mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/users/flokli/nixos/nixos-tvix-cache/nar-bridge-module.nix
Florian Klink b12ea8d786 fix(users/flokli/nixos-tvix-cache): use escapeSystemdExecArgs 
escapeSystemdExecArgs is the function that should be used to escape
Exec* service lines.

See a72b1b3c65/nixos/lib/utils.nix (L122-L128)

Reported-By: matrix:u/lukas:luflosi.de
Change-Id: Ia3a628db221a30310154c060a6e29ccb2c94c352
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12930
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2024-12-30 10:30:04 +00:00

76 lines
1.6 KiB
Nix
Raw Blame History

{ config
, lib
, utils
, pkgs
, depot
, ...
}:
let
cfg = config.services.nar-bridge;
package = depot.tvix.nar-bridge.override (old: {
features = old.features or [ "default" ] ++ [ "xp-store-composition-cli" ];
runTests = true;
});
storeCompositionFormat = pkgs.formats.toml { };
storeCompositionFile = storeCompositionFormat.generate "store-composition.toml" cfg.settings;
args = [
"--listen-address"
"sd-listen"
"--experimental-store-composition"
storeCompositionFile
];
in
{
options = {
services.nar-bridge = {
enable = lib.mkEnableOption "nar-bridge service";
settings = lib.mkOption {
type = storeCompositionFormat.type;
default = { };
};
};
};
config = lib.mkIf cfg.enable {
users.users.nar-bridge = {
isSystemUser = true;
group = "nar-bridge";
};
users.groups.nar-bridge = { };
systemd.sockets.nar-bridge = {
description = "nar-bridge socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
LimitNOFILE = 65535;
ListenStream = "/run/nar-bridge.sock";
SocketMode = "0666";
SocketUser = "root";
};
};
systemd.services.nar-bridge = {
description = "NAR Bridge";
requires = [ "nar-bridge.socket" ];
after = [ "nar-bridge.socket" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${package}/bin/nar-bridge ${utils.escapeSystemdExecArgs args}";
Restart = "always";
RestartSec = "10";
User = "nar-bridge";
Group = "nar-bridge";
StateDirectory = "nar-bridge";
};
};
};
}
Reference in a new issue View git blame Copy permalink