From a820823edf4902f5d1e88541a83e54ed3332ea7a Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Tue, 16 Aug 2016 00:04:00 +0200
Subject: modules/starbound: Flesh out safeScripts options

I'm not sure whether this was a single setting in the configuration file
prior to Starbound version 1.0 but it has more settings now that affect
how those safety checks are performed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 modules/services/starbound.nix | 53 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 10 deletions(-)

(limited to 'modules/services')

diff --git a/modules/services/starbound.nix b/modules/services/starbound.nix
index 0058cda0..b7275593 100644
--- a/modules/services/starbound.nix
+++ b/modules/services/starbound.nix
@@ -35,12 +35,18 @@ let
     }) cfg.users;
 
     inherit (cfg)
-      allowAssetsMismatch maxPlayers maxTeamSize safeScripts serverName
-      serverFidelity;
+      allowAssetsMismatch maxPlayers maxTeamSize serverName serverFidelity;
 
     clearPlayerFiles = false;
     clearUniverseFiles = false;
 
+    safeScripts = cfg.safeScripts.enable;
+    scriptInstructionLimit = cfg.safeScripts.instructionLimit;
+    scriptInstructionMeasureInterval =
+      cfg.safeScripts.instructionMeasureInterval;
+    scriptProfilingEnabled = cfg.safeScripts.profiling.enable;
+    scriptRecursionLimit = cfg.safeScripts.recursionLimit;
+
     gameServerBind = cfg.bind;
     gameServerPort = cfg.port;
 
@@ -231,14 +237,41 @@ in {
       };
     } // mkListenerOptions "query server" 21025;
 
-    safeScripts = mkOption {
-      type = types.bool;
-      default = true;
-      # XXX: The description is just a guess and we need to find out what this
-      # really does.
-      description = ''
-        This is to make sure scripts can't call unsafe functions.
-      '';
+    safeScripts = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Enable certain limitations of LUA scripts.
+        '';
+      };
+
+      instructionLimit = mkOption {
+        type = types.int;
+        default = 10000000;
+        description = ''
+          The maximum amount of instructions a LUA function can have.
+        '';
+      };
+
+      instructionMeasureInterval = mkOption {
+        type = types.int;
+        default = 10000;
+        description = ''
+          The amount of milliseconds to wait between consecutive checks of the
+          <option>instructionLimit</option> on LUA scripts.
+        '';
+      };
+
+      recursionLimit = mkOption {
+        type = types.int;
+        default = 100;
+        description = ''
+          Maximum depth of recursion for LUA scripts.
+        '';
+      };
+
+      profiling.enable = mkEnableOption "LUA script profiling";
     };
 
     serverName = mkOption {
-- 
cgit 1.4.1