summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorOleg Pykhalov <go.wigust@gmail.com>2020-07-22 09:47:16 +0300
committerOleg Pykhalov <go.wigust@gmail.com>2020-07-22 22:10:11 +0300
commit4656180d5de1fef2846bea9af27ae509f32376ba (patch)
treec5e7ad1d82dd9e5283f46d344e8358781ee93655 /gnu/services
parentcc339cd98dfcf4eb41875aa990dac9c709300188 (diff)
services: nix: Fix sandbox.
* gnu/tests/package-management.scm: New file. * gnu/local.mk: Add this. * gnu/services/nix.scm (<nix-configuration>): New record. (nix-activation): Generate Nix config file which fixes sandbox. (nix-service-type): Add default value. (nix-shepherd-service): Allow provide Nix package. * doc/guix.texi (Miscellaneous Services)[Nix service]<nix-configuration>: Document record.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/nix.scm91
1 files changed, 59 insertions, 32 deletions
diff --git a/gnu/services/nix.scm b/gnu/services/nix.scm
index 3c0065207d..75b2df02dc 100644
--- a/gnu/services/nix.scm
+++ b/gnu/services/nix.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2019, 2020 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,7 +31,9 @@
#:use-module (guix store)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
+ #:use-module (ice-9 match)
#:use-module (ice-9 format)
+ #:use-module (guix modules)
#:export (nix-service-type))
;;; Commentary:
@@ -40,10 +42,17 @@
;;;
;;; Code:
-
-;;;
-;;; Accounts
-;;;
+(define-record-type* <nix-configuration>
+ nix-configuration make-nix-configuration
+ nix-configuration?
+ (package nix-configuration-package ;package
+ (default nix))
+ (sandbox nix-configuration-sandbox ;boolean
+ (default #t))
+ (build-sandbox-items nix-configuration-build-sandbox-items ;list of strings
+ (default '()))
+ (extra-config nix-configuration-extra-options ;list of strings
+ (default '())))
;; Copied from gnu/services/base.scm
(define* (nix-build-accounts count #:key
@@ -74,32 +83,50 @@ GID."
(id 40000))
(nix-build-accounts 10 #:group "nixbld")))
-(define (nix-activation _)
- "Return the activation gexp."
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils)
- (srfi srfi-26))
- (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
- "/nix/var/nix/gcroots/per-user"
- "/nix/var/nix/profiles/per-user"))
- (chown "/nix/store"
- (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
- (chmod "/nix/store" #o775)
- (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
- "/nix/var/nix/profiles/per-user")))))
+(define nix-activation
+ ;; Return the activation gexp.
+ (match-lambda
+ (($ <nix-configuration> package sandbox build-sandbox-items extra-config)
+ (with-imported-modules (source-module-closure
+ '((guix build store-copy)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 format)
+ (srfi srfi-1)
+ (srfi srfi-26))
+ (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
+ "/nix/var/nix/gcroots/per-user"
+ "/nix/var/nix/profiles/per-user"))
+ (chown "/nix/store"
+ (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
+ (chmod "/nix/store" #o775)
+ (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
+ "/nix/var/nix/profiles/per-user"))
+ (mkdir-p "/etc/nix")
+ (with-output-to-file "/etc/nix/nix.conf"
+ (lambda _
+ (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
+ ;; config.nix captures store file names.
+ (format #t "build-sandbox-paths = ~{~a ~}~%"
+ (append (append-map (cut call-with-input-file <> read)
+ '#$(map references-file
+ (list package)))
+ '#$build-sandbox-items))
+ (for-each (cut display <>) '#$extra-config))))))))
-(define (nix-shepherd-service _)
- "Return a <shepherd-service> for Nix."
- (list
- (shepherd-service
- (provision '(nix-daemon))
- (documentation "Run nix-daemon.")
- (requirement '())
- (start #~(make-forkexec-constructor
- (list (string-append #$nix "/bin/nix-daemon"))))
- (respawn? #f)
- (stop #~(make-kill-destructor)))))
+(define nix-shepherd-service
+ ;; Return a <shepherd-service> for Nix.
+ (match-lambda
+ (($ <nix-configuration> package _ ...)
+ (list
+ (shepherd-service
+ (provision '(nix-daemon))
+ (documentation "Run nix-daemon.")
+ (requirement '())
+ (start #~(make-forkexec-constructor
+ (list (string-append #$package "/bin/nix-daemon"))))
+ (respawn? #f)
+ (stop #~(make-kill-destructor)))))))
(define nix-service-type
(service-type
@@ -108,7 +135,7 @@ GID."
(list (service-extension shepherd-root-service-type nix-shepherd-service)
(service-extension account-service-type nix-accounts)
(service-extension activation-service-type nix-activation)))
- (default-value '())
- (description "Run the Nix daemon.")))
+ (description "Run the Nix daemon.")
+ (default-value (nix-configuration))))
;;; nix.scm ends here