From 6c2ea4902d150be4bf8fa63013c205f2f621932d Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Thu, 3 Dec 2020 12:51:16 +0100 Subject: [PATCH] nixos: add extraVfs and ramQuota options to systemd wrapper --- nixos-modules/systemd-runner.dhall | 72 ++++++++++++++++-------------- nixos-modules/systemd.nix | 28 +++++++++--- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/nixos-modules/systemd-runner.dhall b/nixos-modules/systemd-runner.dhall index b8bcc5d..ae5eff0 100644 --- a/nixos-modules/systemd-runner.dhall +++ b/nixos-modules/systemd-runner.dhall @@ -19,7 +19,9 @@ in λ ( params : { args : List Text , binary : Text , coreutils : Text + , extraVfs : List XML.Type , interface : Optional Text + , ramQuotaMiB : Natural } ) → let socketsVfs = @@ -52,40 +54,44 @@ in λ ( params , config = Init.Config::{ , content = [ VFS.vfs - [ VFS.dir - "dev" - ( [ VFS.dir "pipes" [ VFS.leaf "pipe" ] - , VFS.leaf "log" - , VFS.leaf "null" - , VFS.leafAttrs - "terminal" - ( toMap - { name = "entropy" - , label = "entropy" - } - ) - , VFS.leaf "rtc" - , VFS.leaf "zero" + ( [ VFS.dir + "dev" + ( [ VFS.dir "pipes" [ VFS.leaf "pipe" ] + , VFS.leaf "log" + , VFS.leaf "null" + , VFS.leafAttrs + "terminal" + ( toMap + { name = "entropy" + , label = "entropy" + } + ) + , VFS.leaf "rtc" + , VFS.leaf "zero" + ] + # socketsVfs + ) + , VFS.dir + "usr" + [ VFS.dir + "bin" + [ VFS.symlink + "env" + "${params.coreutils}/bin/env" + ] ] - # socketsVfs - ) - , VFS.dir - "usr" - [ VFS.dir - "bin" - [ VFS.symlink - "env" - "${params.coreutils}/bin/env" + , VFS.dir "tmp" [ VFS.leaf "ram" ] + , VFS.dir + "nix" + [ VFS.dir + "store" + [ VFS.fs + VFS.FS::{ label = "nix-store" } + ] ] ] - , VFS.dir "tmp" [ VFS.leaf "ram" ] - , VFS.dir - "nix" - [ VFS.dir - "store" - [ VFS.fs VFS.FS::{ label = "nix-store" } ] - ] - ] + # params.extraVfs + ) ] , policies = [ Init.Config.Policy::{ @@ -98,7 +104,7 @@ in λ ( params , service = "File_system" , label = Init.LabelSelector.prefix "vfs_rom" , attributes = toMap - { root = "/", writeable = "yes" } + { root = "/", writeable = "no" } } ] } @@ -128,7 +134,7 @@ in λ ( params , exitPropagate = True , resources = Genode.Init.Resources::{ , caps = 256 - , ram = Genode.units.MiB 8 + , ram = Genode.units.MiB params.ramQuotaMiB } , config = ( Libc.toConfig diff --git a/nixos-modules/systemd.nix b/nixos-modules/systemd.nix index 8abf01b..127f8b7 100644 --- a/nixos-modules/systemd.nix +++ b/nixos-modules/systemd.nix @@ -5,11 +5,7 @@ with lib; { type = types.attrsOf (types.submodule ({ name, config, ... }: { options.genode = { - enable = lib.mkOption { - type = types.bool; - default = false; - description = "Translate this systemd unit to a Genode subsystem."; - }; + enable = lib.mkEnableOption "systemd unit to a Genode subsystem translation"; interface = lib.mkOption { type = with types; nullOr str; @@ -21,6 +17,21 @@ with lib; { ''; }; + extraVfs = lib.mkOption { + type = with types; nullOr path; + default = null; + description = '' + Extra configuration to be appended to the VFS of the service. + Dhall type is Prelude/XML/Type. + ''; + }; + + ramQuota = lib.mkOption { + type = types.ints.unsigned; + default = 16; + description = "RAM quota in MiB"; + }; + }; })); }; @@ -60,7 +71,14 @@ with lib; { , args = ${args'} , binary = "${binary}" , coreutils = "${pkgs.coreutils}" + , extraVfs = ${ + if service.genode.extraVfs == null then + "[] : List (env:DHALL_PRELUDE).XML.Type" + else + service.genode.extraVfs + } , interface = ${interface} + , ramQuotaMiB = ${toString service.genode.ramQuota} } ''; };