···

       
1
       
1
       
-
       
{ config, lib, pkgs, ... }:

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  config,

     

       
3
       
3
       
+
       
  lib,

     

       
4
       
4
       
+
       
  pkgs,

     

       
5
       
5
       
+
       
  ...

     

       
6
       
6
       
+
       
}:

     

       
2
       
7
       
 
       


     

       
3
       
8
       
 
       
let

     

       
4
       
9
       
 
       
  cfg = config.programs.nix-required-mounts;

     

       
5
       
10
       
 
       
  package = pkgs.nix-required-mounts;

     

       
6
       
11
       
 
       


     

       
7
       
7
       
-
       
  Mount = with lib;

     

       
12
       
12
       
+
       
  Mount =

     

       
13
       
13
       
+
       
    with lib;

     

       
8
       
14
       
 
       
    types.submodule {

     

       
9
       
15
       
 
       
      options.host = mkOption {

     

       
10
       
16
       
 
       
        type = types.str;

     
···

       
15
       
21
       
 
       
        description = "Location in the sandbox to mount the host path at";

     

       
16
       
22
       
 
       
      };

     

       
17
       
23
       
 
       
    };

     

       
18
       
18
       
-
       
  Pattern = with lib.types;

     

       
19
       
19
       
-
       
    types.submodule ({ config, name, ... }: {

     

       
20
       
20
       
-
       
      options.onFeatures = lib.mkOption {

     

       
21
       
21
       
-
       
        type = listOf types.str;

     

       
22
       
22
       
-
       
        description =

     

       
23
       
23
       
-
       
          "Which requiredSystemFeatures should trigger relaxation of the sandbox";

     

       
24
       
24
       
-
       
        default = [ name ];

     

       
25
       
25
       
-
       
      };

     

       
26
       
26
       
-
       
      options.paths = lib.mkOption {

     

       
27
       
27
       
-
       
        type = listOf (oneOf [ path Mount ]);

     

       
28
       
28
       
-
       
        description =

     

       
29
       
29
       
-
       
          "A list of glob patterns, indicating which paths to expose to the sandbox";

     

       
30
       
30
       
-
       
      };

     

       
31
       
31
       
-
       
      options.unsafeFollowSymlinks = lib.mkEnableOption ''

     

       
32
       
32
       
-
       
        Instructs the hook to mount the symlink targets as well, when any of

     

       
33
       
33
       
-
       
        the `paths` contain symlinks. This may not work correctly with glob

     

       
34
       
34
       
-
       
        patterns.

     

       
35
       
35
       
-
       
      '';

     

       
36
       
36
       
-
       
    });

     

       
24
       
24
       
+
       
  Pattern =

     

       
25
       
25
       
+
       
    with lib.types;

     

       
26
       
26
       
+
       
    types.submodule (

     

       
27
       
27
       
+
       
      { config, name, ... }:

     

       
28
       
28
       
+
       
      {

     

       
29
       
29
       
+
       
        options.onFeatures = lib.mkOption {

     

       
30
       
30
       
+
       
          type = listOf types.str;

     

       
31
       
31
       
+
       
          description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";

     

       
32
       
32
       
+
       
          default = [ name ];

     

       
33
       
33
       
+
       
        };

     

       
34
       
34
       
+
       
        options.paths = lib.mkOption {

     

       
35
       
35
       
+
       
          type = listOf (oneOf [

     

       
36
       
36
       
+
       
            path

     

       
37
       
37
       
+
       
            Mount

     

       
38
       
38
       
+
       
          ]);

     

       
39
       
39
       
+
       
          description = "A list of glob patterns, indicating which paths to expose to the sandbox";

     

       
40
       
40
       
+
       
        };

     

       
41
       
41
       
+
       
        options.unsafeFollowSymlinks = lib.mkEnableOption ''

     

       
42
       
42
       
+
       
          Instructs the hook to mount the symlink targets as well, when any of

     

       
43
       
43
       
+
       
          the `paths` contain symlinks. This may not work correctly with glob

     

       
44
       
44
       
+
       
          patterns.

     

       
45
       
45
       
+
       
        '';

     

       
46
       
46
       
+
       
      }

     

       
47
       
47
       
+
       
    );

     

       
37
       
48
       
 
       


     

       
38
       
49
       
 
       
  driverPaths = [

     

       
39
       
50
       
 
       
    pkgs.addOpenGLRunpath.driverLink

     
···

       
53
       
64
       
 
       
{

     

       
54
       
65
       
 
       
  meta.maintainers = with lib.maintainers; [ SomeoneSerge ];

     

       
55
       
66
       
 
       
  options.programs.nix-required-mounts = {

     

       
56
       
56
       
-
       
    enable = lib.mkEnableOption

     

       
57
       
57
       
-
       
      "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";

     

       
67
       
67
       
+
       
    enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";

     

       
58
       
68
       
 
       
    presets.nvidia-gpu.enable = lib.mkEnableOption ''

     

       
59
       
69
       
 
       
      Declare the support for derivations that require an Nvidia GPU to be

     

       
60
       
70
       
 
       
      available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.

     
···

       
64
       
74
       
 
       
      You may extend or override the exposed paths via the

     

       
65
       
75
       
 
       
      `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.

     

       
66
       
76
       
 
       
    '';

     

       
67
       
67
       
-
       
    allowedPatterns = with lib.types;

     

       
77
       
77
       
+
       
    allowedPatterns =

     

       
78
       
78
       
+
       
      with lib.types;

     

       
68
       
79
       
 
       
      lib.mkOption rec {

     

       
69
       
80
       
 
       
        type = attrsOf Pattern;

     

       
70
       
70
       
-
       
        description =

     

       
71
       
71
       
-
       
          "The hook config, describing which paths to mount for which system features";

     

       
81
       
81
       
+
       
        description = "The hook config, describing which paths to mount for which system features";

     

       
72
       
82
       
 
       
        default = { };

     

       
73
       
83
       
 
       
        defaultText = lib.literalExpression ''

     

       
74
       
84
       
 
       
          {

     
···

       
86
       
96
       
 
       
    extraWrapperArgs = lib.mkOption {

     

       
87
       
97
       
 
       
      type = with lib.types; listOf str;

     

       
88
       
98
       
 
       
      default = [ ];

     

       
89
       
89
       
-
       
      description =

     

       
90
       
90
       
-
       
        lib.mdDoc

     

       
91
       
91
       
-
       
          "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";

     

       
99
       
99
       
+
       
      description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";

     

       
92
       
100
       
 
       
    };

     

       
93
       
101
       
 
       
    package = lib.mkOption {

     

       
94
       
102
       
 
       
      type = lib.types.package;

     

       
95
       
95
       
-
       
      default = package.override {

     

       
96
       
96
       
-
       
        inherit (cfg)

     

       
97
       
97
       
-
       
          allowedPatterns

     

       
98
       
98
       
-
       
          extraWrapperArgs;

     

       
99
       
99
       
-
       
      };

     

       
100
       
100
       
-
       
      description = lib.mdDoc "The final package with the final config applied";

     

       
103
       
103
       
+
       
      default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };

     

       
104
       
104
       
+
       
      description = "The final package with the final config applied";

     

       
101
       
105
       
 
       
      internal = true;

     

       
102
       
106
       
 
       
    };

     

       
103
       
107
       
 
       
  };

     

       
104
       
104
       
-
       
  config = lib.mkIf cfg.enable (lib.mkMerge [

     

       
105
       
105
       
-
       
    { nix.settings.pre-build-hook = lib.getExe cfg.package; }

     

       
106
       
106
       
-
       
    (lib.mkIf cfg.presets.nvidia-gpu.enable {

     

       
107
       
107
       
-
       
      nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;

     

       
108
       
108
       
-
       
      programs.nix-required-mounts.allowedPatterns = {

     

       
109
       
109
       
-
       
        inherit (defaults) nvidia-gpu;

     

       
110
       
110
       
-
       
      };

     

       
111
       
111
       
-
       
    })

     

       
112
       
112
       
-
       
  ]);

     

       
108
       
108
       
+
       
  config = lib.mkIf cfg.enable (

     

       
109
       
109
       
+
       
    lib.mkMerge [

     

       
110
       
110
       
+
       
      { nix.settings.pre-build-hook = lib.getExe cfg.package; }

     

       
111
       
111
       
+
       
      (lib.mkIf cfg.presets.nvidia-gpu.enable {

     

       
112
       
112
       
+
       
        nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;

     

       
113
       
113
       
+
       
        programs.nix-required-mounts.allowedPatterns = {

     

       
114
       
114
       
+
       
          inherit (defaults) nvidia-gpu;

     

       
115
       
115
       
+
       
        };

     

       
116
       
116
       
+
       
      })

     

       
117
       
117
       
+
       
    ]

     

       
118
       
118
       
+
       
  );

     

       
113
       
119
       
 
       
}

     

···

       
1
       
1
       
-
       
{ pkgs

     

       
2
       
2
       
-
       
, ...

     

       
3
       
3
       
-
       
}:

     

       
1
       
1
       
+
       
{ pkgs, ... }:

     

       
4
       
2
       
 
       


     

       
5
       
3
       
 
       
let

     

       
6
       
4
       
 
       
  inherit (pkgs) lib;

     
···

       
9
       
7
       
 
       
{

     

       
10
       
8
       
 
       
  name = "nix-required-mounts";

     

       
11
       
9
       
 
       
  meta.maintainers = with lib.maintainers; [ SomeoneSerge ];

     

       
12
       
12
       
-
       
  nodes.machine = { config, pkgs, ... }: {

     

       
13
       
13
       
-
       
    virtualisation.writableStore = true;

     

       
14
       
14
       
-
       
    system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];

     

       
15
       
15
       
-
       
    nix.nixPath = [ "nixpkgs=${../../..}" ];

     

       
16
       
16
       
-
       
    nix.settings.substituters = lib.mkForce [ ];

     

       
17
       
17
       
-
       
    nix.settings.system-features = [ "supported-feature" ];

     

       
18
       
18
       
-
       
    nix.settings.experimental-features = [ "nix-command" ];

     

       
19
       
19
       
-
       
    programs.nix-required-mounts.enable = true;

     

       
20
       
20
       
-
       
    programs.nix-required-mounts.allowedPatterns.supported-feature = {

     

       
21
       
21
       
-
       
      onFeatures = [ "supported-feature" ];

     

       
22
       
22
       
-
       
      paths = [

     

       
23
       
23
       
-
       
        "/supported-feature-files"

     

       
24
       
24
       
-
       
        {

     

       
25
       
25
       
-
       
          host = "/usr/lib/imaginary-fhs-drivers";

     

       
26
       
26
       
-
       
          guest = "/run/opengl-driver/lib";

     

       
27
       
27
       
-
       
        }

     

       
10
       
10
       
+
       
  nodes.machine =

     

       
11
       
11
       
+
       
    { config, pkgs, ... }:

     

       
12
       
12
       
+
       
    {

     

       
13
       
13
       
+
       
      virtualisation.writableStore = true;

     

       
14
       
14
       
+
       
      system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];

     

       
15
       
15
       
+
       
      nix.nixPath = [ "nixpkgs=${../../..}" ];

     

       
16
       
16
       
+
       
      nix.settings.substituters = lib.mkForce [ ];

     

       
17
       
17
       
+
       
      nix.settings.system-features = [ "supported-feature" ];

     

       
18
       
18
       
+
       
      nix.settings.experimental-features = [ "nix-command" ];

     

       
19
       
19
       
+
       
      programs.nix-required-mounts.enable = true;

     

       
20
       
20
       
+
       
      programs.nix-required-mounts.allowedPatterns.supported-feature = {

     

       
21
       
21
       
+
       
        onFeatures = [ "supported-feature" ];

     

       
22
       
22
       
+
       
        paths = [

     

       
23
       
23
       
+
       
          "/supported-feature-files"

     

       
24
       
24
       
+
       
          {

     

       
25
       
25
       
+
       
            host = "/usr/lib/imaginary-fhs-drivers";

     

       
26
       
26
       
+
       
            guest = "/run/opengl-driver/lib";

     

       
27
       
27
       
+
       
          }

     

       
28
       
28
       
+
       
        ];

     

       
29
       
29
       
+
       
        unsafeFollowSymlinks = true;

     

       
30
       
30
       
+
       
      };

     

       
31
       
31
       
+
       
      users.users.person.isNormalUser = true;

     

       
32
       
32
       
+
       
      systemd.tmpfiles.rules = [

     

       
33
       
33
       
+
       
        "d /supported-feature-files 0755 person users -"

     

       
34
       
34
       
+
       
        "f /usr/lib/libcuda.so 0444 root root - fakeContent"

     

       
35
       
35
       
+
       
        "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"

     

       
28
       
36
       
 
       
      ];

     

       
29
       
29
       
-
       
      unsafeFollowSymlinks = true;

     

       
30
       
37
       
 
       
    };

     

       
31
       
31
       
-
       
    users.users.person.isNormalUser = true;

     

       
32
       
32
       
-
       
    systemd.tmpfiles.rules = [

     

       
33
       
33
       
-
       
      "d /supported-feature-files 0755 person users -"

     

       
34
       
34
       
-
       
      "f /usr/lib/libcuda.so 0444 root root - fakeContent"

     

       
35
       
35
       
-
       
      "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"

     

       
36
       
36
       
-
       
    ];

     

       
37
       
37
       
-
       
  };

     

       
38
       
38
       
 
       
  testScript = ''

     

       
39
       
39
       
 
       
    import shlex

     

       
40
       
40
       
 
       


     

···

       
1
       
1
       
-
       
{ pkgs ? import <nixpkgs> { }, feature }:

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  pkgs ? import <nixpkgs> { },

     

       
3
       
3
       
+
       
  feature,

     

       
4
       
4
       
+
       
}:

     

       
2
       
5
       
 
       


     

       
3
       
3
       
-
       
pkgs.runCommandNoCC "${feature}-not-present"

     

       
4
       
4
       
-
       
{

     

       
5
       
5
       
-
       
} ''

     

       
6
       
6
       
+
       
pkgs.runCommandNoCC "${feature}-not-present" { } ''

     

       
6
       
7
       
 
       
  if [[ -e /${feature}-files ]]; then

     

       
7
       
8
       
 
       
    echo "No ${feature} in requiredSystemFeatures, but /${feature}-files was mounted anyway"

     

       
8
       
9
       
 
       
    exit 1

     
···

       
10
       
11
       
 
       
    touch $out

     

       
11
       
12
       
 
       
  fi

     

       
12
       
13
       
 
       
''

     

       
13
       
13
       
-
       


     

···

       
1
       
1
       
-
       
{ pkgs ? import <nixpkgs> { }, feature }:

     

       
2
       
2
       
-
       


     

       
3
       
3
       
-
       
pkgs.runCommandNoCC "${feature}-present"

     

       
4
       
1
       
 
       
{

     

       
5
       
5
       
-
       
  requiredSystemFeatures = [ feature ];

     

       
6
       
6
       
-
       
} ''

     

       
2
       
2
       
+
       
  pkgs ? import <nixpkgs> { },

     

       
3
       
3
       
+
       
  feature,

     

       
4
       
4
       
+
       
}:

     

       
5
       
5
       
+
       


     

       
6
       
6
       
+
       
pkgs.runCommandNoCC "${feature}-present" { requiredSystemFeatures = [ feature ]; } ''

     

       
7
       
7
       
 
       
  if [[ ! -e /${feature}-files ]]; then

     

       
8
       
8
       
 
       
    echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2

     

       
9
       
9
       
 
       
    exit 1

     

···

       
1
       
1
       
-
       
{ pkgs ? import <nixpkgs> { } }:

     

       
2
       
2
       
-
       


     

       
3
       
3
       
-
       
pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features"

     

       
4
       
1
       
 
       
{

     

       
5
       
5
       
-
       
  __structuredAttrs = true;

     

       
6
       
6
       
-
       
} ''

     

       
7
       
7
       
-
       
  touch $out

     

       
8
       
8
       
-
       
''

     

       
2
       
2
       
+
       
  pkgs ? import <nixpkgs> { },

     

       
3
       
3
       
+
       
}:

     

       
9
       
4
       
 
       


     

       
10
       
10
       
-
       


     

       
5
       
5
       
+
       
pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features" { __structuredAttrs = true; }

     

       
6
       
6
       
+
       
  ''

     

       
7
       
7
       
+
       
    touch $out

     

       
8
       
8
       
+
       
  ''

     

···

       
1
       
1
       
-
       
{ pkgs ? import <nixpkgs> { }, feature }:

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  pkgs ? import <nixpkgs> { },

     

       
3
       
3
       
+
       
  feature,

     

       
4
       
4
       
+
       
}:

     

       
2
       
5
       
 
       


     

       
3
       
6
       
 
       
pkgs.runCommandNoCC "${feature}-present-structured"

     

       
4
       
4
       
-
       
{

     

       
5
       
5
       
-
       
  __structuredAttrs = true;

     

       
6
       
6
       
-
       
  requiredSystemFeatures = [ feature ];

     

       
7
       
7
       
-
       
} ''

     

       
8
       
8
       
-
       
  if [[ -e /${feature}-files ]]; then

     

       
9
       
9
       
-
       
    touch $out

     

       
10
       
10
       
-
       
  else

     

       
11
       
11
       
-
       
    echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2

     

       
12
       
12
       
-
       
    echo "Do we fail to parse __structuredAttrs=true derivations?" >&2

     

       
13
       
13
       
-
       
  fi

     

       
14
       
14
       
-
       
''

     

       
15
       
15
       
-
       


     

       
7
       
7
       
+
       
  {

     

       
8
       
8
       
+
       
    __structuredAttrs = true;

     

       
9
       
9
       
+
       
    requiredSystemFeatures = [ feature ];

     

       
10
       
10
       
+
       
  }

     

       
11
       
11
       
+
       
  ''

     

       
12
       
12
       
+
       
    if [[ -e /${feature}-files ]]; then

     

       
13
       
13
       
+
       
      touch $out

     

       
14
       
14
       
+
       
    else

     

       
15
       
15
       
+
       
      echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2

     

       
16
       
16
       
+
       
      echo "Do we fail to parse __structuredAttrs=true derivations?" >&2

     

       
17
       
17
       
+
       
    fi

     

       
18
       
18
       
+
       
  ''

     

···

       
8
       
8
       
 
       
}:

     

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
let

     

       
11
       
11
       
-
       
  blenderWithCuda = blender.override {cudaSupport = true;};

     

       
11
       
11
       
+
       
  blenderWithCuda = blender.override { cudaSupport = true; };

     

       
12
       
12
       
 
       
  name = "${blenderWithCuda.name}-check-cuda";

     

       
13
       
13
       
 
       
  unwrapped = writeScriptBin "${name}-unwrapped" ''

     

       
14
       
14
       
 
       
    #!${lib.getExe bash}

     
···

       
16
       
16
       
 
       
  '';

     

       
17
       
17
       
 
       
in

     

       
18
       
18
       
 
       
{

     

       
19
       
19
       
-
       
  cudaAvailable =

     

       
20
       
20
       
-
       
    runCommand name

     

       
21
       
21
       
-
       
      {

     

       
22
       
22
       
-
       
        nativeBuildInputs = [unwrapped];

     

       
23
       
23
       
-
       
        requiredSystemFeatures = ["cuda"];

     

       
24
       
24
       
-
       
        passthru = {

     

       
25
       
25
       
-
       
          inherit unwrapped;

     

       
26
       
26
       
-
       
        };

     

       
27
       
27
       
-
       
      }

     

       
28
       
28
       
-
       
      "${name}-unwrapped && touch $out";

     

       
19
       
19
       
+
       
  cudaAvailable = runCommand name {

     

       
20
       
20
       
+
       
    nativeBuildInputs = [ unwrapped ];

     

       
21
       
21
       
+
       
    requiredSystemFeatures = [ "cuda" ];

     

       
22
       
22
       
+
       
    passthru = {

     

       
23
       
23
       
+
       
      inherit unwrapped;

     

       
24
       
24
       
+
       
    };

     

       
25
       
25
       
+
       
  } "${name}-unwrapped && touch $out";

     

       
29
       
26
       
 
       
}

     

···

       
3
       
3
       
 
       
# in the sandbox as well. In practice, things seemed to have worked without

     

       
4
       
4
       
 
       
# this as well, but we go with the safe option until we understand why.

     

       
5
       
5
       
 
       


     

       
6
       
6
       
-
       
{ lib

     

       
7
       
7
       
-
       
, runCommand

     

       
8
       
8
       
-
       
, python3Packages

     

       
9
       
9
       
-
       
, allowedPatterns

     

       
6
       
6
       
+
       
{

     

       
7
       
7
       
+
       
  lib,

     

       
8
       
8
       
+
       
  runCommand,

     

       
9
       
9
       
+
       
  python3Packages,

     

       
10
       
10
       
+
       
  allowedPatterns,

     

       
10
       
11
       
 
       
}:

     

       
11
       
12
       
 
       
runCommand "allowed-patterns.json"

     

       
12
       
12
       
-
       
{

     

       
13
       
13
       
-
       
  nativeBuildInputs = [ python3Packages.python ];

     

       
14
       
14
       
-
       
  exportReferencesGraph =

     

       
15
       
15
       
-
       
    builtins.concatMap

     

       
16
       
16
       
-
       
      (name:

     

       
17
       
17
       
-
       
        builtins.concatMap

     

       
18
       
18
       
-
       
          (path:

     

       
19
       
19
       
-
       
            let

     

       
20
       
20
       
-
       
              prefix = "${builtins.storeDir}/";

     

       
21
       
21
       
-
       
              # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568

     

       
22
       
22
       
-
       
              exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';

     

       
23
       
23
       
-
       
              isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");

     

       
24
       
24
       
-
       
            in

     

       
25
       
25
       
-
       
            lib.optionals isStorePath [ exportName path ])

     

       
26
       
26
       
-
       
          allowedPatterns.${name}.paths)

     

       
27
       
27
       
-
       
      (builtins.attrNames allowedPatterns);

     

       
28
       
28
       
-
       
  env.storeDir = "${builtins.storeDir}/";

     

       
29
       
29
       
-
       
  shallowConfig = builtins.toJSON allowedPatterns;

     

       
30
       
30
       
-
       
  passAsFile = [ "shallowConfig" ];

     

       
31
       
31
       
-
       
}

     

       
13
       
13
       
+
       
  {

     

       
14
       
14
       
+
       
    nativeBuildInputs = [ python3Packages.python ];

     

       
15
       
15
       
+
       
    exportReferencesGraph = builtins.concatMap (

     

       
16
       
16
       
+
       
      name:

     

       
17
       
17
       
+
       
      builtins.concatMap (

     

       
18
       
18
       
+
       
        path:

     

       
19
       
19
       
+
       
        let

     

       
20
       
20
       
+
       
          prefix = "${builtins.storeDir}/";

     

       
21
       
21
       
+
       
          # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568

     

       
22
       
22
       
+
       
          exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';

     

       
23
       
23
       
+
       
          isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");

     

       
24
       
24
       
+
       
        in

     

       
25
       
25
       
+
       
        lib.optionals isStorePath [

     

       
26
       
26
       
+
       
          exportName

     

       
27
       
27
       
+
       
          path

     

       
28
       
28
       
+
       
        ]

     

       
29
       
29
       
+
       
      ) allowedPatterns.${name}.paths

     

       
30
       
30
       
+
       
    ) (builtins.attrNames allowedPatterns);

     

       
31
       
31
       
+
       
    env.storeDir = "${builtins.storeDir}/";

     

       
32
       
32
       
+
       
    shallowConfig = builtins.toJSON allowedPatterns;

     

       
33
       
33
       
+
       
    passAsFile = [ "shallowConfig" ];

     

       
34
       
34
       
+
       
  }

     

       
32
       
35
       
 
       
  ''

     

       
33
       
36
       
 
       
    python ${./scripts/nix_required_mounts_closure.py}

     

       
34
       
37
       
 
       
  ''

     

···

       
1
       
1
       
-
       
{ addOpenGLRunpath

     

       
2
       
2
       
-
       
, cmake

     

       
3
       
3
       
-
       
, allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; }

     

       
4
       
4
       
-
       
, allowedPatterns ? rec {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  addOpenGLRunpath,

     

       
3
       
3
       
+
       
  cmake,

     

       
4
       
4
       
+
       
  allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; },

     

       
5
       
5
       
+
       
  allowedPatterns ? rec {

     

       
5
       
6
       
 
       
    # This config is just an example.

     

       
6
       
7
       
 
       
    # When the hook observes either of the following requiredSystemFeatures:

     

       
7
       
7
       
-
       
    nvidia-gpu.onFeatures = [ "gpu" "nvidia-gpu" "opengl" "cuda" ];

     

       
8
       
8
       
+
       
    nvidia-gpu.onFeatures = [

     

       
9
       
9
       
+
       
      "gpu"

     

       
10
       
10
       
+
       
      "nvidia-gpu"

     

       
11
       
11
       
+
       
      "opengl"

     

       
12
       
12
       
+
       
      "cuda"

     

       
13
       
13
       
+
       
    ];

     

       
8
       
14
       
 
       
    # It exposes these paths in the sandbox:

     

       
9
       
15
       
 
       
    nvidia-gpu.paths = [

     

       
10
       
16
       
 
       
      addOpenGLRunpath.driverLink

     
···

       
12
       
18
       
 
       
      "/dev/nvidia*"

     

       
13
       
19
       
 
       
    ];

     

       
14
       
20
       
 
       
    nvidia-gpu.unsafeFollowSymlinks = true;

     

       
15
       
15
       
-
       
  }

     

       
16
       
16
       
-
       
, buildPackages

     

       
17
       
17
       
-
       
, callPackage

     

       
18
       
18
       
-
       
, extraWrapperArgs ? [ ]

     

       
19
       
19
       
-
       
, formats

     

       
20
       
20
       
-
       
, lib

     

       
21
       
21
       
-
       
, makeWrapper

     

       
22
       
22
       
-
       
, nix

     

       
23
       
23
       
-
       
, nixosTests

     

       
24
       
24
       
-
       
, python3Packages

     

       
25
       
25
       
-
       
, runCommand

     

       
21
       
21
       
+
       
  },

     

       
22
       
22
       
+
       
  buildPackages,

     

       
23
       
23
       
+
       
  callPackage,

     

       
24
       
24
       
+
       
  extraWrapperArgs ? [ ],

     

       
25
       
25
       
+
       
  formats,

     

       
26
       
26
       
+
       
  lib,

     

       
27
       
27
       
+
       
  makeWrapper,

     

       
28
       
28
       
+
       
  nix,

     

       
29
       
29
       
+
       
  nixosTests,

     

       
30
       
30
       
+
       
  python3Packages,

     

       
31
       
31
       
+
       
  runCommand,

     

       
26
       
32
       
 
       
}:

     

       
27
       
27
       
-
       


     

       
28
       
33
       
 
       


     

       
29
       
34
       
 
       
let

     

       
30
       
35
       
 
       
  attrs = builtins.fromTOML (builtins.readFile ./pyproject.toml);

     
···

       
32
       
37
       
 
       
  inherit (attrs.project) version;

     

       
33
       
38
       
 
       
in

     

       
34
       
39
       
 
       


     

       
35
       
35
       
-
       
python3Packages.buildPythonApplication

     

       
36
       
36
       
-
       
{

     

       
40
       
40
       
+
       
python3Packages.buildPythonApplication {

     

       
37
       
41
       
 
       
  inherit pname version;

     

       
38
       
42
       
 
       
  pyproject = true;

     

       
39
       
43
       
 
       


     

···

       
1
       
1
       
-
       
{ runCommandNoCC

     

       
2
       
2
       
-
       
, python

     

       
3
       
3
       
-
       
}:

     

       
1
       
1
       
+
       
{ runCommandNoCC, python }:

     

       
4
       
2
       
 
       


     

       
5
       
3
       
 
       
runCommandNoCC "pynvml-gpu-test"

     

       
6
       
6
       
-
       
{

     

       
7
       
7
       
-
       
  nativeBuildInputs = [

     

       
8
       
8
       
-
       
    (python.withPackages (ps: [ ps.pynvml ]))

     

       
9
       
9
       
-
       
  ];

     

       
10
       
10
       
-
       
  requiredSystemFeatures = [

     

       
11
       
11
       
-
       
    "cuda"

     

       
12
       
12
       
-
       
  ];

     

       
13
       
13
       
-
       
} ''

     

       
14
       
14
       
-
       
  python3 << EOF

     

       
15
       
15
       
-
       
  import pynvml

     

       
16
       
16
       
-
       
  from pynvml.smi import nvidia_smi

     

       
17
       
17
       
-
       


     

       
18
       
18
       
-
       
  pynvml.nvmlInit()

     

       
19
       
19
       
-
       
  EOF

     

       
4
       
4
       
+
       
  {

     

       
5
       
5
       
+
       
    nativeBuildInputs = [ (python.withPackages (ps: [ ps.pynvml ])) ];

     

       
6
       
6
       
+
       
    requiredSystemFeatures = [ "cuda" ];

     

       
7
       
7
       
+
       
  }

     

       
8
       
8
       
+
       
  ''

     

       
9
       
9
       
+
       
    python3 << EOF

     

       
10
       
10
       
+
       
    import pynvml

     

       
11
       
11
       
+
       
    from pynvml.smi import nvidia_smi

     

       
20
       
12
       
 
       


     

       
21
       
21
       
-
       
  touch $out

     

       
22
       
22
       
-
       
''

     

       
13
       
13
       
+
       
    pynvml.nvmlInit()

     

       
14
       
14
       
+
       
    EOF

     

       
23
       
15
       
 
       


     

       
16
       
16
       
+
       
    touch $out

     

       
17
       
17
       
+
       
  ''

     

···

       
16
       
16
       
 
       
    }:

     

       
17
       
17
       
 
       
    let

     

       
18
       
18
       
 
       
      name = "${torch.name}-${feature}-check";

     

       
19
       
19
       
-
       
      unwrapped = writers.writePython3Bin "${name}-unwrapped" {libraries = [torch];} ''

     

       
19
       
19
       
+
       
      unwrapped = writers.writePython3Bin "${name}-unwrapped" { libraries = [ torch ]; } ''

     

       
20
       
20
       
 
       
        import torch

     

       
21
       
21
       
 
       
        message = f"{torch.cuda.is_available()=} and {torch.version.${versionAttr}=}"

     

       
22
       
22
       
 
       
        assert torch.cuda.is_available() and torch.version.${versionAttr}, message

     
···

       
25
       
25
       
 
       
    in

     

       
26
       
26
       
 
       
    runCommandNoCC name

     

       
27
       
27
       
 
       
      {

     

       
28
       
28
       
-
       
        nativeBuildInputs = [unwrapped];

     

       
29
       
29
       
-
       
        requiredSystemFeatures = [feature];

     

       
28
       
28
       
+
       
        nativeBuildInputs = [ unwrapped ];

     

       
29
       
29
       
+
       
        requiredSystemFeatures = [ feature ];

     

       
30
       
30
       
 
       
        passthru = {

     

       
31
       
31
       
 
       
          inherit unwrapped;

     

       
32
       
32
       
 
       
        };