9 cfg = config.services.cockroachdb;
12 startupCommand = utils.escapeSystemdExecArgs (
15 "${crdb}/bin/cockroach"
18 "--store=/var/lib/cockroachdb"
21 "--http-addr=${cfg.http.address}:${toString cfg.http.port}"
23 # Cluster listen address
24 "--listen-addr=${cfg.listen.address}:${toString cfg.listen.port}"
26 # Cache and memory settings.
27 "--cache=${cfg.cache}"
28 "--max-sql-memory=${cfg.maxSqlMemory}"
30 # Certificate/security settings.
31 (if cfg.insecure then "--insecure" else "--certs-dir=${cfg.certsDir}")
33 ++ lib.optional (cfg.join != null) "--join=${cfg.join}"
34 ++ lib.optional (cfg.locality != null) "--locality=${cfg.locality}"
38 addressOption = descr: defaultPort: {
39 address = lib.mkOption {
41 default = "localhost";
42 description = "Address to bind to for ${descr}";
46 type = lib.types.port;
47 default = defaultPort;
48 description = "Port to bind to for ${descr}";
55 services.cockroachdb = {
56 enable = lib.mkEnableOption "CockroachDB Server";
58 listen = addressOption "intra-cluster communication" 26257;
60 http = addressOption "http-based Admin UI" 8080;
62 locality = lib.mkOption {
63 type = lib.types.nullOr lib.types.str;
66 An ordered, comma-separated list of key-value pairs that describe the
67 topography of the machine. Topography might include country,
68 datacenter or rack designations. Data is automatically replicated to
69 maximize diversities of each tier. The order of tiers is used to
70 determine the priority of the diversity, so the more inclusive
71 localities like country should come before less inclusive localities
72 like datacenter. The tiers and order must be the same on all nodes.
73 Including more tiers is better than including fewer. For example:
76 country=us,region=us-west,datacenter=us-west-1b,rack=12
77 country=ca,region=ca-east,datacenter=ca-east-2,rack=4
79 planet=earth,province=manitoba,colo=secondary,power=3
85 type = lib.types.nullOr lib.types.str;
87 description = "The addresses for connecting the node to a cluster.";
90 insecure = lib.mkOption {
91 type = lib.types.bool;
93 description = "Run in insecure mode.";
96 certsDir = lib.mkOption {
97 type = lib.types.nullOr lib.types.path;
99 description = "The path to the certificate directory.";
102 user = lib.mkOption {
103 type = lib.types.str;
104 default = "cockroachdb";
105 description = "User account under which CockroachDB runs";
108 group = lib.mkOption {
109 type = lib.types.str;
110 default = "cockroachdb";
111 description = "User account under which CockroachDB runs";
114 openPorts = lib.mkOption {
115 type = lib.types.bool;
117 description = "Open firewall ports for cluster communication by default";
120 cache = lib.mkOption {
121 type = lib.types.str;
124 The total size for caches.
126 This can be a percentage, expressed with a fraction sign or as a
127 decimal-point number, or any bytes-based unit. For example,
128 `"25%"`, `"0.25"` both represent
129 25% of the available system memory. The values
130 `"1000000000"` and `"1GB"` both
131 represent 1 gigabyte of memory.
136 maxSqlMemory = lib.mkOption {
137 type = lib.types.str;
140 The maximum in-memory storage capacity available to store temporary
141 data for SQL queries.
143 This can be a percentage, expressed with a fraction sign or as a
144 decimal-point number, or any bytes-based unit. For example,
145 `"25%"`, `"0.25"` both represent
146 25% of the available system memory. The values
147 `"1000000000"` and `"1GB"` both
148 represent 1 gigabyte of memory.
152 package = lib.mkPackageOption pkgs "cockroachdb" {
153 extraDescription = ''
154 This would primarily be useful to enable Enterprise Edition features
155 in your own custom CockroachDB build (Nixpkgs CockroachDB binaries
156 only contain open source features and open source code).
160 extraArgs = lib.mkOption {
161 type = lib.types.listOf lib.types.str;
168 Extra CLI arguments passed to {command}`cockroach start`.
169 For the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags>
175 config = lib.mkIf config.services.cockroachdb.enable {
178 assertion = !cfg.insecure -> cfg.certsDir != null;
179 message = "CockroachDB must have a set of SSL certificates (.certsDir), or run in Insecure Mode (.insecure = true)";
183 environment.systemPackages = [ crdb ];
185 users.users = lib.optionalAttrs (cfg.user == "cockroachdb") {
187 description = "CockroachDB Server User";
188 uid = config.ids.uids.cockroachdb;
193 users.groups = lib.optionalAttrs (cfg.group == "cockroachdb") {
194 cockroachdb.gid = config.ids.gids.cockroachdb;
197 networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts [
202 systemd.services.cockroachdb = {
203 description = "CockroachDB Server";
206 "https://www.cockroachlabs.com"
213 requires = [ "time-sync.target" ];
214 wantedBy = [ "multi-user.target" ];
216 unitConfig.RequiresMountsFor = "/var/lib/cockroachdb";
219 ExecStart = startupCommand;
222 StateDirectory = "cockroachdb";
223 StateDirectoryMode = "0700";
227 # A conservative-ish timeout is alright here, because for Type=notify
228 # cockroach will send systemd pings during startup to keep it alive
235 meta.maintainers = with lib.maintainers; [ thoughtpolice ];