blob: 88929fa904e5355a8a0406449b6d5f6b9bdbc625 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# This is a "service unit file" for the systemd init system to launch
# 'guix-daemon'. Drop it in /etc/systemd/system or similar to have
# 'guix-daemon' automatically started.
[Unit]
Description=Build daemon for GNU Guix
# Start before 'gnu-store.mount' to get a writable view of the store.
Before=gnu-store.mount
[Service]
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \
--discover=no \
--substitute-urls='@GUIX_SUBSTITUTE_URLS@'
Environment='GUIX_STATE_DIRECTORY=@localstatedir@/guix' 'GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
# Run under a dedicated unprivileged user account.
User=guix-daemon
# Bind-mount the store read-write in a private namespace, to counter the
# effect of 'gnu-store.mount'.
PrivateMounts=true
BindPaths=@storedir@
# Disable host file system mount propagation to keep service view of the
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
MountFlags=private
# Mitigate race condition between guix-daemon and 'gnu-store.mount'.
# Dependent units will only start after daemon binary is started AND THUS
# the mount point is acquired in a private namespace.
Type=exec
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
# /var/guix/profiles/per-user/$USER and also chown failed build directories
# when using '--keep-failed'. Note that guix-daemon explicitly drops ambient
# capabilities before executing build processes so they don't inherit them.
AmbientCapabilities=CAP_CHOWN
StandardOutput=journal
StandardError=journal
# Work around a nasty systemd ‘feature’ that kills the entire process tree
# (including the daemon!) if any child, such as cc1plus, runs out of memory.
OOMPolicy=continue
# Despite the name, this is rate-limited: a broken daemon will eventually fail.
Restart=always
# See <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00608.html>.
# Some package builds (for example, go@1.8.1) may require even more than
# 1024 tasks.
TasksMax=8192
[Install]
WantedBy=multi-user.target
|