summaryrefslogtreecommitdiff
path: root/nixos/modules/services
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services')
-rw-r--r--nixos/modules/services/catbus-bridge-snapcast.nix93
-rw-r--r--nixos/modules/services/dlnatoad.nix49
-rw-r--r--nixos/modules/services/helix-player.nix54
-rw-r--r--nixos/modules/services/mosquitto.nix90
-rw-r--r--nixos/modules/services/snapclient.nix44
-rw-r--r--nixos/modules/services/ssh.nix29
-rw-r--r--nixos/modules/services/upmpdcli.nix82
7 files changed, 441 insertions, 0 deletions
diff --git a/nixos/modules/services/catbus-bridge-snapcast.nix b/nixos/modules/services/catbus-bridge-snapcast.nix
new file mode 100644
index 0000000..6e7badf
--- /dev/null
+++ b/nixos/modules/services/catbus-bridge-snapcast.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+ cfg = config.eth.services.catbus-bridge-snapcast;
+
+ configJSON = pkgs.writeText "config.json" ''
+ {
+ "broker_host": "${cfg.mqttBroker.host}",
+ "broker_port": ${toString cfg.mqttBroker.port},
+
+ "snapserver_host": "${cfg.snapserver.host}",
+ "snapserver_port": ${toString cfg.snapserver.port},
+
+ "topic_input": "${cfg.topics.input}",
+
+ "snapcast_group_id": "${cfg.snapcastGroupID}"
+ }
+ '';
+
+in {
+
+ options.eth.services.catbus-bridge-snapcast = {
+
+ enable = mkEnableOption "Whether to enable the Catbus Snapcast bridge";
+
+ mqttBroker = {
+ host = mkOption {
+ type = types.str;
+ description = "Host of the MQTT broker.";
+ example = "localhost";
+ };
+ port = mkOption {
+ type = types.int;
+ description = "Port of the MQTT broker.";
+ default = 1883;
+ };
+ };
+
+ snapserver = {
+ host = mkOption {
+ type = types.str;
+ description = "Host of the Snapserver.";
+ example = "localhost";
+ };
+ port = mkOption {
+ type = types.int;
+ description = "Port of the Snapserver.";
+ default = 1705;
+ };
+ };
+
+ topics = {
+ input = mkOption {
+ type = types.str;
+ description = "MQTT topic for controlling the Snapcast group input";
+ example = "home/house/speakers/input_enum";
+ };
+ };
+
+ snapcastGroupID = mkOption {
+ type = types.str;
+ description = "The ID of the Snapcast group to control";
+ example = "352aba34-0ba8-8a4e-9f46-cb634b1c800a";
+ };
+ };
+
+
+ config = mkIf cfg.enable {
+ systemd.services.catbus-bridge-snapcast = {
+ enable = true;
+ description = "Control Snapcast via Catbus";
+ wants = [ "network.target" ];
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ DynamicUser = true;
+
+ ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}";
+
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6";
+ RestrictNamespaces = true;
+ };
+ };
+ };
+
+}
+
diff --git a/nixos/modules/services/dlnatoad.nix b/nixos/modules/services/dlnatoad.nix
new file mode 100644
index 0000000..8f50c72
--- /dev/null
+++ b/nixos/modules/services/dlnatoad.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+ cfg = config.eth.services.dlnatoad;
+
+ systemdDirectoryName = "dlnatoad";
+ cacheDirectory = "/var/cache/${systemdDirectoryName}";
+
+in {
+
+ options.eth.services.dlnatoad = {
+ enable = mkEnableOption "Whether to enable DLNAtoad";
+
+ directories = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = "A list of paths to index & serve.";
+ example = [ "/mnt/md0/media" ];
+ };
+ };
+
+
+ config = mkIf cfg.enable {
+ systemd.services.dlnatoad = {
+ enable = true;
+ description = "DLNAtoad UPnP ContentDirectory service";
+ wants = [ "network.target" ];
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.ffmpeg ];
+ serviceConfig = {
+ DynamicUser = true;
+
+ CacheDirectory = systemdDirectoryName;
+
+ ExecStart = "${pkgs.eth.dlnatoad}/bin/dlnatoad ${concatStringsSep " " cfg.directories} --db ${cacheDirectory}/db --thumbs ${cacheDirectory} --verbose";
+
+ NoNewPrivileges = true;
+ ProtectHome = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ };
+ };
+ };
+
+}
+
diff --git a/nixos/modules/services/helix-player.nix b/nixos/modules/services/helix-player.nix
new file mode 100644
index 0000000..977e263
--- /dev/null
+++ b/nixos/modules/services/helix-player.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+ cfg = config.eth.services.helix-player;
+
+ systemdDirectoryName = "helix-player";
+ runtimeDirectory = "/run/${systemdDirectoryName}";
+ socket = "${runtimeDirectory}/listen.sock";
+
+in {
+
+ options.eth.services.helix-player = {
+
+ enable = mkEnableOption "Whether to enable helix-player";
+
+ socket = mkOption {
+ type = types.str;
+ readOnly = true;
+ description = "Path of the UNIX socket to listen on.";
+ example = socket;
+ };
+ };
+
+
+ config = mkIf cfg.enable {
+
+ eth.services.helix-player.socket = socket;
+
+ systemd.services.helix-player = {
+ enable = true;
+ description = "Helix UPnP player & controller";
+ wants = [ "network.target" ];
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ DynamicUser = true;
+ Group = config.services.nginx.group;
+
+ RuntimeDirectory = systemdDirectoryName;
+
+ ExecStart = "${pkgs.eth.helix}/bin/helix-player -socket ${socket}";
+
+ NoNewPrivileges = true;
+ ProtectHome = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ };
+ };
+ };
+
+}
diff --git a/nixos/modules/services/mosquitto.nix b/nixos/modules/services/mosquitto.nix
new file mode 100644
index 0000000..fecf8a4
--- /dev/null
+++ b/nixos/modules/services/mosquitto.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+ cfg = config.eth.services.mosquitto;
+
+ systemdDirectoryName = "mosquitto";
+ stateDirectory = "/var/lib/${systemdDirectoryName}";
+ runtimeDirectory = "/run/${systemdDirectoryName}";
+
+ mosquittoConf = pkgs.writeText "mosquitto.conf" ''
+ ${optionalString cfg.mqtt.enable ''
+ listener ${toString cfg.mqtt.port} ${optionalString (cfg.mqtt.host != "") cfg.mqtt.host}
+ ''}
+
+ ${optionalString cfg.websockets.enable ''
+ listener ${toString cfg.websockets.port} ${optionalString (cfg.websockets.host != "") cfg.websockets.host}
+ protocol websockets
+ ''}
+
+ ${optionalString cfg.persistence ''
+ persistence true
+ persistence_location ${stateDirectory}/
+ ''}
+ '';
+
+in {
+
+ options.eth.services.mosquitto = {
+
+ enable = mkEnableOption "Whether to enable mosquitto.";
+
+ persistence = mkOption {
+ type = types.bool;
+ default = true;
+ };
+
+ mqtt = {
+ enable = mkEnableOption "Whether to listen on unencrypted MQTT.";
+ host = mkOption {
+ type = types.str;
+ default = "";
+ example = "10.11.12.14";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 1883;
+ };
+ };
+
+ websockets = {
+ enable = mkEnableOption "Whether to listen on unencrypted Websockets.";
+ host = mkOption {
+ type = types.str;
+ default = "";
+ example = "10.11.12.14";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 1884;
+ };
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.mosquitto = {
+ enable = true;
+ description = "Mosquitto MQTT broker";
+ wants = [ "network.target" ];
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ DynamicUser = true;
+ RuntimeDirectory = systemdDirectoryName;
+ StateDirectory = systemdDirectoryName;
+ ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";
+ NoNewPrivileges = true;
+ ProtectHome = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+ RestrictNamespaces = true;
+ };
+ };
+ };
+}
diff --git a/nixos/modules/services/snapclient.nix b/nixos/modules/services/snapclient.nix
new file mode 100644
index 0000000..9f93131
--- /dev/null
+++ b/nixos/modules/services/snapclient.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+
+ cfg = config.eth.services.snapclient;
+
+in {
+
+ options.eth.services.snapclient = {
+
+ enable = mkEnableOption "Whether to enable snapclient.";
+
+ hostID = mkOption {
+ type = types.str;
+ default = config.networking.hostName;
+ description = "The name to give to the snapserver.";
+ example = "Living Room";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.snapclient = {
+ enable = true;
+ description = "Snapcast client";
+ wants = [ "network.target" "sound.target" ];
+ after = [ "network.target" "sound.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ DynamicUser = "yes";
+ Group = "audio";
+ ExecStart = "${pkgs.snapcast}/bin/snapclient --hostID ${escapeShellArg cfg.hostID}";
+ NoNewPrivileges = true;
+ ProtectHome = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+ RestrictNamespaces = true;
+ };
+ };
+ };
+}
diff --git a/nixos/modules/services/ssh.nix b/nixos/modules/services/ssh.nix
new file mode 100644
index 0000000..d965472
--- /dev/null
+++ b/nixos/modules/services/ssh.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+ cfg = config.eth.services.ssh;
+
+in {
+ options.eth.services.ssh = {
+ enable = mkEnableOption "Whether to enable SSHd with Eth's defaults.";
+
+ passwordAuthentication = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Whether to allow password authentication. Occasionally useful, used sparingly.";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ security.pam.enableSSHAgentAuth = true;
+ security.pam.services.sudo.sshAgentAuth = true;
+
+ services.openssh = {
+ enable = true;
+ permitRootLogin = "no";
+ passwordAuthentication = cfg.passwordAuthentication;
+ };
+ };
+}
diff --git a/nixos/modules/services/upmpdcli.nix b/nixos/modules/services/upmpdcli.nix
new file mode 100644
index 0000000..d301a49
--- /dev/null
+++ b/nixos/modules/services/upmpdcli.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+ cfg = config.eth.services.upmpdcli;
+
+ cacheDir = "upmpdcli";
+
+ upmpdConf = pkgs.writeText "upmpd.conf" ''
+ cachedir = /var/cache/${cacheDir}
+
+ friendlyname = ${cfg.friendlyName}
+
+ mpdhost = ${cfg.mpd.host}
+ mpdport = ${toString cfg.mpd.port}
+
+ ${optionalString (cfg.mpd.password != "") "${cfg.mpd.password}"}
+
+ ${cfg.extraConfig}
+ '';
+
+in {
+ options.eth.services.upmpdcli = {
+ enable = mkEnableOption "Run upmpdcli server";
+
+ friendlyName = mkOption {
+ type = types.str;
+ default = "UpMpd (${config.networking.hostName})";
+ description = "Friendly Name used for UPnP discovery.";
+ };
+
+ mpd = {
+ host = mkOption {
+ type = types.str;
+ default = config.services.mpd.network.listenAddress;
+ description = "Host of the MPD server.";
+ };
+ port = mkOption {
+ type = types.int;
+ default = config.services.mpd.network.port;
+ description = "Port of the MPD server.";
+ };
+ password = mkOption {
+ type = types.str;
+ default = "";
+ description = "Password of the MPD server.";
+ };
+ };
+
+ extraConfig = mkOption {
+ type = types.lines;
+ default = "";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.upmpdcli = {
+ enable = true;
+ description = "";
+ wants = [ "network.target" ];
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.openssl pkgs.python3 ];
+ serviceConfig = {
+ DynamicUser = true;
+
+ CacheDirectory = cacheDir;
+
+ Type = "simple";
+ ExecStart="${pkgs.eth.upmpdcli}/bin/upmpdcli -c ${upmpdConf}";
+ Restart = "always";
+ RestartSec = "1min";
+
+ NoNewPrivileges = true;
+ ProtectHome = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ };
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-18 23:05:04 +0000