apptainer, singularity: fix defaultPath and reflect upstream changes

Upstream changes: singularity 3.8.7 (the legacy) -> apptainer 1.1.3 (the renamed) / singularity 3.10.4 (Sylabs's fork) Build process: * Share between different sources * Fix the sed regexp to make defaultPath patch work * allowGoReference is now true * Provied input parameter removeCompat (default to false) that removes the compatible "*singularity*" symbolic links and related autocompletion files when projectName != "singularity" * Change localstatedir to /var/lib * Format with nixpkgs-fmt * Fix the defaultPath patching and use it instead of the `<executable> path` config directive deprecated in Apptainer * Provide dependencies for new functionalities such as squashfuse (unprivileged squashfs mount) * Provide an attribute `defaultPathInputs` to override prefix of container runtime default PATH NixOS module programs.singularity: * Allow users to specify packages * Place related directories to /var/lib * Format with nixpkgs-fmt singularity-tools: * Allow users to specify packages * Place related directories to /var/lib when building images in VM
2025-06-11 12:15:34 +03:00 · 2023-01-29 01:02:47 +08:00 · 2023-01-29 01:02:47 +08:00 · 50788d2fb0
commit 50788d2fb0
parent ef09cfec0b
8 changed files with 423 additions and 105 deletions
--- a/nixos/modules/programs/singularity.nix
+++ b/nixos/modules/programs/singularity.nix
@ -3,34 +3,78 @@
 with lib;
 let
  cfg = config.programs.singularity;
-  singularity = pkgs.singularity.overrideAttrs (attrs: {
-    installPhase = attrs.installPhase + ''
-      mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig
-      ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid
-    '';
-  });
 in
 {

  options.programs.singularity = {
-    enable = mkEnableOption (lib.mdDoc "Singularity");
+    enable = mkEnableOption (mdDoc "singularity") // {
+      description = mdDoc ''
+        Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
+      '';
+    };
+    package = mkOption {
+      type = types.package;
+      default = pkgs.singularity;
+      defaultText = literalExpression "pkgs.singularity";
+      example = literalExpression "pkgs.apptainer";
+      description = mdDoc ''
+        Singularity/Apptainer package to override and install.
+      '';
+    };
+    packageOverriden = mkOption {
+      type = types.nullOr types.package;
+      default = null;
+      description = mdDoc ''
+        This option provides access to the overriden result of `programs.singularity.package`.
+
+        For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`:
+        ```Nix
+        { config, lib, pkgs, ... }:
+        {
+          nixpkgs.overlays = [
+            (final: prev: {
+              _singularity-orig = prev.singularity;
+              singularity = config.programs.singularity.packageOverriden;
+            })
+          ];
+          programs.singularity.enable = true;
+          programs.singularity.package = pkgs._singularity-orig;
+        }
+        ```
+
+        Use `lib.mkForce` to forcefully specify the overriden package.
+      '';
+    };
+    enableSuid = mkOption {
+      type = types.bool;
+      default = true;
+      example = false;
+      description = mdDoc ''
+        Whether to enable the SUID support of Singularity/Apptainer.
+      '';
+    };
  };

  config = mkIf cfg.enable {
-    environment.systemPackages = [ singularity ];
-    security.wrappers.singularity-suid =
-      {
-        setuid = true;
-        owner = "root";
-        group = "root";
-        source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
-      };
+    programs.singularity.packageOverriden = (cfg.package.override (
+      optionalAttrs cfg.enableSuid {
+        enableSuid = true;
+        starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
+      }
+    ));
+    environment.systemPackages = [ cfg.packageOverriden ];
+    security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig";
+    };
    systemd.tmpfiles.rules = [
-      "d /var/singularity/mnt/session 0770 root root -"
-      "d /var/singularity/mnt/final 0770 root root -"
-      "d /var/singularity/mnt/overlay 0770 root root -"
-      "d /var/singularity/mnt/container 0770 root root -"
-      "d /var/singularity/mnt/source 0770 root root -"
+      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
+      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -"
+      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -"
+      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -"
+      "d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -"
    ];
  };