| blob | 5064d6aaf575d9a0a332df94ca8c10036997bbd9 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 let
9 cfg = config.programs.nix-required-mounts;
10 package = pkgs.nix-required-mounts;
12 Mount =
13 with lib;
14 types.submodule {
15 options.host = mkOption {
16 type = types.str;
17 description = "Host path to mount";
18 };
19 options.guest = mkOption {
20 type = types.str;
21 description = "Location in the sandbox to mount the host path at";
22 };
23 };
24 Pattern =
25 with lib.types;
26 types.submodule (
27 { config, name, ... }:
28 {
29 options.onFeatures = lib.mkOption {
30 type = listOf types.str;
31 description = "Which requiredSystemFeatures should trigger relaxation of the sandbox";
32 default = [ name ];
33 };
34 options.paths = lib.mkOption {
35 type = listOf (oneOf [
36 path
37 Mount
38 ]);
39 description = "A list of glob patterns, indicating which paths to expose to the sandbox";
40 };
41 options.unsafeFollowSymlinks = lib.mkEnableOption ''
42 Instructs the hook to mount the symlink targets as well, when any of
43 the `paths` contain symlinks. This may not work correctly with glob
44 patterns.
45 '';
46 }
47 );
49 driverPaths = [
50 pkgs.addDriverRunpath.driverLink
52 # mesa:
53 config.hardware.opengl.package
55 # nvidia_x11, etc:
56 ] ++ config.hardware.opengl.extraPackages; # nvidia_x11
58 defaults = {
59 nvidia-gpu.onFeatures = package.allowedPatterns.nvidia-gpu.onFeatures;
60 nvidia-gpu.paths = package.allowedPatterns.nvidia-gpu.paths ++ driverPaths;
61 nvidia-gpu.unsafeFollowSymlinks = false;
62 };
63 in
64 {
65 meta.maintainers = with lib.maintainers; [ SomeoneSerge ];
66 options.programs.nix-required-mounts = {
67 enable = lib.mkEnableOption "Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures";
68 presets.nvidia-gpu.enable = lib.mkEnableOption ''
69 Declare the support for derivations that require an Nvidia GPU to be
70 available, e.g. derivations with `requiredSystemFeatures = [ "cuda" ]`.
71 This mounts the corresponding userspace drivers and device nodes in the
72 sandbox, but only for derivations that request these special features.
74 You may extend or override the exposed paths via the
75 `programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.
76 '';
77 allowedPatterns =
78 with lib.types;
79 lib.mkOption rec {
80 type = attrsOf Pattern;
81 description = "The hook config, describing which paths to mount for which system features";
82 default = { };
83 defaultText = lib.literalExpression ''
84 {
85 opengl.paths = config.hardware.opengl.extraPackages ++ [
86 config.hardware.opengl.package
87 pkgs.addDriverRunpath.driverLink
88 "/dev/dri"
89 ];
90 }
91 '';
92 example.require-ipfs.paths = [ "/ipfs" ];
93 example.require-ipfs.onFeatures = [ "ifps" ];
94 };
95 extraWrapperArgs = lib.mkOption {
96 type = with lib.types; listOf str;
97 default = [ ];
98 description = "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper";
99 };
100 package = lib.mkOption {
101 type = lib.types.package;
102 default = package.override { inherit (cfg) allowedPatterns extraWrapperArgs; };
103 description = "The final package with the final config applied";
104 internal = true;
105 };
106 };
107 config = lib.mkIf cfg.enable (
108 lib.mkMerge [
109 { nix.settings.pre-build-hook = lib.getExe cfg.package; }
110 (lib.mkIf cfg.presets.nvidia-gpu.enable {
111 nix.settings.system-features = cfg.allowedPatterns.nvidia-gpu.onFeatures;
112 programs.nix-required-mounts.allowedPatterns = {
113 inherit (defaults) nvidia-gpu;
114 };
115 })
116 ]
117 );
118 }