nix-required-mounts: nixfmt

nixos/modules/programs/nix-required-mounts.nix

@@ -1,10 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 
 let
   cfg = config.programs.nix-required-mounts;
   package = pkgs.nix-required-mounts;
 
-  Mount = with lib;
+  Mount =
+    with lib;
     types.submodule {
       options.host = mkOption {
         type = types.str;
@@ -15,25 +21,30 @@ let
         description = "Location in the sandbox to mount the host path at";
       };
     };
-  Pattern = with lib.types;
+  Pattern =
-    types.submodule ({ config, name, ... }: {
+    with lib.types;
-      options.onFeatures = lib.mkOption {
+    types.submodule (
-        type = listOf types.str;
+      { config, name, ... }:
-        description =
+      {
-          "Which requiredSystemFeatures should trigger relaxation of the sandbox";
+        options.onFeatures = lib.mkOption {
-        default = [ name ];
+          type = listOf types.str;
-      };
+          description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
-      options.paths = lib.mkOption {
+          default = [ name ];
-        type = listOf (oneOf [ path Mount ]);
+        };
-        description =
+        options.paths = lib.mkOption {
-          "A list of glob patterns, indicating which paths to expose to the sandbox";
+          type = listOf (oneOf [
-      };
+            path
-      options.unsafeFollowSymlinks = lib.mkEnableOption ''
+            Mount
-        Instructs the hook to mount the symlink targets as well, when any of
+          ]);
-        the `paths` contain symlinks. This may not work correctly with glob
+          description = "A list of glob patterns, indicating which paths to expose to the sandbox";
-        patterns.
+        };
-      '';
+        options.unsafeFollowSymlinks = lib.mkEnableOption ''
-    });
+          Instructs the hook to mount the symlink targets as well, when any of
+          the `paths` contain symlinks. This may not work correctly with glob
+          patterns.
+        '';
+      }
+    );
 
   driverPaths = [
     pkgs.addOpenGLRunpath.driverLink
@@ -53,8 +64,7 @@ in
 {
   meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
   options.programs.nix-required-mounts = {
-    enable = lib.mkEnableOption
+    enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
-      "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
     presets.nvidia-gpu.enable = lib.mkEnableOption ''
       Declare the support for derivations that require an Nvidia GPU to be
       available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
@@ -64,11 +74,11 @@ in
       You may extend or override the exposed paths via the
       `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
     '';
-    allowedPatterns = with lib.types;
+    allowedPatterns =
+      with lib.types;
       lib.mkOption rec {
         type = attrsOf Pattern;
-        description =
+        description = "The hook config, describing which paths to mount for which system features";
-          "The hook config, describing which paths to mount for which system features";
         default = { };
         defaultText = lib.literalExpression ''
           {
@@ -86,28 +96,24 @@ in
     extraWrapperArgs = lib.mkOption {
       type = with lib.types; listOf str;
       default = [ ];
-      description =
+      description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
-        lib.mdDoc
-          "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
     };
     package = lib.mkOption {
       type = lib.types.package;
-      default = package.override {
+      default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
-        inherit (cfg)
+      description = "The final package with the final config applied";
-          allowedPatterns
-          extraWrapperArgs;
-      };
-      description = lib.mdDoc "The final package with the final config applied";
       internal = true;
     };
   };
-  config = lib.mkIf cfg.enable (lib.mkMerge [
+  config = lib.mkIf cfg.enable (
-    { nix.settings.pre-build-hook = lib.getExe cfg.package; }
+    lib.mkMerge [
-    (lib.mkIf cfg.presets.nvidia-gpu.enable {
+      { nix.settings.pre-build-hook = lib.getExe cfg.package; }
-      nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
+      (lib.mkIf cfg.presets.nvidia-gpu.enable {
-      programs.nix-required-mounts.allowedPatterns = {
+        nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
-        inherit (defaults) nvidia-gpu;
+        programs.nix-required-mounts.allowedPatterns = {
-      };
+          inherit (defaults) nvidia-gpu;
-    })
+        };
-  ]);
+      })
+    ]
+  );
 }

nixos/tests/nix-required-mounts/default.nix

@@ -1,6 +1,4 @@
-{ pkgs
+{ pkgs, ... }:
-, ...
-}:
 
 let
   inherit (pkgs) lib;
@@ -9,32 +7,34 @@ in
 {
   name = "nix-required-mounts";
   meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
-  nodes.machine = { config, pkgs, ... }: {
+  nodes.machine =
-    virtualisation.writableStore = true;
+    { config, pkgs, ... }:
-    system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];
+    {
-    nix.nixPath = [ "nixpkgs=${../../..}" ];
+      virtualisation.writableStore = true;
-    nix.settings.substituters = lib.mkForce [ ];
+      system.extraDependencies = [ (pkgs.runCommand "deps" { } "mkdir $out").inputDerivation ];
-    nix.settings.system-features = [ "supported-feature" ];
+      nix.nixPath = [ "nixpkgs=${../../..}" ];
-    nix.settings.experimental-features = [ "nix-command" ];
+      nix.settings.substituters = lib.mkForce [ ];
-    programs.nix-required-mounts.enable = true;
+      nix.settings.system-features = [ "supported-feature" ];
-    programs.nix-required-mounts.allowedPatterns.supported-feature = {
+      nix.settings.experimental-features = [ "nix-command" ];
-      onFeatures = [ "supported-feature" ];
+      programs.nix-required-mounts.enable = true;
-      paths = [
+      programs.nix-required-mounts.allowedPatterns.supported-feature = {
-        "/supported-feature-files"
+        onFeatures = [ "supported-feature" ];
-        {
+        paths = [
-          host = "/usr/lib/imaginary-fhs-drivers";
+          "/supported-feature-files"
-          guest = "/run/opengl-driver/lib";
+          {
-        }
+            host = "/usr/lib/imaginary-fhs-drivers";
+            guest = "/run/opengl-driver/lib";
+          }
+        ];
+        unsafeFollowSymlinks = true;
+      };
+      users.users.person.isNormalUser = true;
+      systemd.tmpfiles.rules = [
+        "d /supported-feature-files 0755 person users -"
+        "f /usr/lib/libcuda.so 0444 root root - fakeContent"
+        "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"
       ];
-      unsafeFollowSymlinks = true;
     };
-    users.users.person.isNormalUser = true;
-    systemd.tmpfiles.rules = [
-      "d /supported-feature-files 0755 person users -"
-      "f /usr/lib/libcuda.so 0444 root root - fakeContent"
-      "L /usr/lib/imaginary-fhs-drivers/libcuda.so 0444 root root - /usr/lib/libcuda.so"
-    ];
-  };
   testScript = ''
     import shlex
 

nixos/tests/nix-required-mounts/ensure-path-not-present.nix

@@ -1,8 +1,9 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
-
-pkgs.runCommandNoCC "${feature}-not-present"
 {
-} ''
+  pkgs ? import <nixpkgs> { },
+  feature,
+}:
+
+pkgs.runCommandNoCC "${feature}-not-present" { } ''
   if [[ -e /${feature}-files ]]; then
     echo "No ${feature} in requiredSystemFeatures, but /${feature}-files was mounted anyway"
     exit 1
@@ -10,4 +11,3 @@ pkgs.runCommandNoCC "${feature}-not-present"
     touch $out
   fi
 ''
-

nixos/tests/nix-required-mounts/test-require-feature.nix

@@ -1,9 +1,9 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
-
-pkgs.runCommandNoCC "${feature}-present"
 {
-  requiredSystemFeatures = [ feature ];
+  pkgs ? import <nixpkgs> { },
-} ''
+  feature,
+}:
+
+pkgs.runCommandNoCC "${feature}-present" { requiredSystemFeatures = [ feature ]; } ''
   if [[ ! -e /${feature}-files ]]; then
     echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
     exit 1

nixos/tests/nix-required-mounts/test-structured-attrs-empty.nix

@@ -1,10 +1,8 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features"
 {
-  __structuredAttrs = true;
+  pkgs ? import <nixpkgs> { },
-} ''
+}:
-  touch $out
-''
-
 
+pkgs.runCommandNoCC "nix-required-mounts-structured-attrs-no-features" { __structuredAttrs = true; }
+  ''
+    touch $out
+  ''

nixos/tests/nix-required-mounts/test-structured-attrs.nix

@@ -1,15 +1,18 @@
-{ pkgs ? import <nixpkgs> { }, feature }:
+{
+  pkgs ? import <nixpkgs> { },
+  feature,
+}:
 
 pkgs.runCommandNoCC "${feature}-present-structured"
-{
+  {
-  __structuredAttrs = true;
+    __structuredAttrs = true;
-  requiredSystemFeatures = [ feature ];
+    requiredSystemFeatures = [ feature ];
-} ''
+  }
-  if [[ -e /${feature}-files ]]; then
+  ''
-    touch $out
+    if [[ -e /${feature}-files ]]; then
-  else
+      touch $out
-    echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
+    else
-    echo "Do we fail to parse __structuredAttrs=true derivations?" >&2
+      echo "The host declares ${feature} support, but doesn't expose /${feature}-files" >&2
-  fi
+      echo "Do we fail to parse __structuredAttrs=true derivations?" >&2
-''
+    fi
-
+  ''

pkgs/applications/misc/blender/gpu-checks.nix

@@ -8,7 +8,7 @@
 }:
 
 let
-  blenderWithCuda = blender.override {cudaSupport = true;};
+  blenderWithCuda = blender.override { cudaSupport = true; };
   name = "${blenderWithCuda.name}-check-cuda";
   unwrapped = writeScriptBin "${name}-unwrapped" ''
     #!${lib.getExe bash}
@@ -16,14 +16,11 @@ let
   '';
 in
 {
-  cudaAvailable =
+  cudaAvailable = runCommand name {
-    runCommand name
+    nativeBuildInputs = [ unwrapped ];
-      {
+    requiredSystemFeatures = [ "cuda" ];
-        nativeBuildInputs = [unwrapped];
+    passthru = {
-        requiredSystemFeatures = ["cuda"];
+      inherit unwrapped;
-        passthru = {
+    };
-          inherit unwrapped;
+  } "${name}-unwrapped && touch $out";
-        };
-      }
-      "${name}-unwrapped && touch $out";
 }

pkgs/by-name/ni/nix-required-mounts/closure.nix

@@ -3,32 +3,35 @@
 # in the sandbox as well. In practice, things seemed to have worked without
 # this as well, but we go with the safe option until we understand why.
 
-{ lib
+{
-, runCommand
+  lib,
-, python3Packages
+  runCommand,
-, allowedPatterns
+  python3Packages,
+  allowedPatterns,
 }:
 runCommand "allowed-patterns.json"
-{
+  {
-  nativeBuildInputs = [ python3Packages.python ];
+    nativeBuildInputs = [ python3Packages.python ];
-  exportReferencesGraph =
+    exportReferencesGraph = builtins.concatMap (
-    builtins.concatMap
+      name:
-      (name:
+      builtins.concatMap (
-        builtins.concatMap
+        path:
-          (path:
+        let
-            let
+          prefix = "${builtins.storeDir}/";
-              prefix = "${builtins.storeDir}/";
+          # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568
-              # Has to start with a letter: https://github.com/NixOS/nix/blob/516e7ddc41f39ff939b5d5b5dc71e590f24890d4/src/libstore/build/local-derivation-goal.cc#L568
+          exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';
-              exportName = ''references-${lib.strings.removePrefix prefix "${path}"}'';
+          isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");
-              isStorePath = lib.isStorePath path && (lib.hasPrefix prefix "${path}");
+        in
-            in
+        lib.optionals isStorePath [
-            lib.optionals isStorePath [ exportName path ])
+          exportName
-          allowedPatterns.${name}.paths)
+          path
-      (builtins.attrNames allowedPatterns);
+        ]
-  env.storeDir = "${builtins.storeDir}/";
+      ) allowedPatterns.${name}.paths
-  shallowConfig = builtins.toJSON allowedPatterns;
+    ) (builtins.attrNames allowedPatterns);
-  passAsFile = [ "shallowConfig" ];
+    env.storeDir = "${builtins.storeDir}/";
-}
+    shallowConfig = builtins.toJSON allowedPatterns;
+    passAsFile = [ "shallowConfig" ];
+  }
   ''
     python ${./scripts/nix_required_mounts_closure.py}
   ''

pkgs/by-name/ni/nix-required-mounts/package.nix

@@ -1,10 +1,16 @@
-{ addOpenGLRunpath
+{
-, cmake
+  addOpenGLRunpath,
-, allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; }
+  cmake,
-, allowedPatterns ? rec {
+  allowedPatternsPath ? callPackage ./closure.nix { inherit allowedPatterns; },
+  allowedPatterns ? rec {
     # This config is just an example.
     # When the hook observes either of the following requiredSystemFeatures:
-    nvidia-gpu.onFeatures = [ "gpu" "nvidia-gpu" "opengl" "cuda" ];
+    nvidia-gpu.onFeatures = [
+      "gpu"
+      "nvidia-gpu"
+      "opengl"
+      "cuda"
+    ];
     # It exposes these paths in the sandbox:
     nvidia-gpu.paths = [
       addOpenGLRunpath.driverLink
@@ -12,28 +18,26 @@
       "/dev/nvidia*"
     ];
     nvidia-gpu.unsafeFollowSymlinks = true;
-  }
+  },
-, buildPackages
+  buildPackages,
-, callPackage
+  callPackage,
-, extraWrapperArgs ? [ ]
+  extraWrapperArgs ? [ ],
-, formats
+  formats,
-, lib
+  lib,
-, makeWrapper
+  makeWrapper,
-, nix
+  nix,
-, nixosTests
+  nixosTests,
-, python3Packages
+  python3Packages,
-, runCommand
+  runCommand,
 }:
 
-
 let
   attrs = builtins.fromTOML (builtins.readFile ./pyproject.toml);
   pname = attrs.project.name;
   inherit (attrs.project) version;
 in
 
-python3Packages.buildPythonApplication
+python3Packages.buildPythonApplication {
-{
   inherit pname version;
   pyproject = true;
 

pkgs/development/python-modules/pynvml/test-gpu.nix

@@ -1,23 +1,17 @@
-{ runCommandNoCC
+{ runCommandNoCC, python }:
-, python
-}:
 
 runCommandNoCC "pynvml-gpu-test"
-{
+  {
-  nativeBuildInputs = [
+    nativeBuildInputs = [ (python.withPackages (ps: [ ps.pynvml ])) ];
-    (python.withPackages (ps: [ ps.pynvml ]))
+    requiredSystemFeatures = [ "cuda" ];
-  ];
+  }
-  requiredSystemFeatures = [
+  ''
-    "cuda"
+    python3 << EOF
-  ];
+    import pynvml
-} ''
+    from pynvml.smi import nvidia_smi
-  python3 << EOF
-  import pynvml
-  from pynvml.smi import nvidia_smi
 
-  pynvml.nvmlInit()
+    pynvml.nvmlInit()
-  EOF
+    EOF
-
-  touch $out
-''
 
+    touch $out
+  ''

pkgs/development/python-modules/torch/gpu-checks.nix

@@ -16,7 +16,7 @@ let
     }:
     let
       name = "${torch.name}-${feature}-check";
-      unwrapped = writers.writePython3Bin "${name}-unwrapped" {libraries = [torch];} ''
+      unwrapped = writers.writePython3Bin "${name}-unwrapped" { libraries = [ torch ]; } ''
         import torch
         message = f"{torch.cuda.is_available()=} and {torch.version.${versionAttr}=}"
         assert torch.cuda.is_available() and torch.version.${versionAttr}, message
@@ -25,8 +25,8 @@ let
     in
     runCommandNoCC name
       {
-        nativeBuildInputs = [unwrapped];
+        nativeBuildInputs = [ unwrapped ];
-        requiredSystemFeatures = [feature];
+        requiredSystemFeatures = [ feature ];
         passthru = {
           inherit unwrapped;
         };