diff options
| author | Ethel Morgan <eth@ethulhu.co.uk> | 2020-06-30 00:18:03 +0100 |
|---|---|---|
| committer | Ethel Morgan <eth@ethulhu.co.uk> | 2020-06-30 00:18:03 +0100 |
| commit | 6f6eb2c66dc4eadd9280e892de508593d7ed35d3 (patch) | |
| tree | 4a026f1e92b983407b1ecc7ae1791695e0c396cd /nixos/modules/services/catbus-snapcast.nix | |
| parent | 8710105f65154d19f7c65be10dd95b0e4ccab63b (diff) | |
update {pkgs,eth.services}.catbus-snapcast
Diffstat (limited to 'nixos/modules/services/catbus-snapcast.nix')
| -rw-r--r-- | nixos/modules/services/catbus-snapcast.nix | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/nixos/modules/services/catbus-snapcast.nix b/nixos/modules/services/catbus-snapcast.nix index 8ee8301..3f6cd92 100644 --- a/nixos/modules/services/catbus-snapcast.nix +++ b/nixos/modules/services/catbus-snapcast.nix @@ -42,7 +42,7 @@ in { config = mkIf cfg.enable { - systemd.services.catbus-snapcast-bridge = { + systemd.services.catbus-snapcast-actuator = { enable = true; description = "Control Snapcast via Catbus"; wants = [ "network.target" ]; @@ -51,7 +51,26 @@ in { serviceConfig = { DynamicUser = true; - ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}"; + ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-actuator --config-path ${configJSON}"; + + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6"; + RestrictNamespaces = true; + }; + }; + systemd.services.catbus-snapcast-observer = { + enable = true; + description = "Observe Snapcast for Catbus"; + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + + ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-observer --config-path ${configJSON}"; NoNewPrivileges = true; ProtectKernelTunables = true; |