| blob | 789ff377bbaf28933da6ae5bb51106f6fb7c46b0 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 with lib;
10 let
11 cfg = config.services.icecream.daemon;
12 in
13 {
15 ###### interface
17 options = {
19 services.icecream.daemon = {
21 enable = mkEnableOption "Icecream Daemon";
23 openFirewall = mkOption {
24 type = types.bool;
25 description = ''
26 Whether to automatically open receive port in the firewall.
27 '';
28 };
30 openBroadcast = mkOption {
31 type = types.bool;
32 description = ''
33 Whether to automatically open the firewall for scheduler discovery.
34 '';
35 };
37 cacheLimit = mkOption {
38 type = types.ints.u16;
39 default = 256;
40 description = ''
41 Maximum size in Megabytes of cache used to store compile environments of compile clients.
42 '';
43 };
45 netName = mkOption {
46 type = types.str;
47 default = "ICECREAM";
48 description = ''
49 Network name to connect to. A scheduler with the same name needs to be running.
50 '';
51 };
53 noRemote = mkOption {
54 type = types.bool;
55 default = false;
56 description = ''
57 Prevent jobs from other nodes being scheduled on this daemon.
58 '';
59 };
61 schedulerHost = mkOption {
62 type = types.nullOr types.str;
63 default = null;
64 description = ''
65 Explicit scheduler hostname, useful in firewalled environments.
67 Uses scheduler autodiscovery via broadcast if set to null.
68 '';
69 };
71 maxProcesses = mkOption {
72 type = types.nullOr types.ints.u16;
73 default = null;
74 description = ''
75 Maximum number of compile jobs started in parallel for this daemon.
77 Uses the number of CPUs if set to null.
78 '';
79 };
81 nice = mkOption {
82 type = types.int;
83 default = 5;
84 description = ''
85 The level of niceness to use.
86 '';
87 };
89 hostname = mkOption {
90 type = types.nullOr types.str;
91 default = null;
92 description = ''
93 Hostname of the daemon in the icecream infrastructure.
95 Uses the hostname retrieved via uname if set to null.
96 '';
97 };
99 user = mkOption {
100 type = types.str;
101 default = "icecc";
102 description = ''
103 User to run the icecream daemon as. Set to root to enable receive of
104 remote compile environments.
105 '';
106 };
108 package = mkPackageOption pkgs "icecream" { };
110 extraArgs = mkOption {
111 type = types.listOf types.str;
112 default = [ ];
113 description = "Additional command line parameters.";
114 example = [ "-v" ];
115 };
116 };
117 };
119 ###### implementation
121 config = mkIf cfg.enable {
122 networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 10245 ];
123 networking.firewall.allowedUDPPorts = mkIf cfg.openBroadcast [ 8765 ];
125 systemd.services.icecc-daemon = {
126 description = "Icecream compile daemon";
127 after = [ "network.target" ];
128 wantedBy = [ "multi-user.target" ];
130 serviceConfig = {
131 ExecStart = escapeShellArgs (
132 [
133 "${getBin cfg.package}/bin/iceccd"
134 "-b"
135 "$STATE_DIRECTORY"
136 "-u"
137 "icecc"
138 (toString cfg.nice)
139 ]
140 ++ optionals (cfg.schedulerHost != null) [
141 "-s"
142 cfg.schedulerHost
143 ]
144 ++ optionals (cfg.netName != null) [
145 "-n"
146 cfg.netName
147 ]
148 ++ optionals (cfg.cacheLimit != null) [
149 "--cache-limit"
150 (toString cfg.cacheLimit)
151 ]
152 ++ optionals (cfg.maxProcesses != null) [
153 "-m"
154 (toString cfg.maxProcesses)
155 ]
156 ++ optionals (cfg.hostname != null) [
157 "-N"
158 (cfg.hostname)
159 ]
160 ++ optional cfg.noRemote "--no-remote"
161 ++ cfg.extraArgs
162 );
163 DynamicUser = true;
164 User = "icecc";
165 Group = "icecc";
166 StateDirectory = "icecc";
167 RuntimeDirectory = "icecc";
168 AmbientCapabilities = "CAP_SYS_CHROOT";
169 CapabilityBoundingSet = "CAP_SYS_CHROOT";
170 };
171 };
172 };
174 meta.maintainers = with lib.maintainers; [ emantor ];
175 }