Browse Source

nixos: add extraVfs and ramQuota options to systemd wrapper

remotes/server7/dabus
Emery Hemingway 8 months ago
parent
commit
f7b08619ac
2 changed files with 62 additions and 38 deletions
  1. 39
    33
      nixos-modules/systemd-runner.dhall
  2. 23
    5
      nixos-modules/systemd.nix

+ 39
- 33
nixos-modules/systemd-runner.dhall View File

@@ -19,7 +19,9 @@ in  λ ( params
19 19
       : { args : List Text
20 20
         , binary : Text
21 21
         , coreutils : Text
22
+        , extraVfs : List XML.Type
22 23
         , interface : Optional Text
24
+        , ramQuotaMiB : Natural
23 25
         }
24 26
       ) →
25 27
       let socketsVfs =
@@ -52,40 +54,44 @@ in  λ ( params
52 54
                       , config = Init.Config::{
53 55
                         , content =
54 56
                           [ VFS.vfs
55
-                              [ VFS.dir
56
-                                  "dev"
57
-                                  (   [ VFS.dir "pipes" [ VFS.leaf "pipe" ]
58
-                                      , VFS.leaf "log"
59
-                                      , VFS.leaf "null"
60
-                                      , VFS.leafAttrs
61
-                                          "terminal"
62
-                                          ( toMap
63
-                                              { name = "entropy"
64
-                                              , label = "entropy"
65
-                                              }
66
-                                          )
67
-                                      , VFS.leaf "rtc"
68
-                                      , VFS.leaf "zero"
57
+                              (   [ VFS.dir
58
+                                      "dev"
59
+                                      (   [ VFS.dir "pipes" [ VFS.leaf "pipe" ]
60
+                                          , VFS.leaf "log"
61
+                                          , VFS.leaf "null"
62
+                                          , VFS.leafAttrs
63
+                                              "terminal"
64
+                                              ( toMap
65
+                                                  { name = "entropy"
66
+                                                  , label = "entropy"
67
+                                                  }
68
+                                              )
69
+                                          , VFS.leaf "rtc"
70
+                                          , VFS.leaf "zero"
71
+                                          ]
72
+                                        # socketsVfs
73
+                                      )
74
+                                  , VFS.dir
75
+                                      "usr"
76
+                                      [ VFS.dir
77
+                                          "bin"
78
+                                          [ VFS.symlink
79
+                                              "env"
80
+                                              "${params.coreutils}/bin/env"
81
+                                          ]
69 82
                                       ]
70
-                                    # socketsVfs
71
-                                  )
72
-                              , VFS.dir
73
-                                  "usr"
74
-                                  [ VFS.dir
75
-                                      "bin"
76
-                                      [ VFS.symlink
77
-                                          "env"
78
-                                          "${params.coreutils}/bin/env"
83
+                                  , VFS.dir "tmp" [ VFS.leaf "ram" ]
84
+                                  , VFS.dir
85
+                                      "nix"
86
+                                      [ VFS.dir
87
+                                          "store"
88
+                                          [ VFS.fs
89
+                                              VFS.FS::{ label = "nix-store" }
90
+                                          ]
79 91
                                       ]
80 92
                                   ]
81
-                              , VFS.dir "tmp" [ VFS.leaf "ram" ]
82
-                              , VFS.dir
83
-                                  "nix"
84
-                                  [ VFS.dir
85
-                                      "store"
86
-                                      [ VFS.fs VFS.FS::{ label = "nix-store" } ]
87
-                                  ]
88
-                              ]
93
+                                # params.extraVfs
94
+                              )
89 95
                           ]
90 96
                         , policies =
91 97
                           [ Init.Config.Policy::{
@@ -98,7 +104,7 @@ in  λ ( params
98 104
                             , service = "File_system"
99 105
                             , label = Init.LabelSelector.prefix "vfs_rom"
100 106
                             , attributes = toMap
101
-                                { root = "/", writeable = "yes" }
107
+                                { root = "/", writeable = "no" }
102 108
                             }
103 109
                           ]
104 110
                         }
@@ -128,7 +134,7 @@ in  λ ( params
128 134
                       , exitPropagate = True
129 135
                       , resources = Genode.Init.Resources::{
130 136
                         , caps = 256
131
-                        , ram = Genode.units.MiB 8
137
+                        , ram = Genode.units.MiB params.ramQuotaMiB
132 138
                         }
133 139
                       , config =
134 140
                           ( Libc.toConfig

+ 23
- 5
nixos-modules/systemd.nix View File

@@ -5,11 +5,7 @@ with lib; {
5 5
     type = types.attrsOf (types.submodule ({ name, config, ... }: {
6 6
       options.genode = {
7 7
 
8
-        enable = lib.mkOption {
9
-          type = types.bool;
10
-          default = false;
11
-          description = "Translate this systemd unit to a Genode subsystem.";
12
-        };
8
+        enable = lib.mkEnableOption "systemd unit to a Genode subsystem translation";
13 9
 
14 10
         interface = lib.mkOption {
15 11
           type = with types; nullOr str;
@@ -21,6 +17,21 @@ with lib; {
21 17
           '';
22 18
         };
23 19
 
20
+        extraVfs = lib.mkOption {
21
+          type = with types; nullOr path;
22
+          default = null;
23
+          description = ''
24
+            Extra configuration to be appended to the VFS of the service.
25
+            Dhall type is Prelude/XML/Type.
26
+          '';
27
+        };
28
+
29
+        ramQuota = lib.mkOption {
30
+          type = types.ints.unsigned;
31
+          default = 16;
32
+          description = "RAM quota in MiB";
33
+        };
34
+
24 35
       };
25 36
     }));
26 37
   };
@@ -60,7 +71,14 @@ with lib; {
60 71
             , args = ${args'}
61 72
             , binary = "${binary}"
62 73
             , coreutils = "${pkgs.coreutils}"
74
+            , extraVfs = ${
75
+              if service.genode.extraVfs == null then
76
+                "[] : List (env:DHALL_PRELUDE).XML.Type"
77
+              else
78
+                service.genode.extraVfs
79
+            }
63 80
             , interface = ${interface}
81
+            , ramQuotaMiB = ${toString service.genode.ramQuota}
64 82
             }
65 83
           '';
66 84
         };

Loading…
Cancel
Save