nixos/modules/services/system/cachix-watch-store.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / system / cachix-watch-store.nix
at 23.05-pre 2.6 kB view raw
 1{ config, pkgs, lib, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.cachix-watch-store;
 7in
 8{
 9  meta.maintainers = [ lib.maintainers.jfroche lib.maintainers.domenkozar ];
10
11  options.services.cachix-watch-store = {
12    enable = mkEnableOption (lib.mdDoc "Cachix Watch Store: https://docs.cachix.org");
13
14    cacheName = mkOption {
15      type = types.str;
16      description = lib.mdDoc "Cachix binary cache name";
17    };
18
19    cachixTokenFile = mkOption {
20      type = types.path;
21      description = lib.mdDoc ''
22        Required file that needs to contain the cachix auth token.
23      '';
24    };
25
26    compressionLevel = mkOption {
27      type = types.nullOr types.int;
28      description = lib.mdDoc "The compression level for XZ compression (between 0 and 9)";
29      default = null;
30    };
31
32    jobs = mkOption {
33      type = types.nullOr types.int;
34      description = lib.mdDoc "Number of threads used for pushing store paths";
35      default = null;
36    };
37
38    host = mkOption {
39      type = types.nullOr types.str;
40      default = null;
41      description = lib.mdDoc "Cachix host to connect to";
42    };
43
44    verbose = mkOption {
45      type = types.bool;
46      description = lib.mdDoc "Enable verbose output";
47      default = false;
48    };
49
50    package = mkOption {
51      type = types.package;
52      default = pkgs.cachix;
53      defaultText = literalExpression "pkgs.cachix";
54      description = lib.mdDoc "Cachix Client package to use.";
55    };
56
57  };
58
59  config = mkIf cfg.enable {
60    systemd.services.cachix-watch-store-agent = {
61      description = "Cachix watch store Agent";
62      after = [ "network-online.target" ];
63      path = [ config.nix.package ];
64      wantedBy = [ "multi-user.target" ];
65      serviceConfig = {
66        # we don't want to kill children processes as those are deployments
67        KillMode = "process";
68        Restart = "on-failure";
69        DynamicUser = true;
70        LoadCredential = [
71          "cachix-token:${toString cfg.cachixTokenFile}"
72        ];
73      };
74      script =
75        let
76          command = [ "${cfg.package}/bin/cachix" ]
77            ++ (lib.optional cfg.verbose "--verbose") ++ (lib.optionals (cfg.host != null) [ "--host" cfg.host ])
78            ++ [ "watch-store" ] ++ (lib.optionals (cfg.compressionLevel != null) [ "--compression-level" (toString cfg.compressionLevel) ])
79            ++ (lib.optionals (cfg.jobs != null) [ "--jobs" (toString cfg.jobs) ]) ++ [ cfg.cacheName ];
80        in
81        ''
82          export CACHIX_AUTH_TOKEN="$(<"$CREDENTIALS_DIRECTORY/cachix-token")"
83          ${lib.escapeShellArgs command}
84        '';
85    };
86  };
87}