hoogle service: fixups

Basic hardening
- Run as nobody:nogroup with a private /tmp, /home & /run/user
- Create working directory under /run (hoogle insists on writing to cwd
  and otherwise returns "something went wrong" to every query)

Option tweaks
- Provide a default for the haskellPackage option
- Set text values for defaults
- Move hoogleEnv to the top-level & simplify it
This commit is contained in:
Joachim Fasting 2016-04-22 02:28:29 +02:00
parent 9c0997a0ef
commit 2e7b0bbd22
No known key found for this signature in database
GPG Key ID: 4330820E1E04DCF4

View File

@ -1,22 +1,20 @@
{ config, lib, pkgs, ... }:
# services.hoogle = {
# enable = true;
# packages = hp: with hp; [ text lens ];
# haskellPackages = pkgs.haskellPackages;
# };
with lib;
let
cfg = config.services.hoogle;
ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle;
hoogleEnv = pkgs.buildEnv {
name = "hoogle";
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
};
in {
options.services.hoogle = {
enable = mkEnableOption "Hoogle Documentation service";
enable = mkEnableOption "Haskell documentation server";
port = mkOption {
type = types.int;
@ -28,39 +26,43 @@ in {
packages = mkOption {
default = hp: [];
defaultText = "hp: []";
example = "hp: with hp; [ text lens ]";
description = ''
A function that returns a list of Haskell packages to generate
documentation for.
The Haskell packages to generate documentation for.
The argument will be a Haskell package set provided by the
haskellPackages config option.
The option value is a function that takes the package set specified in
the <varname>haskellPackages</varname> option as its sole parameter and
returns a list of packages.
'';
};
haskellPackages = mkOption {
description = "Which haskell package set to use.";
example = "pkgs.haskellPackages";
type = types.attrs;
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
};
};
config = mkIf cfg.enable {
systemd.services.hoogle = {
description = "Hoogle Haskell documentation search";
description = "Haskell documentation server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart =
let env = cfg.haskellPackages.ghcWithHoogle cfg.packages;
hoogleEnv = pkgs.buildEnv {
name = "hoogleServiceEnv";
paths = [env];
};
in ''
${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}
'';
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
User = "nobody";
Group = "nogroup";
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";
WorkingDirectory = "%t/hoogle";
};
};
};