pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / nix-required-mounts.nix
at 25.11-pre 3.8 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.programs.nix-required-mounts; 10 package = pkgs.nix-required-mounts; 11 12 Mount = 13 with lib; 14 types.submodule { 15 options.host = mkOption { 16 type = types.str; 17 description = "Host path to mount"; 18 }; 19 options.guest = mkOption { 20 type = types.str; 21 description = "Location in the sandbox to mount the host path at"; 22 }; 23 }; 24 Pattern = 25 with lib.types; 26 types.submodule ( 27 { config, name, ... }: 28 { 29 options.onFeatures = lib.mkOption { 30 type = listOf types.str; 31 description = "Which requiredSystemFeatures should trigger relaxation of the sandbox"; 32 default = [ name ]; 33 }; 34 options.paths = lib.mkOption { 35 type = listOf (oneOf [ 36 path 37 Mount 38 ]); 39 description = "A list of glob patterns, indicating which paths to expose to the sandbox"; 40 }; 41 options.unsafeFollowSymlinks = lib.mkEnableOption '' 42 Instructs the hook to mount the symlink targets as well, when any of 43 the `paths` contain symlinks. This may not work correctly with glob 44 patterns. 45 ''; 46 } 47 ); 48 49 driverPaths = [ 50 pkgs.addDriverRunpath.driverLink 51 52 # mesa: 53 config.hardware.graphics.package 54 55 # nvidia_x11, etc: 56 ] ++ config.hardware.graphics.extraPackages; # nvidia_x11 57 58 defaults = { 59 nvidia-gpu.onFeatures = package.allowedPatterns.nvidia-gpu.onFeatures; 60 nvidia-gpu.paths = package.allowedPatterns.nvidia-gpu.paths ++ driverPaths; 61 nvidia-gpu.unsafeFollowSymlinks = false; 62 }; 63in 64{ 65 meta.maintainers = with lib.maintainers; [ SomeoneSerge ]; 66 options.programs.nix-required-mounts = { 67 enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures"; 68 presets.nvidia-gpu.enable = lib.mkEnableOption '' 69 Declare the support for derivations that require an Nvidia GPU to be 70 available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`. 71 This mounts the corresponding userspace drivers and device nodes in the 72 sandbox, but only for derivations that request these special features. 73 74 You may extend or override the exposed paths via the 75 `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option. 76 ''; 77 allowedPatterns = 78 with lib.types; 79 lib.mkOption rec { 80 type = attrsOf Pattern; 81 description = "The hook config, describing which paths to mount for which system features"; 82 default = { }; 83 defaultText = lib.literalExpression '' 84 { 85 opengl.paths = config.hardware.graphics.extraPackages ++ [ 86 config.graphics.opengl.package 87 pkgs.addDriverRunpath.driverLink 88 "/dev/dri" 89 ]; 90 } 91 ''; 92 example.require-ipfs.paths = [ "/ipfs" ]; 93 example.require-ipfs.onFeatures = [ "ifps" ]; 94 }; 95 extraWrapperArgs = lib.mkOption { 96 type = with lib.types; listOf str; 97 default = [ ]; 98 description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper"; 99 }; 100 package = lib.mkOption { 101 type = lib.types.package; 102 default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; }; 103 description = "The final package with the final config applied"; 104 internal = true; 105 }; 106 }; 107 config = lib.mkIf cfg.enable ( 108 lib.mkMerge [ 109 { nix.settings.pre-build-hook = lib.getExe cfg.package; } 110 (lib.mkIf cfg.presets.nvidia-gpu.enable { 111 nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures; 112 programs.nix-required-mounts.allowedPatterns = { 113 inherit (defaults) nvidia-gpu; 114 }; 115 }) 116 ] 117 ); 118}