From fd464f0543b9b5370b1b3c165462e9f988d038bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Fern=C3=A1ndez=20L=C3=B3pez?=
 <ereslibre@ereslibre.es>
Date: Sun, 28 Jan 2024 12:38:16 +0100
Subject: [PATCH] virtualisation/containers: add support for providing static
 CDI definitions

---
 nixos/modules/virtualisation/containers.nix | 56 +++++++++++++++++----
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 3e33cabf2660..a205890b6843 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -28,6 +28,33 @@ in
       description = lib.mdDoc "Enable the OCI seccomp BPF hook";
     };
 
+    cdi = mkOption {
+      type = types.attrs;
+      default = { };
+      description = lib.mdDoc ''
+        Declarative CDI specification. Each key of the attribute set
+        will be mapped to a file in /etc/cdi. It is required for every
+        key to be provided in JSON format.
+      '';
+      example = {
+        some-vendor = builtins.fromJSON ''
+            {
+              "cdiVersion": "0.5.0",
+              "kind": "some-vendor.com/foo",
+              "devices": [],
+              "containerEdits": []
+            }
+          '';
+
+        some-other-vendor = {
+          cdiVersion = "0.5.0";
+          kind = "some-other-vendor.com/bar";
+          devices = [];
+          containerEdits = [];
+        };
+      };
+    };
+
     containersConf.settings = mkOption {
       type = toml.type;
       default = { };
@@ -124,19 +151,28 @@ in
       };
     };
 
-    environment.etc."containers/containers.conf".source =
-      toml.generate "containers.conf" cfg.containersConf.settings;
+    environment.etc = let
+      cdiConfigurationFiles = (lib.attrsets.mapAttrs'
+        (name: value:
+          lib.attrsets.nameValuePair "cdi/${name}.json"
+            { text = builtins.toJSON value; })
+        cfg.cdi);
+    in {
+      "containers/containers.conf".source =
+        toml.generate "containers.conf" cfg.containersConf.settings;
 
-    environment.etc."containers/storage.conf".source =
-      toml.generate "storage.conf" cfg.storage.settings;
+      "containers/storage.conf".source =
+        toml.generate "storage.conf" cfg.storage.settings;
 
-    environment.etc."containers/registries.conf".source = toml.generate "registries.conf" {
-      registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries;
-    };
+      "containers/registries.conf".source = toml.generate "registries.conf" {
+        registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries;
+      };
+
+      "containers/policy.json".source =
+        if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
+        else "${pkgs.skopeo.policy}/default-policy.json";
+    } // cdiConfigurationFiles;
 
-    environment.etc."containers/policy.json".source =
-      if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
-      else "${pkgs.skopeo.policy}/default-policy.json";
   };
 
 }