nixpkgs-suyu/nixos/modules/services/development/hoogle.nix
Joachim Fasting 2e7b0bbd22
hoogle service: fixups
Basic hardening
- Run as nobody:nogroup with a private /tmp, /home & /run/user
- Create working directory under /run (hoogle insists on writing to cwd
  and otherwise returns "something went wrong" to every query)

Option tweaks
- Provide a default for the haskellPackage option
- Set text values for defaults
- Move hoogleEnv to the top-level & simplify it
2016-04-22 03:58:08 +02:00

70 lines
1.5 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hoogle;
hoogleEnv = pkgs.buildEnv {
name = "hoogle";
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
};
in {
options.services.hoogle = {
enable = mkEnableOption "Haskell documentation server";
port = mkOption {
type = types.int;
default = 8080;
description = ''
Port number Hoogle will be listening to.
'';
};
packages = mkOption {
default = hp: [];
defaultText = "hp: []";
example = "hp: with hp; [ text lens ]";
description = ''
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the <varname>haskellPackages</varname> option as its sole parameter and
returns a list of packages.
'';
};
haskellPackages = mkOption {
description = "Which haskell package set to use.";
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
};
};
config = mkIf cfg.enable {
systemd.services.hoogle = {
description = "Haskell documentation server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
User = "nobody";
Group = "nogroup";
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";
WorkingDirectory = "%t/hoogle";
};
};
};
}