colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
db8f2488a8
nixpkgs/nixos/modules/services/development/lorri.nix
Matt McHenry db64f7f737 lorri.service: remove ProtectHome, relax ProtectSystem 
per lorri's readme:

  lorri creates an indirect garbage collection root for each .drv in
  $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it
  evaluates your project.

... so it doesn't make sense to have ProtectHome enabled for
lorri.service.  lorri also needs to be able to modify
/nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict';
'full' is the next strongest.

fixes:

lorri: ERRO IO error binding to socket: Read-only file system (os error 30)

bisecting this error leads to a range of unbuildable commits including
'a31429165204 Merge pull request #243242 from
RaitoBezarius/systemd-254', so it's likely that systemd update changed
the behaviour of ProtectHome somehow (though the release notes don't
have any obvious culprits).
2023-12-17 11:35:48 -05:00

55 lines
1.4 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
cfg = config.services.lorri;
socketPath = "lorri/daemon.socket";
in {
options = {
services.lorri = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = lib.mdDoc ''
Enables the daemon for `lorri`, a nix-shell replacement for project
development. The socket-activated daemon starts on the first request
issued by the `lorri` command.
'';
};
package = lib.mkOption {
default = pkgs.lorri;
type = lib.types.package;
description = lib.mdDoc ''
The lorri package to use.
'';
defaultText = lib.literalExpression "pkgs.lorri";
};
};
};
config = lib.mkIf cfg.enable {
systemd.user.sockets.lorri = {
description = "Socket for Lorri Daemon";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "%t/${socketPath}";
RuntimeDirectory = "lorri";
};
};
systemd.user.services.lorri = {
description = "Lorri Daemon";
requires = [ "lorri.socket" ];
after = [ "lorri.socket" ];
path = with pkgs; [ config.nix.package git gnutar gzip ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/lorri daemon";
PrivateTmp = true;
ProtectSystem = "full";
Restart = "on-failure";
};
};
environment.systemPackages = [ cfg.package pkgs.direnv ];
};
}
Reference in New Issue View Git Blame Copy Permalink