nixos/modules/services/development/distccd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / development / distccd.nix
at 25.11-pre 4.7 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7let
  8  cfg = config.services.distccd;
  9in
 10{
 11  options = {
 12    services.distccd = {
 13      enable = lib.mkEnableOption "distccd, a distributed C/C++ compiler";
 14
 15      allowedClients = lib.mkOption {
 16        type = lib.types.listOf lib.types.str;
 17        default = [ "127.0.0.1" ];
 18        example = [
 19          "127.0.0.1"
 20          "192.168.0.0/24"
 21          "10.0.0.0/24"
 22        ];
 23        description = ''
 24          Client IPs which are allowed to connect to distccd in CIDR notation.
 25
 26          Anyone who can connect to the distccd server can run arbitrary
 27          commands on that system as the distcc user, therefore you should use
 28          this judiciously.
 29        '';
 30      };
 31
 32      jobTimeout = lib.mkOption {
 33        type = lib.types.nullOr lib.types.int;
 34        default = null;
 35        description = ''
 36          Maximum duration, in seconds, of a single compilation request.
 37        '';
 38      };
 39
 40      logLevel = lib.mkOption {
 41        type = lib.types.nullOr (
 42          lib.types.enum [
 43            "critical"
 44            "error"
 45            "warning"
 46            "notice"
 47            "info"
 48            "debug"
 49          ]
 50        );
 51        default = "warning";
 52        description = ''
 53          Set the minimum severity of error that will be included in the log
 54          file. Useful if you only want to see error messages rather than an
 55          entry for each connection.
 56        '';
 57      };
 58
 59      maxJobs = lib.mkOption {
 60        type = lib.types.nullOr lib.types.int;
 61        default = null;
 62        description = ''
 63          Maximum number of tasks distccd should execute at lib.any time.
 64        '';
 65      };
 66
 67      nice = lib.mkOption {
 68        type = lib.types.nullOr lib.types.int;
 69        default = null;
 70        description = ''
 71          Niceness of the compilation tasks.
 72        '';
 73      };
 74
 75      openFirewall = lib.mkOption {
 76        type = lib.types.bool;
 77        default = false;
 78        description = ''
 79          Opens the specified TCP port for distcc.
 80        '';
 81      };
 82
 83      package = lib.mkPackageOption pkgs "distcc" { };
 84
 85      port = lib.mkOption {
 86        type = lib.types.port;
 87        default = 3632;
 88        description = ''
 89          The TCP port which distccd will listen on.
 90        '';
 91      };
 92
 93      stats = {
 94        enable = lib.mkEnableOption "statistics reporting via HTTP server";
 95        port = lib.mkOption {
 96          type = lib.types.port;
 97          default = 3633;
 98          description = ''
 99            The TCP port which the distccd statistics HTTP server will listen
100            on.
101          '';
102        };
103      };
104
105      zeroconf = lib.mkOption {
106        type = lib.types.bool;
107        default = false;
108        description = ''
109          Whether to register via mDNS/DNS-SD
110        '';
111      };
112    };
113  };
114
115  config = lib.mkIf cfg.enable {
116    networking.firewall = lib.mkIf cfg.openFirewall {
117      allowedTCPPorts = [ cfg.port ] ++ lib.optionals cfg.stats.enable [ cfg.stats.port ];
118    };
119
120    systemd.services.distccd = {
121      after = [ "network.target" ];
122      wantedBy = [ "multi-user.target" ];
123
124      description = "Distributed C, C++ and Objective-C compiler";
125      documentation = [ "man:distccd(1)" ];
126
127      serviceConfig = {
128        User = "distcc";
129        Group = "distcc";
130        # FIXME: I'd love to get rid of `--enable-tcp-insecure` here, but I'm
131        # not sure how I'm supposed to get distccd to "accept" running a binary
132        # (the compiler) that's outside of /usr/lib.
133        ExecStart = pkgs.writeShellScript "start-distccd" ''
134          export PATH="${pkgs.distccMasquerade}/bin"
135          ${cfg.package}/bin/distccd \
136            --no-detach \
137            --daemon \
138            --enable-tcp-insecure \
139            --port ${toString cfg.port} \
140            ${lib.optionalString (cfg.jobTimeout != null) "--job-lifetime ${toString cfg.jobTimeout}"} \
141            ${lib.optionalString (cfg.logLevel != null) "--log-level ${cfg.logLevel}"} \
142            ${lib.optionalString (cfg.maxJobs != null) "--jobs ${toString cfg.maxJobs}"} \
143            ${lib.optionalString (cfg.nice != null) "--nice ${toString cfg.nice}"} \
144            ${lib.optionalString cfg.stats.enable "--stats"} \
145            ${lib.optionalString cfg.stats.enable "--stats-port ${toString cfg.stats.port}"} \
146            ${lib.optionalString cfg.zeroconf "--zeroconf"} \
147            ${lib.concatMapStrings (c: "--allow ${c} ") cfg.allowedClients}
148        '';
149      };
150    };
151
152    users = {
153      groups.distcc.gid = config.ids.gids.distcc;
154      users.distcc = {
155        description = "distccd user";
156        group = "distcc";
157        uid = config.ids.uids.distcc;
158      };
159    };
160  };
161}