nix-required-mounts: nixfmt

2024-11-22 06:53:01 +00:00 · 2024-06-20 21:33:51 +00:00 · 2024-06-20 21:33:51 +00:00 · ebeb6b9d1d
commit ebeb6b9d1d
parent ff430d1699
11 changed files with 183 additions and 178 deletions
--- a/nixos/modules/programs/nix-required-mounts.nix
+++ b/nixos/modules/programs/nix-required-mounts.nix
@ -1,10 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 let
  cfg = config.programs.nix-required-mounts;
  package = pkgs.nix-required-mounts;

-  Mount = with lib;
+  Mount =
+    with lib;
    types.submodule {
      options.host = mkOption {
        type = types.str;
@ -15,25 +21,30 @@ let
        description = "Location in the sandbox to mount the host path at";
      };
    };
-  Pattern = with lib.types;
-    types.submodule ({ config, name, ... }: {
-      options.onFeatures = lib.mkOption {
-        type = listOf types.str;
-        description =
-          "Which requiredSystemFeatures should trigger relaxation of the sandbox";
-        default = [ name ];
-      };
-      options.paths = lib.mkOption {
-        type = listOf (oneOf [ path Mount ]);
-        description =
-          "A list of glob patterns, indicating which paths to expose to the sandbox";
-      };
-      options.unsafeFollowSymlinks = lib.mkEnableOption ''
-        Instructs the hook to mount the symlink targets as well, when any of
-        the `paths` contain symlinks. This may not work correctly with glob
-        patterns.
-      '';
-    });
+  Pattern =
+    with lib.types;
+    types.submodule (
+      { config, name, ... }:
+      {
+        options.onFeatures = lib.mkOption {
+          type = listOf types.str;
+          description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
+          default = [ name ];
+        };
+        options.paths = lib.mkOption {
+          type = listOf (oneOf [
+            path
+            Mount
+          ]);
+          description = "A list of glob patterns, indicating which paths to expose to the sandbox";
+        };
+        options.unsafeFollowSymlinks = lib.mkEnableOption ''
+          Instructs the hook to mount the symlink targets as well, when any of
+          the `paths` contain symlinks. This may not work correctly with glob
+          patterns.
+        '';
+      }
+    );

  driverPaths = [
    pkgs.addOpenGLRunpath.driverLink
@ -53,8 +64,7 @@ in
 {
  meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
  options.programs.nix-required-mounts = {
-    enable = lib.mkEnableOption
-      "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
+    enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
    presets.nvidia-gpu.enable = lib.mkEnableOption ''
      Declare the support for derivations that require an Nvidia GPU to be
      available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
@ -64,11 +74,11 @@ in
      You may extend or override the exposed paths via the
      `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
    '';
-    allowedPatterns = with lib.types;
+    allowedPatterns =
+      with lib.types;
      lib.mkOption rec {
        type = attrsOf Pattern;
-        description =
-          "The hook config, describing which paths to mount for which system features";
+        description = "The hook config, describing which paths to mount for which system features";
        default = { };
        defaultText = lib.literalExpression ''
          {
@ -86,28 +96,24 @@ in
    extraWrapperArgs = lib.mkOption {
      type = with lib.types; listOf str;
      default = [ ];
-      description =
-        lib.mdDoc
-          "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
+      description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
    };
    package = lib.mkOption {
      type = lib.types.package;
-      default = package.override {
-        inherit (cfg)
-          allowedPatterns
-          extraWrapperArgs;
-      };
-      description = lib.mdDoc "The final package with the final config applied";
+      default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
+      description = "The final package with the final config applied";
      internal = true;
    };
  };
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    { nix.settings.pre-build-hook = lib.getExe cfg.package; }
-    (lib.mkIf cfg.presets.nvidia-gpu.enable {
-      nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
-      programs.nix-required-mounts.allowedPatterns = {
-        inherit (defaults) nvidia-gpu;
-      };
-    })
-  ]);
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      { nix.settings.pre-build-hook = lib.getExe cfg.package; }
+      (lib.mkIf cfg.presets.nvidia-gpu.enable {
+        nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
+        programs.nix-required-mounts.allowedPatterns = {
+          inherit (defaults) nvidia-gpu;
+        };
+      })
+    ]
+  );
 }
--- a/nixos/tests/nix-required-mounts/default.nix
+++ b/nixos/tests/nix-required-mounts/default.nix
@ -1,6 +1,4 @@
-{ pkgs
-, ...
-}:
+{ pkgs, ... }:

 let
  inherit (pkgs) lib;
@ -9,32 +7,34 @@ in
 {
  name = "nix-required-mounts";
  meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
-  nodes.machine = { config, pkgs, ... }: {
-    virtualisation.writableStore = true;
-    system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];
-    nix.nixPath = [ "nixpkgs=${../../..}" ];
-    nix.settings.substituters = lib.mkForce [ ];
-    nix.settings.system-features = [ "supported-feature" ];
-    nix.settings.experimental-features = [ "nix-command" ];
-    programs.nix-required-mounts.enable = true;
-    programs.nix-required-mounts.allowedPatterns.supported-feature = {
-      onFeatures = [ "supported-feature" ];
-      paths = [
-        "/supported-feature-files"
-        {
-          host = "/usr/lib/imaginary-fhs-drivers";
-          guest = "/run/opengl-driver/lib";
-        }
+  nodes.machine =
+    { config, pkgs, ... }:
+    {
+      virtualisation.writableStore = true;
+      system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];
+      nix.nixPath = [ "nixpkgs=${../../..}" ];
+      nix.settings.substituters = lib.mkForce [ ];
+      nix.settings.system-features = [ "supported-feature" ];
+      nix.settings.experimental-features = [ "nix-command" ];
+      programs.nix-required-mounts.enable = true;
+      programs.nix-required-mounts.allowedPatterns.supported-feature = {
+        onFeatures = [ "supported-feature" ];
+        paths = [
+          "/supported-feature-files"
+          {
+            host = "/usr/lib/imaginary-fhs-drivers";
+            guest = "/run/opengl-driver/lib";
+          }
+        ];
+        unsafeFollowSymlinks = true;
+      };
+      users.users.person.isNormalUser = true;
+      systemd.tmpfiles.rules = [
+        "d /supported-feature-files 0755 person users -"
+        "f /usr/lib/libcuda.so 0444 root root - fakeContent"
+        "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"
      ];
-      unsafeFollowSymlinks = true;
    };
-    users.users.person.isNormalUser = true;
-    systemd.tmpfiles.rules = [
-      "d /supported-feature-files 0755 person users -"
-      "f /usr/lib/libcuda.so 0444 root root - fakeContent"
-      "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"
-    ];
-  };
  testScript = ''
    import shlex

--- a/nixos/tests/nix-required-mounts/ensure-path-not-present.nix
+++ b/nixos/tests/nix-required-mounts/ensure-path-not-present.nix
@ -1,8 +1,9 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
-
-pkgs.runCommandNoCC "${feature}-not-present"
 {
-} ''
+  pkgs ? import <nixpkgs> { },
+  feature,
+}:
+
+pkgs.runCommandNoCC "${feature}-not-present" { } ''
  if [[ -e /${feature}-files ]]; then
    echo "No ${feature} in requiredSystemFeatures, but /${feature}-files was mounted anyway"
    exit 1
@ -10,4 +11,3 @@ pkgs.runCommandNoCC "${feature}-not-present"
    touch $out
  fi
 ''
-
--- a/nixos/tests/nix-required-mounts/test-require-feature.nix
+++ b/nixos/tests/nix-required-mounts/test-require-feature.nix
@ -1,9 +1,9 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
-
-pkgs.runCommandNoCC "${feature}-present"
 {
-  requiredSystemFeatures = [ feature ];
-} ''
+  pkgs ? import <nixpkgs> { },
+  feature,
+}:
+
+pkgs.runCommandNoCC "${feature}-present" { requiredSystemFeatures = [ feature ]; } ''
  if [[ ! -e /${feature}-files ]]; then
    echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
    exit 1
--- a/nixos/tests/nix-required-mounts/test-structured-attrs-empty.nix
+++ b/nixos/tests/nix-required-mounts/test-structured-attrs-empty.nix
@ -1,10 +1,8 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features"
 {
-  __structuredAttrs = true;
-} ''
-  touch $out
-''
-
+  pkgs ? import <nixpkgs> { },
+}:

+pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features" { __structuredAttrs = true; }
+  ''
+    touch $out
+  ''
--- a/nixos/tests/nix-required-mounts/test-structured-attrs.nix
+++ b/nixos/tests/nix-required-mounts/test-structured-attrs.nix
@ -1,15 +1,18 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
+{
+  pkgs ? import <nixpkgs> { },
+  feature,
+}:

 pkgs.runCommandNoCC "${feature}-present-structured"
-{
-  __structuredAttrs = true;
-  requiredSystemFeatures = [ feature ];
-} ''
-  if [[ -e /${feature}-files ]]; then
-    touch $out
-  else
-    echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
-    echo "Do we fail to parse __structuredAttrs=true derivations?" >&2
-  fi
-''
-
+  {
+    __structuredAttrs = true;
+    requiredSystemFeatures = [ feature ];
+  }
+  ''
+    if [[ -e /${feature}-files ]]; then
+      touch $out
+    else
+      echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
+      echo "Do we fail to parse __structuredAttrs=true derivations?" >&2
+    fi
+  ''
--- a/pkgs/applications/misc/blender/gpu-checks.nix
+++ b/pkgs/applications/misc/blender/gpu-checks.nix
@ -8,7 +8,7 @@
 }:

 let
-  blenderWithCuda = blender.override {cudaSupport = true;};
+  blenderWithCuda = blender.override { cudaSupport = true; };
  name = "${blenderWithCuda.name}-check-cuda";
  unwrapped = writeScriptBin "${name}-unwrapped" ''
    #!${lib.getExe bash}
@ -16,14 +16,11 @@ let
  '';
 in
 {
-  cudaAvailable =
-    runCommand name
-      {
-        nativeBuildInputs = [unwrapped];
-        requiredSystemFeatures = ["cuda"];
-        passthru = {
-          inherit unwrapped;
-        };
-      }
-      "${name}-unwrapped && touch $out";
+  cudaAvailable = runCommand name {
+    nativeBuildInputs = [ unwrapped ];
+    requiredSystemFeatures = [ "cuda" ];
+    passthru = {
+      inherit unwrapped;
+    };
+  } "${name}-unwrapped && touch $out";
 }
--- a/pkgs/by-name/ni/nix-required-mounts/closure.nix
+++ b/pkgs/by-name/ni/nix-required-mounts/closure.nix
@ -3,32 +3,35 @@
 # in the sandbox as well. In practice, things seemed to have worked without
 # this as well, but we go with the safe option until we understand why.

-{ lib
-, runCommand
-, python3Packages
-, allowedPatterns
+{
+  lib,
+  runCommand,
+  python3Packages,
+  allowedPatterns,
 }:
 runCommand "allowed-patterns.json"
-{
-  nativeBuildInputs = [ python3Packages.python ];
-  exportReferencesGraph =
-    builtins.concatMap
-      (name:
-        builtins.concatMap
-          (path:
-            let
-              prefix = "${builtins.storeDir}/";
-              # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568
-              exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';
-              isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");
-            in
-            lib.optionals isStorePath [ exportName path ])
-          allowedPatterns.${name}.paths)
-      (builtins.attrNames allowedPatterns);
-  env.storeDir = "${builtins.storeDir}/";
-  shallowConfig = builtins.toJSON allowedPatterns;
-  passAsFile = [ "shallowConfig" ];
-}
+  {
+    nativeBuildInputs = [ python3Packages.python ];
+    exportReferencesGraph = builtins.concatMap (
+      name:
+      builtins.concatMap (
+        path:
+        let
+          prefix = "${builtins.storeDir}/";
+          # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568
+          exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';
+          isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");
+        in
+        lib.optionals isStorePath [
+          exportName
+          path
+        ]
+      ) allowedPatterns.${name}.paths
+    ) (builtins.attrNames allowedPatterns);
+    env.storeDir = "${builtins.storeDir}/";
+    shallowConfig = builtins.toJSON allowedPatterns;
+    passAsFile = [ "shallowConfig" ];
+  }
  ''
    python ${./scripts/nix_required_mounts_closure.py}
  ''
--- a/pkgs/by-name/ni/nix-required-mounts/package.nix
+++ b/pkgs/by-name/ni/nix-required-mounts/package.nix
@ -1,10 +1,16 @@
-{ addOpenGLRunpath
-, cmake
-, allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; }
-, allowedPatterns ? rec {
+{
+  addOpenGLRunpath,
+  cmake,
+  allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; },
+  allowedPatterns ? rec {
    # This config is just an example.
    # When the hook observes either of the following requiredSystemFeatures:
-    nvidia-gpu.onFeatures = [ "gpu" "nvidia-gpu" "opengl" "cuda" ];
+    nvidia-gpu.onFeatures = [
+      "gpu"
+      "nvidia-gpu"
+      "opengl"
+      "cuda"
+    ];
    # It exposes these paths in the sandbox:
    nvidia-gpu.paths = [
      addOpenGLRunpath.driverLink
@ -12,28 +18,26 @@
      "/dev/nvidia*"
    ];
    nvidia-gpu.unsafeFollowSymlinks = true;
-  }
-, buildPackages
-, callPackage
-, extraWrapperArgs ? [ ]
-, formats
-, lib
-, makeWrapper
-, nix
-, nixosTests
-, python3Packages
-, runCommand
+  },
+  buildPackages,
+  callPackage,
+  extraWrapperArgs ? [ ],
+  formats,
+  lib,
+  makeWrapper,
+  nix,
+  nixosTests,
+  python3Packages,
+  runCommand,
 }:

-
 let
  attrs = builtins.fromTOML (builtins.readFile ./pyproject.toml);
  pname = attrs.project.name;
  inherit (attrs.project) version;
 in

-python3Packages.buildPythonApplication
-{
+python3Packages.buildPythonApplication {
  inherit pname version;
  pyproject = true;

--- a/pkgs/development/python-modules/pynvml/test-gpu.nix
+++ b/pkgs/development/python-modules/pynvml/test-gpu.nix
@ -1,23 +1,17 @@
-{ runCommandNoCC
-, python
-}:
+{ runCommandNoCC, python }:

 runCommandNoCC "pynvml-gpu-test"
-{
-  nativeBuildInputs = [
-    (python.withPackages (ps: [ ps.pynvml ]))
-  ];
-  requiredSystemFeatures = [
-    "cuda"
-  ];
-} ''
-  python3 << EOF
-  import pynvml
-  from pynvml.smi import nvidia_smi
+  {
+    nativeBuildInputs = [ (python.withPackages (ps: [ ps.pynvml ])) ];
+    requiredSystemFeatures = [ "cuda" ];
+  }
+  ''
+    python3 << EOF
+    import pynvml
+    from pynvml.smi import nvidia_smi

-  pynvml.nvmlInit()
-  EOF
-
-  touch $out
-''
+    pynvml.nvmlInit()
+    EOF

+    touch $out
+  ''
--- a/pkgs/development/python-modules/torch/gpu-checks.nix
+++ b/pkgs/development/python-modules/torch/gpu-checks.nix
@ -16,7 +16,7 @@ let
    }:
    let
      name = "${torch.name}-${feature}-check";
-      unwrapped = writers.writePython3Bin "${name}-unwrapped" {libraries = [torch];} ''
+      unwrapped = writers.writePython3Bin "${name}-unwrapped" { libraries = [ torch ]; } ''
        import torch
        message = f"{torch.cuda.is_available()=} and {torch.version.${versionAttr}=}"
        assert torch.cuda.is_available() and torch.version.${versionAttr}, message
@ -25,8 +25,8 @@ let
    in
    runCommandNoCC name
      {
-        nativeBuildInputs = [unwrapped];
-        requiredSystemFeatures = [feature];
+        nativeBuildInputs = [ unwrapped ];
+        requiredSystemFeatures = [ feature ];
        passthru = {
          inherit unwrapped;
        };