2015-07-15 17:13:16 +02:00
|
|
|
|
# This is a "service unit file" for the systemd init system to launch
|
|
|
|
|
|
# 'guix-daemon'. Drop it in /etc/systemd/system or similar to have
|
|
|
|
|
|
# 'guix-daemon' automatically started.
|
|
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
|
Description=Build daemon for GNU Guix
|
|
|
|
|
|
|
2025-01-23 09:47:22 +01:00
|
|
|
|
# Start before 'gnu-store.mount' to get a writable view of the store.
|
|
|
|
|
|
Before=gnu-store.mount
|
|
|
|
|
|
|
2015-07-15 17:13:16 +02:00
|
|
|
|
[Service]
|
2021-07-05 16:44:29 -04:00
|
|
|
|
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \
|
2025-01-23 09:47:22 +01:00
|
|
|
|
--discover=no \
|
2024-05-31 10:54:18 +02:00
|
|
|
|
--substitute-urls='@GUIX_SUBSTITUTE_URLS@'
|
2025-01-23 09:47:22 +01:00
|
|
|
|
Environment='GUIX_STATE_DIRECTORY=@localstatedir@/guix' 'GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
|
|
|
|
|
|
|
2025-12-22 16:48:12 +01:00
|
|
|
|
# Stop the gnu-store.mount so that the daemon can capture the store as
|
|
|
|
|
|
# read-write in its private mount namespace.
|
|
|
|
|
|
# See <https://codeberg.org/guix/guix/issues/4744>.
|
|
|
|
|
|
ExecStartPre=-+systemctl stop gnu-store.mount
|
|
|
|
|
|
ExecStartPost=-+systemctl start gnu-store.mount --no-block
|
|
|
|
|
|
|
2025-01-23 09:47:22 +01:00
|
|
|
|
# Run under a dedicated unprivileged user account.
|
|
|
|
|
|
User=guix-daemon
|
|
|
|
|
|
|
|
|
|
|
|
# Bind-mount the store read-write in a private namespace, to counter the
|
|
|
|
|
|
# effect of 'gnu-store.mount'.
|
|
|
|
|
|
PrivateMounts=true
|
|
|
|
|
|
BindPaths=@storedir@
|
2025-06-14 17:42:15 +03:00
|
|
|
|
# Disable host file system mount propagation to keep service view of the
|
|
|
|
|
|
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
|
|
|
|
|
|
MountFlags=private
|
2025-08-26 21:12:57 +02:00
|
|
|
|
# Mitigate race condition between guix-daemon and 'gnu-store.mount'.
|
|
|
|
|
|
# Dependent units will only start after daemon binary is started AND THUS
|
|
|
|
|
|
# the mount point is acquired in a private namespace.
|
|
|
|
|
|
Type=exec
|
2025-01-23 09:47:22 +01:00
|
|
|
|
|
|
|
|
|
|
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
|
|
|
|
|
|
# /var/guix/profiles/per-user/$USER and also chown failed build directories
|
|
|
|
|
|
# when using '--keep-failed'. Note that guix-daemon explicitly drops ambient
|
|
|
|
|
|
# capabilities before executing build processes so they don't inherit them.
|
|
|
|
|
|
AmbientCapabilities=CAP_CHOWN
|
|
|
|
|
|
|
2023-07-20 12:13:55 -07:00
|
|
|
|
StandardOutput=journal
|
|
|
|
|
|
StandardError=journal
|
2015-07-15 17:13:16 +02:00
|
|
|
|
|
2022-10-23 02:00:11 +02:00
|
|
|
|
# Work around a nasty systemd ‘feature’ that kills the entire process tree
|
|
|
|
|
|
# (including the daemon!) if any child, such as cc1plus, runs out of memory.
|
|
|
|
|
|
OOMPolicy=continue
|
|
|
|
|
|
|
2022-10-23 02:00:02 +02:00
|
|
|
|
# Despite the name, this is rate-limited: a broken daemon will eventually fail.
|
|
|
|
|
|
Restart=always
|
|
|
|
|
|
|
2016-04-25 14:49:58 +02:00
|
|
|
|
# See <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00608.html>.
|
2017-04-22 18:33:03 +01:00
|
|
|
|
# Some package builds (for example, go@1.8.1) may require even more than
|
|
|
|
|
|
# 1024 tasks.
|
|
|
|
|
|
TasksMax=8192
|
2016-04-25 14:49:58 +02:00
|
|
|
|
|
2015-07-15 17:13:16 +02:00
|
|
|
|
[Install]
|
|
|
|
|
|
WantedBy=multi-user.target
|
