From e830881e3cda18871090699a4a7c517bde991e3c Mon Sep 17 00:00:00 2001
From: John Soo <john.soo@arista.com>
Date: Sun, 28 Nov 2021 15:45:22 -0800
Subject: [PATCH] nix-serve: Initial introduction.

This provides a similar interface as in nixpkgs.
---
 modules/module-list.nix        |  1 +
 modules/services/nix-serve.nix | 67 ++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 modules/services/nix-serve.nix

diff --git a/modules/module-list.nix b/modules/module-list.nix
index e7fd2afc..5054339c 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -48,6 +48,7 @@
   ./services/mail/offlineimap.nix
   ./services/mopidy.nix
   ./services/nix-daemon.nix
+  ./services/nix-serve.nix
   ./services/nix-gc
   ./services/ofborg
   ./services/postgresql
diff --git a/modules/services/nix-serve.nix b/modules/services/nix-serve.nix
new file mode 100644
index 00000000..790d2d38
--- /dev/null
+++ b/modules/services/nix-serve.nix
@@ -0,0 +1,67 @@
+{ config, pkgs, lib, ... }:
+let cfg = config.services.nix-serve; in
+{
+  options = {
+    services.nix-serve.enable = lib.mkEnableOption "nix-serve, the standalone Nix binary cache server";
+
+    services.nix-serve.port = lib.mkOption {
+      type = lib.types.port;
+      default = 5000;
+      description = ''
+        Port number where nix-serve will listen on.
+      '';
+    };
+
+    services.nix-serve.bindAddress = lib.mkOption {
+      type = lib.types.str;
+      default = "0.0.0.0";
+      description = ''
+        IP address where nix-serve will bind its listening socket.
+      '';
+    };
+
+    services.nix-serve.secretKeyFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        The path to the file used for signing derivation data.
+        Generate with:
+
+        ```
+        nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
+        ```
+
+        Make sure user `nix-serve` has read access to the private key file.
+
+        For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+      '';
+    };
+
+    services.nix-serve.extraParams = lib.mkOption {
+      type = lib.types.separatedString " ";
+      example = "--workers 50";
+      default = "";
+      description = ''
+        Extra command line parameters for nix-serve.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    launchd.daemons.nix-serve = {
+      script = ''
+        ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} cfg.extraParams;
+      '';
+      path = [ config.nix.package.out pkgs.bzip2.bin ];
+
+      environment.NIX_REMOTE = "daemon";
+      environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
+
+      serviceConfig = {
+        ThrottleInterval = 5;
+        RunAtLoad = true;
+        KeepAlive.NetworkState = true;
+      };
+    };
+  };
+}