anbox: drop (#370821)

  ./tasks/trackpoint.nix

  ./testing/service-runner.nix

  ./virtualisation/amazon-options.nix

  ./virtualisation/anbox.nix

  ./virtualisation/appvm.nix

  ./virtualisation/build-vm.nix

  ./virtualisation/container-config.nix

    (mkRemovedOptionModule [ "services" "antennas" ]

      "The antennas package and the corresponding module have been removed as they only work with tvheadend, which nobody was willing to maintain and was stuck on an unmaintained version that required FFmpeg 4; please see https://github.com/NixOS/nixpkgs/pull/332259 if you are interested in maintaining a newer version."

    )

    (mkRemovedOptionModule [

      "services"

      "anbox"

    ] "The corresponding package was removed from nixpkgs as it is not maintained upstream anymore.")

    (mkRemovedOptionModule [

      "services"

      "ankisyncd"

{

  config,

  lib,

  pkgs,

  ...

}:

with lib;

let

  cfg = config.virtualisation.anbox;

  addrOpts = v: addr: pref: name: {

    address = mkOption {

      default = addr;

      type = types.str;

      description = ''

        IPv${toString v} ${name} address.

      '';

    };

    prefixLength = mkOption {

      default = pref;

      type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));

      description = ''

        Subnet mask of the ${name} address, specified as the number of

        bits in the prefix (`${if v == 4 then "24" else "64"}`).

      '';

    };

  };

  finalImage =

    if cfg.imageModifications == "" then

      cfg.image

    else

      (pkgs.callPackage (

        { runCommandNoCC, squashfsTools }:

        runCommandNoCC "${cfg.image.name}-modified.img"

          {

            nativeBuildInputs = [

              squashfsTools

            ];

          }

          ''

            echo "-> Extracting Anbox root image..."

            unsquashfs -dest rootfs ${cfg.image}

            echo "-> Modifying Anbox root image..."

            (

            cd rootfs

            ${cfg.imageModifications}

            )

            echo "-> Packing modified Anbox root image..."

            mksquashfs rootfs $out -comp xz -no-xattrs -all-root

          ''

      ) { });

in

{

  options.virtualisation.anbox = {

    enable = mkEnableOption "Anbox";

    image = mkOption {

      default = pkgs.anbox.image;

      defaultText = literalExpression "pkgs.anbox.image";

      type = types.package;

      description = ''

        Base android image for Anbox.

      '';

    };

    imageModifications = mkOption {

      default = "";

      type = types.lines;

      description = ''

        Commands to edit the image filesystem.

        This can be used to e.g. bundle a privileged F-Droid.

        Commands are ran with PWD being at the root of the filesystem.

      '';

    };

    extraInit = mkOption {

      type = types.lines;

      default = "";

      description = ''

        Extra shell commands to be run inside the container image during init.

      '';

    };

    ipv4 = {

      container = addrOpts 4 "192.168.250.2" 24 "Container";

      gateway = addrOpts 4 "192.168.250.1" 24 "Host";

      dns = mkOption {

        default = "1.1.1.1";

        type = types.str;

        description = ''

          Container DNS server.

        '';

      };

    };

  };

  config = mkIf cfg.enable {

    assertions = singleton {

      assertion = with config.boot.kernelPackages; kernelAtLeast "5.5" && kernelOlder "5.18";

      message = "Anbox needs a kernel with binder and ashmem support";

    };

    environment.systemPackages = with pkgs; [ anbox ];

    systemd.mounts = singleton {

      requiredBy = [ "anbox-container-manager.service" ];

      description = "Anbox Binder File System";

      what = "binder";

      where = "/dev/binderfs";

      type = "binder";

    };

    virtualisation.lxc.enable = true;

    networking.bridges.anbox0.interfaces = [ ];

    networking.interfaces.anbox0.ipv4.addresses = [ cfg.ipv4.gateway ];

    networking.nat = {

      enable = true;

      internalInterfaces = [ "anbox0" ];

    };

    # Ensures NetworkManager doesn't touch anbox0

    networking.networkmanager.unmanaged = [ "anbox0" ];

    systemd.services.anbox-container-manager =

      let

        anboxloc = "/var/lib/anbox";

      in

      {

        description = "Anbox Container Management Daemon";

        environment.XDG_RUNTIME_DIR = "${anboxloc}";

        wantedBy = [ "multi-user.target" ];

        preStart =

          let

            initsh = pkgs.writeText "nixos-init" (

              ''

                #!/system/bin/sh

                setprop nixos.version ${config.system.nixos.version}

                # we don't have radio

                setprop ro.radio.noril yes

                stop ril-daemon

                # speed up boot

                setprop debug.sf.nobootanimation 1

              ''

              + cfg.extraInit

            );

            initshloc = "${anboxloc}/rootfs-overlay/system/etc/init.goldfish.sh";

          in

          ''

            mkdir -p ${anboxloc}

            mkdir -p $(dirname ${initshloc})

            [ -f ${initshloc} ] && rm ${initshloc}

            cp ${initsh} ${initshloc}

            chown 100000:100000 ${initshloc}

            chmod +x ${initshloc}

          '';

        serviceConfig = {

          ExecStart = ''

            ${pkgs.anbox}/bin/anbox container-manager \

              --data-path=${anboxloc} \

              --android-image=${finalImage} \

              --container-network-address=${cfg.ipv4.container.address} \

              --container-network-gateway=${cfg.ipv4.gateway.address} \

              --container-network-dns-servers=${cfg.ipv4.dns} \

              --use-rootfs-overlay \

              --privileged \

              --daemon

          '';

        };

      };

  };

}

  amazon-init-shell = handleTest ./amazon-init-shell.nix {};

  amazon-ssm-agent = handleTest ./amazon-ssm-agent.nix {};

  amd-sev = runTest ./amd-sev.nix;

  anbox = runTest ./anbox.nix;

  angie-api = handleTest ./angie-api.nix {};

  anki-sync-server = handleTest ./anki-sync-server.nix {};

  anuko-time-tracker = handleTest ./anuko-time-tracker.nix {};

{ lib, pkgs, ... }:

{

  name = "anbox";

  meta.maintainers = with lib.maintainers; [ mvnetbiz ];

  nodes.machine =

    { pkgs, config, ... }:

    {

      imports = [

        ./common/user-account.nix

        ./common/x11.nix

      ];

      environment.systemPackages = with pkgs; [ android-tools ];

      test-support.displayManager.auto.user = "alice";

      virtualisation.anbox.enable = true;

      boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;

      virtualisation.memorySize = 2500;

    };

  testScript =

    { nodes, ... }:

    let

      user = nodes.machine.users.users.alice;

      bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString user.uid}/bus";

    in

    ''

      machine.wait_for_x()

      machine.wait_until_succeeds(

          "sudo -iu alice ${bus} anbox wait-ready"

      )

      machine.wait_until_succeeds("adb shell true")

      print(machine.succeed("adb devices"))

    '';

}