pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.nix-serve;
7in
8{
9 options = {
10 services.nix-serve = {
11 enable = mkEnableOption "nix-serve, the standalone Nix binary cache server";
12
13 port = mkOption {
14 type = types.int;
15 default = 5000;
16 description = ''
17 Port number where nix-serve will listen on.
18 '';
19 };
20
21 bindAddress = mkOption {
22 type = types.str;
23 default = "0.0.0.0";
24 description = ''
25 IP address where nix-serve will bind its listening socket.
26 '';
27 };
28
29 secretKeyFile = mkOption {
30 type = types.nullOr types.str;
31 default = null;
32 description = ''
33 The path to the file used for signing derivation data.
34 Generate with:
35
36 ```
37 nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
38 ```
39
40 Make sure user `nix-serve` has read access to the private key file.
41
42 For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
43 '';
44 };
45
46 extraParams = mkOption {
47 type = types.separatedString " ";
48 default = "";
49 description = ''
50 Extra command line parameters for nix-serve.
51 '';
52 };
53 };
54 };
55
56 config = mkIf cfg.enable {
57 systemd.services.nix-serve = {
58 description = "nix-serve binary cache server";
59 after = [ "network.target" ];
60 wantedBy = [ "multi-user.target" ];
61
62 path = [ config.nix.package.out pkgs.bzip2.bin ];
63 environment.NIX_REMOTE = "daemon";
64 environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
65
66 serviceConfig = {
67 Restart = "always";
68 RestartSec = "5s";
69 ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
70 "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
71 User = "nix-serve";
72 Group = "nogroup";
73 };
74 };
75
76 users.users.nix-serve = {
77 description = "Nix-serve user";
78 uid = config.ids.uids.nix-serve;
79 };
80 };
81}