nixos/modules/services/misc/rebuilderd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / misc / rebuilderd.nix

at 25.11-pre 1.3 kB view raw

 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7
 8let
 9  inherit (lib) mkEnableOption mkIf mkPackageOption;
10  cfg = config.services.rebuilderd;
11
12  format = pkgs.formats.toml { };
13  settings = lib.attrsets.filterAttrs (n: v: v != null) cfg.settings;
14  configFile = format.generate "rebuilderd.conf" settings;
15in
16{
17  options.services.rebuilderd = {
18    enable = mkEnableOption "rebuilderd service for independent verification of binary packages";
19    package = mkPackageOption pkgs "rebuilderd" { };
20    settings = lib.mkOption {
21      type = lib.types.submodule {
22        freeformType = format.type;
23      };
24      default = { };
25      description = ''
26        Configuration for rebuilderd (rebuilderd.conf)
27      '';
28    };
29  };
30
31  config = mkIf cfg.enable {
32    systemd.services.rebuilderd = {
33      description = "Independent verification of binary packages";
34      wantedBy = [ "multi-user.target" ];
35      environment = {
36        REBUILDERD_COOKIE_PATH = "/var/lib/rebuilderd/auth-cookie";
37      };
38      after = [
39        "network.target"
40      ];
41      serviceConfig = {
42        ExecStart = "${cfg.package}/bin/rebuilderd --config ${configFile}";
43        DynamicUser = true;
44        StateDirectory = "rebuilderd";
45        WorkingDirectory = "/var/lib/rebuilderd";
46      };
47    };
48  };
49}