diff options
Diffstat (limited to 'modules/services')
| -rw-r--r-- | modules/services/catbus-bridge-snapcast.nix | 93 | ||||
| -rw-r--r-- | modules/services/dlnatoad.nix | 49 | ||||
| -rw-r--r-- | modules/services/helix-player.nix | 54 | ||||
| -rw-r--r-- | modules/services/mosquitto.nix | 90 | ||||
| -rw-r--r-- | modules/services/snapclient.nix | 44 | ||||
| -rw-r--r-- | modules/services/ssh.nix | 29 | ||||
| -rw-r--r-- | modules/services/upmpdcli.nix | 82 |
7 files changed, 0 insertions, 441 deletions
diff --git a/modules/services/catbus-bridge-snapcast.nix b/modules/services/catbus-bridge-snapcast.nix deleted file mode 100644 index 6e7badf..0000000 --- a/modules/services/catbus-bridge-snapcast.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.catbus-bridge-snapcast; - - configJSON = pkgs.writeText "config.json" '' - { - "broker_host": "${cfg.mqttBroker.host}", - "broker_port": ${toString cfg.mqttBroker.port}, - - "snapserver_host": "${cfg.snapserver.host}", - "snapserver_port": ${toString cfg.snapserver.port}, - - "topic_input": "${cfg.topics.input}", - - "snapcast_group_id": "${cfg.snapcastGroupID}" - } - ''; - -in { - - options.eth.services.catbus-bridge-snapcast = { - - enable = mkEnableOption "Whether to enable the Catbus Snapcast bridge"; - - mqttBroker = { - host = mkOption { - type = types.str; - description = "Host of the MQTT broker."; - example = "localhost"; - }; - port = mkOption { - type = types.int; - description = "Port of the MQTT broker."; - default = 1883; - }; - }; - - snapserver = { - host = mkOption { - type = types.str; - description = "Host of the Snapserver."; - example = "localhost"; - }; - port = mkOption { - type = types.int; - description = "Port of the Snapserver."; - default = 1705; - }; - }; - - topics = { - input = mkOption { - type = types.str; - description = "MQTT topic for controlling the Snapcast group input"; - example = "home/house/speakers/input_enum"; - }; - }; - - snapcastGroupID = mkOption { - type = types.str; - description = "The ID of the Snapcast group to control"; - example = "352aba34-0ba8-8a4e-9f46-cb634b1c800a"; - }; - }; - - - config = mkIf cfg.enable { - systemd.services.catbus-bridge-snapcast = { - enable = true; - description = "Control Snapcast via Catbus"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - - ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}"; - - NoNewPrivileges = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6"; - RestrictNamespaces = true; - }; - }; - }; - -} - diff --git a/modules/services/dlnatoad.nix b/modules/services/dlnatoad.nix deleted file mode 100644 index 8f50c72..0000000 --- a/modules/services/dlnatoad.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.dlnatoad; - - systemdDirectoryName = "dlnatoad"; - cacheDirectory = "/var/cache/${systemdDirectoryName}"; - -in { - - options.eth.services.dlnatoad = { - enable = mkEnableOption "Whether to enable DLNAtoad"; - - directories = mkOption { - type = types.listOf types.str; - default = []; - description = "A list of paths to index & serve."; - example = [ "/mnt/md0/media" ]; - }; - }; - - - config = mkIf cfg.enable { - systemd.services.dlnatoad = { - enable = true; - description = "DLNAtoad UPnP ContentDirectory service"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.ffmpeg ]; - serviceConfig = { - DynamicUser = true; - - CacheDirectory = systemdDirectoryName; - - ExecStart = "${pkgs.eth.dlnatoad}/bin/dlnatoad ${concatStringsSep " " cfg.directories} --db ${cacheDirectory}/db --thumbs ${cacheDirectory} --verbose"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; - -} - diff --git a/modules/services/helix-player.nix b/modules/services/helix-player.nix deleted file mode 100644 index 977e263..0000000 --- a/modules/services/helix-player.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.helix-player; - - systemdDirectoryName = "helix-player"; - runtimeDirectory = "/run/${systemdDirectoryName}"; - socket = "${runtimeDirectory}/listen.sock"; - -in { - - options.eth.services.helix-player = { - - enable = mkEnableOption "Whether to enable helix-player"; - - socket = mkOption { - type = types.str; - readOnly = true; - description = "Path of the UNIX socket to listen on."; - example = socket; - }; - }; - - - config = mkIf cfg.enable { - - eth.services.helix-player.socket = socket; - - systemd.services.helix-player = { - enable = true; - description = "Helix UPnP player & controller"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - Group = config.services.nginx.group; - - RuntimeDirectory = systemdDirectoryName; - - ExecStart = "${pkgs.eth.helix}/bin/helix-player -socket ${socket}"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; - -} diff --git a/modules/services/mosquitto.nix b/modules/services/mosquitto.nix deleted file mode 100644 index fecf8a4..0000000 --- a/modules/services/mosquitto.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.mosquitto; - - systemdDirectoryName = "mosquitto"; - stateDirectory = "/var/lib/${systemdDirectoryName}"; - runtimeDirectory = "/run/${systemdDirectoryName}"; - - mosquittoConf = pkgs.writeText "mosquitto.conf" '' - ${optionalString cfg.mqtt.enable '' - listener ${toString cfg.mqtt.port} ${optionalString (cfg.mqtt.host != "") cfg.mqtt.host} - ''} - - ${optionalString cfg.websockets.enable '' - listener ${toString cfg.websockets.port} ${optionalString (cfg.websockets.host != "") cfg.websockets.host} - protocol websockets - ''} - - ${optionalString cfg.persistence '' - persistence true - persistence_location ${stateDirectory}/ - ''} - ''; - -in { - - options.eth.services.mosquitto = { - - enable = mkEnableOption "Whether to enable mosquitto."; - - persistence = mkOption { - type = types.bool; - default = true; - }; - - mqtt = { - enable = mkEnableOption "Whether to listen on unencrypted MQTT."; - host = mkOption { - type = types.str; - default = ""; - example = "10.11.12.14"; - }; - port = mkOption { - type = types.int; - default = 1883; - }; - }; - - websockets = { - enable = mkEnableOption "Whether to listen on unencrypted Websockets."; - host = mkOption { - type = types.str; - default = ""; - example = "10.11.12.14"; - }; - port = mkOption { - type = types.int; - default = 1884; - }; - }; - - }; - - config = mkIf cfg.enable { - - systemd.services.mosquitto = { - enable = true; - description = "Mosquitto MQTT broker"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - RuntimeDirectory = systemdDirectoryName; - StateDirectory = systemdDirectoryName; - ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}"; - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; - RestrictNamespaces = true; - }; - }; - }; -} diff --git a/modules/services/snapclient.nix b/modules/services/snapclient.nix deleted file mode 100644 index 9f93131..0000000 --- a/modules/services/snapclient.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.snapclient; - -in { - - options.eth.services.snapclient = { - - enable = mkEnableOption "Whether to enable snapclient."; - - hostID = mkOption { - type = types.str; - default = config.networking.hostName; - description = "The name to give to the snapserver."; - example = "Living Room"; - }; - }; - - config = mkIf cfg.enable { - - systemd.services.snapclient = { - enable = true; - description = "Snapcast client"; - wants = [ "network.target" "sound.target" ]; - after = [ "network.target" "sound.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = "yes"; - Group = "audio"; - ExecStart = "${pkgs.snapcast}/bin/snapclient --hostID ${escapeShellArg cfg.hostID}"; - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; - RestrictNamespaces = true; - }; - }; - }; -} diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix deleted file mode 100644 index d965472..0000000 --- a/modules/services/ssh.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.ssh; - -in { - options.eth.services.ssh = { - enable = mkEnableOption "Whether to enable SSHd with Eth's defaults."; - - passwordAuthentication = mkOption { - type = types.bool; - default = false; - description = "Whether to allow password authentication. Occasionally useful, used sparingly."; - }; - }; - - config = mkIf cfg.enable { - - security.pam.enableSSHAgentAuth = true; - security.pam.services.sudo.sshAgentAuth = true; - - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = cfg.passwordAuthentication; - }; - }; -} diff --git a/modules/services/upmpdcli.nix b/modules/services/upmpdcli.nix deleted file mode 100644 index d301a49..0000000 --- a/modules/services/upmpdcli.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.upmpdcli; - - cacheDir = "upmpdcli"; - - upmpdConf = pkgs.writeText "upmpd.conf" '' - cachedir = /var/cache/${cacheDir} - - friendlyname = ${cfg.friendlyName} - - mpdhost = ${cfg.mpd.host} - mpdport = ${toString cfg.mpd.port} - - ${optionalString (cfg.mpd.password != "") "${cfg.mpd.password}"} - - ${cfg.extraConfig} - ''; - -in { - options.eth.services.upmpdcli = { - enable = mkEnableOption "Run upmpdcli server"; - - friendlyName = mkOption { - type = types.str; - default = "UpMpd (${config.networking.hostName})"; - description = "Friendly Name used for UPnP discovery."; - }; - - mpd = { - host = mkOption { - type = types.str; - default = config.services.mpd.network.listenAddress; - description = "Host of the MPD server."; - }; - port = mkOption { - type = types.int; - default = config.services.mpd.network.port; - description = "Port of the MPD server."; - }; - password = mkOption { - type = types.str; - default = ""; - description = "Password of the MPD server."; - }; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - }; - }; - - config = mkIf cfg.enable { - systemd.services.upmpdcli = { - enable = true; - description = ""; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.openssl pkgs.python3 ]; - serviceConfig = { - DynamicUser = true; - - CacheDirectory = cacheDir; - - Type = "simple"; - ExecStart="${pkgs.eth.upmpdcli}/bin/upmpdcli -c ${upmpdConf}"; - Restart = "always"; - RestartSec = "1min"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; -} |