better mirror upstream nixpkgs layout

author: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:45:44 +0100
committer: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:45:44 +0100
commit: 433a9ffcbddda74b0449eba251246a60221ae7cd (patch)
tree: 94792eabcb1e30b1f452ea18fd9c70e267aa4180 /nixos/modules/services
parent: 1d6f6c4c6f4823d1b969c6309ad2d472441b7b16 (diff)
7 files changed, 441 insertions, 0 deletions
diff --git a/nixos/modules/services/catbus-bridge-snapcast.nix b/nixos/modules/services/catbus-bridge-snapcast.nix
new file mode 100644
index 0000000..6e7badf
--- /dev/null
+++ b/nixos/modules/services/catbus-bridge-snapcast.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+  cfg = config.eth.services.catbus-bridge-snapcast;
+
+  configJSON = pkgs.writeText "config.json" ''
+      {
+        "broker_host": "${cfg.mqttBroker.host}",
+        "broker_port": ${toString cfg.mqttBroker.port},
+
+        "snapserver_host": "${cfg.snapserver.host}",
+        "snapserver_port": ${toString cfg.snapserver.port},
+
+        "topic_input": "${cfg.topics.input}",
+
+        "snapcast_group_id": "${cfg.snapcastGroupID}"
+      }
+  '';
+
+in {
+
+  options.eth.services.catbus-bridge-snapcast = {
+
+    enable = mkEnableOption "Whether to enable the Catbus Snapcast bridge";
+
+    mqttBroker = {
+      host = mkOption {
+        type = types.str;
+        description = "Host of the MQTT broker.";
+        example = "localhost";
+      };
+      port = mkOption {
+        type = types.int;
+        description = "Port of the MQTT broker.";
+        default = 1883;
+      };
+    };
+
+    snapserver = {
+      host = mkOption {
+        type = types.str;
+        description = "Host of the Snapserver.";
+        example = "localhost";
+      };
+      port = mkOption {
+        type = types.int;
+        description = "Port of the Snapserver.";
+        default = 1705;
+      };
+    };
+
+    topics = {
+      input = mkOption {
+        type = types.str;
+        description = "MQTT topic for controlling the Snapcast group input";
+        example = "home/house/speakers/input_enum";
+      };
+    };
+
+    snapcastGroupID = mkOption {
+      type = types.str;
+      description = "The ID of the Snapcast group to control";
+      example = "352aba34-0ba8-8a4e-9f46-cb634b1c800a";
+    };
+  };
+
+
+  config = mkIf cfg.enable {
+    systemd.services.catbus-bridge-snapcast = {
+      enable = true;
+      description = "Control Snapcast via Catbus";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+
+        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}";
+
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces = true;
+      };
+    };
+  };
+
+}
+
diff --git a/nixos/modules/services/dlnatoad.nix b/nixos/modules/services/dlnatoad.nix
new file mode 100644
index 0000000..8f50c72
--- /dev/null
+++ b/nixos/modules/services/dlnatoad.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  cfg = config.eth.services.dlnatoad;
+
+  systemdDirectoryName = "dlnatoad";
+  cacheDirectory = "/var/cache/${systemdDirectoryName}";
+
+in {
+
+  options.eth.services.dlnatoad = {
+    enable = mkEnableOption "Whether to enable DLNAtoad";
+
+    directories = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "A list of paths to index & serve.";
+      example = [ "/mnt/md0/media" ];
+    };
+  };
+
+
+  config = mkIf cfg.enable {
+    systemd.services.dlnatoad = {
+      enable = true;
+      description = "DLNAtoad UPnP ContentDirectory service";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.ffmpeg ];
+      serviceConfig = {
+        DynamicUser = true;
+
+        CacheDirectory = systemdDirectoryName;
+
+        ExecStart = "${pkgs.eth.dlnatoad}/bin/dlnatoad ${concatStringsSep " " cfg.directories} --db ${cacheDirectory}/db --thumbs ${cacheDirectory} --verbose";
+
+        NoNewPrivileges = true;
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+      };
+    };
+  };
+
+}
+
diff --git a/nixos/modules/services/helix-player.nix b/nixos/modules/services/helix-player.nix
new file mode 100644
index 0000000..977e263
--- /dev/null
+++ b/nixos/modules/services/helix-player.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+  cfg = config.eth.services.helix-player;
+
+  systemdDirectoryName = "helix-player";
+  runtimeDirectory = "/run/${systemdDirectoryName}";
+  socket = "${runtimeDirectory}/listen.sock";
+
+in {
+
+  options.eth.services.helix-player = {
+
+    enable = mkEnableOption "Whether to enable helix-player";
+
+    socket = mkOption {
+      type = types.str;
+      readOnly = true;
+      description = "Path of the UNIX socket to listen on.";
+      example = socket;
+    };
+  };
+
+
+  config = mkIf cfg.enable {
+
+    eth.services.helix-player.socket = socket;
+
+    systemd.services.helix-player = {
+      enable = true;
+      description = "Helix UPnP player & controller";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        Group = config.services.nginx.group;
+
+        RuntimeDirectory = systemdDirectoryName;
+
+        ExecStart = "${pkgs.eth.helix}/bin/helix-player -socket ${socket}";
+
+        NoNewPrivileges = true;
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+      };
+    };
+  };
+
+}
diff --git a/nixos/modules/services/mosquitto.nix b/nixos/modules/services/mosquitto.nix
new file mode 100644
index 0000000..fecf8a4
--- /dev/null
+++ b/nixos/modules/services/mosquitto.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+  cfg = config.eth.services.mosquitto;
+
+  systemdDirectoryName = "mosquitto";
+  stateDirectory = "/var/lib/${systemdDirectoryName}";
+  runtimeDirectory = "/run/${systemdDirectoryName}";
+
+  mosquittoConf = pkgs.writeText "mosquitto.conf" ''
+    ${optionalString cfg.mqtt.enable ''
+      listener ${toString cfg.mqtt.port} ${optionalString (cfg.mqtt.host != "") cfg.mqtt.host}
+    ''}
+
+    ${optionalString cfg.websockets.enable ''
+      listener ${toString cfg.websockets.port} ${optionalString (cfg.websockets.host != "") cfg.websockets.host}
+      protocol websockets
+    ''}
+
+    ${optionalString cfg.persistence ''
+      persistence true
+      persistence_location ${stateDirectory}/
+    ''}
+  '';
+
+in {
+
+  options.eth.services.mosquitto = {
+
+    enable = mkEnableOption "Whether to enable mosquitto.";
+
+    persistence = mkOption {
+      type = types.bool;
+      default = true;
+    };
+
+    mqtt = {
+      enable = mkEnableOption "Whether to listen on unencrypted MQTT.";
+      host = mkOption {
+        type = types.str;
+        default = "";
+        example = "10.11.12.14";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 1883;
+      };
+    };
+
+    websockets = {
+      enable = mkEnableOption "Whether to listen on unencrypted Websockets.";
+      host = mkOption {
+        type = types.str;
+        default = "";
+        example = "10.11.12.14";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 1884;
+      };
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.mosquitto = {
+      enable = true;
+      description = "Mosquitto MQTT broker";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        RuntimeDirectory = systemdDirectoryName;
+        StateDirectory = systemdDirectoryName;
+        ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";
+        NoNewPrivileges = true;
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictNamespaces = true;
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/snapclient.nix b/nixos/modules/services/snapclient.nix
new file mode 100644
index 0000000..9f93131
--- /dev/null
+++ b/nixos/modules/services/snapclient.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+  cfg = config.eth.services.snapclient;
+
+in {
+
+  options.eth.services.snapclient = {
+
+    enable = mkEnableOption "Whether to enable snapclient.";
+
+    hostID = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = "The name to give to the snapserver.";
+      example = "Living Room";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.snapclient = {
+      enable = true;
+      description = "Snapcast client";
+      wants = [ "network.target" "sound.target" ];
+      after = [ "network.target" "sound.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = "yes";
+        Group = "audio";
+        ExecStart = "${pkgs.snapcast}/bin/snapclient --hostID ${escapeShellArg cfg.hostID}";
+        NoNewPrivileges = true;
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictNamespaces = true;
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/ssh.nix b/nixos/modules/services/ssh.nix
new file mode 100644
index 0000000..d965472
--- /dev/null
+++ b/nixos/modules/services/ssh.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  cfg = config.eth.services.ssh;
+
+in {
+  options.eth.services.ssh = {
+    enable = mkEnableOption "Whether to enable SSHd with Eth's defaults.";
+
+    passwordAuthentication = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to allow password authentication. Occasionally useful, used sparingly.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    security.pam.enableSSHAgentAuth = true;
+    security.pam.services.sudo.sshAgentAuth = true;
+
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "no";
+      passwordAuthentication = cfg.passwordAuthentication;
+    };
+  };
+}
diff --git a/nixos/modules/services/upmpdcli.nix b/nixos/modules/services/upmpdcli.nix
new file mode 100644
index 0000000..d301a49
--- /dev/null
+++ b/nixos/modules/services/upmpdcli.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  cfg = config.eth.services.upmpdcli;
+
+  cacheDir = "upmpdcli";
+
+  upmpdConf = pkgs.writeText "upmpd.conf" ''
+    cachedir = /var/cache/${cacheDir}
+ 
+    friendlyname = ${cfg.friendlyName}
+
+    mpdhost = ${cfg.mpd.host}
+    mpdport = ${toString cfg.mpd.port}
+
+    ${optionalString (cfg.mpd.password != "") "${cfg.mpd.password}"}
+
+    ${cfg.extraConfig}
+  '';
+
+in {
+  options.eth.services.upmpdcli = {
+    enable = mkEnableOption "Run upmpdcli server";
+
+    friendlyName = mkOption {
+      type = types.str;
+      default = "UpMpd (${config.networking.hostName})";
+      description = "Friendly Name used for UPnP discovery.";
+    };
+
+    mpd = {
+      host = mkOption {
+        type = types.str;
+        default = config.services.mpd.network.listenAddress;
+        description = "Host of the MPD server.";
+      };
+      port = mkOption {
+        type = types.int;
+        default = config.services.mpd.network.port;
+        description = "Port of the MPD server.";
+      };
+      password = mkOption {
+        type = types.str;
+        default = "";
+        description = "Password of the MPD server.";
+      };
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.upmpdcli = {
+      enable = true;
+      description = "";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.openssl pkgs.python3 ];
+      serviceConfig = {
+        DynamicUser = true;
+
+        CacheDirectory = cacheDir;
+
+        Type = "simple";
+        ExecStart="${pkgs.eth.upmpdcli}/bin/upmpdcli -c ${upmpdConf}";
+        Restart = "always";
+        RestartSec = "1min";
+
+        NoNewPrivileges = true;
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+      };
+    };
+  };
+}
author	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:45:44 +0100
committer	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:45:44 +0100
commit	433a9ffcbddda74b0449eba251246a60221ae7cd (patch)
tree	94792eabcb1e30b1f452ea18fd9c70e267aa4180 /nixos/modules/services
parent	1d6f6c4c6f4823d1b969c6309ad2d472441b7b16 (diff)