From 293c17926d47fb66e8a01267c2e698ab40dc53a6 Mon Sep 17 00:00:00 2001
From: Adam Stephens <adam@valkor.net>
Date: Sat, 10 Aug 2024 12:08:33 -0400
Subject: [PATCH] nixos/incus-agent: init

---
 nixos/modules/module-list.nix                |  1 +
 nixos/modules/virtualisation/incus-agent.nix | 41 ++++++++++++++++++++
 pkgs/by-name/in/incus/generic.nix            | 15 ++++++-
 3 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 nixos/modules/virtualisation/incus-agent.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 28a58249e798..077dafdf3990 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1679,6 +1679,7 @@
   ./virtualisation/ecs-agent.nix
   ./virtualisation/hyperv-guest.nix
   ./virtualisation/incus.nix
+  ./virtualisation/incus-agent.nix
   ./virtualisation/kvmgt.nix
   ./virtualisation/libvirtd.nix
   ./virtualisation/lxc.nix
diff --git a/nixos/modules/virtualisation/incus-agent.nix b/nixos/modules/virtualisation/incus-agent.nix
new file mode 100644
index 000000000000..bfb9eeb75d33
--- /dev/null
+++ b/nixos/modules/virtualisation/incus-agent.nix
@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.virtualisation.incus.agent;
+in
+{
+  meta = {
+    maintainers = lib.teams.lxc.members;
+  };
+
+  options = {
+    virtualisation.incus.agent.enable = lib.mkEnableOption "Incus agent";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udev.packages = [ config.virtualisation.incus.package.agent_loader ];
+    systemd.packages = [ config.virtualisation.incus.package.agent_loader ];
+
+    systemd.services.incus-agent = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+
+      path = [
+        pkgs.kmod
+        pkgs.util-linux
+
+        # allow `incus exec` to find system binaries
+        "/run/current-system/sw"
+      ];
+
+      # avoid killing nixos-rebuild switch when executed through incus exec
+      restartIfChanged = false;
+      stopIfChanged = false;
+    };
+  };
+}
diff --git a/pkgs/by-name/in/incus/generic.nix b/pkgs/by-name/in/incus/generic.nix
index 56b10804079b..7ffdc1c83ec4 100644
--- a/pkgs/by-name/in/incus/generic.nix
+++ b/pkgs/by-name/in/incus/generic.nix
@@ -13,10 +13,8 @@
   buildGoModule,
   fetchFromGitHub,
   writeScript,
-  writeShellScript,
   acl,
   cowsql,
-  hwdata,
   libcap,
   lxc,
   pkg-config,
@@ -38,6 +36,11 @@ buildGoModule rec {
     version
     ;
 
+  outputs = [
+    "out"
+    "agent_loader"
+  ];
+
   src = fetchFromGitHub {
     owner = "lxc";
     repo = "incus";
@@ -99,6 +102,14 @@ buildGoModule rec {
       --bash <($out/bin/incus completion bash) \
       --fish <($out/bin/incus completion fish) \
       --zsh <($out/bin/incus completion zsh)
+
+    mkdir -p $agent_loader/bin $agent_loader/etc/systemd/system $agent_loader/lib/udev/rules.d
+    cp internal/server/instance/drivers/agent-loader/incus-agent-setup $agent_loader/bin/
+    chmod +x $agent_loader/bin/incus-agent-setup
+    patchShebangs $agent_loader/bin/incus-agent-setup
+    cp internal/server/instance/drivers/agent-loader/systemd/incus-agent.service $agent_loader/etc/systemd/system/
+    cp internal/server/instance/drivers/agent-loader/systemd/incus-agent.rules $agent_loader/lib/udev/rules.d/99-incus-agent.rules
+    substituteInPlace $agent_loader/etc/systemd/system/incus-agent.service --replace-fail 'TARGET/systemd' "$agent_loader/bin"
   '';
 
   passthru = {