2 files changed, 45 insertions, 1 deletions

diff --git a/module-list.nix b/module-list.nix
index 401dea6..c0bb715 100644
--- a/module-list.nix
+++ b/module-list.nix
@@ -1,8 +1,9 @@
 [
-  ./modules/keyboard.nix
   ./modules/helix-player.nix
+  ./modules/keyboard.nix
   ./modules/linode.nix
   ./modules/overlays.nix
+  ./modules/services/snapclient.nix
   ./modules/upmpdcli.nix
   ./modules/users.nix
   ./modules/yubikey.nix
diff --git a/modules/services/snapclient.nix b/modules/services/snapclient.nix
new file mode 100644
index 0000000..4fdf266
--- /dev/null
+++ b/modules/services/snapclient.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+  cfg = config.eth.services.snapclient;
+
+in {
+
+  options.eth.services.snapclient = {
+
+    enable = mkEnableOption "Whether to enable snapclient.";
+
+    hostID = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = "The name to give to the snapserver.";
+      example = "Living Room";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.snapclient = {
+      enable = true;
+      description = "Snapcast client";
+      wants = [ "network.target" "sound.target" ];
+      after = [ "network.target" "sound.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = "yes";
+        Group = "audio";
+        ExecStart = "${pkgs.snapcast}/bin/snapclient --hostID ${escapeShellArg cfg.hostID}";
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictNamespaces = true;
+      };
+    };
+  };
+}