diff options
| -rw-r--r-- | module-list.nix | 2 | ||||
| -rw-r--r-- | modules/services/upmpdcli.nix (renamed from modules/upmpdcli.nix) | 20 |
2 files changed, 13 insertions, 9 deletions
diff --git a/module-list.nix b/module-list.nix index 8885c39..c24ae39 100644 --- a/module-list.nix +++ b/module-list.nix @@ -5,7 +5,7 @@ ./modules/overlays.nix ./modules/services/mosquitto.nix ./modules/services/snapclient.nix - ./modules/upmpdcli.nix + ./modules/services/upmpdcli.nix ./modules/users.nix ./modules/yubikey.nix ] diff --git a/modules/upmpdcli.nix b/modules/services/upmpdcli.nix index 5b83a2f..d301a49 100644 --- a/modules/upmpdcli.nix +++ b/modules/services/upmpdcli.nix @@ -2,7 +2,7 @@ with lib; let - cfg = config.services.upmpdcli; + cfg = config.eth.services.upmpdcli; cacheDir = "upmpdcli"; @@ -20,12 +20,12 @@ let ''; in { - options.services.upmpdcli = { + options.eth.services.upmpdcli = { enable = mkEnableOption "Run upmpdcli server"; friendlyName = mkOption { type = types.str; - default = "UpMpd"; + default = "UpMpd (${config.networking.hostName})"; description = "Friendly Name used for UPnP discovery."; }; @@ -54,10 +54,6 @@ in { }; config = mkIf cfg.enable { - environment.systemPackages = [ - pkgs.eth.upmpdcli - ]; - systemd.services.upmpdcli = { enable = true; description = ""; @@ -66,12 +62,20 @@ in { wantedBy = [ "multi-user.target" ]; path = [ pkgs.openssl pkgs.python3 ]; serviceConfig = { - DynamicUser = "yes"; + DynamicUser = true; + CacheDirectory = cacheDir; + Type = "simple"; ExecStart="${pkgs.eth.upmpdcli}/bin/upmpdcli -c ${upmpdConf}"; Restart = "always"; RestartSec = "1min"; + + NoNewPrivileges = true; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; }; }; }; |