hardware acceleration and support for NVIDIA cards on nonfree images (#3089)

* add nvidia packages * add nvidia deps to nonfree * gpu_acceleration flag & nvidia hacking * fix gpu_config & /tmp/lxc.log * implement hardware acceleration more dynamically * refactor OpenUI * use mknod * registry updates for multi-hardware-requirements * pluralize * handle new registry types * remove log * migrations and driver fixes * wip * misc patches * handle nvidia-container differently * chore: comments (#3093) * chore: comments * revert some sizing --------- Co-authored-by: Matt Hill <mattnine@protonmail.com> * Revert "handle nvidia-container differently" This reverts commit d708ae53df. * fix debian containers * cleanup * feat: add empty array placeholder in forms (#3095) * fixes from testing, client side device filtering for better fingerprinting resistance * fix mac builds --------- Co-authored-by: Sam Sartor <me@samsartor.com> Co-authored-by: Matt Hill <mattnine@protonmail.com> Co-authored-by: Alex Inkin <alexander@inkin.ru>
2026-03-26 10:21:52 +00:00 · 2026-01-15 11:42:17 -08:00
parent e8ef39adad
commit 99871805bd
95 changed files with 2758 additions and 1092 deletions
--- a/sdk/base/lib/osBindings/AddMirrorParams.ts
+++ b/sdk/base/lib/osBindings/AddMirrorParams.ts
@@ -0,0 +1,9 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AnySignature } from "./AnySignature"
+import type { MerkleArchiveCommitment } from "./MerkleArchiveCommitment"
+
+export type AddMirrorParams = {
+  url: string
+  commitment: MerkleArchiveCommitment
+  signature: AnySignature
+}
--- a/sdk/base/lib/osBindings/AddPackageParams.ts
+++ b/sdk/base/lib/osBindings/AddPackageParams.ts
@@ -3,7 +3,7 @@ import type { AnySignature } from "./AnySignature"
 import type { MerkleArchiveCommitment } from "./MerkleArchiveCommitment"

 export type AddPackageParams = {
-  url: string
+  urls: string[]
  commitment: MerkleArchiveCommitment
  signature: AnySignature
 }
--- a/sdk/base/lib/osBindings/DeviceFilter.ts
+++ b/sdk/base/lib/osBindings/DeviceFilter.ts
@@ -1,7 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

 export type DeviceFilter = {
+  description: string
  class: "processor" | "display"
-  pattern: string
-  patternDescription: string
+  product: string | null
+  vendor: string | null
+  capabilities?: Array<string>
+  driver?: string
 }
--- a/sdk/base/lib/osBindings/GetPackageParams.ts
+++ b/sdk/base/lib/osBindings/GetPackageParams.ts
@@ -7,5 +7,5 @@ export type GetPackageParams = {
  id: PackageId | null
  targetVersion: string | null
  sourceVersion: Version | null
-  otherVersions: PackageDetailLevel
+  otherVersions: PackageDetailLevel | null
 }
--- a/sdk/base/lib/osBindings/ImageConfig.ts
+++ b/sdk/base/lib/osBindings/ImageConfig.ts
@@ -5,4 +5,5 @@ export type ImageConfig = {
  source: ImageSource
  arch: string[]
  emulateMissingAs: string | null
+  nvidiaContainer: boolean
 }
--- a/sdk/base/lib/osBindings/LshwDisplay.ts
+++ b/sdk/base/lib/osBindings/LshwDisplay.ts
@@ -1,3 +1,8 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type LshwDisplay = { product: string }
+export type LshwDisplay = {
+  product: string | null
+  vendor: string | null
+  capabilities: Array<string>
+  driver: string | null
+}
--- a/sdk/base/lib/osBindings/LshwProcessor.ts
+++ b/sdk/base/lib/osBindings/LshwProcessor.ts
@@ -1,3 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type LshwProcessor = { product: string }
+export type LshwProcessor = {
+  product: string | null
+  vendor: string | null
+  capabilities: Array<string>
+}
--- a/sdk/base/lib/osBindings/Manifest.ts
+++ b/sdk/base/lib/osBindings/Manifest.ts
@@ -31,6 +31,7 @@ export type Manifest = {
  alerts: Alerts
  dependencies: Dependencies
  hardwareRequirements: HardwareRequirements
+  hardwareAcceleration: boolean
  gitHash: GitHash | null
  osVersion: string
  sdkVersion: string | null
--- a/sdk/base/lib/osBindings/PackageVersionInfo.ts
+++ b/sdk/base/lib/osBindings/PackageVersionInfo.ts
@@ -10,6 +10,8 @@ import type { PackageId } from "./PackageId"
 import type { RegistryAsset } from "./RegistryAsset"

 export type PackageVersionInfo = {
+  sourceVersion: string | null
+  s9pks: Array<[HardwareRequirements, RegistryAsset<MerkleArchiveCommitment>]>
  title: string
  icon: DataUrl
  description: Description
@@ -26,7 +28,5 @@ export type PackageVersionInfo = {
  dependencyMetadata: { [key: PackageId]: DependencyMetadata }
  osVersion: string
  sdkVersion: string | null
-  hardwareRequirements: HardwareRequirements
-  sourceVersion: string | null
-  s9pk: RegistryAsset<MerkleArchiveCommitment>
+  hardwareAcceleration: boolean
 }
--- a/sdk/base/lib/osBindings/RegistryAsset.ts
+++ b/sdk/base/lib/osBindings/RegistryAsset.ts
@@ -4,7 +4,7 @@ import type { AnyVerifyingKey } from "./AnyVerifyingKey"

 export type RegistryAsset<Commitment> = {
  publishedAt: string
-  url: string
+  urls: string[]
  commitment: Commitment
  signatures: { [key: AnyVerifyingKey]: AnySignature }
 }
--- a/sdk/base/lib/osBindings/RemoveMirrorParams.ts
+++ b/sdk/base/lib/osBindings/RemoveMirrorParams.ts
@@ -0,0 +1,9 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PackageId } from "./PackageId"
+import type { Version } from "./Version"
+
+export type RemoveMirrorParams = {
+  id: PackageId
+  version: Version
+  url: string
+}
--- a/sdk/base/lib/osBindings/RemovePackageParams.ts
+++ b/sdk/base/lib/osBindings/RemovePackageParams.ts
@@ -1,5 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Base64 } from "./Base64"
 import type { PackageId } from "./PackageId"
 import type { Version } from "./Version"

-export type RemovePackageParams = { id: PackageId; version: Version }
+export type RemovePackageParams = {
+  id: PackageId
+  version: Version
+  sighash: Base64 | null
+}
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -13,6 +13,7 @@ export { ActionVisibility } from "./ActionVisibility"
 export { AddAdminParams } from "./AddAdminParams"
 export { AddAssetParams } from "./AddAssetParams"
 export { AddCategoryParams } from "./AddCategoryParams"
+export { AddMirrorParams } from "./AddMirrorParams"
 export { AddPackageParams } from "./AddPackageParams"
 export { AddPackageSignerParams } from "./AddPackageSignerParams"
 export { AddPackageToCategoryParams } from "./AddPackageToCategoryParams"
@@ -171,6 +172,7 @@ export { RegistryInfo } from "./RegistryInfo"
 export { RemoveAdminParams } from "./RemoveAdminParams"
 export { RemoveAssetParams } from "./RemoveAssetParams"
 export { RemoveCategoryParams } from "./RemoveCategoryParams"
+export { RemoveMirrorParams } from "./RemoveMirrorParams"
 export { RemovePackageFromCategoryParams } from "./RemovePackageFromCategoryParams"
 export { RemovePackageParams } from "./RemovePackageParams"
 export { RemovePackageSignerParams } from "./RemovePackageSignerParams"
--- a/sdk/base/lib/types/ManifestTypes.ts
+++ b/sdk/base/lib/types/ManifestTypes.ts
@@ -128,16 +128,17 @@ export type SDKManifest = {
  /**
   * @description (optional) A set of hardware requirements for this service. If the user's machine
   *   does not meet these requirements, they will not be able to install this service.
-   * @property {object[]} devices - TODO Aiden confirm type on the left. List of required devices (displays or processors).
+   * @property {object[]} devices - List of required devices (display or processor).
+   *    `pattern` refers to a regular expression that at least one device of the specified class must match
+   *    `patternDescription` is what will be displayed to the user about what kind of device is required
   * @property {number} ram - Minimum RAM requirement (in megabytes MB)
   * @property {string[]} arch - List of supported arches
   * @example
   * ```
-    TODO Aiden verify below and provide examples for devices
    hardwareRequirements: {
      devices: [
-        { class: 'display', value: '' },
-        { class: 'processor', value: '' },
+        { class: 'display', pattern: 'CometLake', patternDescription: 'A CometLake (10th generation) Intel Integrated GPU' },
+        { class: 'processor', pattern: 'i[3579]-10[0-9]{3}U CPU', patternDescription: 'A 10th Generation Intel i-Series processor' },
      ],
      ram: 8192,
      arch: ['x86-64'],
@@ -149,6 +150,11 @@ export type SDKManifest = {
    readonly ram?: number | null
    readonly arch?: string[] | null
  }
+
+  /**
+   * @description Enable access to hardware acceleration devices (such as /dev/dri, or /dev/nvidia*)
+   */
+  readonly hardwareAcceleration?: boolean
 }

 // this is hacky but idk a more elegant way
@@ -174,6 +180,7 @@ export type SDKImageInputSpec = {
    source: Exclude<ImageSource, "packed">
    arch?: ArchOptions[A]
    emulateMissingAs?: ArchOptions[A][number] | null
+    nvidiaContainer?: boolean
  }
 }[keyof ArchOptions]