sysbox: init at 0.6.2

maintainers/maintainer-list.nix

@@ -9143,6 +9143,12 @@
     githubId = 1792886;
     name = "Julien Malka";
   };
+  juliosueiras = {
+    email = "[email protected]";
+    github = "juliosueiras";
+    githubId = 3680302;
+    name = "Julio Tain Sueiras";
+  };
   juliusrickert = {
     email = "[email protected]";
     github = "juliusrickert";

nixos/modules/module-list.nix

@@ -1522,6 +1522,7 @@
   ./virtualisation/cri-o.nix
   ./virtualisation/docker-rootless.nix
   ./virtualisation/docker.nix
+  ./virtualisation/sysbox.nix
   ./virtualisation/ecs-agent.nix
   ./virtualisation/hyperv-guest.nix
   ./virtualisation/incus.nix

nixos/modules/virtualisation/sysbox.nix

@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.virtualisation.sysbox;
+in
+
+{
+  ###### interface
+
+  options.virtualisation.sysbox = {
+    enable =
+      mkOption {
+        type = types.bool;
+        default = false;
+        description =
+          lib.mdDoc ''
+            This option enables sysbox
+          '';
+        };
+
+    package = mkPackageOption pkgs "sysbox" { };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    systemd.services.sysbox-mgr = {
+      description = "Sysbox Manager Service";
+      wantedBy = [ "multi-user.target" ];
+
+      path = [ pkgs.rsync pkgs.kmod pkgs.iptables ];
+      script = "${cfg.package}/bin/sysbox-mgr";
+
+      preStart = ''
+        mkdir /sbin || true
+        cp ${pkgs.iptables}/bin/* /sbin || true
+      '';
+
+      serviceConfig = {
+        User = "root";
+        Group = "root";
+      };
+    };
+
+    systemd.services.sysbox-fs = {
+      description = "Sysbox FileSystem Service";
+      wantedBy = [ "multi-user.target" ];
+
+      path = [ pkgs.rsync pkgs.kmod pkgs.fuse pkgs.iptables ];
+      script = "${cfg.package}/bin/sysbox-fs";
+
+      serviceConfig = {
+        User = "root";
+        Group = "root";
+      };
+    };
+
+    virtualisation.docker.extraOptions = ''--add-runtime=sysbox=${cfg.package}/bin/sysbox-runc'';
+
+    security.unprivilegedUsernsClone = true;
+
+    assertions = [
+      { assertion = !virtualisation.docker.enable;
+        message = "Sysbox require docker to be functional";
+      }
+      { assertion = virtualisation.podman.enable;
+        message = "Sysbox require docker to be functional";
+      }
+    ];
+  };
+}

pkgs/applications/virtualization/sysbox/default.nix

@@ -0,0 +1,33 @@
+{ stdenv
+, lib
+, fetchurl
+, dpkg
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sysbox";
+  version = "0.6.2";
+
+  src = fetchurl {
+    url = "https://downloads.nestybox.com/sysbox/releases/v0.6.2/sysbox-ce_${version}-0.linux_amd64.deb";
+    sha256 = "/Sh/LztaBytiw3j54e7uqizK0iu0jLOB0w2MhVxRtAE=";
+  };
+
+  nativeBuildInputs = [ dpkg ];
+
+  unpackPhase = ''
+    dpkg-deb -R $src .
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -rf usr/bin/* $out/bin/
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/nestybox/sysbox";
+    description = "An open-source, next-generation 'runc' that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ juliosueiras ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -908,6 +908,8 @@ with pkgs;
 
   docker-slim = callPackage ../applications/virtualization/docker-slim { };
 
+  sysbox = callPackage ../applications/virtualization/sysbox { };
+
   doc2go = callPackage ../development/tools/doc2go { };
 
   docker-sync = callPackage ../tools/misc/docker-sync { };