nixpkgs/nixos/modules/services/development/hoogle.nix
Nathan van Doorn 12c3e0a465 nixos/services/hoogle use DynamicUser instead of nobody
I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
2020-11-30 13:36:19 +00:00

75 lines
1.6 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hoogle;
hoogleEnv = pkgs.buildEnv {
name = "hoogle";
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
};
in {
options.services.hoogle = {
enable = mkEnableOption "Haskell documentation server";
port = mkOption {
type = types.int;
default = 8080;
description = ''
Port number Hoogle will be listening to.
'';
};
packages = mkOption {
default = hp: [];
defaultText = "hp: []";
example = "hp: with hp; [ text lens ]";
description = ''
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the <varname>haskellPackages</varname> option as its sole parameter and
returns a list of packages.
'';
};
haskellPackages = mkOption {
description = "Which haskell package set to use.";
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
};
home = mkOption {
type = types.str;
description = "Url for hoogle logo";
default = "https://hoogle.haskell.org";
};
};
config = mkIf cfg.enable {
systemd.services.hoogle = {
description = "Haskell documentation server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home}'';
DynamicUser = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";
WorkingDirectory = "%t/hoogle";
};
};
};
}