diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix index f554aeffb451..36c0ca8dfea3 100644 --- a/nixos/modules/virtualisation/podman.nix +++ b/nixos/modules/virtualisation/podman.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, utils, ... }: let cfg = config.virtualisation.podman; + toml = pkgs.formats.toml { }; + nvidia-docker = pkgs.nvidia-docker.override { containerRuntimePath = "${pkgs.runc}/bin/runc"; }; inherit (lib) mkOption types; @@ -53,6 +55,14 @@ in ''; }; + enableNvidia = mkOption { + type = types.bool; + default = false; + description = '' + Enable use of NVidia GPUs from within podman containers. + ''; + }; + extraPackages = mkOption { type = with types; listOf package; default = [ ]; @@ -78,21 +88,37 @@ in }; - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + environment.systemPackages = [ cfg.package ] + ++ lib.optional cfg.dockerCompat dockerCompat; - environment.systemPackages = [ cfg.package ] - ++ lib.optional cfg.dockerCompat dockerCompat; + environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist"; - environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist"; - - # Enable common /etc/containers configuration - virtualisation.containers.enable = true; - - assertions = [{ - assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable; - message = "Option dockerCompat conflicts with docker"; - }]; - - }; + virtualisation.containers = { + enable = true; # Enable common /etc/containers configuration + containersConf.extraConfig = lib.optionalString cfg.enableNvidia + (builtins.readFile (toml.generate "podman.nvidia.containers.conf" { + engine = { + conmon_env_vars = [ "PATH=${lib.makeBinPath [ nvidia-docker ]}" ]; + runtimes.nvidia = [ "${nvidia-docker}/bin/nvidia-container-runtime" ]; + }; + })); + }; + assertions = [ + { + assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable; + message = "Option dockerCompat conflicts with docker"; + } + { + assertion = cfg.enableNvidia -> !config.virtualisation.docker.enableNvidia; + message = "Option enableNvidia conflicts with docker.enableNvidia"; + } + ]; + } + (lib.mkIf cfg.enableNvidia { + environment.etc."nvidia-container-runtime/config.toml".source = "${nvidia-docker}/etc/podman-config.toml"; + }) + ]); } diff --git a/pkgs/applications/virtualization/nvidia-docker/default.nix b/pkgs/applications/virtualization/nvidia-docker/default.nix index 3f75e36ccae6..0df2efebd820 100644 --- a/pkgs/applications/virtualization/nvidia-docker/default.nix +++ b/pkgs/applications/virtualization/nvidia-docker/default.nix @@ -6,15 +6,23 @@ , makeWrapper , buildGoModule , buildGoPackage -, git , glibc +, docker +, linkFarm +, containerRuntimePath ? "${docker}/libexec/docker/runc" }: with lib; let libnvidia-container = callPackage ./libnvc.nix { }; + isolatedContainerRuntimePath = linkFarm "isolated_container_runtime_path" [ + { + name = "runc"; + path = containerRuntimePath; + } + ]; nvidia-container-runtime = buildGoPackage rec { - pname = "nvidia-container-toolkit"; + pname = "nvidia-container-runtime"; version = "3.4.0"; src = fetchFromGitHub { owner = "NVIDIA"; @@ -74,10 +82,18 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/{bin,etc} cp -r bin $out + wrapProgram $out/bin/nvidia-container-cli \ --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib + + # nvidia-container-runtime invokes docker-runc or runc if that isn't available on PATH + wrapProgram $out/bin/nvidia-container-runtime --prefix PATH : ${isolatedContainerRuntimePath} + cp ${./config.toml} $out/etc/config.toml substituteInPlace $out/etc/config.toml --subst-var-by glibcbin ${lib.getBin glibc} + + cp ${./podman-config.toml} $out/etc/podman-config.toml + substituteInPlace $out/etc/podman-config.toml --subst-var-by glibcbin ${lib.getBin glibc} ''; meta = { diff --git a/pkgs/applications/virtualization/nvidia-docker/podman-config.toml b/pkgs/applications/virtualization/nvidia-docker/podman-config.toml new file mode 100644 index 000000000000..eb39699b96b3 --- /dev/null +++ b/pkgs/applications/virtualization/nvidia-docker/podman-config.toml @@ -0,0 +1,13 @@ +disable-require = true +#swarm-resource = "DOCKER_RESOURCE_GPU" + +[nvidia-container-cli] +#root = "/run/nvidia/driver" +#path = "/usr/bin/nvidia-container-cli" +environment = [] +#debug = "/var/log/nvidia-container-runtime-hook.log" +ldcache = "/tmp/ld.so.cache" +load-kmods = true +no-cgroups = true +#user = "root:video" +ldconfig = "@@glibcbin@/bin/ldconfig"