diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-04-22 02:28:29 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-04-22 03:58:08 +0200 |
commit | 2e7b0bbd2244d6314b83cdd4868cc30dfda96575 (patch) | |
tree | 796498e6621fc70d4bf52d2880f67d679ca79a2b /nixos | |
parent | 9c0997a0ef62d178d6bc88aeacc2643481edef9e (diff) | |
download | nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar.gz nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar.bz2 nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar.lz nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar.xz nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.tar.zst nixlib-2e7b0bbd2244d6314b83cdd4868cc30dfda96575.zip |
hoogle service: fixups
Basic hardening - Run as nobody:nogroup with a private /tmp, /home & /run/user - Create working directory under /run (hoogle insists on writing to cwd and otherwise returns "something went wrong" to every query) Option tweaks - Provide a default for the haskellPackage option - Set text values for defaults - Move hoogleEnv to the top-level & simplify it
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/development/hoogle.nix | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/nixos/modules/services/development/hoogle.nix b/nixos/modules/services/development/hoogle.nix index 27281774b6fc..90aa04d2762e 100644 --- a/nixos/modules/services/development/hoogle.nix +++ b/nixos/modules/services/development/hoogle.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: -# services.hoogle = { -# enable = true; -# packages = hp: with hp; [ text lens ]; -# haskellPackages = pkgs.haskellPackages; -# }; - with lib; let cfg = config.services.hoogle; - ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle; + + hoogleEnv = pkgs.buildEnv { + name = "hoogle"; + paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ]; + }; in { options.services.hoogle = { - enable = mkEnableOption "Hoogle Documentation service"; + enable = mkEnableOption "Haskell documentation server"; port = mkOption { type = types.int; @@ -28,39 +26,43 @@ in { packages = mkOption { default = hp: []; + defaultText = "hp: []"; example = "hp: with hp; [ text lens ]"; description = '' - A function that returns a list of Haskell packages to generate - documentation for. + The Haskell packages to generate documentation for. - The argument will be a Haskell package set provided by the - haskellPackages config option. + The option value is a function that takes the package set specified in + the <varname>haskellPackages</varname> option as its sole parameter and + returns a list of packages. ''; }; haskellPackages = mkOption { description = "Which haskell package set to use."; - example = "pkgs.haskellPackages"; - type = types.attrs; + default = pkgs.haskellPackages; + defaultText = "pkgs.haskellPackages"; }; }; config = mkIf cfg.enable { systemd.services.hoogle = { - description = "Hoogle Haskell documentation search"; + description = "Haskell documentation server"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { Restart = "always"; - ExecStart = - let env = cfg.haskellPackages.ghcWithHoogle cfg.packages; - hoogleEnv = pkgs.buildEnv { - name = "hoogleServiceEnv"; - paths = [env]; - }; - in '' - ${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port} - ''; + ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}''; + + User = "nobody"; + Group = "nogroup"; + + PrivateTmp = true; + ProtectHome = true; + + RuntimeDirectory = "hoogle"; + WorkingDirectory = "%t/hoogle"; }; }; }; |