#pragma once #include "types.hh" #include "config.hh" #include #include namespace nix { typedef enum { smEnabled, smRelaxed, smDisabled } SandboxMode; extern bool useCaseHack; // FIXME struct CaseHackSetting : public BaseSetting { CaseHackSetting(Config * options, const std::string & name, const std::string & description, const std::set & aliases = {}) : BaseSetting(useCaseHack, name, description, aliases) { options->addSetting(this); } void set(const std::string & str) override { BaseSetting::set(str); nix::useCaseHack = true; } }; struct MaxBuildJobsSetting : public BaseSetting { MaxBuildJobsSetting(Config * options, unsigned int def, const std::string & name, const std::string & description, const std::set & aliases = {}) : BaseSetting(def, name, description, aliases) { options->addSetting(this); } void set(const std::string & str) override; }; class Settings : public Config { unsigned int getDefaultCores(); public: Settings(); void loadConfFile(); void set(const string & name, const string & value); Path nixPrefix; /* The directory where we store sources and derived files. */ Path nixStore; Path nixDataDir; /* !!! fix */ /* The directory where we log various operations. */ Path nixLogDir; /* The directory where state is stored. */ Path nixStateDir; /* The directory where configuration files are stored. */ Path nixConfDir; /* The directory where internal helper programs are stored. */ Path nixLibexecDir; /* The directory where the main programs are stored. */ Path nixBinDir; /* File name of the socket the daemon listens to. */ Path nixDaemonSocketFile; Setting keepFailed{this, false, "keep-failed", "Whether to keep temporary directories of failed builds."}; Setting keepGoing{this, false, "keep-going", "Whether to keep building derivations when another build fails."}; Setting tryFallback{this, false, "build-fallback", "Whether to fall back to building when substitution fails."}; /* Whether to show build log output in real time. */ bool verboseBuild = true; /* If verboseBuild is false, the number of lines of the tail of the log to show if a build fails. */ size_t logLines = 10; MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs", "Maximum number of parallel build jobs. \"auto\" means use number of cores."}; Setting buildCores{this, getDefaultCores(), "build-cores", "Number of CPU cores to utilize in parallel within a build, " "i.e. by passing this number to Make via '-j'. 0 means that the " "number of actual CPU cores on the local host ought to be " "auto-detected."}; /* Read-only mode. Don't copy stuff to the store, don't change the database. */ bool readOnlyMode = false; Setting thisSystem{this, SYSTEM, "system", "The canonical Nix system name."}; Setting maxSilentTime{this, 0, "build-max-silent-time", "The maximum time in seconds that a builer can go without " "producing any output on stdout/stderr before it is killed. " "0 means infinity."}; Setting buildTimeout{this, 0, "build-timeout", "The maximum duration in seconds that a builder can run. " "0 means infinity."}; Setting useBuildHook{this, true, "remote-builds", "Whether to use build hooks (for distributed builds)."}; PathSetting buildHook{this, true, nixLibexecDir + "/nix/build-remote", "build-hook", "The path of the helper program that executes builds to remote machines."}; Setting builders{this, "", "builders", "A semicolon-separated list of build machines, in the format of nix.machines."}; Setting builderFiles{this, {nixConfDir + "/machines"}, "builder-files", "A list of files specifying build machines."}; Setting reservedSize{this, 8 * 1024 * 1024, "gc-reserved-space", "Amount of reserved disk space for the garbage collector."}; Setting fsyncMetadata{this, true, "fsync-metadata", "Whether SQLite should use fsync()."}; Setting useSQLiteWAL{this, true, "use-sqlite-wal", "Whether SQLite should use WAL mode."}; Setting syncBeforeRegistering{this, false, "sync-before-registering", "Whether to call sync() before registering a path as valid."}; Setting useSubstitutes{this, true, "build-use-substitutes", "Whether to use substitutes."}; Setting buildUsersGroup{this, "", "build-users-group", "The Unix group that contains the build users."}; Setting impersonateLinux26{this, false, "build-impersonate-linux-26", "Whether to impersonate a Linux 2.6 machine on newer kernels."}; Setting keepLog{this, true, "build-keep-log", "Whether to store build logs."}; Setting compressLog{this, true, "build-compress-log", "Whether to compress logs."}; Setting maxLogSize{this, 0, "build-max-log-size", "Maximum number of bytes a builder can write to stdout/stderr " "before being killed (0 means no limit)."}; /* When build-repeat > 0 and verboseBuild == true, whether to print repeated builds (i.e. builds other than the first one) to stderr. Hack to prevent Hydra logs from being polluted. */ bool printRepeatedBuilds = true; Setting pollInterval{this, 5, "build-poll-interval", "How often (in seconds) to poll for locks."}; Setting checkRootReachability{this, false, "gc-check-reachability", "Whether to check if new GC roots can in fact be found by the " "garbage collector."}; Setting gcKeepOutputs{this, false, "gc-keep-outputs", "Whether the garbage collector should keep outputs of live derivations."}; Setting gcKeepDerivations{this, true, "gc-keep-derivations", "Whether the garbage collector should keep derivers of live paths."}; Setting autoOptimiseStore{this, false, "auto-optimise-store", "Whether to automatically replace files with identical contents with hard links."}; Setting envKeepDerivations{this, false, "env-keep-derivations", "Whether to add derivations as a dependency of user environments " "(to prevent them from being GCed)."}; /* Whether to lock the Nix client and worker to the same CPU. */ bool lockCPU; /* Whether to show a stack trace if Nix evaluation fails. */ bool showTrace = false; Setting enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation", "Whether builtin functions that allow executing native code should be enabled."}; Setting sandboxMode{this, smDisabled, "build-use-sandbox", "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".", {"build-use-chroot"}}; Setting sandboxPaths{this, {}, "build-sandbox-paths", "The paths to make available inside the build sandbox.", {"build-chroot-dirs"}}; Setting extraSandboxPaths{this, {}, "build-extra-sandbox-paths", "Additional paths to make available inside the build sandbox.", {"build-extra-chroot-dirs"}}; Setting restrictEval{this, false, "restrict-eval", "Whether to restrict file system access to paths in $NIX_PATH, " "and to disallow fetching files from the network."}; Setting buildRepeat{this, 0, "build-repeat", "The number of times to repeat a build in order to verify determinism."}; #if __linux__ Setting sandboxShmSize{this, "50%", "sandbox-dev-shm-size", "The size of /dev/shm in the build sandbox."}; Setting sandboxBuildDir{this, "/build", "sandbox-build-dir", "The build directory inside the sandbox."}; #endif Setting allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps", "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."}; #if __APPLE__ Setting darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations", "Whether to log Darwin sandbox access violations to the system log."}; #endif Setting runDiffHook{this, false, "run-diff-hook", "Whether to run the program specified by the diff-hook setting " "repeated builds produce a different result. Typically used to " "plug in diffoscope."}; PathSetting diffHook{this, true, "", "diff-hook", "A program that prints out the differences between the two paths " "specified on its command line."}; Setting enforceDeterminism{this, true, "enforce-determinism", "Whether to fail if repeated builds produce different output."}; Setting binaryCachePublicKeys{this, {"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="}, "binary-cache-public-keys", "Trusted public keys for secure substitution."}; Setting secretKeyFiles{this, {}, "secret-key-files", "Secret keys with which to sign local builds."}; Setting binaryCachesParallelConnections{this, 25, "http-connections", "Number of parallel HTTP connections.", {"binary-caches-parallel-connections"}}; Setting enableHttp2{this, true, "enable-http2", "Whether to enable HTTP/2 support."}; Setting tarballTtl{this, 60 * 60, "tarball-ttl", "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."}; Setting signedBinaryCaches{this, "*", "signed-binary-caches", "Obsolete."}; Setting substituters{this, nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(), "substituters", "The URIs of substituters (such as https://cache.nixos.org/).", {"binary-caches"}}; // FIXME: provide a way to add to option values. Setting extraSubstituters{this, {}, "extra-substituters", "Additional URIs of substituters.", {"extra-binary-caches"}}; Setting trustedSubstituters{this, {}, "trusted-substituters", "Disabled substituters that may be enabled via the substituters option by untrusted users.", {"trusted-binary-caches"}}; Setting trustedUsers{this, {"root"}, "trusted-users", "Which users or groups are trusted to ask the daemon to do unsafe things."}; /* ?Who we trust to use the daemon in safe ways */ Setting allowedUsers{this, {"*"}, "allowed-users", "Which users or groups are allowed to connect to the daemon."}; Setting printMissing{this, true, "print-missing", "Whether to print what paths need to be built or downloaded."}; Setting preBuildHook{this, #if __APPLE__ nixLibexecDir + "/nix/resolve-system-dependencies", #else "", #endif "pre-build-hook", "A program to run just before a build to set derivation-specific build settings."}; Setting netrcFile{this, fmt("%s/%s", nixConfDir, "netrc"), "netrc-file", "Path to the netrc file used to obtain usernames/passwords for downloads."}; /* Path to the SSL CA file used */ Path caFile; Setting enableImportFromDerivation{this, true, "allow-import-from-derivation", "Whether the evaluator allows importing the result of a derivation."}; CaseHackSetting useCaseHack{this, "use-case-hack", "Whether to enable a Darwin-specific hack for dealing with file name collisions."}; Setting connectTimeout{this, 0, "connect-timeout", "Timeout for connecting to servers during downloads. 0 means use curl's builtin default."}; Setting userAgentSuffix{this, "", "user-agent-suffix", "String appended to the user agent in HTTP requests."}; }; // FIXME: don't use a global variable. extern Settings settings; extern const string nixVersion; }