commit 88d736df69da5ee553928bcfc14f5da62fcac2c4 · pyrox.dev/nixpkgs

nixos/modules/module-list.nix

···

       158
       158
        
         ./programs/bash/ls-colors.nix

     

       159
       159
        
         ./programs/bash/undistract-me.nix

     

       160
       160
        
         ./programs/bcc.nix

     

       161
       161
       +
         ./programs/benchexec.nix

     

       161
       162
        
         ./programs/browserpass.nix

     

       162
       163
        
         ./programs/calls.nix

     

       163
       164
        
         ./programs/captive-browser.nix

+98

nixos/modules/programs/benchexec.nix

···

       1
       1
       +
       { lib

     

       2
       2
       +
       , pkgs

     

       3
       3
       +
       , config

     

       4
       4
       +
       , options

     

       5
       5
       +
       , ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         cfg = config.programs.benchexec;

     

       9
       9
       +
         opt = options.programs.benchexec;

     

       10
       10
       +
       

     

       11
       11
       +
         filterUsers = x:

     

       12
       12
       +
           if builtins.isString x then config.users.users ? ${x} else

     

       13
       13
       +
           if builtins.isInt    x then x                         else

     

       14
       14
       +
           throw "filterUsers expects string (username) or int (UID)";

     

       15
       15
       +
       

     

       16
       16
       +
         uid = x:

     

       17
       17
       +
           if builtins.isString x then config.users.users.${x}.uid else

     

       18
       18
       +
           if builtins.isInt    x then x                           else

     

       19
       19
       +
           throw "uid expects string (username) or int (UID)";

     

       20
       20
       +
       in

     

       21
       21
       +
       {

     

       22
       22
       +
         options.programs.benchexec = {

     

       23
       23
       +
           enable = lib.mkEnableOption "BenchExec";

     

       24
       24
       +
           package = lib.options.mkPackageOption pkgs "benchexec" { };

     

       25
       25
       +
       

     

       26
       26
       +
           users = lib.options.mkOption {

     

       27
       27
       +
             type = with lib.types; listOf (either str int);

     

       28
       28
       +
             description = ''

     

       29
       29
       +
               Users that intend to use BenchExec.

     

       30
       30
       +
               Provide usernames of users that are configured via {option}`${options.users.users}` as string,

     

       31
       31
       +
               and UIDs of "mutable users" as integers.

     

       32
       32
       +
               Control group delegation will be configured via systemd.

     

       33
       33
       +
               For more information, see <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups>.

     

       34
       34
       +
             '';

     

       35
       35
       +
             default = [ ];

     

       36
       36
       +
             example = lib.literalExpression ''

     

       37
       37
       +
               [

     

       38
       38
       +
                 "alice" # username of a user configured via ${options.users.users}

     

       39
       39
       +
                 1007    # UID of a mutable user

     

       40
       40
       +
               ]

     

       41
       41
       +
             '';

     

       42
       42
       +
           };

     

       43
       43
       +
         };

     

       44
       44
       +
       

     

       45
       45
       +
         config = lib.mkIf cfg.enable {

     

       46
       46
       +
           assertions = (map

     

       47
       47
       +
             (user: {

     

       48
       48
       +
               assertion = config.users.users ? ${user};

     

       49
       49
       +
               message = ''

     

       50
       50
       +
                 The user '${user}' intends to use BenchExec (via `${opt.users}`), but is not configured via `${options.users.users}`.

     

       51
       51
       +
               '';

     

       52
       52
       +
             })

     

       53
       53
       +
             (builtins.filter builtins.isString cfg.users)

     

       54
       54
       +
           ) ++ (map

     

       55
       55
       +
             (id: {

     

       56
       56
       +
               assertion = config.users.mutableUsers;

     

       57
       57
       +
               message = ''

     

       58
       58
       +
                 The user with UID '${id}' intends to use BenchExec (via `${opt.users}`), but mutable users are disabled via `${options.users.mutableUsers}`.

     

       59
       59
       +
               '';

     

       60
       60
       +
             })

     

       61
       61
       +
             (builtins.filter builtins.isInt cfg.users)

     

       62
       62
       +
           ) ++ [

     

       63
       63
       +
             {

     

       64
       64
       +
               assertion = config.systemd.enableUnifiedCgroupHierarchy == true;

     

       65
       65
       +
               message = ''

     

       66
       66
       +
                 The BenchExec module `${opt.enable}` only supports control groups 2 (`${options.systemd.enableUnifiedCgroupHierarchy} = true`).

     

       67
       67
       +
               '';

     

       68
       68
       +
             }

     

       69
       69
       +
           ];

     

       70
       70
       +
       

     

       71
       71
       +
           environment.systemPackages = [ cfg.package ];

     

       72
       72
       +
       

     

       73
       73
       +
           # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups>.

     

       74
       74
       +
           systemd.services = builtins.listToAttrs (map

     

       75
       75
       +
             (user: {

     

       76
       76
       +
               name = "user@${builtins.toString (uid user)}";

     

       77
       77
       +
               value = {

     

       78
       78
       +
                 serviceConfig.Delegate = "yes";

     

       79
       79
       +
                 overrideStrategy = "asDropin";

     

       80
       80
       +
               };

     

       81
       81
       +
             })

     

       82
       82
       +
             (builtins.filter filterUsers cfg.users));

     

       83
       83
       +
       

     

       84
       84
       +
           # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#requirements>.

     

       85
       85
       +
           virtualisation.lxc.lxcfs.enable = lib.mkDefault true;

     

       86
       86
       +
       

     

       87
       87
       +
           # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#requirements>.

     

       88
       88
       +
           programs = {

     

       89
       89
       +
             cpu-energy-meter.enable = lib.mkDefault true;

     

       90
       90
       +
             pqos-wrapper.enable = lib.mkDefault true;

     

       91
       91
       +
           };

     

       92
       92
       +
       

     

       93
       93
       +
           # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#kernel-requirements>.

     

       94
       94
       +
           security.unprivilegedUsernsClone = true;

     

       95
       95
       +
         };

     

       96
       96
       +
       

     

       97
       97
       +
         meta.maintainers = with lib.maintainers; [ lorenzleutgeb ];

     

       98
       98
       +
       }

nixos/tests/all-tests.nix

···

       144
       144
        
         bcachefs = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bcachefs.nix {};

     

       145
       145
        
         beanstalkd = handleTest ./beanstalkd.nix {};

     

       146
       146
        
         bees = handleTest ./bees.nix {};

     

       147
       147
       +
         benchexec = handleTest ./benchexec.nix {};

     

       147
       148
        
         binary-cache = handleTest ./binary-cache.nix {};

     

       148
       149
        
         bind = handleTest ./bind.nix {};

     

       149
       150
        
         bird = handleTest ./bird.nix {};

+54

nixos/tests/benchexec.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ pkgs, lib, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         user = "alice";

     

       4
       4
       +
       in

     

       5
       5
       +
       {

     

       6
       6
       +
         name = "benchexec";

     

       7
       7
       +
       

     

       8
       8
       +
         nodes.benchexec = {

     

       9
       9
       +
           imports = [ ./common/user-account.nix ];

     

       10
       10
       +
       

     

       11
       11
       +
           programs.benchexec = {

     

       12
       12
       +
             enable = true;

     

       13
       13
       +
             users = [ user ];

     

       14
       14
       +
           };

     

       15
       15
       +
         };

     

       16
       16
       +
       

     

       17
       17
       +
         testScript = { ... }:

     

       18
       18
       +
           let

     

       19
       19
       +
             runexec = lib.getExe' pkgs.benchexec "runexec";

     

       20
       20
       +
             echo = builtins.toString pkgs.benchexec;

     

       21
       21
       +
             test = lib.getExe (pkgs.writeShellApplication rec {

     

       22
       22
       +
               name = "test";

     

       23
       23
       +
               meta.mainProgram = name;

     

       24
       24
       +
               text = "echo '${echo}'";

     

       25
       25
       +
             });

     

       26
       26
       +
             wd = "/tmp";

     

       27
       27
       +
             stdout = "${wd}/runexec.out";

     

       28
       28
       +
             stderr = "${wd}/runexec.err";

     

       29
       29
       +
           in

     

       30
       30
       +
           ''

     

       31
       31
       +
             start_all()

     

       32
       32
       +
             machine.wait_for_unit("multi-user.target")

     

       33
       33
       +
             benchexec.succeed(''''\

     

       34
       34
       +
                 systemd-run \

     

       35
       35
       +
                   --property='StandardOutput=file:${stdout}' \

     

       36
       36
       +
                   --property='StandardError=file:${stderr}' \

     

       37
       37
       +
                   --unit=runexec --wait --user --machine='${user}@' \

     

       38
       38
       +
                   --working-directory ${wd} \

     

       39
       39
       +
                 '${runexec}' \

     

       40
       40
       +
                   --debug \

     

       41
       41
       +
                   --read-only-dir / \

     

       42
       42
       +
                   --hidden-dir /home \

     

       43
       43
       +
                   '${test}' \

     

       44
       44
       +
             '''')

     

       45
       45
       +
             benchexec.succeed("grep -s '${echo}' ${wd}/output.log")

     

       46
       46
       +
             benchexec.succeed("test \"$(grep -Ec '((start|wall|cpu)time|memory)=' ${stdout})\" = 4")

     

       47
       47
       +
             benchexec.succeed("! grep -E '(WARNING|ERROR)' ${stderr}")

     

       48
       48
       +
           '';

     

       49
       49
       +
       

     

       50
       50
       +
         interactive.nodes.benchexec.services.kmscon = {

     

       51
       51
       +
           enable = true;

     

       52
       52
       +
           fonts = [{ name = "Fira Code"; package = pkgs.fira-code; }];

     

       53
       53
       +
         };

     

       54
       54
       +
       })