nixos/modules/programs/singularity.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / singularity.nix
at 23.11-pre 3.1 kB view raw
 1{ config, pkgs, lib, ... }:
 2
 3with lib;
 4let
 5  cfg = config.programs.singularity;
 6in
 7{
 8
 9  options.programs.singularity = {
10    enable = mkEnableOption (mdDoc "singularity") // {
11      description = mdDoc ''
12        Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
13      '';
14    };
15    package = mkOption {
16      type = types.package;
17      default = pkgs.singularity;
18      defaultText = literalExpression "pkgs.singularity";
19      example = literalExpression "pkgs.apptainer";
20      description = mdDoc ''
21        Singularity/Apptainer package to override and install.
22      '';
23    };
24    packageOverriden = mkOption {
25      type = types.nullOr types.package;
26      default = null;
27      description = mdDoc ''
28        This option provides access to the overridden result of `programs.singularity.package`.
29
30        For example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`:
31        ```Nix
32        { config, lib, pkgs, ... }:
33        {
34          nixpkgs.overlays = [
35            (final: prev: {
36              _singularity-orig = prev.singularity;
37              singularity = config.programs.singularity.packageOverriden;
38            })
39          ];
40          programs.singularity.enable = true;
41          programs.singularity.package = pkgs._singularity-orig;
42        }
43        ```
44
45        Use `lib.mkForce` to forcefully specify the overridden package.
46      '';
47    };
48    enableFakeroot = mkOption {
49      type = types.bool;
50      default = true;
51      example = false;
52      description = mdDoc ''
53        Whether to enable the `--fakeroot` support of Singularity/Apptainer.
54      '';
55    };
56    enableSuid = mkOption {
57      type = types.bool;
58      default = true;
59      example = false;
60      description = mdDoc ''
61        Whether to enable the SUID support of Singularity/Apptainer.
62      '';
63    };
64  };
65
66  config = mkIf cfg.enable {
67    programs.singularity.packageOverriden = (cfg.package.override (
68      optionalAttrs cfg.enableFakeroot {
69        newuidmapPath = "/run/wrappers/bin/newuidmap";
70        newgidmapPath = "/run/wrappers/bin/newgidmap";
71      } // optionalAttrs cfg.enableSuid {
72        enableSuid = true;
73        starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
74      }
75    ));
76    environment.systemPackages = [ cfg.packageOverriden ];
77    security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
78      setuid = true;
79      owner = "root";
80      group = "root";
81      source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig";
82    };
83    systemd.tmpfiles.rules = [
84      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
85      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -"
86      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -"
87      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -"
88      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -"
89    ];
90  };
91
92}