diff options
| author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2023-09-05 23:46:54 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-05 23:46:54 +0200 |
| commit | 704c791a90c34739edcbaaeb2f64619671ca1570 (patch) | |
| tree | bccab49f43ac87786f729ea6eb6560bba06ab7c4 /nixos/modules/virtualisation | |
| parent | 9be04101cf090c1b0a75c47580342acece52fdd6 (diff) | |
| parent | b3bb611ce6c0829944287fe6206adb5fd5a61fa7 (diff) | |
| download | nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar.gz nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar.bz2 nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar.lz nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar.xz nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.tar.zst nixlib-704c791a90c34739edcbaaeb2f64619671ca1570.zip | |
Merge pull request #253146 from rnhmjoj/pr-anbox
anbox: unbreak
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/anbox.nix | 59 |
1 files changed, 50 insertions, 9 deletions
diff --git a/nixos/modules/virtualisation/anbox.nix b/nixos/modules/virtualisation/anbox.nix index c7e9e23c4c92..523d9a9576ef 100644 --- a/nixos/modules/virtualisation/anbox.nix +++ b/nixos/modules/virtualisation/anbox.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.virtualisation.anbox; - kernelPackages = config.boot.kernelPackages; + addrOpts = v: addr: pref: name: { address = mkOption { default = addr; @@ -25,6 +25,28 @@ let }; }; + finalImage = if cfg.imageModifications == "" then cfg.image else ( pkgs.callPackage ( + { runCommandNoCC, squashfsTools }: + + runCommandNoCC "${cfg.image.name}-modified.img" { + nativeBuildInputs = [ + squashfsTools + ]; + } '' + echo "-> Extracting Anbox root image..." + unsquashfs -dest rootfs ${cfg.image} + + echo "-> Modifying Anbox root image..." + ( + cd rootfs + ${cfg.imageModifications} + ) + + echo "-> Packing modified Anbox root image..." + mksquashfs rootfs $out -comp xz -no-xattrs -all-root + '' + ) { }); + in { @@ -42,6 +64,18 @@ in ''; }; + imageModifications = mkOption { + default = ""; + type = types.lines; + description = lib.mdDoc '' + Commands to edit the image filesystem. + + This can be used to e.g. bundle a privileged F-Droid. + + Commands are ran with PWD being at the root of the filesystem. + ''; + }; + extraInit = mkOption { type = types.lines; default = ""; @@ -67,16 +101,19 @@ in config = mkIf cfg.enable { assertions = singleton { - assertion = versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.18"; - message = "Anbox needs user namespace support to work properly"; + assertion = with config.boot.kernelPackages; kernelAtLeast "5.5" && kernelOlder "5.18"; + message = "Anbox needs a kernel with binder and ashmem support"; }; environment.systemPackages = with pkgs; [ anbox ]; - services.udev.extraRules = '' - KERNEL=="ashmem", NAME="%k", MODE="0666" - KERNEL=="binder*", NAME="%k", MODE="0666" - ''; + systemd.mounts = singleton { + requiredBy = [ "anbox-container-manager.service" ]; + description = "Anbox Binder File System"; + what = "binder"; + where = "/dev/binderfs"; + type = "binder"; + }; virtualisation.lxc.enable = true; networking.bridges.anbox0.interfaces = []; @@ -87,6 +124,9 @@ in internalInterfaces = [ "anbox0" ]; }; + # Ensures NetworkManager doesn't touch anbox0 + networking.networkmanager.unmanaged = [ "anbox0" ]; + systemd.services.anbox-container-manager = let anboxloc = "/var/lib/anbox"; in { @@ -121,12 +161,13 @@ in ExecStart = '' ${pkgs.anbox}/bin/anbox container-manager \ --data-path=${anboxloc} \ - --android-image=${cfg.image} \ + --android-image=${finalImage} \ --container-network-address=${cfg.ipv4.container.address} \ --container-network-gateway=${cfg.ipv4.gateway.address} \ --container-network-dns-servers=${cfg.ipv4.dns} \ --use-rootfs-overlay \ - --privileged + --privileged \ + --daemon ''; }; }; |