pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.nix-serve;
7in
8{
9 options = {
10 services.nix-serve = {
11 enable = mkEnableOption "nix-serve, the standalone Nix binary cache server";
12
13 port = mkOption {
14 type = types.int;
15 default = 5000;
16 description = ''
17 Port number where nix-serve will listen on.
18 '';
19 };
20
21 bindAddress = mkOption {
22 type = types.string;
23 default = "0.0.0.0";
24 description = ''
25 IP address where nix-serve will bind its listening socket.
26 '';
27 };
28
29 secretKeyFile = mkOption {
30 type = types.nullOr types.str;
31 default = null;
32 description = ''
33 The path to the file used for signing derivation data.
34 '';
35 };
36
37 extraParams = mkOption {
38 type = types.string;
39 default = "";
40 description = ''
41 Extra command line parameters for nix-serve.
42 '';
43 };
44 };
45 };
46
47 config = mkIf cfg.enable {
48 systemd.services.nix-serve = {
49 description = "nix-serve binary cache server";
50 after = [ "network.target" ];
51 wantedBy = [ "multi-user.target" ];
52
53 path = [ config.nix.package.out pkgs.bzip2.bin ];
54 environment.NIX_REMOTE = "daemon";
55 environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
56
57 serviceConfig = {
58 ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
59 "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
60 User = "nix-serve";
61 Group = "nogroup";
62 };
63 };
64
65 users.extraUsers.nix-serve = {
66 description = "Nix-serve user";
67 uid = config.ids.uids.nix-serve;
68 };
69 };
70}