nixos/modules/services/audio/botamusique.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / audio / botamusique.nix
at 23.11-pre 3.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.botamusique;
  7
  8  format = pkgs.formats.ini {};
  9  configFile = format.generate "botamusique.ini" cfg.settings;
 10in
 11{
 12  meta.maintainers = with lib.maintainers; [ hexa ];
 13
 14  options.services.botamusique = {
 15    enable = mkEnableOption (lib.mdDoc "botamusique, a bot to play audio streams on mumble");
 16
 17    package = mkOption {
 18      type = types.package;
 19      default = pkgs.botamusique;
 20      defaultText = literalExpression "pkgs.botamusique";
 21      description = lib.mdDoc "The botamusique package to use.";
 22    };
 23
 24    settings = mkOption {
 25      type = with types; submodule {
 26        freeformType = format.type;
 27        options = {
 28          server.host = mkOption {
 29            type = types.str;
 30            default = "localhost";
 31            example = "mumble.example.com";
 32            description = lib.mdDoc "Hostname of the mumble server to connect to.";
 33          };
 34
 35          server.port = mkOption {
 36            type = types.port;
 37            default = 64738;
 38            description = lib.mdDoc "Port of the mumble server to connect to.";
 39          };
 40
 41          bot.username = mkOption {
 42            type = types.str;
 43            default = "botamusique";
 44            description = lib.mdDoc "Name the bot should appear with.";
 45          };
 46
 47          bot.comment = mkOption {
 48            type = types.str;
 49            default = "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!";
 50            description = lib.mdDoc "Comment displayed for the bot.";
 51          };
 52        };
 53      };
 54      default = {};
 55      description = lib.mdDoc ''
 56        Your {file}`configuration.ini` as a Nix attribute set. Look up
 57        possible options in the [configuration.example.ini](https://github.com/azlux/botamusique/blob/master/configuration.example.ini).
 58      '';
 59    };
 60  };
 61
 62  config = mkIf cfg.enable {
 63    systemd.services.botamusique = {
 64      after = [ "network.target" ];
 65      wantedBy = [ "multi-user.target" ];
 66
 67      unitConfig.Documentation = "https://github.com/azlux/botamusique/wiki";
 68
 69      environment.HOME = "/var/lib/botamusique";
 70
 71      serviceConfig = {
 72        ExecStart = "${cfg.package}/bin/botamusique --config ${configFile}";
 73        Restart = "always"; # the bot exits when the server connection is lost
 74
 75        # Hardening
 76        CapabilityBoundingSet = [ "" ];
 77        DynamicUser = true;
 78        IPAddressDeny = [
 79          "link-local"
 80          "multicast"
 81        ];
 82        LockPersonality = true;
 83        MemoryDenyWriteExecute = true;
 84        ProcSubset = "pid";
 85        PrivateDevices = true;
 86        PrivateUsers = true;
 87        PrivateTmp = true;
 88        ProtectClock = true;
 89        ProtectControlGroups = true;
 90        ProtectHome = true;
 91        ProtectHostname = true;
 92        ProtectKernelLogs = true;
 93        ProtectKernelModules = true;
 94        ProtectKernelTunables = true;
 95        ProtectProc = "invisible";
 96        ProtectSystem = "strict";
 97        RestrictNamespaces = true;
 98        RestrictRealtime = true;
 99        RestrictAddressFamilies = [
100          "AF_INET"
101          "AF_INET6"
102        ];
103        StateDirectory = "botamusique";
104        SystemCallArchitectures = "native";
105        SystemCallFilter = [
106          "@system-service @resources"
107          "~@privileged"
108        ];
109        UMask = "0077";
110        WorkingDirectory = "/var/lib/botamusique";
111      };
112    };
113  };
114}