() -> Path:
 
 
 def nixpkgs_flake() -> Path:
+    print("Module root", module_root())
     return (module_root() / "nixpkgs").resolve()
 
 

pkgs/clan-cli/clan_cli/flatpak.py

@@ -0,0 +1,16 @@
+import os
+
+
+def is_flatpak() -> bool:
+    """Check if the current process is running inside a flatpak sandbox."""
+    # FLATPAK_ID environment variable check
+    flatpak_env = "FLATPAK_ID" in os.environ
+
+    flatpak_file = False
+    try:
+        with open("/.flatpak-info"):
+            flatpak_file = True
+    except FileNotFoundError:
+        pass
+
+    return flatpak_env and flatpak_file

pkgs/clan-cli/clan_cli/nixpkgs/flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712004559,
+        "narHash": "sha256-87vZKDepF3ZqpinX5zarC5Xb9dwpGgmfcl4Woy26lYA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5476cea4892cedbf6f8bbebdb93ba07e3f5f5e38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

pkgs/clan-cli/clan_cli/nixpkgs/flake.nix

@@ -0,0 +1,9 @@
+{
+  description = "dependencies for the clan-cli";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
+  };
+
+  outputs = _inputs: { };
+}

pkgs/clan-cli/clan_cli/secrets/sops.py

@@ -23,6 +23,7 @@ class SopsKey:
 
 def get_public_key(privkey: str) -> str:
     cmd = nix_shell(["nixpkgs#age"], ["age-keygen", "-y"])
+    print(cmd)
     try:
         res = subprocess.run(
             cmd, input=privkey, stdout=subprocess.PIPE, text=True, check=True

pkgs/clan-cli/clan_cli/vms/run.py

@@ -121,10 +121,13 @@ def run_vm(
         cachedir = Path(cache_tmp.name)
 
     if socketdir is None:
+        log.debug("Creating Socketdir")
         socket_tmp = TemporaryDirectory()
         socketdir = Path(socket_tmp.name)
+    else:
+        log.debug("Not creating socketdir.")
+        log.debug(f"Socketdir: {socketdir}")
 
-    # TODO: We should get this from the vm argument
     nixos_config = build_vm(machine, cachedir, nix_options)
 
     state_dir = vm_state_dir(str(vm.flake_url), machine.name)
@@ -156,7 +159,7 @@ def run_vm(
             file_name="state.qcow2",
             size="50G",
         )
-    virtiofsd_socket = socketdir / "virtiofsd.sock"
+    virtiofsd_socket = "/tmp" /  "virtiofsd.sock"
     qemu_cmd = qemu_command(
         vm,
         nixos_config,

pkgs/clan-cli/clan_cli/vms/virtiofsd.py

@@ -15,15 +15,21 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]:
     if shutil.which("newuidmap") is None:
         sandbox = "none"
     virtiofsd = nix_shell(
-        ["nixpkgs#virtiofsd"],
+        ["nixpkgs#virtiofsd" "nixpkgs#strace"],
         [
+            "strace",
+            "-f",
+            "-o",
+            "/tmp/clan-strace.log",
             "virtiofsd",
             "--socket-path",
             str(socket_path),
             "--cache",
             "always",
-            "--sandbox",
+            "none",
-            sandbox,
+            "-xattr",
+            "--seccomp",
+            "none",
             "--shared-dir",
             "/nix/store",
         ],

pkgs/clan-cli/clan_cli/vms/waypipe.py

@@ -42,7 +42,7 @@ def start_waypipe(cid: int | None, title_prefix: str) -> Iterator[None]:
             while not test_vsock_port(3049):
                 rc = proc.poll()
                 if rc is not None:
-                    msg = f"waypipe exited unexpectedly with code {rc}"
+                    msg = f"waypope exited unexpectedly with code {rc}"
                     raise ClanError(msg)
                 time.sleep(0.1)
             yield

pkgs/clan-cli/flatpak/FLATPAK.md

@@ -0,0 +1,21 @@
+# Flatpak Documentation
+
+
+## Installing locally
+
+You can install the package locally through `flatpak-builder`:
+```sh
+flatpak-builder --user --install --force-clean build-dir org.clan.cli.yml
+```
+
+## Debugging
+
+```sh
+flatpak run --devel --command=sh org.clan.cli
+```
+
+Replace `org.clan.cli` with the desired identifier.
+Now you can run commands inside the sandbox, for example:
+```sh
+[📦 org.clan.cli clan-cli-flatpak]$ strace -f -o strace.log clan vms run syncthing-peer1
+```

pkgs/clan-cli/flatpak/org.clan.cli.Devel.yml

@@ -0,0 +1,50 @@
+id: org.clan.cli.Devel
+runtime: org.freedesktop.Platform
+runtime-version: '23.08'
+sdk: org.freedesktop.Sdk
+command: clan
+modules:
+  - name: clan-cli
+    buildsystem: simple
+    build-commands:
+      - pip install --prefix=/app --no-deps ./pkgs/clan-cli
+    build-options:
+     build-args:
+      - --share=network
+    sources:
+      - type: dir
+        path: ../../../
+finish-args:
+  - "--share=network"
+  - "--filesystem=host"
+  - "--filesystem=host-etc"
+  - "--filesystem=/run/current-system/sw/bin/nix"
+  - "--filesystem=/run/opengl-driver/"
+  - "--filesystem=/nix/store/"
+  - "--filesystem=xdg-config/sops"
+  - "--filesystem=xdg-run/qemu"
+  - "--filesystem=/tmp:rw"
+  - "--filesystem=/tmp/org.clan.cli/:create"
+  - "--env=TMPDIR=/tmp/org.clan.cli/"
+  - "--device=all"
+  - "--allow=multiarch"
+  - "--allow=devel"
+  # - "--filesystem=/dev/vsock"
+  - "--env=PATH=/app/bin:/run/current-system/sw/bin"
+  - "--share=ipc"
+  # - "--unshare=ipc"
+  - "--socket=fallback-x11"
+  - "--socket=wayland"
+  - "--socket=pulseaudio"
+  - "--socket=system-bus"
+  - "--socket=session-bus"
+  - "--filesystem=xdg-run/gvfs"
+  - "--filesystem=xdg-run/gvfsd"
+  - "--filesystem=xdg-run/pipewire-0:rw"
+  - "--talk-name=org.clan.cli"
+  - "--system-talk-name=org.freedesktop.UDisks2"
+  - "--filesystem=xdg-run/dconf"
+  - "--filesystem=~/.config/dconf:ro"
+  - "--talk-name=ca.desrt.dconf"
+  - "--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/"
+

pkgs/clan-cli/flatpak/org.clan.cli.yml

@@ -0,0 +1,55 @@
+id: org.clan.cli
+runtime: org.freedesktop.Platform
+runtime-version: '23.08'
+sdk: org.freedesktop.Sdk
+command: clan
+modules:
+  - name: clan-cli
+    buildsystem: simple
+    build-commands:
+      - pip install --prefix=/app --no-deps ./pkgs/clan-cli
+    build-options:
+     build-args:
+      - --share=network
+    sources:
+      - type: git
+        branch: init-flatpak
+        # branch: init/flatpak
+        path: /home/kenji/git/clan-projects/clan-core
+        # url: https://git.clan.lol/clan/clan-core/
+        # branch: init/clan-cli-flatpak
+        # branch: main
+finish-args:
+  - "--share=network"
+  - "--filesystem=host"
+  - "--filesystem=host-etc"
+  - "--filesystem=/run/current-system/sw/bin/nix"
+  - "--filesystem=/run/opengl-driver/"
+  - "--filesystem=/nix/store/"
+  - "--filesystem=xdg-config/sops"
+  - "--filesystem=xdg-run/qemu"
+  - "--filesystem=/tmp:rw"
+  - "--filesystem=/tmp/org.clan.cli/:create"
+  - "--env=TMPDIR=/tmp/org.clan.cli/"
+  - "--device=all"
+  - "--allow=multiarch"
+  - "--allow=devel"
+  # - "--filesystem=/dev/vsock"
+  - "--env=PATH=/run/current-system/sw/bin"
+  - "--share=ipc"
+  # - "--unshare=ipc"
+  - "--socket=fallback-x11"
+  - "--socket=wayland"
+  - "--socket=pulseaudio"
+  - "--socket=system-bus"
+  - "--socket=session-bus"
+  - "--filesystem=xdg-run/gvfs"
+  - "--filesystem=xdg-run/gvfsd"
+  - "--filesystem=xdg-run/pipewire-0:rw"
+  - "--talk-name=org.clan.cli"
+  - "--system-talk-name=org.freedesktop.UDisks2"
+  - "--filesystem=xdg-run/dconf"
+  - "--filesystem=~/.config/dconf:ro"
+  - "--talk-name=ca.desrt.dconf"
+  - "--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/"
+

pkgs/clan-cli/pyproject.toml

@@ -9,7 +9,8 @@ dynamic = ["version"]
 scripts = { clan = "clan_cli:main" }
 
 [tool.setuptools.packages.find]
-exclude = ["clan_cli.nixpkgs*", "result"]
+# exclude = ["clan_cli.nixpkgs*", "result"]
+exclude = ["result"]
 
 [tool.setuptools.package-data]
 clan_cli = ["py.typed", "config/jsonschema/*", "webui/assets/**/*", "vms/mimetypes/**/*"]

pkgs/clan-vm-manager/flatpak/org.clan.manager.Devel.yml

@@ -0,0 +1,59 @@
+id: org.clan.manager.Devel
+runtime: org.freedesktop.Platform
+runtime-version: '23.08'
+sdk: org.freedesktop.Sdk
+command: clan-vm-manager
+modules:
+  - name: clan-vm-manager
+    buildsystem: simple
+    build-commands:
+      - pip3 install --prefix=/app ./pkgs/clan-vm-manager
+    build-options:
+     build-args:
+      - --share=network
+    sources:
+      - type: dir
+        path: ../../../
+  - name: clan-cli
+    buildsystem: simple
+    build-commands:
+      - pip3 install --prefix=/app --no-build-isolation --no-deps ./pkgs/clan-cli
+    build-options:
+     build-args:
+      - --share=network
+    sources:
+      - type: dir
+        path: ../../../
+finish-args:
+  - "--share=network"
+  - "--filesystem=host"
+  - "--filesystem=host-etc"
+  - "--filesystem=/run/current-system/sw/bin/nix"
+  - "--filesystem=/run/opengl-driver/"
+  - "--filesystem=/nix/store/"
+  - "--filesystem=xdg-config/sops"
+  - "--filesystem=xdg-run/qemu"
+  - "--filesystem=/tmp:rw"
+  - "--filesystem=/tmp/org.clan.cli/:create"
+  - "--env=TMPDIR=/tmp/org.clan.cli/"
+  - "--device=all"
+  - "--allow=multiarch"
+  - "--allow=devel"
+  # - "--filesystem=/dev/vsock"
+  - "--env=PATH=/app/bin:/run/current-system/sw/bin"
+  - "--share=ipc"
+  # - "--unshare=ipc"
+  - "--socket=fallback-x11"
+  - "--socket=wayland"
+  - "--socket=pulseaudio"
+  - "--socket=system-bus"
+  - "--socket=session-bus"
+  - "--filesystem=xdg-run/gvfs"
+  - "--filesystem=xdg-run/gvfsd"
+  - "--filesystem=xdg-run/pipewire-0:rw"
+  - "--talk-name=org.clan.cli"
+  - "--system-talk-name=org.freedesktop.UDisks2"
+  - "--filesystem=xdg-run/dconf"
+  - "--filesystem=~/.config/dconf:ro"
+  - "--talk-name=ca.desrt.dconf"
+  - "--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/"