From c036450ca6aa82f57765731240242a8ea77f31cc Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sat, 4 May 2024 00:04:57 +0200
Subject: [PATCH] Add UnitProperties= setting

This allows configuring properties on the scopes spawned by
systemd-nspawn or systemd-run.
---
 mkosi/__init__.py        | 3 +++
 mkosi/config.py          | 9 +++++++++
 mkosi/qemu.py            | 8 +++++++-
 mkosi/resources/mkosi.md | 7 +++++++
 tests/test_json.py       | 4 ++++
 5 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 01fc8488e..7238c2f68 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -3971,6 +3971,9 @@ def run_shell(args: Args, config: Config) -> None:
                     "--set-credential=journal.forward_to_socket:/run/host/journal/socket",
                 ]
 
+        for p in config.unit_properties:
+            cmdline += ["--property", p]
+
         if args.verb == Verb.boot:
             # Add nspawn options first since systemd-nspawn ignores all options after the first argument.
             cmdline += args.cmdline
diff --git a/mkosi/config.py b/mkosi/config.py
index 806da3d51..a9cdbf907 100644
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -1496,6 +1496,7 @@ class Config:
     runtime_scratch: ConfigFeature
     runtime_network: Network
     runtime_build_sources: bool
+    unit_properties: list[str]
     ssh_key: Optional[Path]
     ssh_certificate: Optional[Path]
     machine: Optional[str]
@@ -2868,6 +2869,13 @@ SETTINGS = (
         parse=config_parse_boolean,
         help="Mount build sources and build directory in /work when booting the image",
     ),
+    ConfigSetting(
+        dest="unit_properties",
+        long="--unit-property",
+        metavar="PROPERTY",
+        section="Host",
+        parse=config_make_list_parser(delimiter=" ", unescape=True),
+    ),
     ConfigSetting(
         dest="ssh_key",
         metavar="PATH",
@@ -4052,6 +4060,7 @@ def summary(config: Config) -> str:
                     Runtime Scratch: {config.runtime_scratch}
                     Runtime Network: {config.runtime_network}
               Runtime Build Sources: {config.runtime_build_sources}
+                    Unit Properties: {line_join_list(config.unit_properties)}
                     SSH Signing Key: {none_to_none(config.ssh_key)}
                     SSH Certificate: {none_to_none(config.ssh_certificate)}
                             Machine: {config.machine_or_name()}
diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index 7d4ae560c..19ff8ad7e 100644
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -688,6 +688,7 @@ def scope_cmd(
     description: str,
     user: Optional[int] = None,
     group: Optional[int] = None,
+    properties: Sequence[str] = (),
 ) -> list[str]:
     return [
         "systemd-run",
@@ -699,6 +700,7 @@ def scope_cmd(
         "--collect",
         *(["--uid", str(user)] if user is not None else []),
         *(["--gid", str(group)] if group is not None else []),
+        *([f"--property={p}" for p in properties]),
     ]
 
 
@@ -1141,7 +1143,11 @@ def run_qemu(args: Args, config: Config) -> None:
             log=False,
             foreground=True,
             sandbox=config.sandbox(binary=None, network=True, devices=True, relaxed=True),
-            scope=scope_cmd(name=name, description=f"mkosi Virtual Machine {name}"),
+            scope=scope_cmd(
+                name=name,
+                description=f"mkosi Virtual Machine {name}",
+                properties=config.unit_properties,
+            ),
         ) as (proc, innerpid):
             # We have to close these before we wait for qemu otherwise we'll deadlock as qemu will never exit.
             for fd in qemu_device_fds.values():
diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md
index c0eff6cc3..7e52a7d82 100644
--- a/mkosi/resources/mkosi.md
+++ b/mkosi/resources/mkosi.md
@@ -1879,6 +1879,13 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`,
   they were mounted to when running the build script when using `mkosi
   boot` or `mkosi qemu`.
 
+`UnitProperties=`, `--unit-property=`
+
+: Configure systemd unit properties to add to the systemd scopes
+  allocated when using `mkosi boot` or `mkosi qemu`. These are passed
+  directly to the `--property` options of `systemd-nspawn` and
+  `systemd-run` respectively.
+
 `SshKey=`, `--ssh-key=`
 
 : Path to the X509 private key in PEM format to use to connect to a
diff --git a/tests/test_json.py b/tests/test_json.py
index e503db046..a759ecf0b 100644
--- a/tests/test_json.py
+++ b/tests/test_json.py
@@ -331,6 +331,9 @@ def test_config() -> None:
                 "abc"
             ],
             "UnifiedKernelImages": "auto",
+            "UnitProperties": [
+                "PROPERTY=VALUE"
+            ],
             "UseSubvolumes": "auto",
             "VerityCertificate": "/path/to/cert",
             "VerityKey": null,
@@ -488,6 +491,7 @@ def test_config() -> None:
         tools_tree_release=None,
         tools_tree_repositories=["abc"],
         unified_kernel_images=ConfigFeature.auto,
+        unit_properties=["PROPERTY=VALUE"],
         use_subvolumes=ConfigFeature.auto,
         verity_certificate=Path("/path/to/cert"),
         verity_key=None,
-- 
2.47.2