| blob | 7a6ba52a179cc34d05500646981e90958ed3c263 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
7 let
8 cfg = config.services.livebook;
9 in
10 {
11 options.services.livebook = {
12 # Since livebook doesn't have a granular permission system (a user
13 # either has access to all the data or none at all), the decision
14 # was made to run this as a user service. If that changes in the
15 # future, this can be changed to a system service.
16 enableUserService = lib.mkEnableOption "a user service for Livebook";
18 package = lib.mkPackageOption pkgs "livebook" { };
20 environment = lib.mkOption {
21 type =
22 with lib.types;
23 attrsOf (
24 nullOr (oneOf [
25 bool
26 int
27 str
28 ])
29 );
30 default = { };
31 description = ''
32 Environment variables to set.
34 Livebook is configured through the use of environment variables. The
35 available configuration options can be found in the [Livebook
36 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables).
38 Note that all environment variables set through this configuration
39 parameter will be readable by anyone with access to the host
40 machine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD`
41 or {env}`LIVEBOOK_COOKIE` should never be set using this configuration
42 option, but should instead use
43 [](#opt-services.livebook.environmentFile). See the documentation for
44 that option for more information.
46 Any environment variables specified in the
47 [](#opt-services.livebook.environmentFile) will supersede environment
48 variables specified in this option.
49 '';
51 example = lib.literalExpression ''
52 {
53 LIVEBOOK_PORT = 8080;
54 }
55 '';
56 };
58 environmentFile = lib.mkOption {
59 type = with lib.types; nullOr lib.types.path;
60 default = null;
61 description = ''
62 Additional environment file as defined in {manpage}`systemd.exec(5)`.
64 Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the
65 password needed to access the livebook site) or {env}`LIVEBOOK_COOKIE`
66 (which is used to specify the
67 [cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security)
68 used to connect to the running Elixir system) may be passed to the
69 service without making them readable to everyone with access to
70 systemctl by using this configuration parameter.
72 Note that this file needs to be available on the host on which
73 `livebook` is running.
75 For security purposes, this file should contain at least
76 {env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`.
78 See the [Livebook
79 documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
80 and the [](#opt-services.livebook.environment) configuration parameter
81 for further options.
82 '';
83 example = "/var/lib/livebook.env";
84 };
86 extraPackages = lib.mkOption {
87 type = with lib.types; listOf package;
88 default = [ ];
89 description = ''
90 Extra packages to make available to the Livebook service.
91 '';
92 example = lib.literalExpression "with pkgs; [ gcc gnumake ]";
93 };
94 };
96 config = lib.mkIf cfg.enableUserService {
97 systemd.user.services.livebook = {
98 serviceConfig = {
99 Restart = "always";
100 EnvironmentFile = cfg.environmentFile;
101 ExecStart = "${cfg.package}/bin/livebook start";
102 KillMode = "mixed";
104 # Fix for the issue described here:
105 # https://github.com/livebook-dev/livebook/issues/2691
106 #
107 # Without this, the livebook service fails to start and gets
108 # stuck running a `cat /dev/urandom | tr | fold` pipeline.
109 IgnoreSIGPIPE = false;
110 };
111 environment = lib.mapAttrs (
112 name: value: if lib.isBool value then lib.boolToString value else toString value
113 ) cfg.environment;
114 path = [ pkgs.bash ] ++ cfg.extraPackages;
115 wantedBy = [ "default.target" ];
116 };
117 };
119 meta = {
120 doc = ./livebook.md;
121 maintainers = with lib.maintainers; [
122 munksgaard
123 scvalex
124 ];
125 };
126 }