diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/development/livebook.md')
-rw-r--r-- | nixpkgs/nixos/modules/services/development/livebook.md | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/nixpkgs/nixos/modules/services/development/livebook.md b/nixpkgs/nixos/modules/services/development/livebook.md index 5012e977a4f7..5315f2c2755a 100644 --- a/nixpkgs/nixos/modules/services/development/livebook.md +++ b/nixpkgs/nixos/modules/services/development/livebook.md @@ -15,11 +15,12 @@ which runs the server. { services.livebook = { enableUserService = true; - port = 20123; + environment = { + LIVEBOOK_PORT = 20123; + LIVEBOOK_PASSWORD = "mypassword"; + }; # See note below about security - environmentFile = pkgs.writeText "livebook.env" '' - LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - ''; + environmentFile = "/var/lib/livebook.env"; }; } ``` @@ -30,14 +31,19 @@ The Livebook server has the ability to run any command as the user it is running under, so securing access to it with a password is highly recommended. -Putting the password in the Nix configuration like above is an easy -way to get started but it is not recommended in the real world because -the `livebook.env` file will be added to the world-readable Nix store. -A better approach would be to put the password in some secure -user-readable location and set `environmentFile = /home/user/secure/livebook.env`. +Putting the password in the Nix configuration like above is an easy way to get +started but it is not recommended in the real world because the resulting +environment variables can be read by unprivileged users. A better approach +would be to put the password in some secure user-readable location and set +`environmentFile = /home/user/secure/livebook.env`. ::: +The [Livebook +documentation](https://hexdocs.pm/livebook/readme.html#environment-variables) +lists all the applicable environment variables. It is recommended to at least +set `LIVEBOOK_PASSWORD` or `LIVEBOOK_TOKEN_ENABLED=false`. + ### Extra dependencies {#module-services-livebook-extra-dependencies} By default, the Livebook service is run with minimum dependencies, but |