# This is a "service unit file" for the systemd init system to launch # 'guix-daemon'. Drop it in /etc/systemd/system or similar to have # 'guix-daemon' automatically started. [Unit] Description=Build daemon for GNU Guix # Start before 'gnu-store.mount' to get a writable view of the store. Before=gnu-store.mount [Service] ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \ --discover=no \ --substitute-urls='@GUIX_SUBSTITUTE_URLS@' Environment='GUIX_STATE_DIRECTORY=@localstatedir@/guix' 'GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8 # Run under a dedicated unprivileged user account. User=guix-daemon # Bind-mount the store read-write in a private namespace, to counter the # effect of 'gnu-store.mount'. PrivateMounts=true BindPaths=@storedir@ # Disable host file system mount propagation to keep service view of the # store read-write after 'gnu-store.mount' makes it read-only system-wide. MountFlags=private # Mitigate race condition between guix-daemon and 'gnu-store.mount'. # Dependent units will only start after daemon binary is started AND THUS # the mount point is acquired in a private namespace. Type=exec # Provide the CAP_CHOWN capability so that guix-daemon can create and chown # /var/guix/profiles/per-user/$USER and also chown failed build directories # when using '--keep-failed'. Note that guix-daemon explicitly drops ambient # capabilities before executing build processes so they don't inherit them. AmbientCapabilities=CAP_CHOWN StandardOutput=journal StandardError=journal # Work around a nasty systemd ‘feature’ that kills the entire process tree # (including the daemon!) if any child, such as cc1plus, runs out of memory. OOMPolicy=continue # Despite the name, this is rate-limited: a broken daemon will eventually fail. Restart=always # See . # Some package builds (for example, go@1.8.1) may require even more than # 1024 tasks. TasksMax=8192 [Install] WantedBy=multi-user.target