2 files changed, 22 insertions, 3 deletions

diff --git a/nixos/modules/services/catbus-snapcast.nix b/nixos/modules/services/catbus-snapcast.nix
index 8ee8301..3f6cd92 100644
--- a/nixos/modules/services/catbus-snapcast.nix
+++ b/nixos/modules/services/catbus-snapcast.nix
@@ -42,7 +42,7 @@ in {
 
 
   config = mkIf cfg.enable {
-    systemd.services.catbus-snapcast-bridge = {
+    systemd.services.catbus-snapcast-actuator = {
       enable = true;
       description = "Control Snapcast via Catbus";
       wants = [ "network.target" ];
@@ -51,7 +51,26 @@ in {
       serviceConfig = {
         DynamicUser = true;
 
-        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}";
+        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-actuator --config-path ${configJSON}";
+
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces = true;
+      };
+    };
+    systemd.services.catbus-snapcast-observer = {
+      enable = true;
+      description = "Observe Snapcast for Catbus";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+
+        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-observer --config-path ${configJSON}";
 
         NoNewPrivileges = true;
         ProtectKernelTunables = true;
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 0d59ad8..084c35b 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -13,7 +13,7 @@ let
   };
   catbus-snapcast = builtins.fetchGit {
     url = "https://github.com/ethulhu/catbus-snapcast";
-    rev = "74b35c929a1f6d80b0cdab57e4fb9fba26d9e2d1";
+    rev = "841ab669dad089948834aa7c93deee726f3a4b70";
   };
   catbus-wakeonlan = builtins.fetchGit {
     url = "https://github.com/ethulhu/catbus-wakeonlan";