nixpkgs/nixos/modules/services/system/cachix-watch-store.nix
Jade Lovelace 6c5ab28fce nixos: fix a bunch of services missing dep on network-online.target
This was done by generating a truly hilarious configuration:

rg 'services\.[^.]+\.enable\t' opts-tags | cut -f1 > allonconfig.nix

The following were not tested due to other evaluation errors. They
should probably be manually audited.
services.amule
services.castopod
services.ceph
services.chatgpt-retrieval-plugin
services.clamsmtp
services.clight
services.dante
services.dex
services.discourse
services.dwm-status
services.engelsystem
services.foundationdb
services.frigate
services.frp
services.grocy
services.guacamole-client
services.hedgedoc
services.home-assistant
services.honk
services.imaginary
services.jitsi-meet
services.kerberos_server
services.limesurvey
services.mastodon
services.mediawiki
services.mobilizon
services.moodle
services.mosquitto
services.nextcloud
services.nullmailer
services.patroni
services.pfix-srsd
services.pgpkeyserver-lite
services.postfixadmin
services.roundcube
services.schleuder
services.self-deploy
services.slskd
services.spacecookie
services.statsd
services.step-ca
services.sympa
services.tsmBackup
services.vdirsyncer
services.vikunja
services.yandex-disk
services.zabbixWeb
2024-01-19 00:11:34 -08:00

99 lines
3.1 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.cachix-watch-store;
in
{
meta.maintainers = [ lib.maintainers.jfroche lib.maintainers.domenkozar ];
options.services.cachix-watch-store = {
enable = mkEnableOption (lib.mdDoc "Cachix Watch Store: https://docs.cachix.org");
cacheName = mkOption {
type = types.str;
description = lib.mdDoc "Cachix binary cache name";
};
cachixTokenFile = mkOption {
type = types.path;
description = lib.mdDoc ''
Required file that needs to contain the cachix auth token.
'';
};
signingKeyFile = mkOption {
type = types.nullOr types.path;
description = lib.mdDoc ''
Optional file containing a self-managed signing key to sign uploaded store paths.
'';
default = null;
};
compressionLevel = mkOption {
type = types.nullOr types.int;
description = lib.mdDoc "The compression level for ZSTD compression (between 0 and 16)";
default = null;
};
jobs = mkOption {
type = types.nullOr types.int;
description = lib.mdDoc "Number of threads used for pushing store paths";
default = null;
};
host = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc "Cachix host to connect to";
};
verbose = mkOption {
type = types.bool;
description = lib.mdDoc "Enable verbose output";
default = false;
};
package = mkPackageOption pkgs "cachix" { };
};
config = mkIf cfg.enable {
systemd.services.cachix-watch-store-agent = {
description = "Cachix watch store Agent";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [ config.nix.package ];
wantedBy = [ "multi-user.target" ];
unitConfig = {
# allow to restart indefinitely
StartLimitIntervalSec = 0;
};
serviceConfig = {
# don't put too much stress on the machine when restarting
RestartSec = 1;
# we don't want to kill children processes as those are deployments
KillMode = "process";
Restart = "on-failure";
DynamicUser = true;
LoadCredential = [
"cachix-token:${toString cfg.cachixTokenFile}"
]
++ lib.optional (cfg.signingKeyFile != null) "signing-key:${toString cfg.signingKeyFile}";
};
script =
let
command = [ "${cfg.package}/bin/cachix" ]
++ (lib.optional cfg.verbose "--verbose") ++ (lib.optionals (cfg.host != null) [ "--host" cfg.host ])
++ [ "watch-store" ] ++ (lib.optionals (cfg.compressionLevel != null) [ "--compression-level" (toString cfg.compressionLevel) ])
++ (lib.optionals (cfg.jobs != null) [ "--jobs" (toString cfg.jobs) ]) ++ [ cfg.cacheName ];
in
''
export CACHIX_AUTH_TOKEN="$(<"$CREDENTIALS_DIRECTORY/cachix-token")"
${lib.optionalString (cfg.signingKeyFile != null) ''export CACHIX_SIGNING_KEY="$(<"$CREDENTIALS_DIRECTORY/signing-key")"''}
${lib.escapeShellArgs command}
'';
};
};
}