nixos/modules/services/games/openarena.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / games / openarena.nix

at 23.11-beta 1.6 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3let
 4  inherit (lib) concatStringsSep mkEnableOption mkIf mkOption types;
 5  cfg = config.services.openarena;
 6in
 7{
 8  options = {
 9    services.openarena = {
10      enable = mkEnableOption (lib.mdDoc "OpenArena");
11      package = lib.mkPackageOptionMD pkgs "openarena" { };
12
13      openPorts = mkOption {
14        type = types.bool;
15        default = false;
16        description = lib.mdDoc "Whether to open firewall ports for OpenArena";
17      };
18
19      extraFlags = mkOption {
20        type = types.listOf types.str;
21        default = [];
22        description = lib.mdDoc "Extra flags to pass to {command}`oa_ded`";
23        example = [
24          "+set dedicated 2"
25          "+set sv_hostname 'My NixOS OpenArena Server'"
26          # Load a map. Mandatory for clients to be able to connect.
27          "+map oa_dm1"
28        ];
29      };
30    };
31  };
32
33  config = mkIf cfg.enable {
34    networking.firewall = mkIf cfg.openPorts {
35      allowedUDPPorts = [ 27960 ];
36    };
37
38    systemd.services.openarena = {
39      description = "OpenArena";
40      wantedBy = [ "multi-user.target" ];
41      after = [ "network.target" ];
42
43      serviceConfig = {
44        DynamicUser = true;
45        StateDirectory = "openarena";
46        ExecStart = "${cfg.package}/bin/oa_ded +set fs_basepath ${cfg.package}/share/openarena +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
47        Restart = "on-failure";
48
49        # Hardening
50        CapabilityBoundingSet = "";
51        NoNewPrivileges = true;
52        PrivateDevices = true;
53      };
54    };
55  };
56}