bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 03:55:08 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/etc/guix-daemon.service.in
Rutherther 9a78e76076
guix-daemon.service.in: Make service restartable. 
Currently the service cannot be restarted, because the gnu store mount makes
it read-only. So fix this by removing the mount when starting the service.

"-" to accept failures, in case the command doesn't finish successfully,
chances are, the store can be mounted as RW, so continue.
"+" to run as root

Fixes: #4744

* etc/guix-daemon.service.in
(Service)<ExecStartPre>: Stop gnu-store.mount
(Service)<ExecStartPost>: Start gnu-store.mount

Change-Id: I296f5d8805497f8a7364b68d627eb6d4fc05dbff
2025-12-22 22:48:48 +01:00

60 lines
2.3 KiB
SYSTEMD
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This is a "service unit file" for the systemd init system to launch
# 'guix-daemon'. Drop it in /etc/systemd/system or similar to have
# 'guix-daemon' automatically started.
[Unit]
Description=Build daemon for GNU Guix
# Start before 'gnu-store.mount' to get a writable view of the store.
Before=gnu-store.mount
[Service]
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \
--discover=no \
--substitute-urls='@GUIX_SUBSTITUTE_URLS@'
Environment='GUIX_STATE_DIRECTORY=@localstatedir@/guix' 'GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
# Stop the gnu-store.mount so that the daemon can capture the store as
# read-write in its private mount namespace.
# See <https://codeberg.org/guix/guix/issues/4744>.
ExecStartPre=-+systemctl stop gnu-store.mount
ExecStartPost=-+systemctl start gnu-store.mount --no-block
# Run under a dedicated unprivileged user account.
User=guix-daemon
# Bind-mount the store read-write in a private namespace, to counter the
# effect of 'gnu-store.mount'.
PrivateMounts=true
BindPaths=@storedir@
# Disable host file system mount propagation to keep service view of the
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
MountFlags=private
# Mitigate race condition between guix-daemon and 'gnu-store.mount'.
# Dependent units will only start after daemon binary is started AND THUS
# the mount point is acquired in a private namespace.
Type=exec
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
# /var/guix/profiles/per-user/$USER and also chown failed build directories
# when using '--keep-failed'. Note that guix-daemon explicitly drops ambient
# capabilities before executing build processes so they don't inherit them.
AmbientCapabilities=CAP_CHOWN
StandardOutput=journal
StandardError=journal
# Work around a nasty systemd feature that kills the entire process tree
# (including the daemon!) if any child, such as cc1plus, runs out of memory.
OOMPolicy=continue
# Despite the name, this is rate-limited: a broken daemon will eventually fail.
Restart=always
# See <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00608.html>.
# Some package builds (for example, go@1.8.1) may require even more than
# 1024 tasks.
TasksMax=8192
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink