* Move the definition of the Nix build users out of user-groups.nix to

nix-daemon.nix. * Add an option ‘nix.nrBuildUsers’ to allow the number of build users to be overriden. svn path=/nixos/trunk/; revision=20571
2024-11-23 14:11:36 +00:00 · 2010-03-11 16:50:08 +00:00 · 2010-03-11 16:50:08 +00:00 · a104f07a07
parent 131b1e57fe
commit a104f07a07
2 changed files with 29 additions and 15 deletions
--- a/modules/config/users-groups.nix
+++ b/modules/config/users-groups.nix
@ -24,20 +24,6 @@ let
          }
        ];

-      makeNixBuildUser = nr:
-        { name = "nixbld${toString nr}";
-          description = "Nix build user ${toString nr}";
-
-          /* For consistency with the setgid(2), setuid(2), and setgroups(2)
-             calls in `libstore/build.cc', don't add any supplementary group
-             here.  */
-          uid = builtins.add ids.uids.nixbld nr;
-          group = "nixbld";
-          extraGroups = [];
-        };
-
-      nixBuildUsers = map makeNixBuildUser (pkgs.lib.range 1 10);
-      
      addAttrs =
        { name
        , description
@ -52,7 +38,7 @@ let
        }:
        { inherit name description uid group extraGroups home shell createHome password; };

-    in map addAttrs (defaultUsers ++ nixBuildUsers ++ config.users.extraUsers);
+    in map addAttrs (defaultUsers ++ config.users.extraUsers);


  # Groups to be created/updated by NixOS.
--- a/modules/services/misc/nix-daemon.nix
+++ b/modules/services/misc/nix-daemon.nix
@ -5,6 +5,18 @@ with pkgs.lib;
 let

  inherit (config.environment) nix;
+  
+  makeNixBuildUser = nr:
+    { name = "nixbld${toString nr}";
+      description = "Nix build user ${toString nr}";
+
+      /* For consistency with the setgid(2), setuid(2), and setgroups(2)
+         calls in `libstore/build.cc', don't add any supplementary group
+         here.  */
+      uid = builtins.add config.ids.uids.nixbld nr;
+      group = "nixbld";
+      extraGroups = [];
+    };

 in

@ -148,6 +160,17 @@ in
          Environment variables used by Nix.
        ";
      };
+
+      nrBuildUsers = mkOption {
+        default = 10;
+        description = ''
+          Number of <literal>nixbld</literal> user accounts created to
+          perform secure concurrent builds.  If you receive an error
+          message saying that “all build users are currently in use”,
+          you should increase this value.
+        '';
+      };
+      
    };
  };

@ -213,6 +236,9 @@ in
          ''
            export PATH=${if config.nix.distributedBuilds then "${pkgs.openssh}/bin:${pkgs.gzip}/bin:" else ""}${pkgs.openssl}/bin:${nix}/bin:$PATH
            ${config.nix.envVars}
+            # To reduce the load on Hydra, don't start all those
+            # unnecessary substituter processes.
+            export NIX_SUBSTITUTERS=
            exec \
              nice -n ${builtins.toString config.nix.daemonNiceLevel} \
              ${pkgs.utillinux}/bin/ionice -n ${builtins.toString config.nix.daemonIONiceLevel} \
@ -261,6 +287,8 @@ in
        export ftp_proxy=${config.nix.proxy}
      '';

+    users.extraUsers = map makeNixBuildUser (pkgs.lib.range 1 config.nix.nrBuildUsers);
+
  };

 }