pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / nix-required-mounts.nix
at master 4.0 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.programs.nix-required-mounts; 10 package = pkgs.nix-required-mounts; 11 12 Mount = 13 with lib; 14 types.submodule { 15 options.host = mkOption { 16 type = types.str; 17 description = "Host path to mount"; 18 }; 19 options.guest = mkOption { 20 type = types.str; 21 description = "Location in the sandbox to mount the host path at"; 22 }; 23 }; 24 Pattern = 25 with lib.types; 26 types.submodule ( 27 { config, name, ... }: 28 { 29 options.onFeatures = lib.mkOption { 30 type = listOf types.str; 31 description = "Which requiredSystemFeatures should trigger relaxation of the sandbox"; 32 default = [ name ]; 33 }; 34 options.paths = lib.mkOption { 35 type = listOf (oneOf [ 36 path 37 Mount 38 ]); 39 description = "A list of glob patterns, indicating which paths to expose to the sandbox"; 40 }; 41 options.unsafeFollowSymlinks = lib.mkEnableOption '' 42 Instructs the hook to mount the symlink targets as well, when any of 43 the `paths` contain symlinks. This may not work correctly with glob 44 patterns. 45 ''; 46 } 47 ); 48 49 driverPaths = [ 50 # opengl: 51 # NOTE: Since driverLink is just a symlink, we need to include its target as well. 52 pkgs.addDriverRunpath.driverLink 53 config.systemd.tmpfiles.settings.graphics-driver."/run/opengl-driver"."L+".argument 54 55 # mesa: 56 config.hardware.graphics.package 57 58 # nvidia_x11, etc: 59 ] 60 ++ config.hardware.graphics.extraPackages; # nvidia_x11 61 62 defaults = { 63 nvidia-gpu.onFeatures = package.allowedPatterns.nvidia-gpu.onFeatures; 64 nvidia-gpu.paths = package.allowedPatterns.nvidia-gpu.paths ++ driverPaths; 65 nvidia-gpu.unsafeFollowSymlinks = false; 66 }; 67in 68{ 69 meta.maintainers = with lib.maintainers; [ SomeoneSerge ]; 70 options.programs.nix-required-mounts = { 71 enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures"; 72 presets.nvidia-gpu.enable = lib.mkEnableOption '' 73 Declare the support for derivations that require an Nvidia GPU to be 74 available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`. 75 This mounts the corresponding userspace drivers and device nodes in the 76 sandbox, but only for derivations that request these special features. 77 78 You may extend or override the exposed paths via the 79 `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option. 80 ''; 81 allowedPatterns = 82 with lib.types; 83 lib.mkOption rec { 84 type = attrsOf Pattern; 85 description = "The hook config, describing which paths to mount for which system features"; 86 default = { }; 87 defaultText = lib.literalExpression '' 88 { 89 opengl.paths = config.hardware.graphics.extraPackages ++ [ 90 config.graphics.opengl.package 91 pkgs.addDriverRunpath.driverLink 92 "/dev/dri" 93 ]; 94 } 95 ''; 96 example.require-ipfs.paths = [ "/ipfs" ]; 97 example.require-ipfs.onFeatures = [ "ipfs" ]; 98 }; 99 extraWrapperArgs = lib.mkOption { 100 type = with lib.types; listOf str; 101 default = [ ]; 102 description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper"; 103 }; 104 package = lib.mkOption { 105 type = lib.types.package; 106 default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; }; 107 description = "The final package with the final config applied"; 108 internal = true; 109 }; 110 }; 111 config = lib.mkIf cfg.enable ( 112 lib.mkMerge [ 113 { nix.settings.pre-build-hook = lib.getExe cfg.package; } 114 (lib.mkIf cfg.presets.nvidia-gpu.enable { 115 nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures; 116 programs.nix-required-mounts.allowedPatterns = { 117 inherit (defaults) nvidia-gpu; 118 }; 119 }) 120 ] 121 ); 122}