modules/nixos/services/guix: add Guix binary installation service

2025-02-07 12:19:07 +00:00 · 2022-01-19 09:53:55 +08:00 · 2022-01-19 09:53:55 +08:00 · 0f31e8b361
commit 0f31e8b361
parent f5ba9bf0cb
1 changed files with 101 additions and 0 deletions
--- a/modules/nixos/services/guix.nix
+++ b/modules/nixos/services/guix.nix
@ -0,0 +1,101 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.guix;
+
+  buildGuixUser = i: {
+    "guixbuilder${builtins.toString i}" = {
+      group = "guixbuild";
+      extraGroups = [ "guixbuild" ];
+      home = "/var/empty";
+      shell = pkgs.nologin;
+      description = "Guix build user ${builtins.toString i}";
+      isSystemUser = true;
+    };
+  };
+in {
+  options.services.guix = {
+    enable = lib.mkEnableOption "GNU Guix package manager";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.guix-binary;
+      defaultText = "pkgs.guix";
+      description = "Package that contains the guix binary and initial store.";
+    };
+  };
+
+  config = lib.mkIf (cfg.enable) {
+    environment.systemPackages = [ pkgs.guix-binary ];
+
+    users = {
+      extraUsers = lib.fold (a: b: a // b) { }
+        (builtins.map buildGuixUser (lib.range 1 10));
+      extraGroups.guixbuild = { name = "guixbuild"; };
+    };
+
+    # /root/.config/guix/current/lib/systemd/system/guix-daemon.service
+    systemd.services.guix-daemon = {
+      enable = true;
+      description = "Build daemon for GNU Guix";
+      serviceConfig = {
+        ExecStart =
+          "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild";
+        Environment = [
+          "GUIX_LOCPATH=/var/guix/profiles/per-user/root/guix-profile/lib/locale"
+          "LC_ALL=en_US.utf8"
+        ];
+        RemainAfterExit = "yes";
+
+        # See <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00608.html>.
+        # Some package builds (for example, go@1.8.1) may require even more than
+        # 1024 tasks.
+        TasksMax = "8192";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+
+    system.activationScripts.guix = ''
+      # copy initial /gnu/store
+      if [ ! -d /gnu/store ]
+      then
+        mkdir -p /gnu
+        cp -ra ${cfg.package.store}/gnu/store /gnu/
+      fi
+
+      # copy initial /var/guix content
+      if [ ! -d /var/guix ]
+      then
+        mkdir -p /var
+        cp -ra ${cfg.package.var}/var/guix /var/
+      fi
+
+      # root profile
+      if [ ! -d ~root/.config/guix ]
+      then
+        mkdir -p ~root/.config/guix
+        ln -sf /var/guix/profiles/per-user/root/current-guix \
+          ~root/.config/guix/current
+      fi
+
+      # authorize substitutes
+      GUIX_PROFILE="`echo ~root`/.config/guix/current"; \
+      source $GUIX_PROFILE/etc/profile
+      guix archive --authorize < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
+      # probably enable after next stable release
+      # guix archive --authorize < ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
+    '';
+
+    # you need to relogin for these to execute
+    environment.shellInit = ''
+      # Make the Guix command available to users
+      export PATH="/var/guix/profiles/per-user/root/current-guix/bin:$PATH"
+
+      export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
+      export PATH="$HOME/.guix-profile/bin:$PATH"
+      export INFOPATH="$HOME/.guix-profile/share/info:$INFOPATH"
+
+      export GUIX_PROFILE="$HOME/.config/guix/current"
+      test -f $GUIX_PROFILE/etc/profile && . "$GUIX_PROFILE/etc/profile"
+    '';
+  };
+}