34 lines
1.1 KiB
Nix
34 lines
1.1 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.programs.singularity;
|
|
singularity = pkgs.singularity.overrideAttrs (attrs : {
|
|
installPhase = attrs.installPhase + ''
|
|
mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig
|
|
ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid
|
|
'';
|
|
});
|
|
in {
|
|
options.programs.singularity = {
|
|
enable = mkEnableOption "Singularity";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = [ singularity ];
|
|
security.wrappers.singularity-suid =
|
|
{ setuid = true;
|
|
owner = "root";
|
|
group = "root";
|
|
source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
|
|
};
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/singularity/mnt/session 0770 root root -"
|
|
"d /var/singularity/mnt/final 0770 root root -"
|
|
"d /var/singularity/mnt/overlay 0770 root root -"
|
|
"d /var/singularity/mnt/container 0770 root root -"
|
|
"d /var/singularity/mnt/source 0770 root root -"
|
|
];
|
|
};
|
|
|
|
}
|