about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/services/development/livebook.md
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/development/livebook.md')
-rw-r--r--nixpkgs/nixos/modules/services/development/livebook.md24
1 files changed, 15 insertions, 9 deletions
diff --git a/nixpkgs/nixos/modules/services/development/livebook.md b/nixpkgs/nixos/modules/services/development/livebook.md
index 5012e977a4f7..5315f2c2755a 100644
--- a/nixpkgs/nixos/modules/services/development/livebook.md
+++ b/nixpkgs/nixos/modules/services/development/livebook.md
@@ -15,11 +15,12 @@ which runs the server.
 {
   services.livebook = {
     enableUserService = true;
-    port = 20123;
+    environment = {
+      LIVEBOOK_PORT = 20123;
+      LIVEBOOK_PASSWORD = "mypassword";
+    };
     # See note below about security
-    environmentFile = pkgs.writeText "livebook.env" ''
-      LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    '';
+    environmentFile = "/var/lib/livebook.env";
   };
 }
 ```
@@ -30,14 +31,19 @@ The Livebook server has the ability to run any command as the user it
 is running under, so securing access to it with a password is highly
 recommended.
 
-Putting the password in the Nix configuration like above is an easy
-way to get started but it is not recommended in the real world because
-the `livebook.env` file will be added to the world-readable Nix store.
-A better approach would be to put the password in some secure
-user-readable location and set `environmentFile = /home/user/secure/livebook.env`.
+Putting the password in the Nix configuration like above is an easy way to get
+started but it is not recommended in the real world because the resulting
+environment variables can be read by unprivileged users.  A better approach
+would be to put the password in some secure user-readable location and set
+`environmentFile = /home/user/secure/livebook.env`.
 
 :::
 
+The [Livebook
+documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
+lists all the applicable environment variables. It is recommended to at least
+set `LIVEBOOK_PASSWORD` or `LIVEBOOK_TOKEN_ENABLED=false`.
+
 ### Extra dependencies {#module-services-livebook-extra-dependencies}
 
 By default, the Livebook service is run with minimum dependencies, but
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 10:38:45 +0000