From 6f6eb2c66dc4eadd9280e892de508593d7ed35d3 Mon Sep 17 00:00:00 2001
From: Ethel Morgan <eth@ethulhu.co.uk>
Date: Tue, 30 Jun 2020 00:18:03 +0100
Subject: update {pkgs,eth.services}.catbus-snapcast

---
 nixos/modules/services/catbus-snapcast.nix | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services')

diff --git a/nixos/modules/services/catbus-snapcast.nix b/nixos/modules/services/catbus-snapcast.nix
index 8ee8301..3f6cd92 100644
--- a/nixos/modules/services/catbus-snapcast.nix
+++ b/nixos/modules/services/catbus-snapcast.nix
@@ -42,7 +42,7 @@ in {
 
 
   config = mkIf cfg.enable {
-    systemd.services.catbus-snapcast-bridge = {
+    systemd.services.catbus-snapcast-actuator = {
       enable = true;
       description = "Control Snapcast via Catbus";
       wants = [ "network.target" ];
@@ -51,7 +51,26 @@ in {
       serviceConfig = {
         DynamicUser = true;
 
-        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}";
+        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-actuator --config-path ${configJSON}";
+
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces = true;
+      };
+    };
+    systemd.services.catbus-snapcast-observer = {
+      enable = true;
+      description = "Observe Snapcast for Catbus";
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+
+        ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-snapcast-observer --config-path ${configJSON}";
 
         NoNewPrivileges = true;
         ProtectKernelTunables = true;
-- 
cgit v1.2.3