diff options
author | Alexandru Scvortov <code@scvalex.net> | 2023-10-24 17:53:12 +0100 |
---|---|---|
committer | Yt <happysalada@tuta.io> | 2023-10-31 07:31:18 +0000 |
commit | fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937 (patch) | |
tree | 06bfe211ece85ae7f3d9727a56d5e021e8009acf /nixos/modules/services/development | |
parent | 0fa36ea34fb59ad5973c881b9617ef4e18184ae0 (diff) | |
download | nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar.gz nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar.bz2 nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar.lz nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar.xz nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.tar.zst nixlib-fa54eeea5c23f3dc826d1e6cd9d6dd29b48b1937.zip |
livebook: add systemd user service, test, and docs
Co-authored-by: Yt <happysalada@tuta.io>
Diffstat (limited to 'nixos/modules/services/development')
-rw-r--r-- | nixos/modules/services/development/livebook.md | 39 | ||||
-rw-r--r-- | nixos/modules/services/development/livebook.nix | 90 |
2 files changed, 129 insertions, 0 deletions
diff --git a/nixos/modules/services/development/livebook.md b/nixos/modules/services/development/livebook.md new file mode 100644 index 000000000000..73ddc57f6179 --- /dev/null +++ b/nixos/modules/services/development/livebook.md @@ -0,0 +1,39 @@ +# Livebook {#module-services-livebook} + +[Livebook](https://livebook.dev/) is a web application for writing +interactive and collaborative code notebooks. + +## Basic Usage {#module-services-livebook-basic-usage} + +Enabling the `livebook` service creates a user +[`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) unit +which runs the server. + +``` +{ ... }: + +{ + services.livebook = { + enableUserService = true; + port = 20123; + # See note below about security + environmentFile = pkgs.writeText "livebook.env" '' + LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + ''; + }; +} +``` + +::: {.note} + +The Livebook server has the ability to run any command as the user it +is running under, so securing access to it with a password is highly +recommended. + +Putting the password in the Nix configuration like above is an easy +way to get started but it is not recommended in the real world because +the `livebook.env` file will be added to the world-readable Nix store. +A better approach would be to put the password in some secure +user-readable location and set `environmentFile = /home/user/secure/livebook.env`. + +::: diff --git a/nixos/modules/services/development/livebook.nix b/nixos/modules/services/development/livebook.nix new file mode 100644 index 000000000000..3991a4125ec3 --- /dev/null +++ b/nixos/modules/services/development/livebook.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.livebook; +in +{ + options.services.livebook = { + # Since livebook doesn't have a granular permission system (a user + # either has access to all the data or none at all), the decision + # was made to run this as a user service. If that changes in the + # future, this can be changed to a system service. + enableUserService = mkEnableOption "a user service for Livebook"; + + environmentFile = mkOption { + type = types.path; + description = lib.mdDoc '' + Environment file as defined in {manpage}`systemd.exec(5)` passed to the service. + + This must contain at least `LIVEBOOK_PASSWORD` or + `LIVEBOOK_TOKEN_ENABLED=false`. See `livebook server --help` + for other options.''; + }; + + erlang_node_short_name = mkOption { + type = with types; nullOr str; + default = null; + example = "livebook"; + description = "A short name for the distributed node."; + }; + + erlang_node_name = mkOption { + type = with types; nullOr str; + default = null; + example = "livebook@127.0.0.1"; + description = "The name for the app distributed node."; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "The port to start the web application on."; + }; + + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = lib.mdDoc '' + The address to start the web application on. Must be a valid IPv4 or + IPv6 address. + ''; + }; + + options = mkOption { + type = with types; attrsOf str; + default = { }; + description = lib.mdDoc '' + Additional options to pass as command-line arguments to the server. + ''; + example = literalExpression '' + { + cookie = "a value shared by all nodes in this cluster"; + } + ''; + }; + }; + + config = mkIf cfg.enableUserService { + systemd.user.services.livebook = { + serviceConfig = { + Restart = "always"; + EnvironmentFile = cfg.environmentFile; + ExecStart = + let + args = lib.cli.toGNUCommandLineShell { } ({ + inherit (cfg) port; + ip = cfg.address; + name = cfg.erlang_node_name; + sname = cfg.erlang_node_short_name; + } // cfg.options); + in + "${pkgs.livebook}/bin/livebook server ${args}"; + }; + path = [ pkgs.bash ]; + wantedBy = [ "default.target" ]; + }; + }; + + meta.doc = ./livebook.md; +} |