2024-06-20 21:33:51 +00:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
2023-09-19 09:28:30 +00:00
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.programs.nix-required-mounts;
|
2023-11-06 16:44:14 +00:00
|
|
|
package = pkgs.nix-required-mounts;
|
2023-09-19 09:28:30 +00:00
|
|
|
|
2024-06-20 21:33:51 +00:00
|
|
|
Mount =
|
|
|
|
with lib;
|
2023-11-11 19:43:04 +00:00
|
|
|
types.submodule {
|
|
|
|
options.host = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Host path to mount";
|
|
|
|
};
|
|
|
|
options.guest = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Location in the sandbox to mount the host path at";
|
|
|
|
};
|
2023-11-11 14:02:54 +00:00
|
|
|
};
|
2024-06-20 21:33:51 +00:00
|
|
|
Pattern =
|
|
|
|
with lib.types;
|
|
|
|
types.submodule (
|
|
|
|
{ config, name, ... }:
|
|
|
|
{
|
|
|
|
options.onFeatures = lib.mkOption {
|
|
|
|
type = listOf types.str;
|
|
|
|
description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
|
|
|
|
default = [ name ];
|
|
|
|
};
|
|
|
|
options.paths = lib.mkOption {
|
|
|
|
type = listOf (oneOf [
|
|
|
|
path
|
|
|
|
Mount
|
|
|
|
]);
|
|
|
|
description = "A list of glob patterns, indicating which paths to expose to the sandbox";
|
|
|
|
};
|
|
|
|
options.unsafeFollowSymlinks = lib.mkEnableOption ''
|
|
|
|
Instructs the hook to mount the symlink targets as well, when any of
|
|
|
|
the `paths` contain symlinks. This may not work correctly with glob
|
|
|
|
patterns.
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
);
|
2023-09-19 09:28:30 +00:00
|
|
|
|
2023-11-06 16:44:14 +00:00
|
|
|
driverPaths = [
|
2023-12-18 18:34:35 +00:00
|
|
|
pkgs.addDriverRunpath.driverLink
|
2023-11-06 16:44:14 +00:00
|
|
|
|
|
|
|
# mesa:
|
|
|
|
config.hardware.opengl.package
|
2023-09-19 09:28:30 +00:00
|
|
|
|
2023-11-06 16:44:14 +00:00
|
|
|
# nvidia_x11, etc:
|
|
|
|
] ++ config.hardware.opengl.extraPackages; # nvidia_x11
|
|
|
|
|
|
|
|
defaults = {
|
2023-11-11 02:40:44 +00:00
|
|
|
nvidia-gpu.onFeatures = package.allowedPatterns.nvidia-gpu.onFeatures;
|
|
|
|
nvidia-gpu.paths = package.allowedPatterns.nvidia-gpu.paths ++ driverPaths;
|
2023-11-11 19:43:04 +00:00
|
|
|
nvidia-gpu.unsafeFollowSymlinks = false;
|
2023-09-19 09:28:30 +00:00
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
|
|
|
|
options.programs.nix-required-mounts = {
|
2024-06-20 21:33:51 +00:00
|
|
|
enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
|
2023-11-11 02:40:44 +00:00
|
|
|
presets.nvidia-gpu.enable = lib.mkEnableOption ''
|
|
|
|
Declare the support for derivations that require an Nvidia GPU to be
|
|
|
|
available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
|
|
|
|
This mounts the corresponding userspace drivers and device nodes in the
|
|
|
|
sandbox, but only for derivations that request these special features.
|
|
|
|
|
|
|
|
You may extend or override the exposed paths via the
|
|
|
|
`programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
|
2023-09-19 09:28:30 +00:00
|
|
|
'';
|
2024-06-20 21:33:51 +00:00
|
|
|
allowedPatterns =
|
|
|
|
with lib.types;
|
2023-09-19 09:28:30 +00:00
|
|
|
lib.mkOption rec {
|
2023-11-06 16:44:14 +00:00
|
|
|
type = attrsOf Pattern;
|
2024-06-20 21:33:51 +00:00
|
|
|
description = "The hook config, describing which paths to mount for which system features";
|
2023-11-11 02:40:44 +00:00
|
|
|
default = { };
|
2023-09-19 09:28:30 +00:00
|
|
|
defaultText = lib.literalExpression ''
|
|
|
|
{
|
|
|
|
opengl.paths = config.hardware.opengl.extraPackages ++ [
|
|
|
|
config.hardware.opengl.package
|
2023-12-18 18:34:35 +00:00
|
|
|
pkgs.addDriverRunpath.driverLink
|
2023-09-19 09:28:30 +00:00
|
|
|
"/dev/dri"
|
|
|
|
];
|
|
|
|
}
|
|
|
|
'';
|
2023-11-06 16:44:14 +00:00
|
|
|
example.require-ipfs.paths = [ "/ipfs" ];
|
|
|
|
example.require-ipfs.onFeatures = [ "ifps" ];
|
2023-09-19 09:28:30 +00:00
|
|
|
};
|
2023-11-21 16:03:58 +00:00
|
|
|
extraWrapperArgs = lib.mkOption {
|
|
|
|
type = with lib.types; listOf str;
|
|
|
|
default = [ ];
|
2024-06-20 21:33:51 +00:00
|
|
|
description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
|
2023-11-21 16:03:58 +00:00
|
|
|
};
|
|
|
|
package = lib.mkOption {
|
|
|
|
type = lib.types.package;
|
2024-06-20 21:33:51 +00:00
|
|
|
default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
|
|
|
|
description = "The final package with the final config applied";
|
2023-11-21 16:03:58 +00:00
|
|
|
internal = true;
|
|
|
|
};
|
2023-09-19 09:28:30 +00:00
|
|
|
};
|
2024-06-20 21:33:51 +00:00
|
|
|
config = lib.mkIf cfg.enable (
|
|
|
|
lib.mkMerge [
|
|
|
|
{ nix.settings.pre-build-hook = lib.getExe cfg.package; }
|
|
|
|
(lib.mkIf cfg.presets.nvidia-gpu.enable {
|
|
|
|
nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
|
|
|
|
programs.nix-required-mounts.allowedPatterns = {
|
|
|
|
inherit (defaults) nvidia-gpu;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
]
|
|
|
|
);
|
2023-09-19 09:28:30 +00:00
|
|
|
}
|