pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / icecream / daemon.nix
at 25.11-pre 4.3 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8with lib; 9 10let 11 cfg = config.services.icecream.daemon; 12in 13{ 14 15 ###### interface 16 17 options = { 18 19 services.icecream.daemon = { 20 21 enable = mkEnableOption "Icecream Daemon"; 22 23 openFirewall = mkOption { 24 type = types.bool; 25 description = '' 26 Whether to automatically open receive port in the firewall. 27 ''; 28 }; 29 30 openBroadcast = mkOption { 31 type = types.bool; 32 description = '' 33 Whether to automatically open the firewall for scheduler discovery. 34 ''; 35 }; 36 37 cacheLimit = mkOption { 38 type = types.ints.u16; 39 default = 256; 40 description = '' 41 Maximum size in Megabytes of cache used to store compile environments of compile clients. 42 ''; 43 }; 44 45 netName = mkOption { 46 type = types.str; 47 default = "ICECREAM"; 48 description = '' 49 Network name to connect to. A scheduler with the same name needs to be running. 50 ''; 51 }; 52 53 noRemote = mkOption { 54 type = types.bool; 55 default = false; 56 description = '' 57 Prevent jobs from other nodes being scheduled on this daemon. 58 ''; 59 }; 60 61 schedulerHost = mkOption { 62 type = types.nullOr types.str; 63 default = null; 64 description = '' 65 Explicit scheduler hostname, useful in firewalled environments. 66 67 Uses scheduler autodiscovery via broadcast if set to null. 68 ''; 69 }; 70 71 maxProcesses = mkOption { 72 type = types.nullOr types.ints.u16; 73 default = null; 74 description = '' 75 Maximum number of compile jobs started in parallel for this daemon. 76 77 Uses the number of CPUs if set to null. 78 ''; 79 }; 80 81 nice = mkOption { 82 type = types.int; 83 default = 5; 84 description = '' 85 The level of niceness to use. 86 ''; 87 }; 88 89 hostname = mkOption { 90 type = types.nullOr types.str; 91 default = null; 92 description = '' 93 Hostname of the daemon in the icecream infrastructure. 94 95 Uses the hostname retrieved via uname if set to null. 96 ''; 97 }; 98 99 user = mkOption { 100 type = types.str; 101 default = "icecc"; 102 description = '' 103 User to run the icecream daemon as. Set to root to enable receive of 104 remote compile environments. 105 ''; 106 }; 107 108 package = mkPackageOption pkgs "icecream" { }; 109 110 extraArgs = mkOption { 111 type = types.listOf types.str; 112 default = [ ]; 113 description = "Additional command line parameters."; 114 example = [ "-v" ]; 115 }; 116 }; 117 }; 118 119 ###### implementation 120 121 config = mkIf cfg.enable { 122 networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 10245 ]; 123 networking.firewall.allowedUDPPorts = mkIf cfg.openBroadcast [ 8765 ]; 124 125 systemd.services.icecc-daemon = { 126 description = "Icecream compile daemon"; 127 after = [ "network.target" ]; 128 wantedBy = [ "multi-user.target" ]; 129 130 serviceConfig = { 131 ExecStart = escapeShellArgs ( 132 [ 133 "${getBin cfg.package}/bin/iceccd" 134 "-b" 135 "$STATE_DIRECTORY" 136 "-u" 137 "icecc" 138 (toString cfg.nice) 139 ] 140 ++ optionals (cfg.schedulerHost != null) [ 141 "-s" 142 cfg.schedulerHost 143 ] 144 ++ optionals (cfg.netName != null) [ 145 "-n" 146 cfg.netName 147 ] 148 ++ optionals (cfg.cacheLimit != null) [ 149 "--cache-limit" 150 (toString cfg.cacheLimit) 151 ] 152 ++ optionals (cfg.maxProcesses != null) [ 153 "-m" 154 (toString cfg.maxProcesses) 155 ] 156 ++ optionals (cfg.hostname != null) [ 157 "-N" 158 (cfg.hostname) 159 ] 160 ++ optional cfg.noRemote "--no-remote" 161 ++ cfg.extraArgs 162 ); 163 DynamicUser = true; 164 User = "icecc"; 165 Group = "icecc"; 166 StateDirectory = "icecc"; 167 RuntimeDirectory = "icecc"; 168 AmbientCapabilities = "CAP_SYS_CHROOT"; 169 CapabilityBoundingSet = "CAP_SYS_CHROOT"; 170 }; 171 }; 172 }; 173 174 meta.maintainers = with lib.maintainers; [ emantor ]; 175}