| blob | ca227e2ad22c329aacd3e8493d0c670164d15536 |
1 { config, lib, pkgs, ... }:
2 let
3 cfg = config.services.livebook;
4 in
5 {
6 options.services.livebook = {
7 # Since livebook doesn't have a granular permission system (a user
8 # either has access to all the data or none at all), the decision
9 # was made to run this as a user service. If that changes in the
10 # future, this can be changed to a system service.
11 enableUserService = lib.mkEnableOption "a user service for Livebook";
13 package = lib.mkPackageOption pkgs "livebook" { };
15 environment = lib.mkOption {
16 type = with lib.types; attrsOf (nullOr (oneOf [ bool int str ]));
17 default = { };
18 description = ''
19 Environment variables to set.
21 Livebook is configured through the use of environment variables. The
22 available configuration options can be found in the [Livebook
23 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables).
25 Note that all environment variables set through this configuration
26 parameter will be readable by anyone with access to the host
27 machine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD`
28 or {env}`LIVEBOOK_COOKIE` should never be set using this configuration
29 option, but should instead use
30 [](#opt-services.livebook.environmentFile). See the documentation for
31 that option for more information.
33 Any environment variables specified in the
34 [](#opt-services.livebook.environmentFile) will supersede environment
35 variables specified in this option.
36 '';
38 example = lib.literalExpression ''
39 {
40 LIVEBOOK_PORT = 8080;
41 }
42 '';
43 };
45 environmentFile = lib.mkOption {
46 type = with lib.types; nullOr lib.types.path;
47 default = null;
48 description = ''
49 Additional environment file as defined in {manpage}`systemd.exec(5)`.
51 Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the
52 password needed to access the livebook site) or {env}`LIVEBOOK_COOKIE`
53 (which is used to specify the
54 [cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security)
55 used to connect to the running Elixir system) may be passed to the
56 service without making them readable to everyone with access to
57 systemctl by using this configuration parameter.
59 Note that this file needs to be available on the host on which
60 `livebook` is running.
62 For security purposes, this file should contain at least
63 {env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`.
65 See the [Livebook
66 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
67 and the [](#opt-services.livebook.environment) configuration parameter
68 for further options.
69 '';
70 example = "/var/lib/livebook.env";
71 };
73 extraPackages = lib.mkOption {
74 type = with lib.types; listOf package;
75 default = [ ];
76 description = ''
77 Extra packages to make available to the Livebook service.
78 '';
79 example = lib.literalExpression "with pkgs; [ gcc gnumake ]";
80 };
81 };
83 config = lib.mkIf cfg.enableUserService {
84 systemd.user.services.livebook = {
85 serviceConfig = {
86 Restart = "always";
87 EnvironmentFile = cfg.environmentFile;
88 ExecStart = "${cfg.package}/bin/livebook start";
89 KillMode = "mixed";
91 # Fix for the issue described here:
92 # https://github.com/livebook-dev/livebook/issues/2691
93 #
94 # Without this, the livebook service fails to start and gets
95 # stuck running a `cat /dev/urandom | tr | fold` pipeline.
96 IgnoreSIGPIPE = false;
97 };
98 environment = lib.mapAttrs (name: value:
99 if lib.isBool value then lib.boolToString value else toString value)
100 cfg.environment;
101 path = [ pkgs.bash ] ++ cfg.extraPackages;
102 wantedBy = [ "default.target" ];
103 };
104 };
106 meta = {
107 doc = ./livebook.md;
108 maintainers = with lib.maintainers; [ munksgaard scvalex ];
109 };
110 }