pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let cfg = config.services.antennas;
6in
7
8{
9 options = {
10 services.antennas = {
11 enable = mkEnableOption (lib.mdDoc "Antennas");
12
13 tvheadendUrl = mkOption {
14 type = types.str;
15 default = "http://localhost:9981";
16 description = lib.mdDoc "URL of Tvheadend.";
17 };
18
19 antennasUrl = mkOption {
20 type = types.str;
21 default = "http://127.0.0.1:5004";
22 description = lib.mdDoc "URL of Antennas.";
23 };
24
25 tunerCount = mkOption {
26 type = types.int;
27 default = 6;
28 description = lib.mdDoc "Numbers of tuners in tvheadend.";
29 };
30
31 deviceUUID = mkOption {
32 type = types.str;
33 default = "2f70c0d7-90a3-4429-8275-cbeeee9cd605";
34 description = lib.mdDoc "Device tuner UUID. Change this if you are running multiple instances.";
35 };
36 };
37 };
38
39 config = mkIf cfg.enable {
40 systemd.services.antennas = {
41 description = "Antennas HDHomeRun emulator for Tvheadend. ";
42 wantedBy = [ "multi-user.target" ];
43
44 # Config
45 environment = {
46 TVHEADEND_URL = cfg.tvheadendUrl;
47 ANTENNAS_URL = cfg.antennasUrl;
48 TUNER_COUNT = toString cfg.tunerCount;
49 DEVICE_UUID = cfg.deviceUUID;
50 };
51
52 serviceConfig = {
53 ExecStart = "${pkgs.antennas}/bin/antennas";
54
55 # Antennas expects all resources like html and config to be relative to it's working directory
56 WorkingDirectory = "${pkgs.antennas}/libexec/antennas/deps/antennas/";
57
58 # Hardening
59 CapabilityBoundingSet = [ "" ];
60 DynamicUser = true;
61 LockPersonality = true;
62 ProcSubset = "pid";
63 PrivateDevices = true;
64 PrivateUsers = true;
65 PrivateTmp = true;
66 ProtectClock = true;
67 ProtectControlGroups = true;
68 ProtectHome = true;
69 ProtectHostname = true;
70 ProtectKernelLogs = true;
71 ProtectKernelModules = true;
72 ProtectKernelTunables = true;
73 ProtectProc = "invisible";
74 ProtectSystem = "strict";
75 RestrictNamespaces = true;
76 RestrictRealtime = true;
77 };
78 };
79 };
80}