diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-31 12:01:11 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-31 12:01:11 +0000 |
commit | 2fd5f8dd7ad6c3a83bc960b6ea1f6903141270ea (patch) | |
tree | 0819b18b40dde68605e6ef74185ce789ce3e0d70 /nixos | |
parent | 97868dae8e43d4d915e232649acf575bad87e0f6 (diff) | |
parent | 2a3e5c787282bad03fe143e20021dbc1613e5476 (diff) |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2311.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/image/repart.nix | 4 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/development/livebook.md | 39 | ||||
-rw-r--r-- | nixos/modules/services/development/livebook.nix | 90 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
-rw-r--r-- | nixos/tests/freetube.nix | 41 | ||||
-rw-r--r-- | nixos/tests/livebook-service.nix | 43 |
8 files changed, 219 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 2d2becd0dfc56..faa3428dd0ee6 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -72,6 +72,8 @@ - [LibreNMS](https://www.librenms.org), a auto-discovering PHP/MySQL/SNMP based network monitoring. Available as [services.librenms](#opt-services.librenms.enable). +- [Livebook](https://livebook.dev/), an interactive notebook with support for Elixir, graphs, machine learning, and more. + - [sitespeed-io](https://sitespeed.io), a tool that can generate metrics (timings, diagnostics) for websites. Available as [services.sitespeed-io](#opt-services.sitespeed-io.enable). - [stalwart-mail](https://stalw.art), an all-in-one email server (SMTP, IMAP, JMAP). Available as [services.stalwart-mail](#opt-services.stalwart-mail.enable). diff --git a/nixos/modules/image/repart.nix b/nixos/modules/image/repart.nix index e567485c9d342..926791d857012 100644 --- a/nixos/modules/image/repart.nix +++ b/nixos/modules/image/repart.nix @@ -90,9 +90,7 @@ in package = lib.mkPackageOption pkgs "systemd-repart" { default = "systemd"; - example = lib.literalExpression '' - pkgs.systemdMinimal.override { withCryptsetup = true; } - ''; + example = "pkgs.systemdMinimal.override { withCryptsetup = true; }"; }; partitions = lib.mkOption { diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bfac651f5a815..4949eb6f298e3 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -485,6 +485,7 @@ ./services/development/hoogle.nix ./services/development/jupyter/default.nix ./services/development/jupyterhub/default.nix + ./services/development/livebook.nix ./services/development/lorri.nix ./services/development/rstudio-server/default.nix ./services/development/zammad.nix diff --git a/nixos/modules/services/development/livebook.md b/nixos/modules/services/development/livebook.md new file mode 100644 index 0000000000000..73ddc57f6179a --- /dev/null +++ b/nixos/modules/services/development/livebook.md @@ -0,0 +1,39 @@ +# Livebook {#module-services-livebook} + +[Livebook](https://livebook.dev/) is a web application for writing +interactive and collaborative code notebooks. + +## Basic Usage {#module-services-livebook-basic-usage} + +Enabling the `livebook` service creates a user +[`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) unit +which runs the server. + +``` +{ ... }: + +{ + services.livebook = { + enableUserService = true; + port = 20123; + # See note below about security + environmentFile = pkgs.writeText "livebook.env" '' + LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + ''; + }; +} +``` + +::: {.note} + +The Livebook server has the ability to run any command as the user it +is running under, so securing access to it with a password is highly +recommended. + +Putting the password in the Nix configuration like above is an easy +way to get started but it is not recommended in the real world because +the `livebook.env` file will be added to the world-readable Nix store. +A better approach would be to put the password in some secure +user-readable location and set `environmentFile = /home/user/secure/livebook.env`. + +::: diff --git a/nixos/modules/services/development/livebook.nix b/nixos/modules/services/development/livebook.nix new file mode 100644 index 0000000000000..3991a4125ec39 --- /dev/null +++ b/nixos/modules/services/development/livebook.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.livebook; +in +{ + options.services.livebook = { + # Since livebook doesn't have a granular permission system (a user + # either has access to all the data or none at all), the decision + # was made to run this as a user service. If that changes in the + # future, this can be changed to a system service. + enableUserService = mkEnableOption "a user service for Livebook"; + + environmentFile = mkOption { + type = types.path; + description = lib.mdDoc '' + Environment file as defined in {manpage}`systemd.exec(5)` passed to the service. + + This must contain at least `LIVEBOOK_PASSWORD` or + `LIVEBOOK_TOKEN_ENABLED=false`. See `livebook server --help` + for other options.''; + }; + + erlang_node_short_name = mkOption { + type = with types; nullOr str; + default = null; + example = "livebook"; + description = "A short name for the distributed node."; + }; + + erlang_node_name = mkOption { + type = with types; nullOr str; + default = null; + example = "livebook@127.0.0.1"; + description = "The name for the app distributed node."; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "The port to start the web application on."; + }; + + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = lib.mdDoc '' + The address to start the web application on. Must be a valid IPv4 or + IPv6 address. + ''; + }; + + options = mkOption { + type = with types; attrsOf str; + default = { }; + description = lib.mdDoc '' + Additional options to pass as command-line arguments to the server. + ''; + example = literalExpression '' + { + cookie = "a value shared by all nodes in this cluster"; + } + ''; + }; + }; + + config = mkIf cfg.enableUserService { + systemd.user.services.livebook = { + serviceConfig = { + Restart = "always"; + EnvironmentFile = cfg.environmentFile; + ExecStart = + let + args = lib.cli.toGNUCommandLineShell { } ({ + inherit (cfg) port; + ip = cfg.address; + name = cfg.erlang_node_name; + sname = cfg.erlang_node_short_name; + } // cfg.options); + in + "${pkgs.livebook}/bin/livebook server ${args}"; + }; + path = [ pkgs.bash ]; + wantedBy = [ "default.target" ]; + }; + }; + + meta.doc = ./livebook.md; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2f6d5a8dae889..456efe14464b0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -306,6 +306,7 @@ in { forgejo = handleTest ./forgejo.nix { }; freenet = handleTest ./freenet.nix {}; freeswitch = handleTest ./freeswitch.nix {}; + freetube = discoverTests (import ./freetube.nix); freshrss-sqlite = handleTest ./freshrss-sqlite.nix {}; freshrss-pgsql = handleTest ./freshrss-pgsql.nix {}; frigate = handleTest ./frigate.nix {}; @@ -371,6 +372,7 @@ in { honk = runTest ./honk.nix; installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {}); invidious = handleTest ./invidious.nix {}; + livebook-service = handleTest ./livebook-service.nix {}; oci-containers = handleTestOn ["aarch64-linux" "x86_64-linux"] ./oci-containers.nix {}; odoo = handleTest ./odoo.nix {}; odoo15 = handleTest ./odoo.nix { package = pkgs.odoo15; }; diff --git a/nixos/tests/freetube.nix b/nixos/tests/freetube.nix new file mode 100644 index 0000000000000..f285384b68e0a --- /dev/null +++ b/nixos/tests/freetube.nix @@ -0,0 +1,41 @@ +let + tests = { + wayland = { pkgs, ... }: { + imports = [ ./common/wayland-cage.nix ]; + services.cage.program = "${pkgs.freetube}/bin/freetube"; + virtualisation.memorySize = 2047; + environment.variables.NIXOS_OZONE_WL = "1"; + environment.variables.DISPLAY = "do not use"; + }; + xorg = { pkgs, ... }: { + imports = [ ./common/user-account.nix ./common/x11.nix ]; + virtualisation.memorySize = 2047; + services.xserver.enable = true; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.freetube}/bin/freetube + ''; + test-support.displayManager.auto.user = "alice"; + }; + }; + + mkTest = name: machine: + import ./make-test-python.nix ({ pkgs, ... }: { + inherit name; + nodes = { "${name}" = machine; }; + meta.maintainers = with pkgs.lib.maintainers; [ kirillrdy ]; + enableOCR = true; + + testScript = '' + start_all() + machine.wait_for_unit('graphical.target') + machine.wait_for_text('Your Subscription list is currently empty') + machine.send_key("ctrl-r") + machine.wait_for_text('Your Subscription list is currently empty') + machine.screenshot("main.png") + machine.send_key("ctrl-comma") + machine.wait_for_text('General Settings', timeout=30) + machine.screenshot("preferences.png") + ''; + }); +in +builtins.mapAttrs (k: v: mkTest k v { }) tests diff --git a/nixos/tests/livebook-service.nix b/nixos/tests/livebook-service.nix new file mode 100644 index 0000000000000..9397e3cb75ffa --- /dev/null +++ b/nixos/tests/livebook-service.nix @@ -0,0 +1,43 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "livebook-service"; + + nodes = { + machine = { config, pkgs, ... }: { + imports = [ + ./common/user-account.nix + ]; + + services.livebook = { + enableUserService = true; + port = 20123; + environmentFile = pkgs.writeText "livebook.env" '' + LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; + ''; + options = { + cookie = "chocolate chip"; + }; + }; + }; + }; + + testScript = { nodes, ... }: + let + user = nodes.machine.config.users.users.alice; + sudo = lib.concatStringsSep " " [ + "XDG_RUNTIME_DIR=/run/user/${toString user.uid}" + "sudo" + "--preserve-env=XDG_RUNTIME_DIR" + "-u" + "alice" + ]; + in + '' + machine.wait_for_unit("multi-user.target") + + machine.succeed("loginctl enable-linger alice") + machine.wait_until_succeeds("${sudo} systemctl --user is-active livebook.service") + machine.wait_for_open_port(20123) + + machine.succeed("curl -L localhost:20123 | grep 'Type password'") + ''; +}) |