pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 name = "roon-server";
7 cfg = config.services.roon-server;
8in {
9 options = {
10 services.roon-server = {
11 enable = mkEnableOption (lib.mdDoc "Roon Server");
12 openFirewall = mkOption {
13 type = types.bool;
14 default = false;
15 description = lib.mdDoc ''
16 Open ports in the firewall for the server.
17 '';
18 };
19 user = mkOption {
20 type = types.str;
21 default = "roon-server";
22 description = lib.mdDoc ''
23 User to run the Roon Server as.
24 '';
25 };
26 group = mkOption {
27 type = types.str;
28 default = "roon-server";
29 description = lib.mdDoc ''
30 Group to run the Roon Server as.
31 '';
32 };
33 };
34 };
35
36 config = mkIf cfg.enable {
37 systemd.services.roon-server = {
38 after = [ "network.target" ];
39 description = "Roon Server";
40 wantedBy = [ "multi-user.target" ];
41
42 environment.ROON_DATAROOT = "/var/lib/${name}";
43
44 serviceConfig = {
45 ExecStart = "${pkgs.roon-server}/bin/RoonServer";
46 LimitNOFILE = 8192;
47 User = cfg.user;
48 Group = cfg.group;
49 StateDirectory = name;
50 };
51 };
52
53 networking.firewall = mkIf cfg.openFirewall {
54 allowedTCPPortRanges = [
55 { from = 9100; to = 9200; }
56 { from = 9330; to = 9339; }
57 { from = 30000; to = 30010; }
58 ];
59 allowedUDPPorts = [ 9003 ];
60 extraCommands = ''
61 ## IGMP / Broadcast ##
62 iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
63 iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
64 iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT
65 iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
66 iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
67 '';
68 };
69
70
71 users.groups.${cfg.group} = {};
72 users.users.${cfg.user} =
73 if cfg.user == "roon-server" then {
74 isSystemUser = true;
75 description = "Roon Server user";
76 group = cfg.group;
77 extraGroups = [ "audio" ];
78 }
79 else {};
80 };
81}