1 files changed, 48 insertions, 6 deletions
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 1ef1104..dc4ad73 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -303,18 +303,60 @@
 
   users = {
     mutableUsers = false;
-    extraUsers.andreh = {
-      isNormalUser = true;
-      uid = 1000;
-      description = "EuAndreh";
-      extraGroups = [ "wheel" "networkmanager" "docker" ];
-      passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt";
+
+    extraUsers =
+      let
+        andrehUser =  {
+          andreh = {
+            isNormalUser = true;
+            uid = 1000;
+            description = "EuAndreh";
+            passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt";
+          };
+        };
+        # From the Guix manual:
+        # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup
+        buildUser = (i:
+          {
+            "guixbuilder${i}" = {                   # guixbuilder$i
+              group = "guixbuild";                  # -g guixbuild
+              extraGroups = ["guixbuild"];          # -G guixbuild
+              home = "/var/empty";                  # -d /var/empty
+              shell = pkgs.nologin;                 # -s `which nologin`
+              description = "Guix build user ${i}"; # -c "Guix buid user $i"
+              isSystemUser = true;                  # --system
+            };
+          }
+        );
+      in
+        # merge all users
+        pkgs.lib.fold (str: acc: acc // buildUser str)
+                      andrehUser
+                      # for i in `seq -w 1 10`
+                      (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n+1) 10));
+
+    extraGroups.guixbuild = {
+      name = "guixbuild";
     };
   };
 
   security = {
     pam.services.lightdm.enableGnomeKeyring = true;
     sudo.enable = true;
+  # Derived from Guix guix-daemon.service.in
+  # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2
+  systemd.services.guix-daemon = {
+    enable = true;
+    description = "Build daemon for GNU Guix";
+    serviceConfig = {
+      ExecStart = "/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild";
+      Environment="GUIX_LOCPATH=/root/.guix-profile/lib/locale";
+      RemainAfterExit="yes";
+      StandardOutput="syslog";
+      StandardError="syslog";
+      TaskMax= 8192;
+    };
+    wantedBy = [ "multi-user.target" ];
   };
 
   # This value determines the NixOS release with which your system is to be