1 files changed, 56 insertions, 8 deletions

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 2648aa6..b555977 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -422,14 +422,62 @@ in
   users = {
     mutableUsers = false;
 
-    extraUsers.andreh = {
-      isNormalUser = true;
-      uid = 1000;
-      description = "EuAndreh";
-      extraGroups = [ "wheel" "networkmanager" "docker" ];
-      # Generated with:
-      # mkpasswd -m sha-512 > password-file.txt
-      passwordFile = localConfiguration.passwordFile;
+    extraUsers =
+      let
+        andrehUser =  {
+          andreh = {
+            isNormalUser = true;
+            uid = 1000;
+            description = "EuAndreh";
+            extraGroups = [ "wheel" "networkmanager" "docker" ];
+            # Generated with:
+            # mkpasswd -m sha-512 > password-file.txt
+            passwordFile = localConfiguration.passwordFile;
+          };
+        };
+        # From the Guix manual:
+        # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup
+        buildUser = (i:
+          {
+            "guixbuilder${i}" = {                   # guixbuilder$i
+              group = "guixbuild";                  # -g guixbuild
+              extraGroups = ["guixbuild"];          # -G guixbuild
+              home = "/var/empty";                  # -d /var/empty
+              shell = pkgs.nologin;                 # -s `which nologin`
+              description = "Guix build user ${i}"; # -c "Guix buid user $i"
+              isSystemUser = true;                  # --system
+            };
+          }
+        );
+      in
+        # merge all users
+        pkgs.lib.fold (str: acc: acc // buildUser str)
+                      andrehUser
+                      # for i in `seq -w 1 10`
+                      (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n+1) 10));
+
+    extraGroups.guixbuild = {
+      name = "guixbuild";
+    };
+  };
+
+  systemd = {
+    services = {
+      # Derived from Guix guix-daemon.service.in
+      # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2
+     guix-daemon = {
+       enable = false;
+       description = "Build daemon for GNU Guix";
+       serviceConfig = {
+         ExecStart = "/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild";
+         Environment="GUIX_LOCPATH=/root/.guix-profile/lib/locale";
+         RemainAfterExit="yes";
+         StandardOutput="syslog";
+         StandardError="syslog";
+         TaskMax= "8192";
+       };
+       wantedBy = [ "multi-user.target" ];
+     };
     };
   };