movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 03:23:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

nix-required-mounts: nixfmt

Browse source
This commit is contained in:
Someone Serge 2024-06-20 21:33:51 +00:00
parent ff430d1699
commit ebeb6b9d1d
11 changed files with 183 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

58
nixos/modules/programs/nix-required-mounts.nix
View file

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.programs.nix-required-mounts; cfg = config.programs.nix-required-mounts;
package = pkgs.nix-required-mounts; package = pkgs.nix-required-mounts;
Mount = with lib; Mount =
with lib;
types.submodule { types.submodule {
options.host = mkOption { options.host = mkOption {
type = types.str; type = types.str;
@ -15,25 +21,30 @@ let
description = "Location in the sandbox to mount the host path at"; description = "Location in the sandbox to mount the host path at";
}; };
}; };
Pattern = with lib.types; Pattern =
types.submodule ({ config, name, ... }: { with lib.types;
types.submodule (
{ config, name, ... }:
{
options.onFeatures = lib.mkOption { options.onFeatures = lib.mkOption {
type = listOf types.str; type = listOf types.str;
description = description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
"Which requiredSystemFeatures should trigger relaxation of the sandbox";
default = [ name ]; default = [ name ];
}; };
options.paths = lib.mkOption { options.paths = lib.mkOption {
type = listOf (oneOf [ path Mount ]); type = listOf (oneOf [
description = path
"A list of glob patterns, indicating which paths to expose to the sandbox"; Mount
]);
description = "A list of glob patterns, indicating which paths to expose to the sandbox";
}; };
options.unsafeFollowSymlinks = lib.mkEnableOption '' options.unsafeFollowSymlinks = lib.mkEnableOption ''
Instructs the hook to mount the symlink targets as well, when any of Instructs the hook to mount the symlink targets as well, when any of
the `paths` contain symlinks. This may not work correctly with glob the `paths` contain symlinks. This may not work correctly with glob
patterns. patterns.
''; '';
}); }
);
driverPaths = [ driverPaths = [
pkgs.addOpenGLRunpath.driverLink pkgs.addOpenGLRunpath.driverLink
@ -53,8 +64,7 @@ in
{ {
meta.maintainers = with lib.maintainers; [ SomeoneSerge ]; meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
options.programs.nix-required-mounts = { options.programs.nix-required-mounts = {
enable = lib.mkEnableOption enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
"Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
presets.nvidia-gpu.enable = lib.mkEnableOption '' presets.nvidia-gpu.enable = lib.mkEnableOption ''
Declare the support for derivations that require an Nvidia GPU to be Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`. available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
@ -64,11 +74,11 @@ in
You may extend or override the exposed paths via the You may extend or override the exposed paths via the
`programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option. `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
''; '';
allowedPatterns = with lib.types; allowedPatterns =
with lib.types;
lib.mkOption rec { lib.mkOption rec {
type = attrsOf Pattern; type = attrsOf Pattern;
description = description = "The hook config, describing which paths to mount for which system features";
"The hook config, describing which paths to mount for which system features";
default = { }; default = { };
defaultText = lib.literalExpression '' defaultText = lib.literalExpression ''
{ {
@ -86,22 +96,17 @@ in
extraWrapperArgs = lib.mkOption { extraWrapperArgs = lib.mkOption {
type = with lib.types; listOf str; type = with lib.types; listOf str;
default = [ ]; default = [ ];
description = description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
lib.mdDoc
"List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
}; };
package = lib.mkOption { package = lib.mkOption {
type = lib.types.package; type = lib.types.package;
default = package.override { default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
inherit (cfg) description = "The final package with the final config applied";
allowedPatterns
extraWrapperArgs;
};
description = lib.mdDoc "The final package with the final config applied";
internal = true; internal = true;
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
lib.mkMerge [
{ nix.settings.pre-build-hook = lib.getExe cfg.package; } { nix.settings.pre-build-hook = lib.getExe cfg.package; }
(lib.mkIf cfg.presets.nvidia-gpu.enable { (lib.mkIf cfg.presets.nvidia-gpu.enable {
nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures; nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
@ -109,5 +114,6 @@ in
inherit (defaults) nvidia-gpu; inherit (defaults) nvidia-gpu;
}; };
}) })
]); ]
);
} }

8
nixos/tests/nix-required-mounts/default.nix
View file

@ -1,6 +1,4 @@
{ pkgs { pkgs, ... }:
, ...
}:
let let
inherit (pkgs) lib; inherit (pkgs) lib;
@ -9,7 +7,9 @@ in
{ {
name = "nix-required-mounts"; name = "nix-required-mounts";
meta.maintainers = with lib.maintainers; [ SomeoneSerge ]; meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
nodes.machine = { config, pkgs, ... }: { nodes.machine =
{ config, pkgs, ... }:
{
virtualisation.writableStore = true; virtualisation.writableStore = true;
system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ]; system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];
nix.nixPath = [ "nixpkgs=${../../..}" ]; nix.nixPath = [ "nixpkgs=${../../..}" ];

10
nixos/tests/nix-required-mounts/ensure-path-not-present.nix
View file

@ -1,8 +1,9 @@
{ pkgs ? import <nixpkgs> { }, feature }:
pkgs.runCommandNoCC "${feature}-not-present"
{ {
} '' pkgs ? import <nixpkgs> { },
feature,
}:
pkgs.runCommandNoCC "${feature}-not-present" { } ''
if [[ -e /${feature}-files ]]; then if [[ -e /${feature}-files ]]; then
echo "No ${feature} in requiredSystemFeatures, but /${feature}-files was mounted anyway" echo "No ${feature} in requiredSystemFeatures, but /${feature}-files was mounted anyway"
exit 1 exit 1
@ -10,4 +11,3 @@ pkgs.runCommandNoCC "${feature}-not-present"
touch $out touch $out
fi fi
'' ''

10
nixos/tests/nix-required-mounts/test-require-feature.nix
View file

@ -1,9 +1,9 @@
{ pkgs ? import <nixpkgs> { }, feature }:
pkgs.runCommandNoCC "${feature}-present"
{ {
requiredSystemFeatures = [ feature ]; pkgs ? import <nixpkgs> { },
} '' feature,
}:
pkgs.runCommandNoCC "${feature}-present" { requiredSystemFeatures = [ feature ]; } ''
if [[ ! -e /${feature}-files ]]; then if [[ ! -e /${feature}-files ]]; then
echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2 echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
exit 1 exit 1

14
nixos/tests/nix-required-mounts/test-structured-attrs-empty.nix
View file

@ -1,10 +1,8 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features"
{ {
__structuredAttrs = true; pkgs ? import <nixpkgs> { },
} '' }:
pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features" { __structuredAttrs = true; }
''
touch $out touch $out
'' ''

13
nixos/tests/nix-required-mounts/test-structured-attrs.nix
View file

@ -1,15 +1,18 @@
{ pkgs ? import <nixpkgs> { }, feature }: {
pkgs ? import <nixpkgs> { },
feature,
}:
pkgs.runCommandNoCC "${feature}-present-structured" pkgs.runCommandNoCC "${feature}-present-structured"
{ {
__structuredAttrs = true; __structuredAttrs = true;
requiredSystemFeatures = [ feature ]; requiredSystemFeatures = [ feature ];
} '' }
''
if [[ -e /${feature}-files ]]; then if [[ -e /${feature}-files ]]; then
touch $out touch $out
else else
echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2 echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
echo "Do we fail to parse __structuredAttrs=true derivations?" >&2 echo "Do we fail to parse __structuredAttrs=true derivations?" >&2
fi fi
'' ''

13
pkgs/applications/misc/blender/gpu-checks.nix
View file

@ -8,7 +8,7 @@
}: }:
let let
blenderWithCuda = blender.override {cudaSupport = true;}; blenderWithCuda = blender.override { cudaSupport = true; };
name = "${blenderWithCuda.name}-check-cuda"; name = "${blenderWithCuda.name}-check-cuda";
unwrapped = writeScriptBin "${name}-unwrapped" '' unwrapped = writeScriptBin "${name}-unwrapped" ''
#!${lib.getExe bash} #!${lib.getExe bash}
@ -16,14 +16,11 @@ let
''; '';
in in
{ {
cudaAvailable = cudaAvailable = runCommand name {
runCommand name nativeBuildInputs = [ unwrapped ];
{ requiredSystemFeatures = [ "cuda" ];
nativeBuildInputs = [unwrapped];
requiredSystemFeatures = ["cuda"];
passthru = { passthru = {
inherit unwrapped; inherit unwrapped;
}; };
} } "${name}-unwrapped && touch $out";
"${name}-unwrapped && touch $out";
} }

31
pkgs/by-name/ni/nix-required-mounts/closure.nix
View file

@ -3,32 +3,35 @@
# in the sandbox as well. In practice, things seemed to have worked without # in the sandbox as well. In practice, things seemed to have worked without
# this as well, but we go with the safe option until we understand why. # this as well, but we go with the safe option until we understand why.
{ lib {
, runCommand lib,
, python3Packages runCommand,
, allowedPatterns python3Packages,
allowedPatterns,
}: }:
runCommand "allowed-patterns.json" runCommand "allowed-patterns.json"
{ {
nativeBuildInputs = [ python3Packages.python ]; nativeBuildInputs = [ python3Packages.python ];
exportReferencesGraph = exportReferencesGraph = builtins.concatMap (
builtins.concatMap name:
(name: builtins.concatMap (
builtins.concatMap path:
(path:
let let
prefix = "${builtins.storeDir}/"; prefix = "${builtins.storeDir}/";
# Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568 # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568
exportName = ''references-${lib.strings.removePrefix prefix "${path}"}''; exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';
isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}"); isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");
in in
lib.optionals isStorePath [ exportName path ]) lib.optionals isStorePath [
allowedPatterns.${name}.paths) exportName
(builtins.attrNames allowedPatterns); path
]
) allowedPatterns.${name}.paths
) (builtins.attrNames allowedPatterns);
env.storeDir = "${builtins.storeDir}/"; env.storeDir = "${builtins.storeDir}/";
shallowConfig = builtins.toJSON allowedPatterns; shallowConfig = builtins.toJSON allowedPatterns;
passAsFile = [ "shallowConfig" ]; passAsFile = [ "shallowConfig" ];
} }
'' ''
python ${./scripts/nix_required_mounts_closure.py} python ${./scripts/nix_required_mounts_closure.py}
'' ''

42
pkgs/by-name/ni/nix-required-mounts/package.nix
View file

@ -1,10 +1,16 @@
{ addOpenGLRunpath {
, cmake addOpenGLRunpath,
, allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; } cmake,
, allowedPatterns ? rec { allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; },
allowedPatterns ? rec {
# This config is just an example. # This config is just an example.
# When the hook observes either of the following requiredSystemFeatures: # When the hook observes either of the following requiredSystemFeatures:
nvidia-gpu.onFeatures = [ "gpu" "nvidia-gpu" "opengl" "cuda" ]; nvidia-gpu.onFeatures = [
"gpu"
"nvidia-gpu"
"opengl"
"cuda"
];
# It exposes these paths in the sandbox: # It exposes these paths in the sandbox:
nvidia-gpu.paths = [ nvidia-gpu.paths = [
addOpenGLRunpath.driverLink addOpenGLRunpath.driverLink
@ -12,28 +18,26 @@
"/dev/nvidia*" "/dev/nvidia*"
]; ];
nvidia-gpu.unsafeFollowSymlinks = true; nvidia-gpu.unsafeFollowSymlinks = true;
} },
, buildPackages buildPackages,
, callPackage callPackage,
, extraWrapperArgs ? [ ] extraWrapperArgs ? [ ],
, formats formats,
, lib lib,
, makeWrapper makeWrapper,
, nix nix,
, nixosTests nixosTests,
, python3Packages python3Packages,
, runCommand runCommand,
}: }:
let let
attrs = builtins.fromTOML (builtins.readFile ./pyproject.toml); attrs = builtins.fromTOML (builtins.readFile ./pyproject.toml);
pname = attrs.project.name; pname = attrs.project.name;
inherit (attrs.project) version; inherit (attrs.project) version;
in in
python3Packages.buildPythonApplication python3Packages.buildPythonApplication {
{
inherit pname version; inherit pname version;
pyproject = true; pyproject = true;

20
pkgs/development/python-modules/pynvml/test-gpu.nix
View file

@ -1,16 +1,11 @@
{ runCommandNoCC { runCommandNoCC, python }:
, python
}:
runCommandNoCC "pynvml-gpu-test" runCommandNoCC "pynvml-gpu-test"
{ {
nativeBuildInputs = [ nativeBuildInputs = [ (python.withPackages (ps: [ ps.pynvml ])) ];
(python.withPackages (ps: [ ps.pynvml ])) requiredSystemFeatures = [ "cuda" ];
]; }
requiredSystemFeatures = [ ''
"cuda"
];
} ''
python3 << EOF python3 << EOF
import pynvml import pynvml
from pynvml.smi import nvidia_smi from pynvml.smi import nvidia_smi
@ -19,5 +14,4 @@ runCommandNoCC "pynvml-gpu-test"
EOF EOF
touch $out touch $out
'' ''

6
pkgs/development/python-modules/torch/gpu-checks.nix
View file

@ -16,7 +16,7 @@ let
}: }:
let let
name = "${torch.name}-${feature}-check"; name = "${torch.name}-${feature}-check";
unwrapped = writers.writePython3Bin "${name}-unwrapped" {libraries = [torch];} '' unwrapped = writers.writePython3Bin "${name}-unwrapped" { libraries = [ torch ]; } ''
import torch import torch
message = f"{torch.cuda.is_available()=} and {torch.version.${versionAttr}=}" message = f"{torch.cuda.is_available()=} and {torch.version.${versionAttr}=}"
assert torch.cuda.is_available() and torch.version.${versionAttr}, message assert torch.cuda.is_available() and torch.version.${versionAttr}, message
@ -25,8 +25,8 @@ let
in in
runCommandNoCC name runCommandNoCC name
{ {
nativeBuildInputs = [unwrapped]; nativeBuildInputs = [ unwrapped ];
requiredSystemFeatures = [feature]; requiredSystemFeatures = [ feature ];
passthru = { passthru = {
inherit unwrapped; inherit unwrapped;
}; };