hoogle service: fixups
Basic hardening - Run as nobody:nogroup with a private /tmp, /home & /run/user - Create working directory under /run (hoogle insists on writing to cwd and otherwise returns "something went wrong" to every query) Option tweaks - Provide a default for the haskellPackage option - Set text values for defaults - Move hoogleEnv to the top-level & simplify it
This commit is contained in:
Joachim Fasting
parent
9c0997a0ef
commit
2e7b0bbd22
|
|
@ -1,22 +1,20 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
# services.hoogle = {
|
|
||||||
# enable = true;
|
|
||||||
# packages = hp: with hp; [ text lens ];
|
|
||||||
# haskellPackages = pkgs.haskellPackages;
|
|
||||||
# };
|
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.services.hoogle;
|
cfg = config.services.hoogle;
|
||||||
ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle;
|
|
||||||
|
hoogleEnv = pkgs.buildEnv {
|
||||||
|
name = "hoogle";
|
||||||
|
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
|
||||||
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options.services.hoogle = {
|
options.services.hoogle = {
|
||||||
enable = mkEnableOption "Hoogle Documentation service";
|
enable = mkEnableOption "Haskell documentation server";
|
||||||
|
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
|
|
@ -28,39 +26,43 @@ in {
|
||||||
|
|
||||||
packages = mkOption {
|
packages = mkOption {
|
||||||
default = hp: [];
|
default = hp: [];
|
||||||
|
defaultText = "hp: []";
|
||||||
example = "hp: with hp; [ text lens ]";
|
example = "hp: with hp; [ text lens ]";
|
||||||
description = ''
|
description = ''
|
||||||
A function that returns a list of Haskell packages to generate
|
The Haskell packages to generate documentation for.
|
||||||
documentation for.
|
|
||||||
|
|
||||||
The argument will be a Haskell package set provided by the
|
The option value is a function that takes the package set specified in
|
||||||
haskellPackages config option.
|
the <varname>haskellPackages</varname> option as its sole parameter and
|
||||||
|
returns a list of packages.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
haskellPackages = mkOption {
|
haskellPackages = mkOption {
|
||||||
description = "Which haskell package set to use.";
|
description = "Which haskell package set to use.";
|
||||||
example = "pkgs.haskellPackages";
|
default = pkgs.haskellPackages;
|
||||||
type = types.attrs;
|
defaultText = "pkgs.haskellPackages";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.services.hoogle = {
|
systemd.services.hoogle = {
|
||||||
description = "Hoogle Haskell documentation search";
|
description = "Haskell documentation server";
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
ExecStart =
|
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
|
||||||
let env = cfg.haskellPackages.ghcWithHoogle cfg.packages;
|
|
||||||
hoogleEnv = pkgs.buildEnv {
|
User = "nobody";
|
||||||
name = "hoogleServiceEnv";
|
Group = "nogroup";
|
||||||
paths = [env];
|
|
||||||
};
|
PrivateTmp = true;
|
||||||
in ''
|
ProtectHome = true;
|
||||||
${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}
|
|
||||||
'';
|
RuntimeDirectory = "hoogle";
|
||||||
|
WorkingDirectory = "%t/hoogle";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user