pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / development / livebook.nix
at 25.11-pre 4.2 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.livebook; 9in 10{ 11 options.services.livebook = { 12 # Since livebook doesn't have a granular permission system (a user 13 # either has access to all the data or none at all), the decision 14 # was made to run this as a user service. If that changes in the 15 # future, this can be changed to a system service. 16 enableUserService = lib.mkEnableOption "a user service for Livebook"; 17 18 package = lib.mkPackageOption pkgs "livebook" { }; 19 20 environment = lib.mkOption { 21 type = 22 with lib.types; 23 attrsOf ( 24 nullOr (oneOf [ 25 bool 26 int 27 str 28 ]) 29 ); 30 default = { }; 31 description = '' 32 Environment variables to set. 33 34 Livebook is configured through the use of environment variables. The 35 available configuration options can be found in the [Livebook 36 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables). 37 38 Note that all environment variables set through this configuration 39 parameter will be readable by anyone with access to the host 40 machine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD` 41 or {env}`LIVEBOOK_COOKIE` should never be set using this configuration 42 option, but should instead use 43 [](#opt-services.livebook.environmentFile). See the documentation for 44 that option for more information. 45 46 Any environment variables specified in the 47 [](#opt-services.livebook.environmentFile) will supersede environment 48 variables specified in this option. 49 ''; 50 51 example = lib.literalExpression '' 52 { 53 LIVEBOOK_PORT = 8080; 54 } 55 ''; 56 }; 57 58 environmentFile = lib.mkOption { 59 type = with lib.types; nullOr lib.types.path; 60 default = null; 61 description = '' 62 Additional environment file as defined in {manpage}`systemd.exec(5)`. 63 64 Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the 65 password needed to access the livebook site) or {env}`LIVEBOOK_COOKIE` 66 (which is used to specify the 67 [cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security) 68 used to connect to the running Elixir system) may be passed to the 69 service without making them readable to everyone with access to 70 systemctl by using this configuration parameter. 71 72 Note that this file needs to be available on the host on which 73 `livebook` is running. 74 75 For security purposes, this file should contain at least 76 {env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`. 77 78 See the [Livebook 79 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables) 80 and the [](#opt-services.livebook.environment) configuration parameter 81 for further options. 82 ''; 83 example = "/var/lib/livebook.env"; 84 }; 85 86 extraPackages = lib.mkOption { 87 type = with lib.types; listOf package; 88 default = [ ]; 89 description = '' 90 Extra packages to make available to the Livebook service. 91 ''; 92 example = lib.literalExpression "with pkgs; [ gcc gnumake ]"; 93 }; 94 }; 95 96 config = lib.mkIf cfg.enableUserService { 97 systemd.user.services.livebook = { 98 serviceConfig = { 99 Restart = "always"; 100 EnvironmentFile = cfg.environmentFile; 101 ExecStart = "${cfg.package}/bin/livebook start"; 102 KillMode = "mixed"; 103 104 # Fix for the issue described here: 105 # https://github.com/livebook-dev/livebook/issues/2691 106 # 107 # Without this, the livebook service fails to start and gets 108 # stuck running a `cat /dev/urandom | tr | fold` pipeline. 109 IgnoreSIGPIPE = false; 110 }; 111 environment = lib.mapAttrs ( 112 name: value: if lib.isBool value then lib.boolToString value else toString value 113 ) cfg.environment; 114 path = [ pkgs.bash ] ++ cfg.extraPackages; 115 wantedBy = [ "default.target" ]; 116 }; 117 }; 118 119 meta = { 120 doc = ./livebook.md; 121 maintainers = with lib.maintainers; [ 122 munksgaard 123 scvalex 124 ]; 125 }; 126}