This tool is a frontend for bootstrapping hakurei via internal/pkg. Named mbf for now for "maiden's best friend" as a tribute to the DOOM source port.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Turns out this did not work because in the vm test harness, virtualisation.fileSystems completely and silently overrides fileSystems, causing its contents to not even be evaluated anymore. This is not documented as far as I can tell, and is not obvious by any stretch of the imagination. The current hack is cargo culted from nix-community/impermanence and hopefully lasts until this project fully replaces nix.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This optional behaviour is required on NixOS as it is otherwise impossible to set this up: systemd.mounts breaks startup order somehow even though my unit looks identical to generated ones, fileSystems does not support any kind of initialisation or ordering other than against other mount points.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This should have been handled in a custom option parsing function, but that much extra complexity is unnecessary for this edge case. Honestly I do not know why libfuse does not handle this itself.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This replaces the forking daemonise libfuse function which prevents Go callbacks from calling into the runtime. This also enforces least privilege on the daemon process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is not really just library wrapper functions, but instead implements the callbacks, so fuse-operations makes more sense.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is never called directly anywhere and it is simple enough to be included in the macro. This avoids passing the pointer around and dereferencing errno location, resulting in over 5% increase in throughput on the clang build. No change in the gcc build though.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This filesystem does not support symbolic links, so readlink is not useful, and unreachable in this case because of the check in getattr.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.
Closes#29.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This fully replaces PulseAudio with PipeWire and enforces the PulseAudio check and error message. The pipewire-pulse daemon is handled in the NixOS module.
Closes#26.
Signed-off-by: Ophestra <cat@gensokyo.uk>
These are for #26. None of them are implemented yet. This fixes up test cases for the change to happen. Existing source code and JSON configuration continue to have the same effect. Existing flags get its EPulse bit replaced by EPipeWire.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is cleaner and makes more sense. The longer LDFLAGS was never a valid concern since it is always inserted by a script.
Signed-off-by: Ophestra <cat@gensokyo.uk>
cat
