nixos/modules/services/system/cachix-watch-store.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / system / cachix-watch-store.nix
at 23.11-pre 2.8 kB view raw
 1{ config, pkgs, lib, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.cachix-watch-store;
 7in
 8{
 9  meta.maintainers = [ lib.maintainers.jfroche lib.maintainers.domenkozar ];
10
11  options.services.cachix-watch-store = {
12    enable = mkEnableOption (lib.mdDoc "Cachix Watch Store: https://docs.cachix.org");
13
14    cacheName = mkOption {
15      type = types.str;
16      description = lib.mdDoc "Cachix binary cache name";
17    };
18
19    cachixTokenFile = mkOption {
20      type = types.path;
21      description = lib.mdDoc ''
22        Required file that needs to contain the cachix auth token.
23      '';
24    };
25
26    compressionLevel = mkOption {
27      type = types.nullOr types.int;
28      description = lib.mdDoc "The compression level for ZSTD compression (between 0 and 16)";
29      default = null;
30    };
31
32    jobs = mkOption {
33      type = types.nullOr types.int;
34      description = lib.mdDoc "Number of threads used for pushing store paths";
35      default = null;
36    };
37
38    host = mkOption {
39      type = types.nullOr types.str;
40      default = null;
41      description = lib.mdDoc "Cachix host to connect to";
42    };
43
44    verbose = mkOption {
45      type = types.bool;
46      description = lib.mdDoc "Enable verbose output";
47      default = false;
48    };
49
50    package = mkOption {
51      type = types.package;
52      default = pkgs.cachix;
53      defaultText = literalExpression "pkgs.cachix";
54      description = lib.mdDoc "Cachix Client package to use.";
55    };
56
57  };
58
59  config = mkIf cfg.enable {
60    systemd.services.cachix-watch-store-agent = {
61      description = "Cachix watch store Agent";
62      after = [ "network-online.target" ];
63      path = [ config.nix.package ];
64      wantedBy = [ "multi-user.target" ];
65      unitConfig = {
66        # allow to restart indefinitely
67        StartLimitIntervalSec = 0;
68      };
69      serviceConfig = {
70        # don't put too much stress on the machine when restarting
71        RestartSec = 1;
72        # we don't want to kill children processes as those are deployments
73        KillMode = "process";
74        Restart = "on-failure";
75        DynamicUser = true;
76        LoadCredential = [
77          "cachix-token:${toString cfg.cachixTokenFile}"
78        ];
79      };
80      script =
81        let
82          command = [ "${cfg.package}/bin/cachix" ]
83            ++ (lib.optional cfg.verbose "--verbose") ++ (lib.optionals (cfg.host != null) [ "--host" cfg.host ])
84            ++ [ "watch-store" ] ++ (lib.optionals (cfg.compressionLevel != null) [ "--compression-level" (toString cfg.compressionLevel) ])
85            ++ (lib.optionals (cfg.jobs != null) [ "--jobs" (toString cfg.jobs) ]) ++ [ cfg.cacheName ];
86        in
87        ''
88          export CACHIX_AUTH_TOKEN="$(<"$CREDENTIALS_DIRECTORY/cachix-token")"
89          ${lib.escapeShellArgs command}
90        '';
91    };
92  };
93}