├── .conform.yaml
├── .dockerignore
├── .github
├── renovate.json
└── workflows
│ ├── ci.yaml
│ ├── slack-notify.yaml
│ └── weekly.yaml
├── .gitignore
├── .kres.yaml
├── CHANGELOG.md
├── LICENSE
├── MAINTAINERS.md
├── Makefile
├── Pkgfile
├── README.md
├── container-runtime
├── crun
│ ├── 10-crun.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── ecr-credential-provider
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── gvisor-debug
│ ├── 11-gvisor-debug.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── runsc.toml
│ └── vars.yaml
├── gvisor
│ ├── 10-gvisor-kvm.part
│ ├── 10-gvisor.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── runsc-kvm.toml
│ ├── runsc.toml
│ └── vars.yaml
├── kata-containers
│ ├── 10-kata-containers.part
│ ├── README.md
│ ├── configuration.toml
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── spin
│ ├── 10-spin.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── stargz-snapshotter
│ ├── 10-stargz-snapshotter.part
│ ├── README.md
│ ├── config.toml
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── stargz-snapshotter.yaml
│ └── vars.yaml
├── vars.yaml
├── wasmedge
│ ├── 10-wasm.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
└── youki
│ ├── 10-youki.part
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── deps.png
├── drivers
├── amazon-ena
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── chelsio
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── gasket
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── mei
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── mellanox-ofed
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── tenstorrent
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── thunderbolt
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── uinput
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── usb-modem
│ ├── README.md
│ ├── files
│ │ ├── modules-aarch64.txt
│ │ └── modules-x86_64.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── v4l-uvc
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
└── xdma-driver
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── drm
├── amdgpu
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── i915
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── panfrost
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
└── vc4
│ ├── files
│ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── dvb
└── cx23885
│ ├── README.md
│ ├── files
│ ├── dvb.conf
│ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── examples
└── hello-world-service
│ ├── README.md
│ ├── hello-world.yaml
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── src
│ ├── go.mod
│ └── main.go
│ └── vars.yaml
├── firmware
├── amd-ucode
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── bnx2-bnx2x
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── chelsio
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── intel-ice-firmware
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── intel-ucode
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── qlogic-firmware
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── realtek-firmware
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── revpi-firmware
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── src
│ │ ├── go.mod
│ │ ├── go.sum
│ │ └── main.go
│ └── vars.yaml
└── vars.yaml
├── go.work
├── go.work.sum
├── guest-agents
├── metal-agent
│ ├── README.md
│ ├── manifest.yaml
│ ├── metal-agent.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── qemu-guest-agent
│ ├── README.md
│ ├── glib
│ │ └── pkg.yaml
│ ├── manifest.yaml
│ ├── pcre2
│ │ └── pkg.yaml
│ ├── pkg.yaml
│ ├── qemu-guest-agent.yaml
│ └── vars.yaml
├── vars.yaml
├── vmtoolsd-guest-agent
│ ├── README.md
│ ├── pkg.yaml
│ ├── stub-manifest.yaml
│ └── vars.yaml
└── xen-guest-agent
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── vars.yaml
│ └── xen-guest-agent.yaml
├── hack
├── release.sh
└── release.toml
├── internal
├── base
│ └── pkg.yaml
└── extensions
│ └── pkg.yaml
├── misc
├── binfmt-misc
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── glibc
│ ├── ld.so.conf
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
└── vars.yaml
├── network
├── cloudflared
│ ├── README.md
│ ├── cloudflared.yaml
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── lldpd
│ ├── README.md
│ ├── files
│ │ ├── group
│ │ └── passwd
│ ├── lldpd.yaml
│ ├── manifest.yaml
│ ├── patches
│ │ └── sys-queue.h
│ ├── pkg.yaml
│ └── vars.yaml
├── nebula
│ ├── README.md
│ ├── manifest.yaml
│ ├── nebula.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── tailscale
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── tailscale.yaml
│ └── vars.yaml
├── vars.yaml
└── zerotier
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── vars.yaml
│ ├── zerotier-wrapper
│ ├── go.mod
│ ├── go.sum
│ ├── main.go
│ └── pkg.yaml
│ └── zerotier.yaml
├── nvidia-gpu
├── nonfree
│ └── kmod-nvidia
│ │ ├── lts
│ │ ├── files
│ │ │ └── nvidia.conf
│ │ ├── manifest.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
│ │ └── production
│ │ ├── files
│ │ └── nvidia.conf
│ │ ├── manifest.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
├── nvidia-container-toolkit
│ ├── DEVELOPMENT.md
│ ├── README.md
│ ├── lts
│ │ ├── manifest.yaml
│ │ ├── nvidia-persistenced.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
│ ├── nvidia-container-cli
│ │ ├── elfutils
│ │ │ └── pkg.yaml
│ │ ├── libcap2
│ │ │ └── pkg.yaml
│ │ ├── libseccomp
│ │ │ └── pkg.yaml
│ │ ├── libtirpc
│ │ │ └── pkg.yaml
│ │ ├── lts
│ │ │ └── pkg.yaml
│ │ ├── production
│ │ │ └── pkg.yaml
│ │ └── zlib
│ │ │ └── pkg.yaml
│ ├── nvidia-container-runtime-wrapper
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── pkg.yaml
│ ├── nvidia-container-runtime
│ │ ├── 10-nvidia-container-runtime.part
│ │ ├── nvidia-container-runtime.toml
│ │ ├── patches
│ │ │ └── ldcache_path.patch
│ │ └── pkg.yaml
│ ├── nvidia-persistenced-wrapper
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── pkg.yaml
│ ├── nvidia-pkgs
│ │ ├── lts
│ │ │ ├── files
│ │ │ │ └── 15-nvidia-device.rules
│ │ │ └── pkg.yaml
│ │ └── production
│ │ │ ├── files
│ │ │ └── 15-nvidia-device.rules
│ │ │ └── pkg.yaml
│ └── production
│ │ ├── manifest.yaml
│ │ ├── nvidia-persistenced.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
├── nvidia-fabricmanager
│ ├── lts
│ │ ├── manifest.yaml
│ │ ├── nvidia-fabricmanager.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
│ └── production
│ │ ├── manifest.yaml
│ │ ├── nvidia-fabricmanager.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
├── nvidia-modules
│ ├── lts
│ │ ├── files
│ │ │ └── nvidia.conf
│ │ ├── manifest.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
│ └── production
│ │ ├── files
│ │ └── nvidia.conf
│ │ ├── manifest.yaml
│ │ ├── pkg.yaml
│ │ └── vars.yaml
└── vars.yaml
├── power
├── nut-client
│ ├── README.md
│ ├── files
│ │ ├── group
│ │ └── passwd
│ ├── manifest.yaml
│ ├── nut-client.yaml
│ ├── patches
│ │ └── replace_system.patch
│ ├── pkg.yaml
│ └── vars.yaml
└── vars.yaml
├── reproducibility
└── pkg.yaml
├── storage
├── btrfs
│ ├── README.md
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── drbd
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── fuse3
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── iscsi-tools
│ ├── README.md
│ ├── iscsid.yaml
│ ├── manifest.yaml
│ ├── open-iscsi
│ │ ├── patches
│ │ │ ├── dont-use-lib64.patch
│ │ │ ├── musl-fixes.patch
│ │ │ └── remove-werror.patch
│ │ └── pkg.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── mdadm
│ ├── README.md
│ ├── files
│ │ ├── udev-md-raid-arrays.rules
│ │ └── udev-md-raid-assembly.rules
│ ├── manifest.yaml
│ ├── patches
│ │ ├── exit-gracefully-when-md-device-not-found.patch
│ │ ├── mdadm-include-sysmacros.patch
│ │ ├── musl-125.patch
│ │ └── no-werror.patch
│ ├── pkg.yaml
│ └── vars.yaml
├── nfsd
│ ├── files
│ │ └── modules.txt
│ ├── manifest.yaml
│ ├── pkg.yaml
│ └── vars.yaml
├── vars.yaml
└── zfs
│ ├── README.md
│ ├── manifest.yaml
│ ├── pkg.yaml
│ ├── vars.yaml
│ ├── zfs-service.yaml
│ ├── zfs-service
│ ├── go.mod
│ ├── go.sum
│ ├── main.go
│ └── pkg.yaml
│ └── zfs-tools
│ ├── libtirpc
│ ├── patches
│ │ └── sys-queue.h
│ └── pkg.yaml
│ ├── patches
│ └── tests-fix-S_IFMT-undeclared-at-statx.c.patch
│ ├── pkg.yaml
│ └── zlib
│ └── pkg.yaml
└── tools
├── ctr
├── manifest.yaml
├── pkg.yaml
└── vars.yaml
├── nvme-cli
├── libnvme
│ └── pkg.yaml
├── manifest.yaml
├── patches
│ ├── basename.patch
│ └── locale.patch
├── pkg.yaml
└── vars.yaml
├── util-linux
├── manifest.yaml
├── pkg.yaml
└── vars.yaml
└── vars.yaml
/.conform.yaml:
--------------------------------------------------------------------------------
1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
2 | #
3 | # Generated on 2024-08-01T17:25:51Z by kres faf91e3.
4 |
5 | policies:
6 | - type: commit
7 | spec:
8 | dco: true
9 | gpg:
10 | required: true
11 | identity:
12 | gitHubOrganization: siderolabs
13 | spellcheck:
14 | locale: US
15 | maximumOfOneCommit: true
16 | header:
17 | length: 89
18 | imperative: true
19 | case: lower
20 | invalidLastCharacters: .
21 | body:
22 | required: true
23 | conventional:
24 | types:
25 | - chore
26 | - docs
27 | - perf
28 | - refactor
29 | - style
30 | - test
31 | - release
32 | scopes:
33 | - .*
34 | - type: license
35 | spec:
36 | root: .
37 | skipPaths:
38 | - .git/
39 | - testdata/
40 | includeSuffixes:
41 | - .go
42 | excludeSuffixes:
43 | - .pb.go
44 | - .pb.gw.go
45 | header: |
46 | // This Source Code Form is subject to the terms of the Mozilla Public
47 | // License, v. 2.0. If a copy of the MPL was not distributed with this
48 | // file, You can obtain one at http://mozilla.org/MPL/2.0/.
49 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
2 | #
3 | # Generated on 2024-08-29T14:13:04Z by kres b5ca957.
4 |
5 | *
6 | !CHANGELOG.md
7 | !MAINTAINERS.md
8 | !README.md
9 | !pkg.yaml
10 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
2 | #
3 | # Generated on 2023-12-25T17:44:28Z by kres latest.
4 |
5 | _out
6 | internal/extensions/image-digests
7 | internal/extensions/descriptions.yaml
8 |
--------------------------------------------------------------------------------
/container-runtime/crun/10-crun.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.crun]
2 | runtime_type = "io.containerd.runc.v2"
3 |
4 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.crun.options]
5 | BinaryName = "/usr/local/bin/crun"
6 |
--------------------------------------------------------------------------------
/container-runtime/crun/README.md:
--------------------------------------------------------------------------------
1 | # crun extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | In order to create the Wasm workload, a runtimeclass needs to be created.
10 |
11 | ```yaml
12 | apiVersion: node.k8s.io/v1
13 | kind: RuntimeClass
14 | metadata:
15 | name: crun
16 | handler: crun
17 | ```
18 |
19 | ## Testing
20 |
21 | Apply the following manifest to run nginx pod via crun:
22 |
23 | ```yaml
24 |
25 | ---
26 | apiVersion: v1
27 | kind: Pod
28 | metadata:
29 | name: nginx-crun
30 | spec:
31 | runtimeClassName: crun
32 | containers:
33 | - name: nginx
34 | image: nginx
35 | ```
36 |
37 | The pod should be up and running:
38 |
39 | ```bash
40 | $ kubectl get pods
41 | NAME READY STATUS RESTARTS AGE
42 | nginx-crun 1/1 Running 0 40s
43 | ```
44 |
--------------------------------------------------------------------------------
/container-runtime/crun/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: crun
4 | version: "$VERSION"
5 | author: Henrik Gerdes
6 | description: |
7 | This system extension provides crun using containerd's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.8.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/crun/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: crun
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
9 | - url: https://github.com/containers/crun/releases/download/{{ .CRUN_VERSION }}/crun-{{ .CRUN_VERSION }}-linux-arm64-disable-systemd
10 | destination: crun
11 | sha256: {{ .CRUN_ARM64_SHA256 }}
12 | sha512: {{ .CRUN_ARM64_SHA512 }}
13 | # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
14 | - url: https://github.com/containers/crun/releases/download/{{ .CRUN_VERSION }}/crun-{{ .CRUN_VERSION }}-linux-amd64-disable-systemd
15 | destination: crun
16 | sha256: {{ .CRUN_AMD64_SHA256 }}
17 | sha512: {{ .CRUN_AMD64_SHA512 }}
18 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
19 | prepare:
20 | - |
21 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 | cp -av crun /rootfs/usr/local/bin/crun
26 | chmod +x /rootfs/usr/local/bin/crun
27 |
28 | - |
29 | mkdir -p /rootfs/etc/cri/conf.d
30 | cp /pkg/10-crun.part /rootfs/etc/cri/conf.d/10-crun.part
31 | test:
32 | - |
33 | mkdir -p /extensions-validator-rootfs
34 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
35 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
36 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
37 |
38 | finalize:
39 | - from: /rootfs
40 | to: /rootfs
41 | - from: /pkg/manifest.yaml
42 | to: /
43 |
--------------------------------------------------------------------------------
/container-runtime/crun/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .CRUN_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/ecr-credential-provider/README.md:
--------------------------------------------------------------------------------
1 | # Kubelet ECR Credential Provider extension
2 |
3 | This extension provides the [ecr-credential-provider](https://github.com/kubernetes/cloud-provider-aws/tree/master/cmd/ecr-credential-provider) binary,
4 | which can be executed by Kubelet to provide a short-lived token for pulling container images
5 | from Amazon Web Services' Elastic Container Registry (ECR).
6 |
7 | ## Installation
8 |
9 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
10 |
11 | You also need to configure `ecr-credential-provider` as a Kubelet image
12 | credential provider. For this you'll need patch the machine config with the following:
13 |
14 | ```yaml
15 | machine:
16 | kubelet:
17 | credentialProviderConfig:
18 | apiVersion: kubelet.config.k8s.io/v1
19 | kind: CredentialProviderConfig
20 | providers:
21 | - name: ecr-credential-provider
22 | matchImages:
23 | - "*.dkr.ecr.*.amazonaws.com"
24 | - "*.dkr.ecr.*.amazonaws.com.cn"
25 | - "*.dkr.ecr-fips.*.amazonaws.com"
26 | - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
27 | - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
28 | defaultCacheDuration: "12h"
29 | apiVersion: credentialprovider.kubelet.k8s.io/v1
30 | ```
31 |
32 | ## More Information
33 |
34 | -
35 | -
36 | -
37 |
--------------------------------------------------------------------------------
/container-runtime/ecr-credential-provider/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: ecr-credential-provider
4 | version: "$VERSION"
5 | author: Florian Ströger
6 | description: |
7 | This system extension provides a binary which implements Kubelet's CredentialProvider API
8 | to authenticate against AWS' Elastic Container Registry and pull images.
9 | compatibility:
10 | talos:
11 | version: ">= v1.6.0"
12 |
--------------------------------------------------------------------------------
/container-runtime/ecr-credential-provider/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .CLOUD_PROVIDER_AWS_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/11-gvisor-debug.part:
--------------------------------------------------------------------------------
1 | [debug]
2 | level = "debug"
3 | [plugins."io.containerd.runtime.v1.linux"]
4 | shim_debug = true
5 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/README.md:
--------------------------------------------------------------------------------
1 | # gVisor debug extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Enables gVisor debug logging.
10 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: gvisor-debug
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension enables gVisor debug logging.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: gvisor-debug
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - prepare:
8 | - |
9 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
10 | install:
11 | - |
12 | mkdir -p /rootfs/etc/cri/conf.d
13 | cp /pkg/11-gvisor-debug.part /rootfs/etc/cri/conf.d/11-gvisor-debug.part
14 | cp /pkg/runsc.toml /rootfs/etc/cri/conf.d/runsc.toml
15 | test:
16 | - |
17 | mkdir -p /extensions-validator-rootfs
18 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
19 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
20 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
21 | finalize:
22 | - from: /pkg/manifest.yaml
23 | to: /
24 | - from: /rootfs
25 | to: /rootfs
26 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/runsc.toml:
--------------------------------------------------------------------------------
1 | log_path = "/var/log/runsc/%ID%/shim.log"
2 | log_level = "debug"
3 |
4 | [runsc_config]
5 | debug = "true"
6 | debug-log = "/var/log/runsc/%ID%/gvisor.%COMMAND%.log"
7 |
--------------------------------------------------------------------------------
/container-runtime/gvisor-debug/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "v1.0.0"
2 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/10-gvisor-kvm.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc-kvm]
2 | runtime_type = "io.containerd.runsc.v1"
3 |
4 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc-kvm.options]
5 | TypeUrl = "io.containerd.runsc.v1.options"
6 | ConfigPath = "/etc/cri/conf.d/runsc-kvm.toml"
7 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/10-gvisor.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc]
2 | runtime_type = "io.containerd.runsc.v1"
3 |
4 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc.options]
5 | TypeUrl = "io.containerd.runsc.v1.options"
6 | ConfigPath = "/etc/cri/conf.d/runsc.toml"
7 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/README.md:
--------------------------------------------------------------------------------
1 | # gVisor extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | gVisor requires unprivileged user namespace creation, so Talos default setting
10 | should be overridden:
11 |
12 | ```yaml
13 | machine:
14 | sysctls:
15 | user.max_user_namespaces: "11255"
16 | ```
17 |
18 | > Warning! This disables [KSPP best practices](https://kspp.github.io/Recommended_Settings#sysctls) setting.
19 |
20 | ## Testing
21 |
22 | ### default
23 |
24 | Apply the following manifest to run nginx pod via gVisor:
25 |
26 | ```yaml
27 | apiVersion: node.k8s.io/v1
28 | kind: RuntimeClass
29 | metadata:
30 | name: gvisor
31 | handler: runsc
32 | ---
33 | apiVersion: v1
34 | kind: Pod
35 | metadata:
36 | name: nginx-gvisor
37 | spec:
38 | runtimeClassName: gvisor
39 | containers:
40 | - name: nginx
41 | image: nginx
42 | ```
43 |
44 | The pod should be up and running:
45 |
46 | ```bash
47 | $ kubectl get pods
48 | NAME READY STATUS RESTARTS AGE
49 | nginx-gvisor 1/1 Running 0 40s
50 | ```
51 |
52 | ### With platform KVM (requires nested virtualization or bare-metal)
53 |
54 | Apply the following manifest to run nginx pod via gVisor with kvm platform:
55 |
56 | ```yaml
57 | apiVersion: node.k8s.io/v1
58 | kind: RuntimeClass
59 | metadata:
60 | name: gvisor
61 | handler: runsc-kvm
62 | ---
63 | apiVersion: v1
64 | kind: Pod
65 | metadata:
66 | name: nginx-gvisor
67 | spec:
68 | runtimeClassName: gvisor
69 | containers:
70 | - name: nginx
71 | image: nginx
72 | ```
73 | The pod should be up and running:
74 |
75 | ```bash
76 | $ kubectl get pods
77 | NAME READY STATUS RESTARTS AGE
78 | nginx-gvisor 1/1 Running 0 40s
79 | ```
80 |
81 | **Hint**: You can run both runtime handlers in parallel by naming them different
82 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: gvisor
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides gVisor using containerd's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/runsc-kvm.toml:
--------------------------------------------------------------------------------
1 | [runsc_config]
2 | platform = "kvm"
3 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/runsc.toml:
--------------------------------------------------------------------------------
1 | [runsc_config]
2 |
--------------------------------------------------------------------------------
/container-runtime/gvisor/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .GVISOR_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/kata-containers/10-kata-containers.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.kata]
2 | runtime_type = "io.containerd.kata.v2"
3 | privileged_without_host_devices = true
4 | pod_annotations = ["io.katacontainers.*"]
5 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.kata.options]
6 | ConfigPath = "/usr/local/share/kata-containers/configuration.toml"
7 |
--------------------------------------------------------------------------------
/container-runtime/kata-containers/README.md:
--------------------------------------------------------------------------------
1 | # kata-containers extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | ## Testing
10 |
11 | Apply the following manifest to run nginx pod using Kata Containers:
12 |
13 | ```yaml
14 | apiVersion: node.k8s.io/v1
15 | kind: RuntimeClass
16 | metadata:
17 | name: kata
18 | handler: kata
19 | overhead:
20 | podFixed:
21 | memory: "130Mi"
22 | cpu: "250m"
23 | ---
24 | apiVersion: v1
25 | kind: Pod
26 | metadata:
27 | name: nginx-kata
28 | spec:
29 | runtimeClassName: kata
30 | containers:
31 | - name: nginx
32 | image: nginx
33 | ```
34 |
35 | The pod should be up and running:
36 |
37 | ```bash
38 | $ kubectl get pods
39 | NAME READY STATUS RESTARTS AGE
40 | nginx-kata 1/1 Running 0 40s
41 | ```
42 |
--------------------------------------------------------------------------------
/container-runtime/kata-containers/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: kata-containers
4 | version: "$VERSION"
5 | author: Fabiano Fidêncio
6 | description: |
7 | This system extension provides kata-container using containerd's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.7.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/kata-containers/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .KATA_CONTAINERS_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/spin/10-spin.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.spin]
2 | runtime_type = "io.containerd.spin.v2"
3 |
--------------------------------------------------------------------------------
/container-runtime/spin/README.md:
--------------------------------------------------------------------------------
1 | # Spin extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | In order to create the Wasm workload, a runtimeclass needs to be created.
10 |
11 | ```yaml
12 | apiVersion: node.k8s.io/v1
13 | kind: RuntimeClass
14 | metadata:
15 | name: wasmtime-spin-v2
16 | handler: spin
17 | ```
18 |
19 | ## Testing
20 |
21 | Apply the following manifest to run sample pod using spin:
22 |
23 | ```yaml
24 | apiVersion: v1
25 | kind: Pod
26 | metadata:
27 | name: spin-test
28 | spec:
29 | containers:
30 | - command:
31 | - /
32 | image: ghcr.io/spinkube/containerd-shim-spin/examples/spin-rust-hello
33 | name: spin-test
34 | runtimeClassName: wasmtime-spin-v2
35 | ```
36 |
37 | The pod should run without any errors:
38 |
39 | ```bash
40 | $ kubectl get pods
41 | NAME READY STATUS RESTARTS AGE
42 | spin-test 1/1 Running 0 28s
43 | ```
44 |
--------------------------------------------------------------------------------
/container-runtime/spin/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: spin
4 | version: "$VERSION"
5 | author: Sven Pfennig
6 | description: |
7 | This system extension provides support for spin runtime (WebAssembly) containers.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/spin/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: spin
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
9 | - url: https://github.com/spinkube/containerd-shim-spin/releases/download/{{ .SPIN_VERSION }}/containerd-shim-spin-v2-linux-aarch64.tar.gz
10 | destination: containerd-shim-spin.tar.gz
11 | sha256: {{ .SPIN_ARM64_SHA256 }}
12 | sha512: {{ .SPIN_ARM64_SHA512 }}
13 | # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
14 | - url: https://github.com/spinkube/containerd-shim-spin/releases/download/{{ .SPIN_VERSION }}/containerd-shim-spin-v2-linux-x86_64.tar.gz
15 | destination: containerd-shim-spin.tar.gz
16 | sha256: {{ .SPIN_AMD64_SHA256 }}
17 | sha512: {{ .SPIN_AMD64_SHA512 }}
18 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
19 | prepare:
20 | - |
21 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 |
26 | tar xf containerd-shim-spin.tar.gz -C /rootfs/usr/local/bin
27 | - |
28 | mkdir -p /rootfs/etc/cri/conf.d
29 | cp /pkg/10-spin.part /rootfs/etc/cri/conf.d/10-spin.part
30 | test:
31 | - |
32 | mkdir -p /extensions-validator-rootfs
33 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
34 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
35 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
36 | finalize:
37 | - from: /rootfs
38 | to: /rootfs
39 | - from: /pkg/manifest.yaml
40 | to: /
41 |
--------------------------------------------------------------------------------
/container-runtime/spin/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .SPIN_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/10-stargz-snapshotter.part:
--------------------------------------------------------------------------------
1 | # Enable stargz snapshotter for CRI
2 | [plugins."io.containerd.cri.v1.runtime".containerd]
3 | snapshotter = "stargz"
4 | disable_snapshot_annotations = false
5 |
6 | # Plug stargz snapshotter into containerd
7 | [proxy_plugins]
8 | [proxy_plugins.stargz]
9 | type = "snapshot"
10 | address = "/var/run/containerd-stargz-grpc/containerd-stargz-grpc.sock"
11 |
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/README.md:
--------------------------------------------------------------------------------
1 | # Stargz Snapshotter extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/config.toml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/siderolabs/extensions/1efc06bf0e22817e336ceb16c5328b204653c357/container-runtime/stargz-snapshotter/config.toml
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: stargz-snapshotter
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Stargz Snapshotter using containerd's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.6.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/stargz-snapshotter.yaml:
--------------------------------------------------------------------------------
1 | name: stargz-snapshotter
2 | depends:
3 | - service: cri
4 | container:
5 | environment:
6 | - PATH=/usr/local/bin
7 | entrypoint: ./containerd-stargz-grpc
8 | args:
9 | - --address=/var/run/containerd-stargz-grpc/containerd-stargz-grpc.sock
10 | - --root=/var/lib/containerd/io.containerd.snapshotter.v1.stargz
11 | - --log-level=debug
12 | security:
13 | rootfsPropagation: shared
14 | mounts:
15 | - source: /etc/ssl
16 | destination: /etc/ssl
17 | type: bind
18 | options:
19 | - bind
20 | - ro
21 | - source: /var
22 | destination: /var
23 | type: bind
24 | options:
25 | - rshared
26 | - rbind
27 | - rw
28 | - source: /usr/local/etc/containerd-stargz-grpc
29 | destination: /etc/containerd-stargz-grpc
30 | type: bind
31 | options:
32 | - bind
33 | - ro
34 | - source: /lib
35 | destination: /lib
36 | type: bind
37 | options:
38 | - bind
39 | - ro
40 | - source: /usr/lib
41 | destination: /usr/lib
42 | type: bind
43 | options:
44 | - bind
45 | - ro
46 | - source: /usr/local/bin
47 | destination: /usr/local/bin
48 | type: bind
49 | options:
50 | - bind
51 | - ro
52 | - source: /dev
53 | destination: /dev
54 | type: bind
55 | options:
56 | - rshared
57 | - rbind
58 | - rw
59 | restart: always
60 |
--------------------------------------------------------------------------------
/container-runtime/stargz-snapshotter/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .STARGZ_SNAPSHOTTER_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/wasmedge/10-wasm.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.wasmedge]
2 | runtime_type = "io.containerd.wasmedge.v1"
3 |
--------------------------------------------------------------------------------
/container-runtime/wasmedge/README.md:
--------------------------------------------------------------------------------
1 | # WasmEdge extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | In order to create the Wasm workload, a runtimeclass needs to be created.
10 |
11 | ```yaml
12 | apiVersion: node.k8s.io/v1
13 | kind: RuntimeClass
14 | metadata:
15 | name: wasmedge
16 | handler: wasmedge
17 | ```
18 |
19 | ## Testing
20 |
21 | Apply the following manifest to run sample pod using wasmedge:
22 |
23 | ```yaml
24 | apiVersion: v1
25 | kind: Pod
26 | metadata:
27 | name: wasmedge-test
28 | spec:
29 | restartPolicy: Never
30 | runtimeClassName: wasmedge
31 | containers:
32 | - name: wasmedge-test
33 | image: wasmedge/example-wasi:latest
34 | ```
35 |
36 | The pod should run without any errors:
37 |
38 | ```bash
39 | $ kubectl get pods
40 | NAME READY STATUS RESTARTS AGE
41 | wasmedge-test 0/1 Completed 0 28s
42 | ```
43 |
--------------------------------------------------------------------------------
/container-runtime/wasmedge/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: wasmedge
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides support for WasmEdge runtime (WebAssembly) containers.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/wasmedge/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: wasmedge
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
9 | - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-aarch64-linux-musl.tar.gz
10 | destination: containerd-shim-wasmedge.tar.gz
11 | sha256: {{ .WASMEDGE_ARM64_SHA256 }}
12 | sha512: {{ .WASMEDGE_ARM64_SHA512 }}
13 | # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
14 | - url: https://github.com/containerd/runwasi/releases/download/containerd-shim-wasmedge/{{ .WASMEDGE_VERSION }}/containerd-shim-wasmedge-x86_64-linux-musl.tar.gz
15 | destination: containerd-shim-wasmedge.tar.gz
16 | sha256: {{ .WASMEDGE_AMD64_SHA256 }}
17 | sha512: {{ .WASMEDGE_AMD64_SHA512 }}
18 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
19 | prepare:
20 | - |
21 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 | mkdir -p /rootfs/etc/cri/conf.d
26 |
27 | cp /pkg/10-wasm.part /rootfs/etc/cri/conf.d/10-wasm.part
28 |
29 | tar xf containerd-shim-wasmedge.tar.gz -C /rootfs/usr/local/bin
30 | test:
31 | - |
32 | mkdir -p /extensions-validator-rootfs
33 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
34 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
35 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
36 | finalize:
37 | - from: /rootfs
38 | to: /rootfs
39 | - from: /pkg/manifest.yaml
40 | to: /
41 |
--------------------------------------------------------------------------------
/container-runtime/wasmedge/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .WASMEDGE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/container-runtime/youki/10-youki.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.youki]
2 | runtime_type = "io.containerd.runc.v2"
3 |
4 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.youki.options]
5 | BinaryName = "/usr/local/bin/youki"
6 |
--------------------------------------------------------------------------------
/container-runtime/youki/README.md:
--------------------------------------------------------------------------------
1 | # youki extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Apply the following manifest to run an nginx pod using the Youki Runtime:
10 |
11 | ```yaml
12 | apiVersion: node.k8s.io/v1
13 | kind: RuntimeClass
14 | metadata:
15 | name: youki
16 | handler: youki
17 | ```
18 |
19 | ## Testing
20 |
21 | Apply the following manifest to run nginx pod via youki:
22 |
23 | ```yaml
24 |
25 | ---
26 | apiVersion: v1
27 | kind: Pod
28 | metadata:
29 | name: nginx-youki
30 | spec:
31 | runtimeClassName: youki
32 | containers:
33 | - name: nginx
34 | image: nginx
35 | ```
36 |
37 | The pod should be up and running:
38 |
39 | ```bash
40 | $ kubectl get pods
41 | NAME READY STATUS RESTARTS AGE
42 | nginx-youki 1/1 Running 0 40s
43 | ```
44 |
--------------------------------------------------------------------------------
/container-runtime/youki/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: youki
4 | version: "$VERSION"
5 | author: 0xBrandon
6 | description: |
7 | This system extension provides youki using containerd's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.9.0"
11 |
--------------------------------------------------------------------------------
/container-runtime/youki/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: youki
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | # {{ if eq .ARCH "aarch64" }}
9 | - url: https://github.com/youki-dev/youki/releases/download/v{{ .YOUKI_VERSION }}/youki-{{ .YOUKI_VERSION }}-aarch64-musl.tar.gz
10 | destination: youki.tar.gz
11 | sha256: {{ .YOUKI_ARM64_SHA256 }}
12 | sha512: {{ .YOUKI_ARM64_SHA512 }}
13 | # {{ else }}
14 | - url: https://github.com/youki-dev/youki/releases/download/v{{ .YOUKI_VERSION }}/youki-{{ .YOUKI_VERSION }}-x86_64-musl.tar.gz
15 | destination: youki.tar.gz
16 | sha256: {{ .YOUKI_AMD64_SHA256 }}
17 | sha512: {{ .YOUKI_AMD64_SHA512 }}
18 | # {{ end }}
19 | prepare:
20 | - |
21 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 | tar -xzf youki.tar.gz -C /rootfs/usr/local/bin youki
26 | chmod +x /rootfs/usr/local/bin/youki
27 |
28 | - |
29 | mkdir -p /rootfs/etc/cri/conf.d
30 | cp /pkg/10-youki.part /rootfs/etc/cri/conf.d/10-youki.part
31 | test:
32 | - |
33 | mkdir -p /extensions-validator-rootfs
34 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
35 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
36 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
37 |
38 | finalize:
39 | - from: /rootfs
40 | to: /rootfs
41 | - from: /pkg/manifest.yaml
42 | to: /
43 |
--------------------------------------------------------------------------------
/container-runtime/youki/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .YOUKI_VERSION }}"
2 |
--------------------------------------------------------------------------------
/deps.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/siderolabs/extensions/1efc06bf0e22817e336ceb16c5328b204653c357/deps.png
--------------------------------------------------------------------------------
/drivers/amazon-ena/README.md:
--------------------------------------------------------------------------------
1 | # Amazon EC2 ENA network driver
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | See [Amazon ENA driver](https://github.com/amzn/amzn-drivers/tree/master/kernel/linux/ena) documentation for more information.
10 | The driver is already built and installed in this extension, so ignore the build instructions in the documentation.
11 |
--------------------------------------------------------------------------------
/drivers/amazon-ena/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: amazon-ena
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Amazon ENA kernel modules built against a specific Talos version.
8 | ENA is a networking interface designed to make good use of modern CPU features and system architectures.
9 | compatibility:
10 | talos:
11 | version: ">= v1.0.0"
12 |
--------------------------------------------------------------------------------
/drivers/amazon-ena/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: amazon-ena
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/ena-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 |
17 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
18 | - test:
19 | - |
20 | mkdir -p /extensions-validator-rootfs
21 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
22 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
23 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
24 | finalize:
25 | - from: /rootfs
26 | to: /rootfs
27 | - from: /pkg/manifest.yaml
28 | to: /
29 |
--------------------------------------------------------------------------------
/drivers/amazon-ena/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .ENA_VERSION }}-{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/chelsio/README.md:
--------------------------------------------------------------------------------
1 | # chelsio-drivers extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Provides:
10 |
11 | * `cxgb`
12 | * `cxgb3`
13 | * `cxgb4`
14 | * `cxgb4vf`
15 |
16 | These modules should be auto-loaded by udev based on the NIC present.
17 |
--------------------------------------------------------------------------------
/drivers/chelsio/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/net/ethernet/chelsio/cxgb/cxgb.ko
5 | kernel/drivers/net/ethernet/chelsio/cxgb3/cxgb3.ko
6 | kernel/drivers/net/ethernet/chelsio/cxgb4/cxgb4.ko
7 | kernel/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf.ko
8 | kernel/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/ch_ipsec.ko
9 |
--------------------------------------------------------------------------------
/drivers/chelsio/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: chelsio-drivers
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Chelsio network drivers.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/drivers/chelsio/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: chelsio-drivers
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/drivers/chelsio/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/gasket/README.md:
--------------------------------------------------------------------------------
1 | # gasket-driver extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | By default, the device will be owned by UID and GID `0` and is only accessible by root.
10 | If you need to change this, you may do this by adding udev rules to your machine configuration like this,
11 | which would change the GID to `44` and give that group read/write permissions.
12 |
13 | ```yaml
14 | machine:
15 | udev:
16 | rules:
17 | - SUBSYSTEM=="apex", MODE="0660", GROUP="44"
18 | ```
19 |
20 | ## Verifiying
21 |
22 | You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the module is live.
23 |
24 | For example:
25 |
26 | ```bash
27 | ❯ talosctl -n 192.168.32.5 read /proc/modules
28 | apex 20480 - - Live 0xffffffffc01c9000 (O)
29 | gasket 94208 - - Live 0xffffffffc01aa000 (O)
30 | ```
31 |
32 | In addition, if you actually have Coral module installed, you should be able to verify it's presence at `/dev/apex_0`.
33 |
34 | For example:
35 |
36 | ```bash
37 | ❯ talosctl -n 192.168.32.5 ls -l /dev/apex_0
38 | NODE MODE UID GID SIZE(B) LASTMOD NAME
39 | 192.168.32.5 Dcrw-rw---- 0 44 0 Sep 10 18:15:52 apex_0
40 | ```
41 |
--------------------------------------------------------------------------------
/drivers/gasket/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: gasket-driver
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides google gasket driver kernel modules built against a specific Talos version.
8 | This driver is required for PCIe and M.2 Google Coral accelerators. There are 2 kernel modules ("gasket"
9 | and "apex") required to enable this driver.
10 | compatibility:
11 | talos:
12 | version: ">= v1.2.0"
13 |
--------------------------------------------------------------------------------
/drivers/gasket/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: gasket-driver
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/gasket-driver-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 |
17 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
18 | - test:
19 | - |
20 | mkdir -p /extensions-validator-rootfs
21 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
22 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
23 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
24 | finalize:
25 | - from: /rootfs
26 | to: /rootfs
27 | - from: /pkg/manifest.yaml
28 | to: /
29 |
--------------------------------------------------------------------------------
/drivers/gasket/vars.yaml:
--------------------------------------------------------------------------------
1 | # update when pkgs version is updated
2 | VERSION: "5815ee3-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/drivers/mei/README.md:
--------------------------------------------------------------------------------
1 | # mei extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Provides:
10 |
11 | * `mei_wdt`
12 | * `mei_txe`
13 | * `mei_gsc`
14 | * `mei_pxp`
15 | * `mei_hdcp`
16 | * `mei_me`
17 | * `mei`
18 |
19 | Modules are automatically loaded.
20 |
21 | ## Verifiying
22 |
23 | You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the modules are live.
24 |
25 | For example:
26 |
27 | ```
28 | ❯ talosctl -n 192.168.227.5 read /proc/modules
29 | mei_wdt 12288 - - Live 0xffffffffc030b000
30 | mei_txe 28672 - - Live 0xffffffffc02d0000
31 | mei_gsc 12288 - - Live 0xffffffffc0247000
32 | mei_pxp 12288 - - Live 0xffffffffc02d4000
33 | mei_hdcp 16384 - - Live 0xffffffffc02bd000
34 | mei_me 45056 - - Live 0xffffffffc0267000
35 | mei 131072 - - Live 0xffffffffc0286000
36 | ```
37 |
--------------------------------------------------------------------------------
/drivers/mei/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.ko
5 | kernel/drivers/misc/mei/hdcp/mei_hdcp.ko
6 | kernel/drivers/misc/mei/pxp/mei_pxp.ko
7 | kernel/drivers/misc/mei/mei-gsc.ko
8 | kernel/drivers/misc/mei/mei-me.ko
9 | kernel/drivers/misc/mei/mei-txe.ko
10 | kernel/drivers/misc/mei/mei.ko
11 | kernel/drivers/watchdog/mei_wdt.ko
12 |
--------------------------------------------------------------------------------
/drivers/mei/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: mei
4 | version: "$VERSION"
5 | author: Nick Meyer
6 | description: |
7 | This system extension provides Intel Management Engine drivers kernel modules built against a specific Talos version.
8 | This driver enables the Intel Management Engine, a prerequisite for Intel Arc discrete GPUs.
9 | compatibility:
10 | talos:
11 | version: ">= v1.8.0"
12 |
--------------------------------------------------------------------------------
/drivers/mei/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: mei
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 |
14 | mkdir -p /rootfs
15 | # {{ if eq .ARCH "x86_64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
16 | - install:
17 | - |
18 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
19 |
20 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
21 | depmod -b /rootfs/usr ${KERNELRELEASE}
22 | - test:
23 | - |
24 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
25 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
26 | - |
27 | mkdir -p /extensions-validator-rootfs
28 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
29 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
30 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
31 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
32 | finalize:
33 | - from: /rootfs
34 | to: /rootfs
35 | - from: /pkg/manifest.yaml
36 | to: /
37 |
--------------------------------------------------------------------------------
/drivers/mei/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/mellanox-ofed/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: mellanox-ofed
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides kernel module driver for Mellanox OFED built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.3.0"
11 |
--------------------------------------------------------------------------------
/drivers/mellanox-ofed/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: mellanox-ofed
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/mellanox-ofed-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 |
17 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
18 | - test:
19 | - |
20 | mkdir -p /extensions-validator-rootfs
21 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
22 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
23 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
24 | finalize:
25 | - from: /rootfs
26 | to: /rootfs
27 | - from: /pkg/manifest.yaml
28 | to: /
29 |
--------------------------------------------------------------------------------
/drivers/mellanox-ofed/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "5.8-1.1.2.1-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/drivers/tenstorrent/README.md:
--------------------------------------------------------------------------------
1 | # tenstorrent extension
2 |
3 | This extension provides [Tennstorrent](https://github.com/tenstorrent/tt-kmd) drivers for Talos Linux.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Usage
10 |
11 | ```yaml
12 | machine:
13 | kernel:
14 | modules:
15 | - name: tenstorrent
16 | ```
17 |
18 | ## Verifying
19 |
20 | You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the module is live.
21 |
22 | For example:
23 |
24 | ```bash
25 | ❯ talosctl read /proc/modules
26 | ```
27 |
28 | In addition, if you actually have Tenstorrent hardware installed, you should be able to verify the devices that begin with `/dev/tenstorrent/*`.
29 |
30 | For example:
31 |
32 | ```bash
33 | ❯ talosctl ls -l /dev/tenstorrent/*
34 | NODE MODE UID GID SIZE(B) LASTMOD LABEL NAME
35 | 192.168.4.20 drwxr-xr-x 0 0 60 May 20 15:26:39 system_u:object_r:device_t:s0 .
36 | 192.168.4.20 Dcrw-rw-rw- 0 0 0 May 20 15:26:40 system_u:object_r:device_t:s0 0
37 | ```
38 |
--------------------------------------------------------------------------------
/drivers/tenstorrent/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: tenstorrent
4 | version: "$VERSION"
5 | author: Tenstorrent AI ULC
6 | description: |
7 | Driver for Tenstorrent AI processing hardware
8 | compatibility:
9 | talos:
10 | version: ">= v1.9.0"
11 |
--------------------------------------------------------------------------------
/drivers/tenstorrent/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: tenstorrent
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/tenstorrent-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 | mkdir -p /rootfs/usr/lib/udev/rules.d
17 |
18 | - |
19 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules/
20 | cp -R /etc/udev/rules.d/* /rootfs/usr/lib/udev/rules.d
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/drivers/tenstorrent/vars.yaml:
--------------------------------------------------------------------------------
1 | # update when pkgs version is updated
2 | VERSION: "{{ .TENSTORRENT_VERSION }}"
3 |
--------------------------------------------------------------------------------
/drivers/thunderbolt/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/thunderbolt/thunderbolt.ko
5 | kernel/drivers/net/thunderbolt/thunderbolt_net.ko
6 |
--------------------------------------------------------------------------------
/drivers/thunderbolt/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: thunderbolt
4 | version: "$VERSION"
5 | author: Igor Rzegocki
6 | description: |
7 | This system extension provides Thunderbolt/USB4 drivers kernel modules built against a specific Talos version.
8 | This driver enables Thunderbolt/USB4 devices, including networking.
9 | compatibility:
10 | talos:
11 | version: ">= v1.5.0"
12 |
--------------------------------------------------------------------------------
/drivers/thunderbolt/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: thunderbolt
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/drivers/thunderbolt/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/uinput/README.md:
--------------------------------------------------------------------------------
1 | # uinput extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Enable the `uinput` module in Talos machine config.
10 |
11 | ```yaml
12 | machine:
13 | kernel:
14 | modules:
15 | - name: uinput
16 | ```
17 |
18 | ## Verifiying
19 |
20 | You can verify the modules are enabled by the `/proc/modules` where it _should_ show the module is live.
21 |
22 | For example:
23 |
24 | ```
25 | ❯ talosctl -n 192.168.42.15 read /proc/modules
26 | uinput 24576 - - Live 0xffffffffc0414000
27 | ```
28 |
29 | In addition, the `/dev/uinput` device should be present.
30 |
31 | For example:
32 |
33 | ```
34 | ❯ talosctl -n 192.168.42.15 ls /dev/uinput'
35 | NODE NAME
36 | 192.168.42.15 uinput
37 | ```
38 |
--------------------------------------------------------------------------------
/drivers/uinput/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/input/misc/uinput.ko
5 |
--------------------------------------------------------------------------------
/drivers/uinput/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: uinput
4 | version: "$VERSION"
5 | author: Judah Rand
6 | description: |
7 | This system extension provides the uinput kernel module built against a specific Talos version.
8 | This kernel module makes it possible to emulate input devices from userspace. By writing to
9 | /dev/uinput (or /dev/input/uinput) device, a process can create a virtual input device with
10 | specific capabilities. Once this virtual device is created, the process can send events through it,
11 | that will be delivered to userspace and in-kernel consumers.
12 | compatibility:
13 | talos:
14 | version: ">= v1.4.5"
15 |
--------------------------------------------------------------------------------
/drivers/uinput/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: uinput
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/drivers/uinput/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/usb-modem/files/modules-aarch64.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/net/usb/dm9601.ko
5 | kernel/drivers/net/usb/rndis_host.ko
6 | kernel/drivers/net/usb/smsc75xx.ko
7 | kernel/drivers/net/usb/sierra_net.ko
8 | kernel/drivers/net/usb/cdc_subset.ko
9 | kernel/drivers/net/usb/int51x1.ko
10 | kernel/drivers/net/usb/cdc_eem.ko
11 | kernel/drivers/net/usb/cdc_ncm.ko
12 | kernel/drivers/net/usb/zaurus.ko
13 | kernel/drivers/net/usb/net1080.ko
14 | kernel/drivers/net/usb/qmi_wwan.ko
15 | kernel/drivers/net/usb/mcs7830.ko
16 | kernel/drivers/net/usb/aqc111.ko
17 | kernel/drivers/net/usb/sr9700.ko
18 | kernel/drivers/net/usb/usbnet.ko
19 | kernel/drivers/net/usb/sr9800.ko
20 | kernel/drivers/net/usb/plusb.ko
21 | kernel/drivers/net/usb/lg-vl600.ko
22 | kernel/drivers/net/usb/cdc-phonet.ko
23 | kernel/drivers/net/usb/smsc95xx.ko
24 | kernel/drivers/net/usb/gl620a.ko
25 | kernel/drivers/net/usb/r8153_ecm.ko
26 | kernel/drivers/net/usb/cdc_ether.ko
27 | kernel/drivers/net/usb/cx82310_eth.ko
28 | kernel/drivers/net/usb/huawei_cdc_ncm.ko
29 | kernel/drivers/net/usb/kalmia.ko
30 | kernel/drivers/net/usb/asix.ko
31 | kernel/drivers/net/usb/cdc_mbim.ko
32 | kernel/drivers/net/usb/ax88179_178a.ko
33 | kernel/drivers/net/phy/ax88796b.ko
34 | kernel/drivers/usb/class/cdc-wdm.ko
35 | kernel/drivers/usb/serial/usb_wwan.ko
36 | kernel/drivers/usb/serial/option.ko
37 |
--------------------------------------------------------------------------------
/drivers/usb-modem/files/modules-x86_64.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/net/usb/dm9601.ko
5 | kernel/drivers/net/usb/rndis_host.ko
6 | kernel/drivers/net/usb/smsc75xx.ko
7 | kernel/drivers/net/usb/sierra_net.ko
8 | kernel/drivers/net/usb/cdc_subset.ko
9 | kernel/drivers/net/usb/int51x1.ko
10 | kernel/drivers/net/usb/cdc_eem.ko
11 | kernel/drivers/net/usb/cdc_ncm.ko
12 | kernel/drivers/net/usb/zaurus.ko
13 | kernel/drivers/net/usb/net1080.ko
14 | kernel/drivers/net/usb/qmi_wwan.ko
15 | kernel/drivers/net/usb/mcs7830.ko
16 | kernel/drivers/net/usb/aqc111.ko
17 | kernel/drivers/net/usb/sr9700.ko
18 | kernel/drivers/net/usb/usbnet.ko
19 | kernel/drivers/net/usb/sr9800.ko
20 | kernel/drivers/net/usb/plusb.ko
21 | kernel/drivers/net/usb/lg-vl600.ko
22 | kernel/drivers/net/usb/cdc-phonet.ko
23 | kernel/drivers/net/usb/smsc95xx.ko
24 | kernel/drivers/net/usb/gl620a.ko
25 | kernel/drivers/net/usb/r8153_ecm.ko
26 | kernel/drivers/net/usb/cdc_ether.ko
27 | kernel/drivers/net/usb/cx82310_eth.ko
28 | kernel/drivers/net/usb/huawei_cdc_ncm.ko
29 | kernel/drivers/net/usb/kalmia.ko
30 | kernel/drivers/net/usb/asix.ko
31 | kernel/drivers/net/usb/cdc_mbim.ko
32 | kernel/drivers/net/usb/ax88179_178a.ko
33 | kernel/drivers/net/phy/smsc.ko
34 | kernel/drivers/net/phy/ax88796b.ko
35 | kernel/drivers/usb/class/cdc-wdm.ko
36 | kernel/drivers/usb/serial/usb_wwan.ko
37 | kernel/drivers/usb/serial/option.ko
38 |
--------------------------------------------------------------------------------
/drivers/usb-modem/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: usb-modem-drivers
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides USB modem drivers kernel modules built against a specific Talos version.
8 | This driver is required for USB modems to function. This extension includes all the drivers needed to
9 | operate any USB modem under Linux, but your device might not require all of them. Read your device's
10 | docs to learn which drivers you need, or just enable them all as a starting point.
11 | compatibility:
12 | talos:
13 | version: ">= v1.4.5"
14 |
--------------------------------------------------------------------------------
/drivers/usb-modem/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: usb-modem-drivers
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules-{{ .ARCH }}.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/drivers/usb-modem/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/v4l-uvc/README.md:
--------------------------------------------------------------------------------
1 | # Video4Linux USB Video Class extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Enable the `uvcvideo` module in Talos machine config to enable `/dev/video` devices from USB devices supporting the USB video device class.
10 |
11 | ```yaml
12 | machine:
13 | kernel:
14 | modules:
15 | - name: uvcvideo
16 | ```
17 |
18 | ## Verifiying
19 |
20 | You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the module is live.
21 |
22 | For example:
23 |
24 | ```
25 | ❯ talosctl -n 192.168.42.15 read /proc/modules
26 | uvcvideo 122880 - - Live 0xffffffffc065f000
27 | videobuf2_vmalloc 16384 - - Live 0xffffffffc063b000
28 | videobuf2_memops 16384 - - Live 0xffffffffc0588000
29 | videobuf2_v4l2 28672 - - Live 0xffffffffc05b3000
30 | videobuf2_common 61440 - - Live 0xffffffffc064f000
31 | videodev 237568 - - Live 0xffffffffc0600000
32 | mc 49152 - - Live 0xffffffffc05f3000
33 | ```
34 |
35 | In addition, you should be able to verify presence of the video device if the USB device is plugged in, checking `/dev` directory.
36 |
37 | For example:
38 |
39 | ```
40 | ❯ talosctl -n 192.168.42.15 ls /dev | grep video
41 | 192.168.42.15 video0
42 | 192.168.42.15 video1
43 | ```
44 |
45 | You can also verify everything in dmesg:
46 |
47 | ```
48 | ❯ talosctl -n 192.168.42.15 dmesg
49 | # look for lines like these:
50 | kern: info: [2024-01-15T19:37:30.689914441Z]: videodev: Linux video capture interface: v2.00
51 | kern: info: [2024-01-15T19:37:34.222751441Z]: usbcore: registered new interface driver uvcvideo
52 | ```
53 |
--------------------------------------------------------------------------------
/drivers/v4l-uvc/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/media/common/uvc.ko
5 | kernel/drivers/media/common/videobuf2/videobuf2-common.ko
6 | kernel/drivers/media/common/videobuf2/videobuf2-memops.ko
7 | kernel/drivers/media/common/videobuf2/videobuf2-v4l2.ko
8 | kernel/drivers/media/common/videobuf2/videobuf2-vmalloc.ko
9 | kernel/drivers/media/mc/mc.ko
10 | kernel/drivers/media/usb/uvc/uvcvideo.ko
11 | kernel/drivers/media/v4l2-core/v4l2-dv-timings.ko
12 | kernel/drivers/media/v4l2-core/videodev.ko
13 |
--------------------------------------------------------------------------------
/drivers/v4l-uvc/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: v4l-uvc-drivers
4 | version: "$VERSION"
5 | author: Jacob McSwain
6 | description: |
7 | This system extension provides the Video4Linux kernel modules required for USB Video Class devices built against a specific Talos version.
8 | This driver enables Video4Linux devices such as webcams.
9 | compatibility:
10 | talos:
11 | version: ">= v1.5.0"
12 |
--------------------------------------------------------------------------------
/drivers/v4l-uvc/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: v4l-uvc-drivers
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/drivers/v4l-uvc/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drivers/xdma-driver/README.md:
--------------------------------------------------------------------------------
1 | # xdma-driver extension
2 |
3 | This extension provides [Xilinx PCIe DMA](https://github.com/Xilinx/dma_ip_drivers/tree/master/XDMA/linux-kernel) drivers for Talos Linux.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Usage
10 |
11 | ```yaml
12 | machine:
13 | kernel:
14 | modules:
15 | - name: xdma
16 | ```
17 |
18 | ## Verifying
19 |
20 | You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the module is live.
21 |
22 | For example:
23 |
24 | ```bash
25 | ❯ talosctl read /proc/modules
26 | ```
27 |
28 | In addition, if you actually have XDMA module installed, you should be able to verify with the presence of character devices that begin with `/dev/xdma*`.
29 |
30 | For example:
31 |
32 | ```bash
33 | ❯ talosctl ls -l /dev/xdma*
34 | NODE MODE UID GID SIZE(B) LASTMOD NAME
35 | ```
36 |
--------------------------------------------------------------------------------
/drivers/xdma-driver/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: xdma-driver
4 | version: "$VERSION"
5 | author: Nikolai Shields
6 | description: |
7 | Xilinx DMA Driver
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/drivers/xdma-driver/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: xdma-driver
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/xdma-driver-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 |
17 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
18 | - test:
19 | - |
20 | finalize:
21 | - from: /rootfs
22 | to: /rootfs
23 | - from: /pkg/manifest.yaml
24 | to: /
25 |
--------------------------------------------------------------------------------
/drivers/xdma-driver/vars.yaml:
--------------------------------------------------------------------------------
1 | # update when pkgs version is updated
2 | VERSION: "aefa9a1-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/drm/amdgpu/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/gpu/drm/amd/amdgpu/amdgpu.ko
5 | kernel/drivers/gpu/drm/amd/amdxcp/amdxcp.ko
6 |
--------------------------------------------------------------------------------
/drm/amdgpu/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: amdgpu
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides AMDGPU firmware binaries and kernel modules.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/drm/amdgpu/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: amdgpu
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
10 | steps:
11 | - prepare:
12 | - |
13 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
14 |
15 | mkdir -p /rootfs
16 | # {{ if eq .ARCH "x86_64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
17 | - install:
18 | - |
19 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
20 |
21 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
22 | - |
23 | mkdir -p /rootfs/usr/lib/firmware
24 | cp -R -p /usr/lib/firmware/amdgpu /rootfs/usr/lib/firmware
25 | - test:
26 | - |
27 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
28 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
29 | - |
30 | mkdir -p /extensions-validator-rootfs
31 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
32 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
33 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
34 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
35 | finalize:
36 | - from: /rootfs
37 | to: /rootfs
38 | - from: /pkg/manifest.yaml
39 | to: /
40 |
--------------------------------------------------------------------------------
/drm/amdgpu/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}-{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drm/i915/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/gpu/drm/i915/i915.ko
5 |
--------------------------------------------------------------------------------
/drm/i915/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: i915
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Intel GPU microcode binaries and kernel modules.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/drm/i915/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: i915
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
10 | steps:
11 | - prepare:
12 | - |
13 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
14 |
15 | mkdir -p /rootfs
16 | # {{ if eq .ARCH "x86_64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
17 | - install:
18 | - |
19 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
20 |
21 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
22 | - |
23 | mkdir -p /rootfs/usr/lib/firmware
24 | cp -R -p /usr/lib/firmware/i915 /rootfs/usr/lib/firmware
25 | - test:
26 | - |
27 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
28 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
29 | - |
30 | mkdir -p /extensions-validator-rootfs
31 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
32 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
33 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
34 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
35 | finalize:
36 | - from: /rootfs
37 | to: /rootfs
38 | - from: /pkg/manifest.yaml
39 | to: /
40 |
--------------------------------------------------------------------------------
/drm/i915/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}-{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drm/panfrost/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/gpu/drm/drm_gpuvm.ko
5 | kernel/drivers/gpu/drm/panfrost/panfrost.ko
6 | kernel/drivers/gpu/drm/panthor/panthor.ko
7 |
--------------------------------------------------------------------------------
/drm/panfrost/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: panfrost
4 | version: "$VERSION"
5 | author: Adam Cirillo
6 | description: |
7 | This system extension provides ARM Mali Midgard, Bifrost, and Valhall firmware binaries and kernel modules.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/drm/panfrost/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}-{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/drm/vc4/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/drivers/gpu/drm/v3d/v3d.ko
5 | kernel/drivers/gpu/drm/vc4/vc4.ko
6 | kernel/sound/soundcore.ko
7 | kernel/sound/core/snd.ko
8 | kernel/sound/core/snd-timer.ko
9 | kernel/sound/core/snd-pcm.ko
10 | kernel/sound/core/snd-pcm-dmaengine.ko
11 | kernel/sound/soc/snd-soc-core.ko
12 | kernel/sound/soc/codecs/snd-soc-hdmi-codec.ko
13 |
--------------------------------------------------------------------------------
/drm/vc4/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: vc4
4 | version: "$VERSION"
5 | author: Gluo NV
6 | description: |
7 | This system extension provides kernel modules for Broadcom VideoCore GPU.
8 | compatibility:
9 | talos:
10 | version: ">= v1.10.0"
11 |
--------------------------------------------------------------------------------
/drm/vc4/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/dvb/cx23885/README.md:
--------------------------------------------------------------------------------
1 | # dvb-cx23885 system extension
2 |
3 | ## Installation
4 |
5 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
6 |
7 | ## Usage
8 |
9 | Enable the `cx23885` module in Talos machine config to enable the tuner.
10 |
11 | ```yaml
12 | machine:
13 | kernel:
14 | modules:
15 | - name: cx23885
16 | ```
--------------------------------------------------------------------------------
/dvb/cx23885/files/dvb.conf:
--------------------------------------------------------------------------------
1 | blacklist cx23885
2 | blacklist dvb_core
3 |
--------------------------------------------------------------------------------
/dvb/cx23885/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: dvb-cx23885
4 | version: "$VERSION"
5 | author: Skyler Mäntysaari
6 | description: |
7 | This system extension provides the dvb kernel modules required for Hauppage WinTV-quadHD PCIe tuner built against a specific Talos version.
8 | Includes the firmware required.
9 | compatibility:
10 | talos:
11 | version: ">= v1.9.0"
12 |
--------------------------------------------------------------------------------
/dvb/cx23885/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/examples/hello-world-service/hello-world.yaml:
--------------------------------------------------------------------------------
1 | name: hello-world
2 | container:
3 | entrypoint: ./hello-world
4 | args:
5 | - --msg
6 | - Talos Linux Extension Service
7 | depends:
8 | - network:
9 | - addresses
10 | restart: always
11 |
--------------------------------------------------------------------------------
/examples/hello-world-service/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: hello-world-service
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides an example Talos extension service.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/examples/hello-world-service/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: hello-world-service
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | prepare:
13 | - |
14 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
15 | build:
16 | - |
17 | cd /pkg/src
18 | CGO_ENABLED=0 go build -o ./hello-world .
19 | install:
20 | - |
21 | mkdir -p /rootfs/usr/local/lib/containers/hello-world
22 |
23 | cp -p /pkg/src/hello-world /rootfs/usr/local/lib/containers/hello-world/
24 | - |
25 | mkdir -p /rootfs/usr/local/etc/containers
26 |
27 | cp /pkg/hello-world.yaml /rootfs/usr/local/etc/containers/
28 | test:
29 | - |
30 | mkdir -p /extensions-validator-rootfs
31 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
32 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
33 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
34 | finalize:
35 | - from: /rootfs
36 | to: /rootfs
37 | - from: /pkg/manifest.yaml
38 | to: /
39 |
--------------------------------------------------------------------------------
/examples/hello-world-service/src/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/siderolabs/hello-world
2 |
3 | go 1.22
4 |
--------------------------------------------------------------------------------
/examples/hello-world-service/src/main.go:
--------------------------------------------------------------------------------
1 | // This Source Code Form is subject to the terms of the Mozilla Public
2 | // License, v. 2.0. If a copy of the MPL was not distributed with this
3 | // file, You can obtain one at http://mozilla.org/MPL/2.0/.
4 |
5 | package main
6 |
7 | import (
8 | "context"
9 | "flag"
10 | "fmt"
11 | "log"
12 | "net/http"
13 | "os"
14 | "os/signal"
15 | "syscall"
16 | "time"
17 | )
18 |
19 | var msg string
20 |
21 | func main() {
22 | flag.StringVar(&msg, "msg", "", "hello message")
23 | flag.Parse()
24 |
25 | log.Printf("starting the hello world service")
26 | defer log.Printf("stopping the hello world service")
27 |
28 | done := make(chan os.Signal, 1)
29 | signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
30 |
31 | router := http.NewServeMux()
32 | router.HandleFunc("/", HelloServer)
33 |
34 | srv := &http.Server{
35 | Addr: ":80",
36 | Handler: router,
37 | }
38 |
39 | go func() {
40 | if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
41 | log.Fatalf("listen error: %s", err)
42 | }
43 | }()
44 |
45 | <-done
46 |
47 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
48 | defer cancel()
49 |
50 | if err := srv.Shutdown(ctx); err != nil {
51 | log.Fatalf("server shutdown failed: %s", err)
52 | }
53 | }
54 |
55 | func HelloServer(w http.ResponseWriter, r *http.Request) {
56 | fmt.Fprintf(w, "Hello from %s!", msg)
57 | }
58 |
--------------------------------------------------------------------------------
/examples/hello-world-service/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "v1.0.0"
2 |
--------------------------------------------------------------------------------
/firmware/amd-ucode/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: amd-ucode
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides AMD microcode binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/amd-ucode/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: amd-ucode
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware
14 | cp -R -p /usr/lib/firmware/amd-ucode /rootfs/usr/lib/firmware
15 | test:
16 | - |
17 | mkdir -p /extensions-validator-rootfs
18 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
19 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
20 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
21 | finalize:
22 | - from: /rootfs
23 | to: /rootfs
24 | - from: /pkg/manifest.yaml
25 | to: /
26 |
--------------------------------------------------------------------------------
/firmware/amd-ucode/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/bnx2-bnx2x/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: bnx2-bnx2x
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides bnx2 and bnx2x binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/bnx2-bnx2x/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: bnx2-bnx2x
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware
14 | cp -R -p /usr/lib/firmware/bnx2 /rootfs/usr/lib/firmware
15 | cp -R -p /usr/lib/firmware/bnx2x /rootfs/usr/lib/firmware
16 | test:
17 | - |
18 | mkdir -p /extensions-validator-rootfs
19 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
20 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
21 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
22 | finalize:
23 | - from: /rootfs
24 | to: /rootfs
25 | - from: /pkg/manifest.yaml
26 | to: /
27 |
--------------------------------------------------------------------------------
/firmware/bnx2-bnx2x/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/chelsio/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: chelsio-firmware
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Chelsio NIC firmware binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/chelsio/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: chelsio-firmware
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware
14 | cp -R -p /usr/lib/firmware/cxgb3 /rootfs/usr/lib/firmware
15 | cp -R -p /usr/lib/firmware/cxgb4 /rootfs/usr/lib/firmware
16 | test:
17 | - |
18 | mkdir -p /extensions-validator-rootfs
19 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
20 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
21 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
22 | finalize:
23 | - from: /rootfs
24 | to: /rootfs
25 | - from: /pkg/manifest.yaml
26 | to: /
27 |
--------------------------------------------------------------------------------
/firmware/chelsio/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/intel-ice-firmware/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: intel-ice-firmware
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Intel Ice firmware binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/intel-ice-firmware/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: intel-ice-firmware
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware/intel/ice/ddp
14 | cp /usr/lib/firmware/intel/ice/ddp/ice-*.pkg /rootfs/usr/lib/firmware/intel/ice/ddp/ice.pkg
15 | test:
16 | - |
17 | mkdir -p /extensions-validator-rootfs
18 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
19 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
20 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
21 | finalize:
22 | - from: /rootfs
23 | to: /rootfs
24 | - from: /pkg/manifest.yaml
25 | to: /
26 |
--------------------------------------------------------------------------------
/firmware/intel-ice-firmware/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/intel-ucode/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: intel-ucode
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides Intel microcode binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/intel-ucode/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: intel-ucode
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-{{ .INTEL_UCODE_VERSION }}.tar.gz
9 | destination: intel-ucode.tar.gz
10 | sha256: {{ .INTEL_UCODE_SHA256 }}
11 | sha512: {{ .INTEL_UCODE_SHA512 }}
12 | prepare:
13 | - |
14 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
15 | - |
16 | tar -xzf intel-ucode.tar.gz --strip-components=1
17 | install:
18 | - |
19 | mkdir -p /rootfs/usr/lib/firmware
20 | cp -R -p intel-ucode /rootfs/usr/lib/firmware
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/firmware/intel-ucode/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .INTEL_UCODE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/qlogic-firmware/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: qlogic-firmware
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides firmware for QLogic devices.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/qlogic-firmware/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: qlogic-firmware
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware
14 | cp -R -p /usr/lib/firmware/qed /rootfs/usr/lib/firmware
15 | cp -R -p /usr/lib/firmware/ql*_fw.bin /rootfs/usr/lib/firmware
16 | test:
17 | - |
18 | mkdir -p /extensions-validator-rootfs
19 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
20 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
21 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
22 | finalize:
23 | - from: /rootfs
24 | to: /rootfs
25 | - from: /pkg/manifest.yaml
26 | to: /
27 |
--------------------------------------------------------------------------------
/firmware/qlogic-firmware/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/realtek-firmware/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: realtek-firmware
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides realtek firmware binaries.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/realtek-firmware/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: realtek-firmware
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/linux-firmware:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - |
10 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
11 | install:
12 | - |
13 | mkdir -p /rootfs/usr/lib/firmware
14 | cp -R -p /usr/lib/firmware/rtl_bt /rootfs/usr/lib/firmware
15 | cp -R -p /usr/lib/firmware/rtl_nic /rootfs/usr/lib/firmware
16 | cp -R -p /usr/lib/firmware/rtlwifi /rootfs/usr/lib/firmware
17 | cp -R -p /usr/lib/firmware/rtw88 /rootfs/usr/lib/firmware
18 | test:
19 | - |
20 | mkdir -p /extensions-validator-rootfs
21 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
22 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
23 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
24 | finalize:
25 | - from: /rootfs
26 | to: /rootfs
27 | - from: /pkg/manifest.yaml
28 | to: /
29 |
--------------------------------------------------------------------------------
/firmware/realtek-firmware/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: revpi-firmware
4 | version: "$VERSION"
5 | author: STACKIT
6 | description: |
7 | This system extension provides tools e.g. udev rules for the RevolutionPi platform.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: revpi-firmware
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | - network: default
13 | prepare:
14 | - |
15 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
16 | cd /pkg/src
17 | go mod download
18 | build:
19 | - |
20 | cd /pkg/src
21 | CGO_ENABLED=0 go build -o ./revpi_mac .
22 | strip revpi_mac
23 | install:
24 | - |
25 | mkdir -p /rootfs/usr/lib/udev/rules.d/
26 | cp -p /pkg/src/revpi_mac /rootfs/usr/lib/udev/rules.d/
27 | echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{type}=="1", DEVPATH=="*/fd580000.ethernet/net/*", PROGRAM="/usr/lib/udev/rules.d/revpi_mac %k 0"' > /rootfs/usr/lib/udev/rules.d/50-revpi.rules
28 | test:
29 | - |
30 | mkdir -p /extensions-validator-rootfs
31 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
32 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
33 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
34 | finalize:
35 | - from: /rootfs
36 | to: /rootfs
37 | - from: /pkg/manifest.yaml
38 | to: /
39 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/src/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/siderolabs/revpi-firmare
2 |
3 | go 1.22
4 |
5 | require (
6 | github.com/vishvananda/netlink v1.3.0 // indirect
7 | github.com/vishvananda/netns v0.0.4 // indirect
8 | golang.org/x/sys v0.10.0 // indirect
9 | )
10 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/src/go.sum:
--------------------------------------------------------------------------------
1 | github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
2 | github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
3 | github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
4 | github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
5 | golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
6 | golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
7 | golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
8 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/src/main.go:
--------------------------------------------------------------------------------
1 | // This Source Code Form is subject to the terms of the Mozilla Public
2 | // License, v. 2.0. If a copy of the MPL was not distributed with this
3 | // file, You can obtain one at http://mozilla.org/MPL/2.0/.
4 |
5 | package main
6 |
7 | import (
8 | "fmt"
9 | "log"
10 | "net"
11 | "os"
12 | "strconv"
13 | "strings"
14 |
15 | "github.com/vishvananda/netlink"
16 | )
17 |
18 | func main() {
19 | if len(os.Args) < 3 {
20 | log.Fatalf("Usage: %s ", os.Args)
21 | }
22 |
23 | devName := string(os.Args[1])
24 | offset, err := strconv.ParseInt(os.Args[2], 10, 64)
25 | if err != nil {
26 | log.Fatalf("Invalid offset: %v", err)
27 | }
28 |
29 | if _, err := os.Stat("/sys/firmware/devicetree/base/hat/custom_5"); os.IsNotExist(err) {
30 | os.Exit(1)
31 | }
32 |
33 | data, err := os.ReadFile("/sys/firmware/devicetree/base/hat/custom_5")
34 | if err != nil {
35 | log.Fatalf("Failed to read file: %v", err)
36 | }
37 |
38 | baseMAC := string(data)
39 |
40 | if baseMAC == "" {
41 | os.Exit(2)
42 | }
43 |
44 | MAC := strings.Split(baseMAC, ":")
45 | lastNum, err := strconv.ParseInt(MAC[len(MAC)-1], 16, 16)
46 | if err != nil {
47 | log.Fatalf("Failed to parse last number: %v", err)
48 | }
49 | lastNum = lastNum + offset
50 | MAC[len(MAC)-1] = fmt.Sprintf("%02x", lastNum)
51 |
52 | link, err := netlink.LinkByName(devName)
53 | if err != nil {
54 | log.Fatalf("Failed to get interface: %v", err)
55 | }
56 |
57 | hwAddr, err := net.ParseMAC(strings.Join(MAC, ":"))
58 | if err != nil {
59 | log.Fatalf("Failed to parse MAC address: %v", err)
60 | }
61 |
62 | err = netlink.LinkSetHardwareAddr(link, hwAddr)
63 | if err != nil {
64 | log.Fatalf("Failed to set MAC address: %v", err)
65 | }
66 |
67 | fmt.Printf("MAC address of %s changed to %s\n", devName, MAC)
68 | os.Exit(0)
69 | }
70 |
--------------------------------------------------------------------------------
/firmware/revpi-firmware/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "v1.0.0"
2 |
--------------------------------------------------------------------------------
/firmware/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=github-releases extractVersion=^microcode-(?.*)$ depName=intel/Intel-Linux-Processor-Microcode-Data-Files
2 | INTEL_UCODE_VERSION: 20250211
3 | INTEL_UCODE_SHA256: 1da88b51953c9da2e20b5c94b3d7270cf87ea5babcaa56e3d6a5c9eaf11694b3
4 | INTEL_UCODE_SHA512: 493216fb14097c7c9bda3117fbcae8ad4300fb8646918338119ef303000aad6f73ca04acc59c9a890b0b2b58e097798f673954f15e3142948267bbeeacc842cf
5 |
--------------------------------------------------------------------------------
/go.work:
--------------------------------------------------------------------------------
1 | go 1.23.0
2 |
3 | use (
4 | ./examples/hello-world-service/src
5 | ./nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime-wrapper
6 | ./nvidia-gpu/nvidia-container-toolkit/nvidia-persistenced-wrapper
7 | )
8 |
--------------------------------------------------------------------------------
/go.work.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
2 | golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
3 | golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
4 | golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
5 | golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
6 | golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
7 | golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
8 | golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
9 | golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
10 | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
11 | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
12 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
13 |
--------------------------------------------------------------------------------
/guest-agents/metal-agent/README.md:
--------------------------------------------------------------------------------
1 | # metal-agent
2 |
3 | Adds [talos-metal-agent](https://github.com/siderolabs/talos-metal-agent) as a system extension.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Configuration
10 |
11 | This extension requires no configuration.
12 |
--------------------------------------------------------------------------------
/guest-agents/metal-agent/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: metal-agent
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides talos-metal-agent
8 | compatibility:
9 | talos:
10 | version: ">= 1.9.0-alpha.0"
11 |
--------------------------------------------------------------------------------
/guest-agents/metal-agent/metal-agent.yaml:
--------------------------------------------------------------------------------
1 | name: metal-agent
2 | container:
3 | entrypoint: ./talos-metal-agent
4 | args: []
5 | environment:
6 | - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
7 | mounts:
8 | - source: /system/run/machined/machine.sock
9 | destination: /system/run/machined/machine.sock
10 | type: bind
11 | options:
12 | - rshared
13 | - rbind
14 | - source: /dev
15 | destination: /dev
16 | type: bind
17 | options:
18 | - rshared
19 | - rbind
20 | - rw
21 | - source: /etc/ssl/certs
22 | destination: /etc/ssl/certs
23 | type: bind
24 | options:
25 | - rbind
26 | - ro
27 | depends:
28 | - path: /system/run/machined/machine.sock
29 | - path: /etc/ssl/certs
30 | - network:
31 | - addresses
32 | restart: always
33 | logToConsole: true
34 |
--------------------------------------------------------------------------------
/guest-agents/metal-agent/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: metal-agent
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 |
7 | - image: "{{ .IMAGE_PREFIX }}/talos-metal-agent:{{ .VERSION }}"
8 | from: /
9 | to: /rootfs/usr/local/lib/containers/metal-agent
10 | steps:
11 | - prepare:
12 | - |
13 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
14 | install:
15 | - |
16 | mkdir -p /rootfs/usr/local/etc/containers
17 |
18 | cp /pkg/metal-agent.yaml /rootfs/usr/local/etc/containers/
19 | - |
20 | touch /rootfs/usr/local/etc/is-metal-agent
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/guest-agents/metal-agent/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .TALOS_METAL_AGENT_VERSION }}"
2 | IMAGE_PREFIX: ghcr.io/siderolabs
3 |
--------------------------------------------------------------------------------
/guest-agents/qemu-guest-agent/glib/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: glib
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - stage: pcre2
7 | steps:
8 | - sources:
9 | - url: https://download.gnome.org/sources/glib/{{ regexReplaceAll ".\\d+$" .GLIB_VERSION "${1}" }}/glib-{{ .GLIB_VERSION }}.tar.xz
10 | destination: glib.tar.xz
11 | sha256: {{ .GLIB_SHA256 }}
12 | sha512: {{ .GLIB_SHA512 }}
13 | prepare:
14 | - |
15 | tar -xf glib.tar.xz --strip-components=1
16 | rm glib.tar.xz
17 | build:
18 | - |
19 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig
20 |
21 | meson setup \
22 | --prefix=/usr \
23 | -Ddefault_library=both \
24 | -Dlibelf=disabled \
25 | -Dselinux=disabled \
26 | _build
27 |
28 | ninja -C _build
29 | install:
30 | - |
31 | DESTDIR=/rootfs ninja -C _build install
32 | finalize:
33 | - from: /rootfs
34 | to: /
35 |
--------------------------------------------------------------------------------
/guest-agents/qemu-guest-agent/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: qemu-guest-agent
4 | version: "$VERSION"
5 | author: Markus Reiter
6 | description: |
7 | This system extension provides the QEMU Guest Agent service.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/guest-agents/qemu-guest-agent/pcre2/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: pcre2
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://github.com/PCRE2Project/pcre2/releases/download/pcre2-{{ .PCRE2_VERSION }}/pcre2-{{ .PCRE2_VERSION }}.tar.bz2
9 | destination: pcre2.tar.bz2
10 | sha256: {{ .PCRE2_SHA256 }}
11 | sha512: {{ .PCRE2_SHA512 }}
12 | prepare:
13 | - |
14 | tar -xf pcre2.tar.bz2 --strip-components=1
15 | rm pcre2.tar.bz2
16 | build:
17 | - |
18 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig
19 |
20 | ./configure --prefix=/usr
21 |
22 | make -j $(nproc)
23 | install:
24 | - |
25 | make DESTDIR=/rootfs install
26 | finalize:
27 | - from: /rootfs
28 | to: /
29 |
--------------------------------------------------------------------------------
/guest-agents/qemu-guest-agent/qemu-guest-agent.yaml:
--------------------------------------------------------------------------------
1 | name: qemu-guest-agent
2 | depends:
3 | - path: /system/run/machined/machine.sock
4 | - path: /dev/virtio-ports/org.qemu.guest_agent.0
5 | container:
6 | entrypoint: ./qemu-ga
7 | mounts:
8 | # Shared libraries.
9 | - source: /lib
10 | destination: /lib
11 | type: bind
12 | options:
13 | - bind
14 | - ro
15 | - source: /usr/lib
16 | destination: /usr/lib
17 | type: bind
18 | options:
19 | - bind
20 | - ro
21 | # State files.
22 | - source: /system/run/qemu-guest-agent
23 | destination: /var/run
24 | type: bind
25 | options:
26 | - rshared
27 | - rbind
28 | - rw
29 | # Device files.
30 | - source: /dev
31 | destination: /dev
32 | type: bind
33 | options:
34 | - rshared
35 | - rbind
36 | - rw
37 | # `/sbin/init` talks to `machined`.
38 | - source: /system/run/machined/machine.sock
39 | destination: /system/run/machined/machine.sock
40 | type: bind
41 | options:
42 | - rshared
43 | - rbind
44 | - ro
45 | - source: /sbin/init
46 | destination: /sbin/shutdown
47 | type: bind
48 | options:
49 | - bind
50 | - ro
51 | restart: always
52 |
--------------------------------------------------------------------------------
/guest-agents/qemu-guest-agent/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .QEMU_VERSION }}"
2 |
--------------------------------------------------------------------------------
/guest-agents/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=git-tags extractVersion=^v(?.*)$ depName=https://github.com/qemu/qemu.git
2 | QEMU_VERSION: 10.0.0
3 | QEMU_SHA256: 22c075601fdcf8c7b2671a839ebdcef1d4f2973eb6735254fd2e1bd0f30b3896
4 | QEMU_SHA512: 2215458ed8be3ab0b0032fe2a96e79183f5fc2da323d927018412ea3d980b022a07ba87d4f446229eaaa7d1b19a577d438dbcaa3af3bd537c7720b56734a2d8b
5 | # renovate: datasource=git-tags depName=https://gitlab.gnome.org/GNOME/glib.git
6 | GLIB_VERSION: 2.84.1
7 | GLIB_SHA256: 2b4bc2ec49611a5fc35f86aca855f2ed0196e69e53092bab6bb73396bf30789a
8 | GLIB_SHA512: ee7f38a4726fd72e41ddb75c4933c7b1bb30935bb2fddc84902d0627a836af512534195132cc02e3d15f168fefc816576181a8d6e436472b582191437b79a456
9 | # renovate: datasource=github-releases extractVersion=^pcre2-(?.*)$ depName=PCRE2Project/pcre2
10 | PCRE2_VERSION: 10.42
11 | PCRE2_SHA256: 8d36cd8cb6ea2a4c2bb358ff6411b0c788633a2a45dabbf1aeb4b701d1b5e840
12 | PCRE2_SHA512: 72fbde87fecec3aa4b47225dd919ea1d55e97f2cbcf02aba26e5a0d3b1ffb58c25a80a9ef069eb99f9cf4e41ba9604ad06a7ec159870e1e875d86820e12256d3
13 | # renovate: datasource=git-tags depName=https://gitlab.com/xen-project/xen-guest-agent.git
14 | XEN_GUEST_AGENT_VERSION: 5c274e651c29f92fc0c418fda486373b0f34f0da
15 | XEN_GUEST_AGENT_SHA256: c52f4781739e500e98a3298c9e44fe9bcbe1892c22aa6bb031d1a847123deaaa
16 | XEN_GUEST_AGENT_SHA512: 49bf15d7257f7fcb5ac919ca57e8c16bb6f8199684adef034bd1e7683dd9fb23a5604667fb75e27eadd02a2f9b130339409873b5720d7d3f5e4153feb5fa98ba
17 | # renovate: datasource=github-releases depName=siderolabs/talos-vmtoolsd
18 | TALOS_VMTOOLSD_VERSION: v1.0.0
19 | # renovate: datasource=github-releases depName=siderolabs/talos-metal-agent
20 | TALOS_METAL_AGENT_VERSION: v0.1.3
21 |
--------------------------------------------------------------------------------
/guest-agents/vmtoolsd-guest-agent/README.md:
--------------------------------------------------------------------------------
1 | # vmtoolsd-guest-agent
2 |
3 | Adds [talos-vmtoolsd](https://github.com/siderolabs/talos-vmtoolsd) as a system extension.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Configuration
10 |
11 | This extension requires no configuration.
12 |
--------------------------------------------------------------------------------
/guest-agents/vmtoolsd-guest-agent/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: vmtoolsd-guest-agent
2 | variant: scratch
3 | shell: /bin/bash
4 | # {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
5 | # VMWare doesn't support arm64
6 | dependencies:
7 | - stage: base
8 | steps:
9 | - prepare:
10 | - |
11 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/stub-manifest.yaml
12 | - |
13 | mkdir /rootfs
14 | finalize:
15 | - from: /pkg/stub-manifest.yaml
16 | to: /manifest.yaml
17 | - from: /rootfs
18 | to: /rootfs
19 | # {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
20 | dependencies:
21 | - stage: base
22 | - image: {{ .BUILD_ARG_PKGS_PREFIX }}/talos-vmtoolsd:{{ .TALOS_VMTOOLSD_VERSION }}
23 | from: /
24 | to: /rootfs
25 | steps:
26 | - test:
27 | - |
28 | /extensions-validator validate --rootfs=/rootfs --pkg-name="${PKG_NAME}"
29 | finalize:
30 | - from: /rootfs
31 | to: /
32 | # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
33 |
--------------------------------------------------------------------------------
/guest-agents/vmtoolsd-guest-agent/stub-manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: vmtoolsd-guest-agent
4 | version: "$VERSION"
5 | author: Brandon Nason
6 | description: |
7 | A stub for the VMWare Tools on arm64 (unavailable on arm64).
8 | compatibility:
9 | talos:
10 | version: ">= v1.4.0"
11 |
--------------------------------------------------------------------------------
/guest-agents/vmtoolsd-guest-agent/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .TALOS_VMTOOLSD_VERSION }}"
2 |
--------------------------------------------------------------------------------
/guest-agents/xen-guest-agent/README.md:
--------------------------------------------------------------------------------
1 | # xen-guest-agent
2 |
3 | Adds [xen-guest-agent](https://gitlab.com/xen-project/xen-guest-agent) as system extension.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Verification
10 |
11 | Confirm extension service is running by executing `talosctl service ext-xen-guest-agent`
12 |
--------------------------------------------------------------------------------
/guest-agents/xen-guest-agent/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: xen-guest-agent
4 | version: "$VERSION"
5 | author: Jerwin NJ
6 | description: |
7 | xen-guest-agent communicates information and metrics with the Xen host.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/guest-agents/xen-guest-agent/vars.yaml:
--------------------------------------------------------------------------------
1 | # VERSION: "{{ .XEN_GUEST_AGENT_VERSION }}"
2 | # FIXME: Replace once a building tag is available
3 | VERSION: "0.4.0-g5c274e6"
4 |
--------------------------------------------------------------------------------
/guest-agents/xen-guest-agent/xen-guest-agent.yaml:
--------------------------------------------------------------------------------
1 | name: xen-guest-agent
2 | container:
3 | entrypoint: ./xen-guest-agent
4 | # log to stderr
5 | args:
6 | - -s
7 | security:
8 | writeableRootfs: false
9 | writeableSysfs: true
10 | mounts:
11 | # xenbus
12 | - source: /dev/xen
13 | destination: /dev/xen
14 | type: bind
15 | options:
16 | - bind
17 | - rw
18 | restart: always
19 |
--------------------------------------------------------------------------------
/hack/release.toml:
--------------------------------------------------------------------------------
1 | # commit to be tagged for new release
2 | commit = "HEAD"
3 |
4 | project_name = "Talos System Extensions"
5 | github_repo = "siderolabs/extensions"
6 | match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
7 |
8 | # previous release
9 | previous = "v1.10.0"
10 |
11 | pre_release = true
12 |
13 | preface = """\
14 | See [Talos Linux documentation](https://www.talos.dev/v1.11/talos-guides/configuration/system-extensions/) for information on using system extensions.
15 | """
16 |
17 | [notes]
18 |
19 | [notes.updates]
20 | title = "Component Updates"
21 | description = """\
22 | ZFS: 2.3.2
23 | qemu-guest-agent: 10.0.0
24 | fuse: 3.17.2
25 | nut: 2.8.3
26 | Tailscale: 1.82.5
27 | Linux firmware: 20250509
28 | metal-agent: 0.1.3
29 | """
30 |
31 | [notes.youki]
32 | title = "Youki Container Runtime"
33 | description = """\
34 | [Youki](https://github.com/youki-dev/youki) is now supported as a container runtime.
35 | """
36 |
37 | [notes.tenstorrent]
38 | title = "Tenstorrent drivers"
39 | description = """\
40 | [Tennstorrent](https://github.com/tenstorrent/tt-kmd) driver is now supported as an extension.
41 | """
42 |
43 | [make_deps]
44 |
--------------------------------------------------------------------------------
/internal/base/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: base
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - image: "{{ .BUILD_ARG_TOOLS_PREFIX }}/tools:{{ .BUILD_ARG_TOOLS }}"
6 | - image: ghcr.io/siderolabs/extensions-validator:fe85801
7 | finalize:
8 | - from: /
9 | to: /
10 |
--------------------------------------------------------------------------------
/internal/extensions/pkg.yaml:
--------------------------------------------------------------------------------
1 | # this is a meta-package that contains a list of extension images for each version
2 | name: extensions
3 | variant: scratch
4 | finalize:
5 | - from: /pkg/image-digests
6 | to: /image-digests
7 | - from: /pkg/descriptions.yaml
8 | to: /descriptions.yaml
9 |
--------------------------------------------------------------------------------
/misc/binfmt-misc/README.md:
--------------------------------------------------------------------------------
1 | # binfmt_misc
2 |
3 | Miscellaneous Binary Format is a capability of the Linux kernel that allows arbitrary executable file formats to be recognized and passed to certain user space applications, such as emulators and virtual machines.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Usage
10 |
11 | Enable the kernel module in Talos machine config:
12 |
13 | ```yaml
14 | machine:
15 | kernel:
16 | modules:
17 | - name: binfmt_misc
18 | ```
19 |
--------------------------------------------------------------------------------
/misc/binfmt-misc/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/fs/binfmt_misc.ko
5 |
--------------------------------------------------------------------------------
/misc/binfmt-misc/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: binfmt-misc
4 | version: "$VERSION"
5 | author: Serge Logvinov
6 | description: |
7 | This system extension provides kernel module driver for binfmt-misc built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/misc/binfmt-misc/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: binfmt-misc
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/misc/binfmt-misc/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/misc/glibc/ld.so.conf:
--------------------------------------------------------------------------------
1 | /usr/local/glibc/usr/lib64
2 | /usr/local/glibc/usr/lib
3 |
--------------------------------------------------------------------------------
/misc/glibc/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: glibc
4 | version: "$VERSION"
5 | author: Jean-Francois Roy
6 | description: |
7 | This system extension provides glibc.
8 | compatibility:
9 | talos:
10 | version: ">= v1.9.0"
11 |
--------------------------------------------------------------------------------
/misc/glibc/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base
2 | WOLFI_BASE_REF: sha256:e3ce0a3bb47aefa02647e0bb6cdfb29a5a872e755660be73c9dd7b9578844258
3 |
4 | VERSION: {{ .GLIBC_VERSION }}
5 |
--------------------------------------------------------------------------------
/misc/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=git-tags extractVersion=^glibc-(?.*)$ depName=https://sourceware.org/git/glibc.git
2 | GLIBC_VERSION: 2.41
3 | GLIBC_SHA256: af71d83f774c92c5ed11cb7904332041cf7cca15ff2e7b3d6c3e708e688fe400
4 | GLIBC_SHA512: 449e3d4f6b59bfde2175c5d1be71447b084e0b12b176518b65fd9b0ac8430766b25416a173fe3efd47462bc1719d59a051e7eed9544e0fba9165dd86f69ee0b9
5 |
--------------------------------------------------------------------------------
/network/cloudflared/cloudflared.yaml:
--------------------------------------------------------------------------------
1 | name: cloudflared
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - etcfiles
8 | - hostname
9 | - configuration: true
10 | container:
11 | entrypoint: /usr/local/bin/cloudflared
12 | args:
13 | - tunnel
14 | - run
15 | environment:
16 | - NO_AUTOUPDATE=true
17 | restart: always
18 |
--------------------------------------------------------------------------------
/network/cloudflared/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: cloudflared
4 | version: "$CLOUDFLARED_VERSION"
5 | author: Maxime Narbaud
6 | description: |
7 | Cloudflare Tunnel securely connects resources to Cloudflare without a public IP.
8 | A lightweight daemon (cloudflared) creates outbound-only connections to Cloudflare,
9 | allowing safe access to services like HTTP, SSH, remote desktops, and other protocols.
10 | More info: https://github.com/cloudflare/cloudflared/
11 | compatibility:
12 | talos:
13 | version: ">= v1.5.0"
14 |
--------------------------------------------------------------------------------
/network/cloudflared/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .CLOUDFLARED_VERSION }}"
2 |
--------------------------------------------------------------------------------
/network/lldpd/README.md:
--------------------------------------------------------------------------------
1 | # LLDPD
2 |
3 | Adds https://lldpd.github.io/ as system extensions.
4 | This means a lldpd server is started that sends/receives LLDP messages.
5 |
6 | ## Installation
7 |
8 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
9 |
10 | ## Usage
11 |
12 | Configure the extension via `ExtensionServiceConfig` document. You can add any lldpd related configuration and these will be executed at the LLDPD server startup.
13 |
14 | ```yaml
15 | ---
16 | apiVersion: v1alpha1
17 | kind: ExtensionServiceConfig
18 | name: lldpd
19 | configFiles:
20 | - content: |
21 | configure lldp portidsubtype ifname
22 | unconfigure lldp management-addresses-advertisements
23 | unconfigure lldp capabilities-advertisements
24 | configure system description "Talos Node"
25 | mountPath: /usr/local/etc/lldpd/lldpd.conf
26 | ```
27 |
28 | Then apply the patch to your node's MachineConfigs
29 | ```bash
30 | talosctl patch mc -p @lldpd-config.yaml
31 | ```
32 |
33 | You will then be able to verify that it is in place with the following command
34 | ```bash
35 | talosctl get extensionserviceconfigs
36 |
37 | NODE NAMESPACE TYPE ID VERSION
38 | mynode runtime ExtensionServiceConfig lldpd 1
39 | ```
40 |
--------------------------------------------------------------------------------
/network/lldpd/files/group:
--------------------------------------------------------------------------------
1 | root:x:0:
2 |
--------------------------------------------------------------------------------
/network/lldpd/files/passwd:
--------------------------------------------------------------------------------
1 | root:x:0:0:root:/:/sbin/false
2 |
--------------------------------------------------------------------------------
/network/lldpd/lldpd.yaml:
--------------------------------------------------------------------------------
1 | # © 2024 Nokia
2 | # Licensed under the Mozilla Public License 2.0
3 | # SPDX-License-Identifier: MPL-2.0
4 | name: lldpd
5 | depends:
6 | - service: cri
7 | - network:
8 | - addresses
9 | - connectivity
10 | - etcfiles
11 | - configuration: true
12 | container:
13 | args:
14 | - -d
15 | - -u
16 | - /var/run/lldpd/lldpd.socket
17 | - -I
18 | - eth*,enp*,ens*,eno*
19 | entrypoint: /usr/local/sbin/lldpd
20 | mounts:
21 | # release file
22 | - source: /etc/os-release
23 | destination: /etc/os-release
24 | type: bind
25 | options:
26 | - bind
27 | - ro
28 | # libs
29 | - source: /lib
30 | destination: /lib
31 | type: bind
32 | options:
33 | - bind
34 | - ro
35 | # more libs
36 | - source: /usr/lib
37 | destination: /usr/lib
38 | type: bind
39 | options:
40 | - bind
41 | - ro
42 | # lldpd socket
43 | - source: /var/run/lldpd
44 | destination: /var/run/lldpd
45 | type: bind
46 | options:
47 | - bind
48 | - rw
49 | security:
50 | writeableRootfs: false
51 | writeableSysfs: true
52 | restart: always
53 |
--------------------------------------------------------------------------------
/network/lldpd/manifest.yaml:
--------------------------------------------------------------------------------
1 | # © 2024 Nokia
2 | # Licensed under the Mozilla Public License 2.0
3 | # SPDX-License-Identifier: MPL-2.0
4 | version: v1alpha1
5 | metadata:
6 | name: lldpd
7 | version: "$VERSION"
8 | author: Niklas Wik
9 | description: |
10 | LLDP adds a LLDP discovery service to Talos. LLDP cli can be used to interface with the daemon.
11 | compatibility:
12 | talos:
13 | version: ">= v1.7.0"
14 |
--------------------------------------------------------------------------------
/network/lldpd/vars.yaml:
--------------------------------------------------------------------------------
1 | # © 2024 Nokia
2 | # Licensed under the Mozilla Public License 2.0
3 | # SPDX-License-Identifier: MPL-2.0
4 | VERSION: "{{ .LLDPD_VERSION }}"
5 |
--------------------------------------------------------------------------------
/network/nebula/README.md:
--------------------------------------------------------------------------------
1 | # Nebula
2 |
3 | https://github.com/slackhq/nebula
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Usage
10 |
11 | Configure the extension via `ExtensionServiceConfig` document. You can add any nebula related configuration and these will be executed at Nebula startup.
12 |
13 | ```yaml
14 | ---
15 | apiVersion: v1alpha1
16 | kind: ExtensionServiceConfig
17 | name: nebula
18 | configFiles:
19 | - content: |
20 | pki:
21 | ca: /usr/local/etc/nebula/ca.crt
22 | cert: /usr/local/etc/nebula/node.crt
23 | key: /usr/local//etc/nebula/node.key
24 | mountPath: /usr/local/etc/nebula/config.yml
25 | - content: |
26 | -----BEGIN NEBULA CERTIFICATE-----
27 | -----END NEBULA CERTIFICATE-----
28 | mountPath: /usr/local/etc/nebula/ca.crt
29 | - content: |
30 | -----BEGIN NEBULA CERTIFICATE-----
31 | -----END NEBULA CERTIFICATE-----
32 | mountPath: /usr/local/etc/nebula/node.crt
33 | - content: |
34 | -----BEGIN NEBULA ED25519 PRIVATE KEY-----
35 | -----END NEBULA ED25519 PRIVATE KEY-----
36 | mountPath: /usr/local/etc/nebula/node.key
37 |
38 | ```
39 |
40 | Then apply the patch to your node's MachineConfigs
41 | ```bash
42 | talosctl patch mc -p @nebula-config.yaml
43 | ```
44 |
45 | You will then be able to verify that it is in place with the following command
46 | ```bash
47 | talosctl get extensionserviceconfigs
48 |
49 | NODE NAMESPACE TYPE ID VERSION
50 | mynode runtime ExtensionServiceConfig nebula 1
51 | ```
52 |
--------------------------------------------------------------------------------
/network/nebula/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nebula
4 | version: "$VERSION"
5 | author: iamwacko
6 | description: |
7 | A scalable overlay networking tool with a focus on performance, simplicity and security
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/network/nebula/nebula.yaml:
--------------------------------------------------------------------------------
1 | name: nebula
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - etcfiles
8 | - configuration: true
9 | container:
10 | entrypoint: /usr/local/bin/nebula
11 | args:
12 | - -config
13 | - /usr/local/etc/nebula/config.yml
14 | security:
15 | writeableRootfs: false
16 | writeableSysfs: true
17 | mounts:
18 | ## Nebula needs to write to this to create the interfaces
19 | - source: /dev/net/tun
20 | destination: /dev/net/tun
21 | type: bind
22 | options:
23 | - bind
24 | - rw
25 | restart: always
26 |
--------------------------------------------------------------------------------
/network/nebula/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nebula
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | - cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | sources:
13 | - url: https://github.com/slackhq/nebula/archive/refs/tags/v{{ .NEBULA_VERSION}}.tar.gz
14 | destination: nebula.tar.gz
15 | sha256: {{ .NEBULA_SHA256 }}
16 | sha512: {{ .NEBULA_SHA512 }}
17 | - network: default
18 | prepare:
19 | - |
20 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
21 | - |
22 | mkdir nebula
23 | tar -xzvf nebula.tar.gz --strip-components=1 -C nebula
24 | - |
25 | cd nebula
26 | go mod download
27 | - network: none
28 | build:
29 | - |
30 | cd nebula
31 | make bin
32 | install:
33 | - |
34 | mkdir -p /rootfs/usr/local/lib/containers/nebula/usr/local/bin/
35 | cp -pr nebula/nebula /rootfs/usr/local/lib/containers/nebula/usr/local/bin
36 | - |
37 | mkdir -p /rootfs/usr/local/etc/containers
38 | cp /pkg/nebula.yaml /rootfs/usr/local/etc/containers/
39 | test:
40 | - |
41 | mkdir -p /extensions-validator-rootfs
42 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
43 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
44 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
45 | finalize:
46 | - from: /rootfs
47 | to: /rootfs
48 | - from: /pkg/manifest.yaml
49 | to: /
50 |
--------------------------------------------------------------------------------
/network/nebula/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .NEBULA_VERSION }}"
2 |
--------------------------------------------------------------------------------
/network/tailscale/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: tailscale
4 | version: "$VERSION"
5 | author: Beau Trepp
6 | description: |
7 | Tailscale connects your team's devices and development environments for easy access to remote resources.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/network/tailscale/tailscale.yaml:
--------------------------------------------------------------------------------
1 | name: tailscale
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - etcfiles
8 | - configuration: true
9 | container:
10 | entrypoint: /usr/local/bin/containerboot
11 | environment:
12 | - PATH=/sbin:/usr/local/bin
13 | - TS_SOCKET=/var/run/tailscale/tailscaled.sock
14 | - TS_STATE_DIR=/var/lib/tailscale
15 | - TS_USERSPACE=false
16 | security:
17 | writeableRootfs: false
18 | writeableSysfs: true
19 | mounts:
20 | # libs
21 | - source: /lib
22 | destination: /lib
23 | type: bind
24 | options:
25 | - bind
26 | - ro
27 | # more libs
28 | - source: /usr/lib
29 | destination: /usr/lib
30 | type: bind
31 | options:
32 | - bind
33 | - ro
34 | ## Required for tailscale. Ip addr and other commands
35 | - source: /sbin
36 | destination: /sbin
37 | type: bind
38 | options:
39 | - bind
40 | - ro
41 | ## Tailscale needs to write to this to create the interfaces
42 | - source: /dev/net/tun
43 | destination: /dev/net/tun
44 | type: bind
45 | options:
46 | - bind
47 | - rw
48 | ## Tailscale socket
49 | - source: /var/run/tailscale
50 | destination: /var/run/tailscale
51 | type: bind
52 | options:
53 | - bind
54 | - rw
55 | ## Tailscale state. Particularly its 'auth' state
56 | - source: /var/lib/tailscale
57 | destination: /var/lib/tailscale
58 | type: bind
59 | options:
60 | - bind
61 | - rw
62 | - source: /etc/ssl/certs
63 | destination: /etc/ssl/certs
64 | type: bind
65 | options:
66 | - rbind
67 | - ro
68 | restart: always
69 |
--------------------------------------------------------------------------------
/network/tailscale/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .TAILSCALE_VERSION }}"
2 |
--------------------------------------------------------------------------------
/network/zerotier/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: zerotier
4 | version: "$VERSION"
5 | author: Hive Technologies
6 | description: |
7 | Connect your Talos cluster into a zerotier network
8 | compatibility:
9 | talos:
10 | version: ">= v1.8.0"
11 |
--------------------------------------------------------------------------------
/network/zerotier/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .ZEROTIER_VERSION }}"
2 |
--------------------------------------------------------------------------------
/network/zerotier/zerotier-wrapper/go.mod:
--------------------------------------------------------------------------------
1 | module zerotier-wrapper
2 |
3 | go 1.23.0
4 |
5 | require golang.org/x/sys v0.33.0
6 |
--------------------------------------------------------------------------------
/network/zerotier/zerotier-wrapper/go.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
2 | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
3 |
--------------------------------------------------------------------------------
/network/zerotier/zerotier-wrapper/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zerotier-wrapper
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | - cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | - network: default
13 | prepare:
14 | - |
15 | cp -r /pkg/* .
16 | - |
17 | go mod download
18 | - network: none
19 | build:
20 | - |
21 | CGO_ENABLED=0 go build -o zerotier-wrapper main.go
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 |
26 | cp zerotier-wrapper /rootfs/usr/local/bin/zerotier-wrapper
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
--------------------------------------------------------------------------------
/network/zerotier/zerotier.yaml:
--------------------------------------------------------------------------------
1 | name: zerotier
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - etcfiles
8 | - configuration: true
9 | container:
10 | entrypoint: /usr/local/bin/zerotier-wrapper
11 | security:
12 | writeableRootfs: false
13 | writeableSysfs: true
14 | mounts:
15 | # Zerotier needs to write to this to create the interfaces
16 | - source: /dev/net/tun
17 | destination: /dev/net/tun
18 | type: bind
19 | options:
20 | - bind
21 | - rw
22 | # Zerotier state
23 | - source: /var/lib/zerotier-one
24 | destination: /var/lib/zerotier-one
25 | type: bind
26 | options:
27 | - bind
28 | - rw
29 | restart: always
30 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/lts/files/nvidia.conf:
--------------------------------------------------------------------------------
1 | blacklist nvidia
2 | blacklist nvidia_uvm
3 | blacklist nvidia_drm
4 | blacklist nvidia_modeset
5 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/lts/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nonfree-kmod-nvidia-lts
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia proprietary kernel modules built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/lts/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nonfree-kmod-nvidia-lts
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/nonfree-kmod-nvidia-lts-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules \
16 | /rootfs/usr/local/lib/modprobe.d
17 |
18 | cp /pkg/files/nvidia.conf /rootfs/usr/local/lib/modprobe.d/nvidia.conf
19 |
20 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/lts/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .NVIDIA_DRIVER_LTS_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/production/files/nvidia.conf:
--------------------------------------------------------------------------------
1 | blacklist nvidia
2 | blacklist nvidia_uvm
3 | blacklist nvidia_drm
4 | blacklist nvidia_modeset
5 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/production/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nonfree-kmod-nvidia-production
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia proprietary kernel modules built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/production/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nonfree-kmod-nvidia-production
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/nonfree-kmod-nvidia-production-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules \
16 | /rootfs/usr/local/lib/modprobe.d
17 |
18 | cp /pkg/files/nvidia.conf /rootfs/usr/local/lib/modprobe.d/nvidia.conf
19 |
20 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/nvidia-gpu/nonfree/kmod-nvidia/production/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .NVIDIA_DRIVER_PRODUCTION_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/DEVELOPMENT.md:
--------------------------------------------------------------------------------
1 | # development
2 |
3 | This document is intended as a guide to updating the `nvidia-container-toolkit` dependencies.
4 |
5 | ## Components
6 |
7 | ### [nvidia-container-cli](./nvidia-container-cli/)
8 |
9 | `nvidia-container-cli` is called by the `nvidia-container-runtime` to setup the required NVIDIA library mounts and NVIDIA device files for a workload container
10 |
11 | ### [nvidia-container-runtime](./nvidia-container-runtime/)
12 |
13 | `nvidia-container-runtime` is the runtime used by `containerd` to run workload containers. It's mostly a wrapper around `runc`
14 |
15 | It also ships a tool called `nvidia-container-runtime-hook` which is used to setup OCI hooks.
16 |
17 | ### [glibc](./glibc/)
18 |
19 | `nvidia-container-cli` is fully dependent on `glibc` to be able to access the NVIDIA shared objects.
20 |
21 | ## Updating the nvidia driver version
22 |
23 | - Update the driver version in `pkgs` repo [here](https://github.com/siderolabs/pkgs/blob/master/nonfree/kmod-nvidia/pkg.yaml)
24 | - Update the driver version [here](../vars.yaml)
25 | - Update the version checksums [here](./nvidia-pkgs/pkg.yaml)
26 |
27 | ## Updating the nvidia-container-toolkit version
28 |
29 | - Update the `libnvidia-container` version checksums and `REVISION` [here](./nvidia-container-cli/pkg.yaml)
30 | - Update the `container-toolkit` version checksums and `GIT_COMMIT` [here](./nvidia-container-runtime/pkg.yaml)
31 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/lts/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-container-toolkit-lts
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia runtime and it's dependencies using NVIDIA's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/lts/nvidia-persistenced.yaml:
--------------------------------------------------------------------------------
1 | # https://download.nvidia.com/XFree86/Linux-x86_64/515.65.01/README/nvidia-persistenced.html
2 | name: nvidia-persistenced
3 | container:
4 | entrypoint: /usr/local/bin/nvidia-persistenced-wrapper
5 | mounts:
6 | # device files
7 | - source: /dev
8 | destination: /dev
9 | type: bind
10 | options:
11 | - rshared
12 | - rbind
13 | - rw
14 | # shared libraries
15 | - source: /lib64
16 | destination: /lib64
17 | type: bind
18 | options:
19 | - bind
20 | - ro
21 | # shared libraries
22 | - source: /usr/local/glibc
23 | destination: /usr/local/glibc
24 | type: bind
25 | options:
26 | - bind
27 | - ro
28 | # nvidia libraries
29 | - source: /usr/local/lib
30 | destination: /usr/local/lib
31 | type: bind
32 | options:
33 | - bind
34 | - ro
35 | # service state file
36 | - source: /var/run
37 | destination: /var/run
38 | type: bind
39 | options:
40 | - rshared
41 | - rbind
42 | - rw
43 | # binaries
44 | - source: /usr/local/bin
45 | destination: /usr/local/bin
46 | type: bind
47 | options:
48 | - bind
49 | - ro
50 | depends:
51 | - service: cri
52 | # we need to depend on udevd so that the nvidia device files are created
53 | - service: udevd
54 | - path: /sys/bus/pci/drivers/nvidia
55 | restart: always
56 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/lts/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-container-toolkit-lts
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - stage: nvidia-container-cli-lts
7 | - stage: elfutils
8 | - stage: zlib
9 | - stage: libcap
10 | - stage: libseccomp
11 | - stage: libtirpc
12 | - stage: nvidia-container-runtime
13 | - stage: nvidia-container-runtime-wrapper
14 | - stage: nvidia-persistenced-wrapper
15 | steps:
16 | - prepare:
17 | - |
18 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
19 | install:
20 | - |
21 | mkdir -p /rootfs/usr/local/etc/containers
22 | cp /pkg/nvidia-persistenced.yaml /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
23 | test:
24 | - |
25 | mkdir -p /extensions-validator-rootfs
26 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
27 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
28 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
29 | finalize:
30 | - from: /rootfs
31 | to: /rootfs
32 | - from: /pkg/manifest.yaml
33 | to: /
34 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/lts/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the container-toolkit version
2 | VERSION: "{{ .NVIDIA_DRIVER_LTS_VERSION }}-{{ .CONTAINER_TOOLKIT_VERSION }}"
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/elfutils/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: elfutils
2 | variant: scratch
3 | shell: /bin/bash
4 | install:
5 | - build-base
6 | - bash
7 | - m4
8 | dependencies:
9 | - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
10 | - stage: zlib
11 | from: /rootfs
12 | steps:
13 | - sources:
14 | - url: https://sourceware.org/elfutils/ftp/{{ .ELFUTILS_VERSION }}/elfutils-{{ .ELFUTILS_VERSION }}.tar.bz2
15 | destination: elfutils.tar.bz2
16 | sha256: {{ .ELFUTILS_SHA256 }}
17 | sha512: {{ .ELFUTILS_SHA512 }}
18 | prepare:
19 | - |
20 | tar -xjf elfutils.tar.bz2 --strip-components=1
21 |
22 | mkdir build
23 | cd build
24 |
25 | export CFLAGS="${CFLAGS} -I/usr/local/glibc/include/ -L/usr/local/glibc/lib"
26 |
27 | ../configure \
28 | --prefix=/usr/local/glibc \
29 | --with-zstd=no \
30 | --disable-libdebuginfod \
31 | --disable-debuginfod \
32 | CFLAGS="${CFLAGS} -fPIC -Wno-error"
33 | build:
34 | - |
35 | cd build
36 |
37 | make -j $(nproc)
38 | install:
39 | - |
40 | cd build
41 | make DESTDIR=/rootfs install
42 | # we only need the libs and headers, remove everything else
43 | find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
44 | finalize:
45 | - from: /rootfs
46 | to: /rootfs
47 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libcap2/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: libcap
2 | variant: scratch
3 | shell: /bin/bash
4 | install:
5 | - build-base
6 | - bash
7 | - patch
8 | dependencies:
9 | - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
10 | steps:
11 | - sources:
12 | - url: https://kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-{{ .LIBCAP_VERSION }}.tar.xz
13 | destination: libcap.tar.xz
14 | sha256: {{ .LIBCAP_SHA256 }}
15 | sha512: {{ .LIBCAP_SHA512 }}
16 | prepare:
17 | - |
18 | tar -xf libcap.tar.xz --strip-components=1
19 | build:
20 | - |
21 | make prefix=/usr/local/glibc lib=lib -j $(nproc)
22 | install:
23 | - |
24 | make DESTDIR=/rootfs prefix=/usr/local lib=lib install
25 | # we only need the libs and headers, remove everything else
26 | find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libseccomp/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: libseccomp
2 | variant: scratch
3 | shell: /bin/bash
4 | install:
5 | - build-base
6 | - bash
7 | - gperf
8 | dependencies:
9 | - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
10 | steps:
11 | - sources:
12 | - url: https://github.com/seccomp/libseccomp/releases/download/v{{ .LIBSECCOMP_VERSION }}/libseccomp-{{ .LIBSECCOMP_VERSION }}.tar.gz
13 | destination: libseccomp.tar.gz
14 | sha256: {{ .LIBSECCOMP_SHA256 }}
15 | sha512: {{ .LIBSECCOMP_SHA512 }}
16 | prepare:
17 | - |
18 | tar -xzf libseccomp.tar.gz --strip-components=1
19 |
20 | mkdir build
21 | cd build
22 |
23 | ../configure \
24 | --prefix=/usr/local/glibc
25 | build:
26 | - |
27 | cd build
28 | make -j $(nproc)
29 | install:
30 | - |
31 | cd build
32 | make install DESTDIR=/rootfs
33 | # we only need the libs and headers, remove everything else
34 | find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
35 | finalize:
36 | - from: /rootfs
37 | to: /rootfs
38 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libtirpc/pkg.yaml:
--------------------------------------------------------------------------------
1 |
2 | name: libtirpc
3 | variant: scratch
4 | shell: /bin/bash
5 | install:
6 | - build-base
7 | - bash
8 | - autoconf
9 | dependencies:
10 | - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
11 | steps:
12 | - sources:
13 | - url: https://src.fedoraproject.org/lookaside/extras/libtirpc/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2/sha512/df0781a74ff9ded2d3c4f5eb7e05496b9f58eac8060c02c68331dc14c4a00304dcd19f46836f5756fe0d9d27095fd463d42dd696fcdff891516711b7d63deabe/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2
14 | destination: libtirpc.tar.bz2
15 | sha256: {{ .LIBTIRPC_SHA256 }}
16 | sha512: {{ .LIBTIRPC_SHA512 }}
17 | prepare:
18 | - |
19 | tar -xf libtirpc.tar.bz2 --strip-components=1
20 |
21 | ./configure \
22 | --prefix=/usr/local/glibc \
23 | --disable-gssapi
24 | build:
25 | - |
26 | make -j $(nproc)
27 | install:
28 | - |
29 | mkdir -p /rootfs
30 |
31 | make install DESTDIR=/rootfs
32 | rm -rf /rootfs/usr/local/share/man
33 | finalize:
34 | - from: /rootfs
35 | to: /rootfs
36 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/zlib/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zlib
2 | variant: scratch
3 | shell: /bin/bash
4 | install:
5 | - build-base
6 | - bash
7 | dependencies:
8 | - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
9 | steps:
10 | - sources:
11 | - url: https://zlib.net/fossils/zlib-{{ .ZLIB_VERSION }}.tar.gz
12 | destination: zlib.tar.gz
13 | sha256: {{ .ZLIB_SHA256 }}
14 | sha512: {{ .ZLIB_SHA512 }}
15 | prepare:
16 | - |
17 | tar -xf zlib.tar.gz --strip-components=1
18 | mkdir build
19 | cd build
20 |
21 | ../configure \
22 | --prefix=/usr/local/glibc
23 | build:
24 | - |
25 | cd build
26 | make -j $(nproc)
27 | install:
28 | - |
29 | cd build
30 | make DESTDIR=/rootfs install
31 | # we only need the libs and headers, remove everything else
32 | find /rootfs/usr/local/glibc -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
33 | finalize:
34 | - from: /rootfs
35 | to: /rootfs
36 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime-wrapper/go.mod:
--------------------------------------------------------------------------------
1 | module nvidia-container-runtime-wrapper
2 |
3 | go 1.23.0
4 |
5 | require golang.org/x/sys v0.33.0
6 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime-wrapper/go.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
2 | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime-wrapper/main.go:
--------------------------------------------------------------------------------
1 | // This Source Code Form is subject to the terms of the Mozilla Public
2 | // License, v. 2.0. If a copy of the MPL was not distributed with this
3 | // file, You can obtain one at http://mozilla.org/MPL/2.0/.
4 |
5 | package main
6 |
7 | import (
8 | "log"
9 | "os"
10 | "path/filepath"
11 |
12 | "golang.org/x/sys/unix"
13 | )
14 |
15 | func main() {
16 | cmdName := filepath.Base(os.Args[0])
17 | switch cmdName {
18 | case
19 | "nvidia-container-runtime",
20 | "nvidia-container-runtime-hook",
21 | "nvidia-container-runtime.cdi",
22 | "nvidia-container-runtime.legacy",
23 | "nvidia-container-toolkit",
24 | "nvidia-ctk":
25 | execCommand(cmdName, os.Args[1:])
26 | default:
27 | log.Fatalf("nvidia-container-runtime-wrapper: unknown command %s\n", cmdName)
28 | }
29 | }
30 |
31 | func execCommand(cmdName string, args []string) {
32 | environ := os.Environ()
33 | environ = append(environ, "XDG_CONFIG_HOME=/usr/local/etc")
34 |
35 | realCmdName := cmdName + ".real"
36 |
37 | cmdArgs := []string{realCmdName}
38 |
39 | if cmdName == "nvidia-container-runtime-hook" {
40 | cmdArgs = append(
41 | cmdArgs,
42 | "-config",
43 | "/usr/local/etc/nvidia-container-runtime/config.toml",
44 | )
45 | }
46 |
47 | cmdArgs = append(cmdArgs, args...)
48 |
49 | cmdFullPath := filepath.Join("/usr/local/bin", realCmdName)
50 |
51 | if err := unix.Exec(cmdFullPath, cmdArgs, environ); err != nil {
52 | log.Fatalf("nvidia-container-runtime-wrapper: error execing %s %v\n", cmdFullPath, err)
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime-wrapper/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-container-runtime-wrapper
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | - cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | - network: default
13 | prepare:
14 | - |
15 | cp -r /pkg/* .
16 | - |
17 | go mod download
18 | - network: none
19 | build:
20 | - |
21 | CGO_ENABLED=0 go build -o nvidia-container-runtime-wrapper main.go
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 |
26 | cp nvidia-container-runtime-wrapper /rootfs/usr/local/bin/nvidia-container-runtime-wrapper
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime/10-nvidia-container-runtime.part:
--------------------------------------------------------------------------------
1 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.nvidia]
2 | privileged_without_host_devices = false
3 | runtime_engine = ""
4 | runtime_root = ""
5 | runtime_type = "io.containerd.runc.v2"
6 | [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.nvidia.options]
7 | BinaryName = "/usr/local/bin/nvidia-container-runtime"
8 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime/nvidia-container-runtime.toml:
--------------------------------------------------------------------------------
1 | disable-require = false
2 |
3 | [nvidia-container-cli]
4 | #root = "/run/nvidia/driver"
5 | #path = "/usr/bin/nvidia-container-cli"
6 | environment = []
7 | debug = "/var/log/nvidia-container-cli.log"
8 | ldcache = "/usr/local/glibc/etc/ld.so.cache"
9 | ldconfig = "@/usr/local/glibc/sbin/ldconfig"
10 | load-kmods = false
11 | user = "0:0"
12 | #no-cgroups = false
13 |
14 | [nvidia-container-runtime]
15 | debug = "/var/log/nvidia-container-runtime.log"
16 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime/patches/ldcache_path.patch:
--------------------------------------------------------------------------------
1 | diff --git internal/ldcache/ldcache.go internal/ldcache/ldcache.go
2 | index 5493dc3..9c86e41 100644
3 | --- internal/ldcache/ldcache.go
4 | +++ internal/ldcache/ldcache.go
5 | @@ -32,7 +32,7 @@ import (
6 | log "github.com/sirupsen/logrus"
7 | )
8 |
9 | -const ldcachePath = "/etc/ld.so.cache"
10 | +const ldcachePath = "/usr/local/glibc/etc/ld.so.cache"
11 |
12 | const (
13 | magicString1 = "ld.so-1.7.0"
14 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-persistenced-wrapper/go.mod:
--------------------------------------------------------------------------------
1 | module nvidia-persistenced-wrapper
2 |
3 | go 1.23.0
4 |
5 | require golang.org/x/sys v0.33.0
6 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-persistenced-wrapper/go.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
2 | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-persistenced-wrapper/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-persistenced-wrapper
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | - cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | - network: default
13 | prepare:
14 | - |
15 | cp -r /pkg/* .
16 | - |
17 | go mod download
18 | - network: none
19 | build:
20 | - |
21 | CGO_ENABLED=0 go build -o nvidia-persistenced-wrapper main.go
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/bin
25 |
26 | cp nvidia-persistenced-wrapper /rootfs/usr/local/bin/nvidia-persistenced-wrapper
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-pkgs/lts/files/15-nvidia-device.rules:
--------------------------------------------------------------------------------
1 | # This will create the device nvidia device nodes
2 | ACTION=="add", DEVPATH=="/bus/pci/drivers/nvidia", RUN+="/usr/local/bin/nvidia-modprobe -c 0"
3 |
4 | # Create the device node for the nvidia-uvm module
5 | ACTION=="add", DEVPATH=="/module/nvidia_uvm", SUBSYSTEM=="module", RUN+="/usr/local/bin/nvidia-modprobe -c 0 -u"
6 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/nvidia-pkgs/production/files/15-nvidia-device.rules:
--------------------------------------------------------------------------------
1 | # This will create the device nvidia device nodes
2 | ACTION=="add", DEVPATH=="/bus/pci/drivers/nvidia", RUN+="/usr/local/bin/nvidia-modprobe -c 0"
3 |
4 | # Create the device node for the nvidia-uvm module
5 | ACTION=="add", DEVPATH=="/module/nvidia_uvm", SUBSYSTEM=="module", RUN+="/usr/local/bin/nvidia-modprobe -c 0 -u"
6 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/production/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-container-toolkit-production
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia runtime and it's dependencies using NVIDIA's runtime handler.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/production/nvidia-persistenced.yaml:
--------------------------------------------------------------------------------
1 | # https://download.nvidia.com/XFree86/Linux-x86_64/515.65.01/README/nvidia-persistenced.html
2 | name: nvidia-persistenced
3 | container:
4 | entrypoint: /usr/local/bin/nvidia-persistenced-wrapper
5 | mounts:
6 | # device files
7 | - source: /dev
8 | destination: /dev
9 | type: bind
10 | options:
11 | - rshared
12 | - rbind
13 | - rw
14 | # shared libraries
15 | - source: /lib64
16 | destination: /lib64
17 | type: bind
18 | options:
19 | - bind
20 | - ro
21 | # shared libraries
22 | - source: /usr/local/glibc
23 | destination: /usr/local/glibc
24 | type: bind
25 | options:
26 | - bind
27 | - ro
28 | # nvidia libraries
29 | - source: /usr/local/lib
30 | destination: /usr/local/lib
31 | type: bind
32 | options:
33 | - bind
34 | - ro
35 | # service state file
36 | - source: /var/run
37 | destination: /var/run
38 | type: bind
39 | options:
40 | - rshared
41 | - rbind
42 | - rw
43 | # binaries
44 | - source: /usr/local/bin
45 | destination: /usr/local/bin
46 | type: bind
47 | options:
48 | - bind
49 | - ro
50 | depends:
51 | - service: cri
52 | # we need to depend on udevd so that the nvidia device files are created
53 | - service: udevd
54 | - path: /sys/bus/pci/drivers/nvidia
55 | restart: always
56 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/production/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-container-toolkit-production
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - stage: nvidia-container-cli-production
7 | - stage: elfutils
8 | - stage: zlib
9 | - stage: libcap
10 | - stage: libseccomp
11 | - stage: libtirpc
12 | - stage: nvidia-container-runtime
13 | - stage: nvidia-container-runtime-wrapper
14 | - stage: nvidia-persistenced-wrapper
15 | steps:
16 | - prepare:
17 | - |
18 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
19 | install:
20 | - |
21 | mkdir -p /rootfs/usr/local/etc/containers
22 | cp /pkg/nvidia-persistenced.yaml /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
23 | test:
24 | - |
25 | mkdir -p /extensions-validator-rootfs
26 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
27 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
28 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
29 | finalize:
30 | - from: /rootfs
31 | to: /rootfs
32 | - from: /pkg/manifest.yaml
33 | to: /
34 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-container-toolkit/production/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the container-toolkit version
2 | VERSION: "{{ .NVIDIA_DRIVER_PRODUCTION_VERSION }}-{{ .CONTAINER_TOOLKIT_VERSION }}"
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-fabricmanager/lts/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-fabricmanager-lts
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides the Nvidia fabricmanager for GPU's that need NVLink support.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-fabricmanager/lts/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .NVIDIA_DRIVER_LTS_VERSION }}"
2 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-fabricmanager/production/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-fabricmanager-production
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides the Nvidia fabricmanager for GPU's that need NVLink support.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-fabricmanager/production/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .NVIDIA_DRIVER_PRODUCTION_VERSION }}"
2 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/lts/files/nvidia.conf:
--------------------------------------------------------------------------------
1 | blacklist nvidia
2 | blacklist nvidia_uvm
3 | blacklist nvidia_drm
4 | blacklist nvidia_modeset
5 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/lts/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-open-gpu-kernel-modules-lts
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia open source driver kernel modules built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/lts/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-open-gpu-kernel-modules-lts
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/nvidia-open-gpu-kernel-modules-lts-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules \
16 | /rootfs/usr/local/lib/modprobe.d
17 |
18 | cp /pkg/files/nvidia.conf /rootfs/usr/local/lib/modprobe.d/nvidia.conf
19 |
20 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/lts/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .NVIDIA_DRIVER_LTS_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/production/files/nvidia.conf:
--------------------------------------------------------------------------------
1 | blacklist nvidia
2 | blacklist nvidia_uvm
3 | blacklist nvidia_drm
4 | blacklist nvidia_modeset
5 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/production/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvidia-open-gpu-kernel-modules-production
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides nvidia open source driver kernel modules built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/production/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvidia-open-gpu-kernel-modules-production
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/nvidia-open-gpu-kernel-modules-production-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules \
16 | /rootfs/usr/local/lib/modprobe.d
17 |
18 | cp /pkg/files/nvidia.conf /rootfs/usr/local/lib/modprobe.d/nvidia.conf
19 |
20 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
21 | test:
22 | - |
23 | mkdir -p /extensions-validator-rootfs
24 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
25 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
26 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
27 | finalize:
28 | - from: /rootfs
29 | to: /rootfs
30 | - from: /pkg/manifest.yaml
31 | to: /
32 |
--------------------------------------------------------------------------------
/nvidia-gpu/nvidia-modules/production/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .NVIDIA_DRIVER_PRODUCTION_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/power/nut-client/files/group:
--------------------------------------------------------------------------------
1 | dialout:x:20:nut
2 | nut:x:131:
3 |
--------------------------------------------------------------------------------
/power/nut-client/files/passwd:
--------------------------------------------------------------------------------
1 | root:x:0:0:root:/:/sbin/false
2 | nut:x:123:131::/var/lib/nut:/sbin/false
3 |
--------------------------------------------------------------------------------
/power/nut-client/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nut-client
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides the network-ups-tools upsmon service.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/power/nut-client/nut-client.yaml:
--------------------------------------------------------------------------------
1 | name: nut-client
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - etcfiles
8 | - path: /system/run/machined/machine.sock
9 | - configuration: true
10 | container:
11 | entrypoint: ./upsmon
12 | args:
13 | - -F
14 | mounts:
15 | # Shared libraries.
16 | - source: /lib
17 | destination: /lib
18 | type: bind
19 | options:
20 | - bind
21 | - ro
22 | - source: /usr/lib
23 | destination: /usr/lib
24 | type: bind
25 | options:
26 | - bind
27 | - ro
28 | # `/sbin/init` talks to `machined`.
29 | - source: /system/run/machined/machine.sock
30 | destination: /system/run/machined/machine.sock
31 | type: bind
32 | options:
33 | - rshared
34 | - rbind
35 | - ro
36 | - source: /sbin/init
37 | destination: /sbin/poweroff
38 | type: bind
39 | options:
40 | - bind
41 | - ro
42 | restart: always
43 |
--------------------------------------------------------------------------------
/power/nut-client/patches/replace_system.patch:
--------------------------------------------------------------------------------
1 | --- a/clients/upsmon.c 2022-04-23 04:56:06.000000000 -0700
2 | +++ b/clients/upsmon.c 2022-09-04 13:21:28.072170502 -0700
3 | @@ -26,6 +26,7 @@
4 | # include
5 | # include
6 | # include
7 | +# include
8 | #else /* WIN32 */
9 | # include "wincompat.h"
10 | #endif /* WIN32 */
11 | @@ -1874,6 +1875,22 @@
12 | static void runparent(int fd)
13 | __attribute__((noreturn));
14 |
15 | +static int runcmd(const char *cmd)
16 | +{
17 | + // TODO: Support tokenizing `cmd`.
18 | + const char *argv[] = {cmd, NULL};
19 | + const char *env[] = {NULL};
20 | +
21 | + pid_t pid = 0;
22 | + int sret = posix_spawn(&pid, cmd, NULL, NULL, (char * const *)(argv), (char * const *)(env));
23 | + if (sret != 0)
24 | + return -1;
25 | +
26 | + int status;
27 | + waitpid(pid, &status, 0);
28 | + return WEXITSTATUS(status);
29 | +}
30 | +
31 | static void runparent(int fd)
32 | {
33 | ssize_t ret;
34 | @@ -1907,7 +1925,7 @@
35 | /* have to do this here - child is unprivileged */
36 | set_pdflag();
37 |
38 | - sret = system(shutdowncmd);
39 | + sret = runcmd(shutdowncmd);
40 |
41 | if (sret != 0)
42 | upslogx(LOG_ERR, "parent: Unable to call shutdown command: %s",
43 |
--------------------------------------------------------------------------------
/power/nut-client/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .NUT_VERSION }}"
2 |
--------------------------------------------------------------------------------
/power/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=github-releases extractVersion=^(?.*)$ depName=networkupstools/nut
2 | NUT_VERSION: 2.8.3
3 | NUT_SHA256: d6ca17f0b39003bac7649eb17ab4a713e4d5fcaa8fd1aedca28357d59df095ed
4 | NUT_SHA512: 0aeafad02ab323b02041a370c586dede91483cab57e0a9d1256a685716ca9f0d0f114df904ef472d48fa53ac1896690b7878828eb3b00934959c7aeaa63af99f
5 |
--------------------------------------------------------------------------------
/storage/btrfs/README.md:
--------------------------------------------------------------------------------
1 | # btrfs
2 |
3 | This extension provides kernel modules needed to mount btrfs filesystems.
4 |
5 | ## Installation
6 |
7 | See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
8 |
9 | ## Usage
10 |
11 | Enable the module in Talos machine config:
12 |
13 | ```yaml
14 | machine:
15 | kernel:
16 | modules:
17 | - name: btrfs
18 | ```
19 |
--------------------------------------------------------------------------------
/storage/btrfs/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/crypto/blake2b_generic.ko
5 | kernel/crypto/xxhash_generic.ko
6 | kernel/fs/btrfs/btrfs.ko
7 |
--------------------------------------------------------------------------------
/storage/btrfs/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: btrfs
4 | version: "$VERSION"
5 | author: Enno Boland
6 | description: |
7 | This system extension provides kernel module driver for BTRFS built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/storage/btrfs/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: btrfs
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/storage/btrfs/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .BUILD_ARG_TAG }}"
2 |
--------------------------------------------------------------------------------
/storage/drbd/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: drbd
4 | version: "$VERSION"
5 | author: Alexander Prentki
6 | description: |
7 | This system extension provides kernel module driver for DRBD built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/storage/drbd/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: drbd
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/drbd-pkg:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | mkdir -p /rootfs/usr/lib/modules
16 |
17 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules
18 | test:
19 | - |
20 | mkdir -p /extensions-validator-rootfs
21 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
22 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
23 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
24 | finalize:
25 | - from: /rootfs
26 | to: /rootfs
27 | - from: /pkg/manifest.yaml
28 | to: /
29 |
--------------------------------------------------------------------------------
/storage/drbd/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .DRBD_DRIVER_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/storage/fuse3/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: fuse3
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides fuse3 functionality.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/storage/fuse3/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: fuse3
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://github.com/libfuse/libfuse/releases/download/fuse-{{ .FUSE3_VERSION }}/fuse-{{ .FUSE3_VERSION }}.tar.gz
9 | destination: fuse.tar.gz
10 | sha256: {{ .FUSE3_SHA256 }}
11 | sha512: {{ .FUSE3_SHA512 }}
12 | prepare:
13 | - |
14 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
15 | - |
16 | tar -xzf fuse.tar.gz --strip-components=1
17 |
18 | mkdir -p /rootfs/usr/local/etc
19 | mkdir -p /rootfs/usr/local/bin
20 | mkdir -p /rootfs/etc/init.d
21 |
22 | mkdir _build
23 | meson setup _build
24 | meson configure -D useroot=false -D initscriptdir='' -D examples=false -D tests=false _build
25 | build:
26 | - |
27 | ninja -C _build
28 | install:
29 | - |
30 | DESTDIR=/rootfs ninja -C _build install
31 | test:
32 | - |
33 | mkdir -p /extensions-validator-rootfs
34 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
35 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
36 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
37 | finalize:
38 | - from: /rootfs
39 | to: /rootfs
40 | - from: /pkg/manifest.yaml
41 | to: /
42 |
--------------------------------------------------------------------------------
/storage/fuse3/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .FUSE3_VERSION }}"
2 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/README.md:
--------------------------------------------------------------------------------
1 | # iscsi-tools
2 |
3 | iscsi-tools has been tested with a remote iSCSI target with `iscsiadm` commands run in the mount namespace of the `ext-iscsid` Talos extension service.
4 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/iscsid.yaml:
--------------------------------------------------------------------------------
1 | name: iscsid
2 | depends:
3 | - service: cri
4 | - network:
5 | - addresses
6 | - connectivity
7 | - hostname
8 | - etcfiles
9 | - path: /etc/iscsi/initiatorname.iscsi
10 | container:
11 | entrypoint: /usr/local/sbin/iscsid
12 | args:
13 | - -f
14 | security:
15 | maskedPaths: []
16 | readonlyPaths: []
17 | writeableSysfs: true
18 | mounts:
19 | # ld-musl-x86_64.so.1
20 | - source: /lib
21 | destination: /lib
22 | type: bind
23 | options:
24 | - bind
25 | - ro
26 | # libcrypto.so and libc.so
27 | - source: /usr/lib
28 | destination: /usr/lib
29 | type: bind
30 | options:
31 | - bind
32 | - ro
33 | # iscsi libs
34 | - source: /usr/local/lib
35 | destination: /usr/local/lib
36 | type: bind
37 | options:
38 | - bind
39 | - ro
40 | - source: /usr/local/sbin
41 | destination: /usr/local/sbin
42 | type: bind
43 | options:
44 | - bind
45 | - ro
46 | # iscsi etc folder
47 | - source: /etc/iscsi
48 | destination: /etc/iscsi
49 | type: bind
50 | options:
51 | - rshared
52 | - rbind
53 | - ro
54 | - source: /var/lib/iscsi
55 | destination: /var/lib/iscsi
56 | type: bind
57 | options:
58 | - rshared
59 | - rbind
60 | - rw
61 | - source: /run/lock/iscsi
62 | destination: /run/lock/iscsi
63 | type: bind
64 | options:
65 | - rshared
66 | - rbind
67 | - rw
68 | restart: always
69 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: iscsi-tools
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides iscsi-tools.
8 | compatibility:
9 | talos:
10 | version: ">= v1.1.0"
11 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/open-iscsi/patches/dont-use-lib64.patch:
--------------------------------------------------------------------------------
1 | # https://git.alpinelinux.org/aports/plain/main/open-iscsi/dont-use-lib64.patch?h=3.15-stable
2 | diff --git a/libopeniscsiusr/Makefile b/libopeniscsiusr/Makefile
3 | index 0d215fc..5a52bbc 100644
4 | --- a/libopeniscsiusr/Makefile
5 | +++ b/libopeniscsiusr/Makefile
6 | @@ -17,8 +17,8 @@ SBINDIR ?= $(exec_prefix)/sbin
7 | DBROOT ?= $(etcdir)/iscsi
8 |
9 | ifndef LIB_DIR
10 | - ifeq ($(shell test -d /lib64 && echo 1),1)
11 | - LIB_DIR=$(prefix)/lib64
12 | + ifeq ($(shell test -d /lib && echo 1),1)
13 | + LIB_DIR=$(prefix)/lib
14 | else
15 | LIB_DIR=$(prefix)/lib
16 | endif
17 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/open-iscsi/patches/musl-fixes.patch:
--------------------------------------------------------------------------------
1 | # https://git.alpinelinux.org/aports/plain/main/open-iscsi/musl-fixes.patch?h=3.15-stable
2 | --- a/usr/iscsiadm.c 2016-09-29 20:33:24.000000000 +0200
3 | +++ b/usr/iscsiadm.c 2017-01-08 03:03:20.648496369 +0100
4 | @@ -3653,6 +3653,7 @@ main(int argc, char **argv)
5 | int do_discover = 0, sub_mode = -1;
6 | int portal_type = -1;
7 | int timeout = ISCSID_REQ_TIMEOUT;
8 | + int argerror = 0;
9 | struct sigaction sa_old;
10 | struct sigaction sa_new;
11 | LIST_HEAD(ifaces);
12 | @@ -3846,6 +3847,11 @@ main(int argc, char **argv)
13 | break;
14 | case 'h':
15 | usage(0);
16 | + break;
17 | + case '?':
18 | + log_error("unrecognized character '%c'", optopt);
19 | + argerror = 1;
20 | + break;
21 | }
22 |
23 | if (name && value) {
24 | @@ -3861,8 +3867,7 @@ main(int argc, char **argv)
25 | }
26 | }
27 |
28 | - if (optopt) {
29 | - log_error("unrecognized character '%c'", optopt);
30 | + if (argerror) {
31 | rc = ISCSI_ERR_INVAL;
32 | goto out;
33 | }
34 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/open-iscsi/patches/remove-werror.patch:
--------------------------------------------------------------------------------
1 | # https://git.alpinelinux.org/aports/plain/main/open-iscsi/remove-werror.patch?h=3.15-stable
2 | diff --git a/libopeniscsiusr/Makefile b/libopeniscsiusr/Makefile
3 | index 5a52bbc..680f0e6 100644
4 | --- a/libopeniscsiusr/Makefile
5 | +++ b/libopeniscsiusr/Makefile
6 | @@ -50,7 +50,7 @@ EXTRA_MAN_FILE = libopeniscsiusr.h.3
7 | OBJS = context.o misc.o session.o sysfs.o iface.o idbm.o node.o default.o
8 |
9 | CFLAGS ?= -O2 -g
10 | -CFLAGS += -Wall -Werror -Wextra -fvisibility=hidden -fPIC
11 | +CFLAGS += -Wall -Wextra -fvisibility=hidden -fPIC
12 | CFLAGS += $(shell $(PKG_CONFIG) --cflags libkmod)
13 | CFLAGS += -DSBINDIR=\"$(SBINDIR)\"
14 | CFLAGS += -DISCSI_DB_ROOT=\"$(DBROOT)\"
15 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/open-iscsi/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: open-iscsi
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://github.com/open-iscsi/open-iscsi/archive/refs/tags/{{ .OPEN_ISCSI_VERSION }}.tar.gz
9 | destination: open-iscsi.tar.gz
10 | sha256: {{ .OPEN_ISCSI_SHA256 }}
11 | sha512: {{ .OPEN_ISCSI_SHA512 }}
12 | env:
13 | SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }}
14 | prepare:
15 | - |
16 | tar -xzf open-iscsi.tar.gz --strip-components=1
17 |
18 | patch -p1 < /pkg/patches/musl-fixes.patch
19 | patch -p1 < /pkg/patches/dont-use-lib64.patch
20 | patch -p1 < /pkg/patches/remove-werror.patch
21 | build:
22 | - |
23 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig
24 |
25 | mkdir -p output
26 |
27 | LDFLAGS="$LDFLAGS -L/usr/local/lib" \
28 | meson setup \
29 | -Db_lto=true \
30 | -Dno_systemd=true \
31 | -Disns=disabled \
32 | -Dhomedir=/etc/iscsi \
33 | -Dprefix=/usr/local \
34 | -Discsi_sbindir=/usr/local/sbin \
35 | -Drulesdir=/usr/lib/udev/rules.d \
36 | output
37 |
38 | ninja -C output
39 | install:
40 | - |
41 | mkdir -p /rootfs/usr/local/etc
42 | DESTDIR=/rootfs ninja -C output install
43 |
44 | # cleanup
45 | # we generate initiatorname.iscsi on talos side.
46 | rm -rf /rootfs/etc
47 | rm -rf /rootfs/usr/local/{etc,share,include,pkgconfig}
48 | rm -rf /rootfs/var
49 | finalize:
50 | - from: /rootfs
51 | to: /rootfs
52 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: iscsi-tools
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | # `base` dependency is used for doing cleanups
6 | # not copied to rootfs
7 | - stage: base
8 | - stage: open-iscsi
9 | steps:
10 | - install:
11 | - |
12 | mkdir -p /rootfs/usr/local/lib/containers/iscsid
13 |
14 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
15 |
16 | # cleanup
17 | rm -rf /rootfs/usr/local/include
18 | rm -rf /rootfs/usr/share
19 | - |
20 | mkdir -p /rootfs/usr/local/etc/containers
21 |
22 | cp /pkg/iscsid.yaml /rootfs/usr/local/etc/containers/iscsid.yaml
23 | test:
24 | - |
25 | mkdir -p /extensions-validator-rootfs
26 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
27 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
28 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
29 | finalize:
30 | - from: /rootfs
31 | to: /rootfs
32 | - from: /pkg/manifest.yaml
33 | to: /
34 |
--------------------------------------------------------------------------------
/storage/iscsi-tools/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: v0.2.0
2 | # renovate: datasource=github-tags depName=open-iscsi/open-iscsi
3 | OPEN_ISCSI_VERSION: 2.1.11
4 | OPEN_ISCSI_SHA256: f288d1823b15782432608e5f53723159562e2c44e9a72b40fe15a5ca064ac86a
5 | OPEN_ISCSI_SHA512: 5e7a160e675ce016123f703522758cbbf2ba3be6b97dc73a69b8ff0fe247c6d994c43ca67ebe6f21982bfa22eee27f2d08cbfc502767c0afc127852389411e4d
6 |
--------------------------------------------------------------------------------
/storage/mdadm/files/udev-md-raid-assembly.rules:
--------------------------------------------------------------------------------
1 | # do not edit this file, it will be overwritten on update
2 |
3 | # assemble md arrays
4 | SUBSYSTEM!="block", GOTO="md_inc_end"
5 |
6 | # handle potential components of arrays (the ones supported by md)
7 | ENV{ID_FS_TYPE}=="linux_raid_member", GOTO="md_inc"
8 |
9 | # "noiswmd" on kernel command line stops mdadm from handling
10 | # "isw" (aka IMSM - Intel RAID).
11 | # "nodmraid" on kernel command line stops mdadm from handling
12 | # "isw" or "ddf".
13 | IMPORT{cmdline}="noiswmd"
14 | IMPORT{cmdline}="nodmraid"
15 |
16 | ENV{nodmraid}=="?*", GOTO="md_inc_end"
17 | ENV{ID_FS_TYPE}=="ddf_raid_member", GOTO="md_inc"
18 | ENV{noiswmd}=="?*", GOTO="md_inc_end"
19 | ENV{ID_FS_TYPE}=="isw_raid_member", ACTION!="change", GOTO="md_inc"
20 | GOTO="md_inc_end"
21 |
22 | LABEL="md_inc"
23 |
24 | # remember you can limit what gets auto/incrementally assembled by
25 | # mdadm.conf(5)'s 'AUTO' and selectively whitelist using 'ARRAY'
26 | ACTION=="add|change", IMPORT{program}="/usr/local/sbin/mdadm --incremental --export $devnode --offroot $env{DEVLINKS}"
27 | ACTION=="remove", ENV{ID_PATH}=="?*", RUN+="/usr/local/sbin/mdadm -If $name --path $env{ID_PATH}"
28 | ACTION=="remove", ENV{ID_PATH}!="?*", RUN+="/usr/local/sbin/mdadm -If $name"
29 |
30 | LABEL="md_inc_end"
31 |
--------------------------------------------------------------------------------
/storage/mdadm/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: mdadm
4 | version: "$VERSION"
5 | author: Serge Logvinov
6 | description: |
7 | This system extension provides mdadm binary.
8 | compatibility:
9 | talos:
10 | version: ">= v1.5.0"
11 |
--------------------------------------------------------------------------------
/storage/mdadm/patches/exit-gracefully-when-md-device-not-found.patch:
--------------------------------------------------------------------------------
1 | Author: Felix Lechner
2 | Description: Exit gracefully when md device not found (Closes: #970329).
3 |
4 | diff -Naurp mdadm.orig/Monitor.c mdadm/Monitor.c
5 | --- mdadm.orig/Monitor.c
6 | +++ mdadm/Monitor.c
7 | @@ -554,8 +554,14 @@ static int check_array(struct state *st,
8 | if (fd < 0)
9 | goto disappeared;
10 |
11 | - if (st->devnm[0] == 0)
12 | - snprintf(st->devnm, MD_NAME_MAX, "%s", fd2devnm(fd));
13 | + if (st->devnm[0] == 0) {
14 | + char *found = fd2devnm(fd);
15 | + if (!found) {
16 | + alert(EVENT_DEVICE_DISAPPEARED, NULL, 0, dev, NULL);
17 | + goto out;
18 | + }
19 | + snprintf(st->devnm, MD_NAME_MAX, "%s", found);
20 | + }
21 |
22 | for (mse2 = mdstat; mse2; mse2 = mse2->next)
23 | if (strcmp(mse2->devnm, st->devnm) == 0) {
24 |
--------------------------------------------------------------------------------
/storage/mdadm/patches/mdadm-include-sysmacros.patch:
--------------------------------------------------------------------------------
1 | --- a/mdadm.h
2 | +++ b/mdadm.h
3 | @@ -34,6 +34,7 @@
4 | #endif
5 |
6 | #include
7 | +#include
8 | #include
9 | #include
10 | #include
11 |
--------------------------------------------------------------------------------
/storage/mdadm/patches/no-werror.patch:
--------------------------------------------------------------------------------
1 | Author: Martin F. Krafft
2 | Description: Remove -Werror from compiler flags.
3 | -Werror seems like a bad idea on released/packaged code because a toolchain
4 | update (introducing new warnings) could break the build. We'll let upstream
5 | use it to beautify the code, but remove it for out builds.
6 |
7 | diff -Naurp mdadm.orig/Makefile mdadm/Makefile
8 | --- mdadm.orig/Makefile
9 | +++ mdadm/Makefile
10 | @@ -50,7 +50,7 @@ ifeq ($(origin CC),default)
11 | CC := $(CROSS_COMPILE)gcc
12 | endif
13 | CXFLAGS ?= -ggdb
14 | -CWFLAGS ?= -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds
15 | +CWFLAGS ?= -Wall -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds
16 | ifdef WARN_UNUSED
17 | CWFLAGS += -Wp -O3
18 | endif
19 |
--------------------------------------------------------------------------------
/storage/mdadm/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: mdadm
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/systemd-udevd:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - sources:
9 | - url: http://www.kernel.org/pub/linux/utils/raid/mdadm/mdadm-{{ .MDADM_VERSION }}.tar.gz
10 | destination: mdadm.tar.gz
11 | sha256: {{ .MDADM_SHA256 }}
12 | sha512: {{ .MDADM_SHA512 }}
13 | prepare:
14 | - |
15 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
16 | - |
17 | tar -xzf mdadm.tar.gz --strip-components=1
18 | - |
19 | patch -p1 < /pkg/patches/mdadm-include-sysmacros.patch
20 | patch -p1 < /pkg/patches/no-werror.patch
21 | patch -p1 < /pkg/patches/musl-125.patch
22 | patch -p1 < /pkg/patches/exit-gracefully-when-md-device-not-found.patch
23 | build:
24 | - |
25 | mkdir -p /run/mdadm
26 |
27 | CXFLAGS=-D_LARGEFILE64_SOURCE \
28 | make -j $(nproc) mdadm
29 | make -j $(nproc) mdmon
30 | install:
31 | - |
32 | mkdir -p /rootfs/usr/local/sbin /rootfs/usr/lib/udev/rules.d
33 | cp mdadm /rootfs/usr/local/sbin/mdadm
34 | cp mdmon /rootfs/usr/local/sbin/mdmon
35 | cp /pkg/files/udev-md-raid-arrays.rules /rootfs/usr/lib/udev/rules.d/63-md-raid-arrays.rules
36 | cp /pkg/files/udev-md-raid-assembly.rules /rootfs/usr/lib/udev/rules.d/64-md-raid-assembly.rules
37 | test:
38 | - |
39 | mkdir -p /extensions-validator-rootfs
40 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
41 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
42 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
43 | finalize:
44 | - from: /rootfs
45 | to: /rootfs
46 | - from: /pkg/manifest.yaml
47 | to: /
48 |
--------------------------------------------------------------------------------
/storage/mdadm/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "v{{ .MDADM_VERSION }}"
2 |
--------------------------------------------------------------------------------
/storage/nfsd/files/modules.txt:
--------------------------------------------------------------------------------
1 | modules.order
2 | modules.builtin
3 | modules.builtin.modinfo
4 | kernel/fs/nfsd/nfsd.ko
5 |
--------------------------------------------------------------------------------
/storage/nfsd/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nfsd
4 | version: "$VERSION"
5 | author: Cameron Mehl
6 | description: |
7 | This system extension provides kernel module driver for NFSD built against a specific Talos version.
8 | compatibility:
9 | talos:
10 | version: ">= v1.2.0"
11 |
--------------------------------------------------------------------------------
/storage/nfsd/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nfsd
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
9 | steps:
10 | - prepare:
11 | - |
12 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
13 | - install:
14 | - |
15 | export KERNELRELEASE=$(find /usr/lib/modules -type d -name "*-talos" -exec basename {} \+)
16 |
17 | mkdir -p /rootfs
18 |
19 | xargs -a /pkg/files/modules.txt -I {} install -D /usr/lib/modules/${KERNELRELEASE}/{} /rootfs/usr/lib/modules/${KERNELRELEASE}/{}
20 | depmod -b /rootfs/usr ${KERNELRELEASE}
21 | - test:
22 | - |
23 | # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
24 | find /rootfs/usr/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/storage/nfsd/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/storage/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=github-releases extractVersion=^fuse-(?.*)$ depName=libfuse/libfuse
2 | FUSE3_VERSION: 3.17.2
3 | FUSE3_SHA256: 3d932431ad94e86179e5265cddde1d67aa3bb2fb09a5bd35c641f86f2b5ed06f
4 | FUSE3_SHA512: fa3bec4b84ce26cd6a1679d669565f55faabf32ab59f406f59e7046e80302d788ed9cc0e895f66163e031a77a46717c4bbc1327ddc4735a8ee4700239ba1e1be
5 | # renovate: datasource=git-tags extractVersion=^mdadm-(?.*)$ depName=git://git.kernel.org/pub/scm/utils/mdadm/mdadm.git
6 | MDADM_VERSION: 4.3
7 | MDADM_SHA256: 61a1c22477555364dea1862df7c3b4e8b9a53ee733bad320a45fda27dd0ed44f
8 | MDADM_SHA512: a77af2b371ed27b7bd89b7991302282f0fc77999eb93d7959446fc4b1c28388582d08ff0abfc470a9f9a8c8036acb0158edc44d9a8d406f807ca28111bf74459
9 |
--------------------------------------------------------------------------------
/storage/zfs/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: zfs
4 | version: "$VERSION"
5 | author: Aenix, Enix
6 | description: |
7 | This system extension provides the ZFS kernel module, the ZFS utilities, and a service to import all ZFS pools on start and unmount all pools on stop.
8 | compatibility:
9 | talos:
10 | version: ">= v1.6.0"
11 |
--------------------------------------------------------------------------------
/storage/zfs/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zfs
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | # The pkgs version for a particular release of Talos as defined in
7 | # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs
8 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/zfs-pkg:{{ .BUILD_ARG_PKGS }}"
9 | - stage: libtirpc-zfs
10 | - stage: zlib-zfs
11 | - stage: zfs-tools
12 | - stage: zfs-service
13 | steps:
14 | - prepare:
15 | - |
16 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
17 | - install:
18 | - |
19 | mkdir -p /rootfs/usr/lib/modules
20 | cp -R /usr/lib/modules/* /rootfs/usr/lib/modules/
21 | - |
22 | mkdir -p /rootfs/usr/local/etc/containers
23 | cp /pkg/zfs-service.yaml /rootfs/usr/local/etc/containers/
24 | test:
25 | - |
26 | mkdir -p /extensions-validator-rootfs
27 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
28 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
29 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 | - from: /pkg/manifest.yaml
34 | to: /
35 |
--------------------------------------------------------------------------------
/storage/zfs/vars.yaml:
--------------------------------------------------------------------------------
1 | # the first part is the driver version and the second the talos version for which the module is built against
2 | VERSION: "{{ .ZFS_DRIVER_VERSION }}-{{ .BUILD_ARG_TAG }}"
3 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-service.yaml:
--------------------------------------------------------------------------------
1 | name: zfs-service
2 | depends:
3 | - service: udevd
4 | - service: cri
5 | - path: /dev/zfs
6 | container:
7 | entrypoint: /zfs-service
8 | mounts:
9 | # ld-musl-x86_64.so.1
10 | - source: /lib
11 | destination: /lib
12 | type: bind
13 | options:
14 | - bind
15 | - ro
16 | # libcrypto.so and libc.so
17 | - source: /usr/lib
18 | destination: /usr/lib
19 | type: bind
20 | options:
21 | - bind
22 | - ro
23 | - source: /usr/local/lib
24 | destination: /usr/local/lib
25 | type: bind
26 | options:
27 | - bind
28 | - ro
29 | - source: /usr/local/sbin
30 | destination: /usr/local/sbin
31 | type: bind
32 | options:
33 | - bind
34 | - ro
35 | - source: /dev
36 | destination: /dev
37 | type: bind
38 | options:
39 | - rshared
40 | - rbind
41 | - rw
42 | - source: /run
43 | destination: /run
44 | type: bind
45 | options:
46 | - rshared
47 | - rbind
48 | - rw
49 | - source: /var
50 | destination: /var
51 | type: bind
52 | options:
53 | - rshared
54 | - rbind
55 | - rw
56 | security:
57 | rootfsPropagation: shared
58 | restart: untilSuccess
59 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-service/go.mod:
--------------------------------------------------------------------------------
1 | module zfs-service
2 |
3 | go 1.23.0
4 |
5 | require golang.org/x/sys v0.33.0
6 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-service/go.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
2 | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
3 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-service/main.go:
--------------------------------------------------------------------------------
1 | // This Source Code Form is subject to the terms of the Mozilla Public
2 | // License, v. 2.0. If a copy of the MPL was not distributed with this
3 | // file, You can obtain one at http://mozilla.org/MPL/2.0/.
4 |
5 | package main
6 |
7 | import (
8 | "log"
9 | "os"
10 | "os/exec"
11 | "os/signal"
12 |
13 | "golang.org/x/sys/unix"
14 | )
15 |
16 | func main() {
17 | cmd := exec.Command("/usr/local/sbin/zpool", "import", "-fal")
18 | cmd.Stdout = os.Stdout
19 | cmd.Stderr = os.Stderr
20 | if err := cmd.Run(); err != nil {
21 | log.Fatalf("zfs-service: zpool import error: %v\n", err)
22 | }
23 |
24 | ch := make(chan os.Signal, 1)
25 | signal.Notify(ch, unix.SIGINT, unix.SIGTERM)
26 | <-ch
27 |
28 | cmd = exec.Command("/usr/local/sbin/zfs", "unmount", "-au")
29 | cmd.Stdout = os.Stdout
30 | cmd.Stderr = os.Stderr
31 | if err := cmd.Run(); err != nil {
32 | log.Fatalf("zfs-service: zfs unmount error: %v\n", err)
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-service/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zfs-service
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - env:
8 | GOPATH: /tmp/go
9 | - cachePaths:
10 | - /.cache/go-build
11 | - /tmp/go/pkg
12 | - network: default
13 | prepare:
14 | - |
15 | cp -r /pkg/* .
16 | - |
17 | go mod download
18 | - network: none
19 | build:
20 | - |
21 | CGO_ENABLED=0 go build -ldflags "-s -w" -trimpath -o zfs-service main.go
22 | install:
23 | - |
24 | mkdir -p /rootfs/usr/local/lib/containers/zfs-service
25 | cp zfs-service /rootfs/usr/local/lib/containers/zfs-service/
26 | finalize:
27 | - from: /rootfs
28 | to: /rootfs
29 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-tools/libtirpc/pkg.yaml:
--------------------------------------------------------------------------------
1 |
2 | name: libtirpc-zfs
3 | variant: scratch
4 | shell: /bin/bash
5 | dependencies:
6 | - stage: base
7 | steps:
8 | - sources:
9 | - url: https://src.fedoraproject.org/lookaside/extras/libtirpc/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2/sha512/df0781a74ff9ded2d3c4f5eb7e05496b9f58eac8060c02c68331dc14c4a00304dcd19f46836f5756fe0d9d27095fd463d42dd696fcdff891516711b7d63deabe/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2
10 | destination: libtirpc.tar.bz2
11 | sha256: {{ .LIBTIRPC_SHA256 }}
12 | sha512: {{ .LIBTIRPC_SHA512 }}
13 | prepare:
14 | - |
15 | tar -xf libtirpc.tar.bz2 --strip-components=1
16 |
17 | mkdir -p /usr/local/include/sys
18 | cp /pkg/patches/sys-queue.h /usr/local/include/sys/queue.h
19 |
20 | export CFLAGS="${CFLAGS} -I/usr/local/include"
21 |
22 | ./configure \
23 | --prefix=/usr/local \
24 | --disable-gssapi
25 | build:
26 | - |
27 | make -j $(nproc)
28 | install:
29 | - |
30 | mkdir -p /rootfs
31 |
32 | make install DESTDIR=/rootfs
33 | rm -rf /rootfs/usr/local/share/man
34 | finalize:
35 | - from: /rootfs
36 | to: /rootfs
37 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-tools/patches/tests-fix-S_IFMT-undeclared-at-statx.c.patch:
--------------------------------------------------------------------------------
1 | From 634c172ee89f5303493a75dc7ff55e0a355b503a Mon Sep 17 00:00:00 2001
2 | From: =?UTF-8?q?Jos=C3=A9=20Luis=20Salvador=20Rufo?=
3 |
4 | Date: Fri, 2 May 2025 23:49:25 +0200
5 | Subject: [PATCH] tests: fix `S_IFMT` undeclared at `statx.c`
6 | MIME-Version: 1.0
7 | Content-Type: text/plain; charset=UTF-8
8 | Content-Transfer-Encoding: 8bit
9 |
10 | `S_IFMT` is declared in `sys/stat.h`, but we cannot include this header
11 | because it redeclares the `statx` function with different argument
12 | types. Therefore, we define `S_IFMT` ourselves, in the same way as the
13 | other definitions.
14 |
15 | Reviewed-by: Rob Norris
16 | Reviewed-by: George Melikov
17 | Reviewed-by: Alexander Motin
18 | Signed-off-by: José Luis Salvador Rufo
19 | Closes #17293
20 | Closes #17294
21 | ---
22 | tests/zfs-tests/cmd/statx.c | 3 +++
23 | 1 file changed, 3 insertions(+)
24 |
25 | diff --git a/tests/zfs-tests/cmd/statx.c b/tests/zfs-tests/cmd/statx.c
26 | index 89939f6efb40..1acc7e58c5ce 100644
27 | --- a/tests/zfs-tests/cmd/statx.c
28 | +++ b/tests/zfs-tests/cmd/statx.c
29 | @@ -109,6 +109,9 @@ _statx(int fd, const char *path, int flags, unsigned int mask, void *stx)
30 | #ifndef STATX_DIOALIGN
31 | #define STATX_DIOALIGN (1<<13)
32 | #endif
33 | +#ifndef S_IFMT
34 | +#define S_IFMT 0170000
35 | +#endif
36 |
37 | typedef struct {
38 | int64_t tv_sec;
39 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-tools/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zfs-tools
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - stage: libtirpc-zfs
7 | from: /rootfs
8 | - stage: zlib-zfs
9 | from: /rootfs
10 | steps:
11 | - sources:
12 | - url: https://github.com/openzfs/zfs/releases/download/zfs-{{ .ZFS_DRIVER_VERSION }}/zfs-{{ .ZFS_DRIVER_VERSION }}.tar.gz
13 | destination: zfs.tar.gz
14 | sha256: {{ .ZFS_TOOLS_SHA256 }}
15 | sha512: {{ .ZFS_TOOLS_SHA512 }}
16 | env:
17 | ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}
18 | prepare:
19 | - |
20 | tar -xf zfs.tar.gz --strip-components=1
21 | - |
22 | patch -p1 < /pkg/patches/tests-fix-S_IFMT-undeclared-at-statx.c.patch
23 | build:
24 | - |
25 | ./configure \
26 | --prefix=/usr/local \
27 | --with-udevdir=/usr/local/sbin \
28 | --with-udevruledir=/usr/lib/udev/rules.d \
29 | --with-config=user \
30 | --disable-code-coverage \
31 | --disable-systemd
32 |
33 | make -j $(nproc)
34 | install:
35 | - |
36 | make install-exec DESTDIR=/rootfs
37 | make install-data DESTDIR=/rootfs
38 | rm -rf /rootfs/{etc,sbin,usr/{lib/dracut,local/share,share}}
39 | # remove the 69-vdev.rules, since it depends on `vdev_id` which is a shell script
40 | rm -f /rootfs/usr/lib/udev/rules.d/69-vdev.rules
41 | # if this file is present creating a vdev tries to executes it
42 | # since talos doesn't have a shell, this would fail
43 | # the default shipped file is a no-op, so safe to remove.
44 | rm -f /rootfs/usr/local/libexec/zfs/zfs_prepare_disk
45 | finalize:
46 | - from: /rootfs
47 | to: /rootfs
48 |
--------------------------------------------------------------------------------
/storage/zfs/zfs-tools/zlib/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: zlib-zfs
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://zlib.net/fossils/zlib-{{ .ZLIB_VERSION }}.tar.gz
9 | destination: zlib.tar.gz
10 | sha256: {{ .ZLIB_SHA256 }}
11 | sha512: {{ .ZLIB_SHA512 }}
12 | prepare:
13 | - |
14 | tar -xf zlib.tar.gz --strip-components=1
15 | mkdir build
16 | cd build
17 |
18 | ../configure \
19 | --prefix=/usr/local
20 | build:
21 | - |
22 | cd build
23 | make -j $(nproc)
24 | install:
25 | - |
26 | cd build
27 | make DESTDIR=/rootfs install
28 | # we only need the libs and headers, remove everything else
29 | find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 |
--------------------------------------------------------------------------------
/tools/ctr/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: ctr
4 | version: "$VERSION"
5 | author: Tomasz Jonak
6 | description: "This extension provides ctr containerd helper binary"
7 | compatibility:
8 | talos:
9 | version: ">= v1.0.0"
10 |
--------------------------------------------------------------------------------
/tools/ctr/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: ctr
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/containerd:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - prepare:
9 | - sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
10 | install:
11 | - |
12 | mkdir -p /rootfs/usr/local/bin
13 | cp /usr/bin/ctr /rootfs/usr/local/bin
14 | test:
15 | - |
16 | mkdir -p /extensions-validator-rootfs
17 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
18 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
19 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
20 | finalize:
21 | - from: /rootfs
22 | to: /rootfs
23 | - from: /pkg/manifest.yaml
24 | to: /
25 |
--------------------------------------------------------------------------------
/tools/ctr/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .CONTAINERD_VERSION }}"
2 |
--------------------------------------------------------------------------------
/tools/nvme-cli/libnvme/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: libnvme
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libjson-c:{{ .BUILD_ARG_PKGS }}"
7 | steps:
8 | - sources:
9 | - url: https://github.com/linux-nvme/libnvme/archive/refs/tags/{{ .LIBNVME_VERSION }}.tar.gz
10 | destination: libnvme.tar.gz
11 | sha256: {{ .LIBNVME_SHA256 }}
12 | sha512: {{ .LIBNVME_SHA512 }}
13 | prepare:
14 | - |
15 | tar xf libnvme.tar.gz --strip-components=1
16 |
17 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig
18 |
19 | meson setup \
20 | -Db_lto=true \
21 | -Djson-c=enabled \
22 | -Dpython=disabled \
23 | .build
24 | build:
25 | - |
26 | meson compile -C .build
27 | install:
28 | - |
29 | DESTDIR=/rootfs meson install -C .build
30 | finalize:
31 | - from: /rootfs
32 | to: /rootfs
33 |
--------------------------------------------------------------------------------
/tools/nvme-cli/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: nvme-cli
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides the NVMe command line interface.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/tools/nvme-cli/patches/basename.patch:
--------------------------------------------------------------------------------
1 | https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/nvme-cli/basename.patch
2 | --- a/plugins/netapp/netapp-nvme.c 2024-10-31 10:39:11
3 | +++ b/plugins/netapp/netapp-nvme.c 2024-11-11 21:02:24
4 | @@ -22,6 +22,7 @@
5 | #include
6 | #include
7 | #include
8 | +#include
9 |
10 | #include "common.h"
11 | #include "nvme.h"
12 |
--------------------------------------------------------------------------------
/tools/nvme-cli/patches/locale.patch:
--------------------------------------------------------------------------------
1 | https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/nvme-cli/locale.patch
2 | diff --git a/nvme-print.c b/nvme-print.c
3 | index 170e5c12..5b1f2e82 100644
4 | --- a/nvme-print.c
5 | +++ b/nvme-print.c
6 | @@ -797,6 +797,10 @@ static bool is_fahrenheit_country(const char *country)
7 | return false;
8 | }
9 |
10 | +#ifndef LC_MEASUREMENT
11 | +#define LC_MEASUREMENT LC_ALL
12 | +#endif
13 | +
14 | static bool is_temperature_fahrenheit(void)
15 | {
16 | const char *locale, *underscore;
17 |
--------------------------------------------------------------------------------
/tools/nvme-cli/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: nvme-cli
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libjson-c:{{ .BUILD_ARG_PKGS }}"
7 | - stage: libnvme
8 | from: /rootfs # build dependency
9 | - stage: libnvme
10 | from: /rootfs
11 | to: /rootfs
12 | steps:
13 | - sources:
14 | - url: https://github.com/linux-nvme/nvme-cli/archive/refs/tags/{{ .NVME_CLI_VERSION }}.tar.gz
15 | destination: nvme-cli.tar.gz
16 | sha256: {{ .NVME_CLI_SHA256 }}
17 | sha512: {{ .NVME_CLI_SHA512 }}
18 | prepare:
19 | - |
20 | tar xf nvme-cli.tar.gz --strip-components=1
21 |
22 | export PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig
23 |
24 | patch -p1 < /pkg/patches/locale.patch
25 | patch -p1 < /pkg/patches/basename.patch
26 |
27 | meson setup \
28 | -Db_lto=true \
29 | -Dudevrulesdir=/usr/lib/udev/rules.d \
30 | -Djson-c=enabled \
31 | .build
32 | - |
33 | sed -i 's#$VERSION#{{ .NVME_CLI_VERSION }}#' /pkg/manifest.yaml
34 | build:
35 | - |
36 | meson compile -C .build
37 | install:
38 | - |
39 | DESTDIR=/rootfs meson install -C .build
40 | rm -rf /rootfs/usr/local/{include,lib/{dracut,systemd},share}
41 | test:
42 | - |
43 | mkdir -p /extensions-validator-rootfs
44 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
45 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
46 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
47 | finalize:
48 | - from: /rootfs
49 | to: /rootfs
50 | - from: /pkg/manifest.yaml
51 | to: /
52 |
--------------------------------------------------------------------------------
/tools/nvme-cli/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .NVME_CLI_VERSION }}"
2 |
--------------------------------------------------------------------------------
/tools/util-linux/manifest.yaml:
--------------------------------------------------------------------------------
1 | version: v1alpha1
2 | metadata:
3 | name: util-linux-tools
4 | version: "$VERSION"
5 | author: Sidero Labs
6 | description: |
7 | This system extension provides a minimal util-linux package.
8 | compatibility:
9 | talos:
10 | version: ">= v1.0.0"
11 |
--------------------------------------------------------------------------------
/tools/util-linux/pkg.yaml:
--------------------------------------------------------------------------------
1 | name: util-linux-tools
2 | variant: scratch
3 | shell: /bin/bash
4 | dependencies:
5 | - stage: base
6 | steps:
7 | - sources:
8 | - url: https://www.kernel.org/pub/linux/utils/util-linux/v{{ regexReplaceAll ".\\d+$" .UTIL_LINUX_VERSION "${1}" }}/util-linux-{{ regexReplaceAll "\\.0$" .UTIL_LINUX_VERSION "${1}" }}.tar.xz
9 | destination: util-linux.tar.xz
10 | sha256: {{ .UTIL_LINUX_SHA256 }}
11 | sha512: {{ .UTIL_LINUX_SHA512 }}
12 | prepare:
13 | - |
14 | tar -xJf util-linux.tar.xz --strip-components=1
15 |
16 | mkdir build
17 | cd build
18 | ../configure \
19 | --prefix=/usr/local \
20 | --without-python \
21 | --disable-bash-completion \
22 | --disable-asciidoc \
23 | --disable-makeinstall-chown \
24 | --without-systemd \
25 | --without-systemdsystemunitdir \
26 | --disable-all-programs \
27 | --enable-libmount \
28 | --enable-libblkid \
29 | --enable-nsenter \
30 | --enable-fstrim \
31 | - |
32 | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
33 | build:
34 | - |
35 | cd build
36 | make install-strip -j $(nproc)
37 | install:
38 | - |
39 | cd build
40 | mkdir /rootfs
41 | make install DESTDIR=/rootfs
42 | rm -rf /rootfs/usr/local/{include,lib,share}
43 | test:
44 | - |
45 | mkdir -p /extensions-validator-rootfs
46 | cp -r /rootfs/ /extensions-validator-rootfs/rootfs
47 | cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
48 | /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
49 | finalize:
50 | - from: /rootfs
51 | to: /rootfs
52 | - from: /pkg/manifest.yaml
53 | to: /
54 |
--------------------------------------------------------------------------------
/tools/util-linux/vars.yaml:
--------------------------------------------------------------------------------
1 | VERSION: "{{ .UTIL_LINUX_VERSION }}"
2 |
--------------------------------------------------------------------------------
/tools/vars.yaml:
--------------------------------------------------------------------------------
1 | # renovate: datasource=github-releases depName=linux-nvme/libnvme
2 | LIBNVME_VERSION: v1.11.1
3 | LIBNVME_SHA256: 6d5d8ba2cc4c94a61a994c9f7f25b3b26ef973fb5c0daa37729890903f37a1f1
4 | LIBNVME_SHA512: 8720f2907a3d13af44fb3deec883cd6eb247d5861c4459b5fe0e67ff9ecfb565462a5faf39d43e08b5284f3e8ca8e72d41b333984beaa45d3287b1a258f3e59d
5 | # renovate: datasource=github-releases depName=linux-nvme/nvme-cli
6 | NVME_CLI_VERSION: v2.11
7 | NVME_CLI_SHA256: 5e4dc73dbb488c6b1e6ad1c78d0c62b624076fcb0c052bd9039674a1dbd6517b
8 | NVME_CLI_SHA512: 33de20ad990a3b87fef46fa486832edde41907223aa6b8a47606e605b360745fd7e2054226bf93a59b2a09c6bc04d0b684e4b3bb27c3fc0e6110c64a558cadc0
9 |
--------------------------------------------------------------------------------