about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/services/development/livebook.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/development/livebook.nix')
-rw-r--r--nixpkgs/nixos/modules/services/development/livebook.nix101
1 files changed, 51 insertions, 50 deletions
diff --git a/nixpkgs/nixos/modules/services/development/livebook.nix b/nixpkgs/nixos/modules/services/development/livebook.nix
index 75729ff28efa..df0e6e01e97c 100644
--- a/nixpkgs/nixos/modules/services/development/livebook.nix
+++ b/nixpkgs/nixos/modules/services/development/livebook.nix
@@ -14,58 +14,64 @@ in
 
     package = mkPackageOption pkgs "livebook" { };
 
-    environmentFile = mkOption {
-      type = types.path;
+    environment = mkOption {
+      type = with types; attrsOf (nullOr (oneOf [ bool int str ]));
+      default = { };
       description = lib.mdDoc ''
-        Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.
+        Environment variables to set.
 
-        This must contain at least `LIVEBOOK_PASSWORD` or
-        `LIVEBOOK_TOKEN_ENABLED=false`.  See `livebook server --help`
-        for other options.'';
-    };
+        Livebook is configured through the use of environment variables. The
+        available configuration options can be found in the [Livebook
+        documentation](https://hexdocs.pm/livebook/readme.html#environment-variables).
 
-    erlang_node_short_name = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "livebook";
-      description = "A short name for the distributed node.";
-    };
+        Note that all environment variables set through this configuration
+        parameter will be readable by anyone with access to the host
+        machine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD`
+        or {env}`LIVEBOOK_COOKIE` should never be set using this configuration
+        option, but should instead use
+        [](#opt-services.livebook.environmentFile). See the documentation for
+        that option for more information.
 
-    erlang_node_name = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "livebook@127.0.0.1";
-      description = "The name for the app distributed node.";
-    };
-
-    port = mkOption {
-      type = types.port;
-      default = 8080;
-      description = "The port to start the web application on.";
-    };
-
-    address = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-      description = lib.mdDoc ''
-        The address to start the web application on.  Must be a valid IPv4 or
-        IPv6 address.
+        Any environment variables specified in the
+        [](#opt-services.livebook.environmentFile) will supersede environment
+        variables specified in this option.
       '';
-    };
 
-    options = mkOption {
-      type = with types; attrsOf str;
-      default = { };
-      description = lib.mdDoc ''
-        Additional options to pass as command-line arguments to the server.
-      '';
       example = literalExpression ''
         {
-          cookie = "a value shared by all nodes in this cluster";
+          LIVEBOOK_PORT = 8080;
         }
       '';
     };
 
+    environmentFile = mkOption {
+      type = with types; nullOr types.path;
+      default = null;
+      description = lib.mdDoc ''
+        Additional dnvironment file as defined in {manpage}`systemd.exec(5)`.
+
+        Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the
+        password needed to access the livebook site) or {env}`LIVEBOOK_COOKIE`
+        (which is used to specify the
+        [cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security)
+        used to connect to the running Elixir system) may be passed to the
+        service without making them readable to everyone with access to
+        systemctl by using this configuration parameter.
+
+        Note that this file needs to be available on the host on which
+        `livebook` is running.
+
+        For security purposes, this file should contain at least
+        {env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`.
+
+        See the [Livebook
+        documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
+        and the [](#opt-services.livebook.environment) configuration parameter
+        for further options.
+      '';
+      example = "/var/lib/livebook.env";
+    };
+
     extraPackages = mkOption {
       type = with types; listOf package;
       default = [ ];
@@ -81,17 +87,12 @@ in
       serviceConfig = {
         Restart = "always";
         EnvironmentFile = cfg.environmentFile;
-        ExecStart =
-          let
-            args = lib.cli.toGNUCommandLineShell { } ({
-              inherit (cfg) port;
-              ip = cfg.address;
-              name = cfg.erlang_node_name;
-              sname = cfg.erlang_node_short_name;
-            } // cfg.options);
-          in
-            "${cfg.package}/bin/livebook server ${args}";
+        ExecStart = "${cfg.package}/bin/livebook start";
+        KillMode = "mixed";
       };
+      environment = mapAttrs (name: value:
+        if isBool value then boolToString value else toString value)
+        cfg.environment;
       path = [ pkgs.bash ] ++ cfg.extraPackages;
       wantedBy = [ "default.target" ];
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-09 08:17:25 +0000