nixos/modules/services/audio/botamusique.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / audio / botamusique.nix
at 25.11-pre 3.3 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7let
  8  cfg = config.services.botamusique;
  9
 10  format = pkgs.formats.ini { };
 11  configFile = format.generate "botamusique.ini" cfg.settings;
 12in
 13{
 14  meta.maintainers = with lib.maintainers; [ hexa ];
 15
 16  options.services.botamusique = {
 17    enable = lib.mkEnableOption "botamusique, a bot to play audio streams on mumble";
 18
 19    package = lib.mkPackageOption pkgs "botamusique" { };
 20
 21    settings = lib.mkOption {
 22      type =
 23        with lib.types;
 24        submodule {
 25          freeformType = format.type;
 26          options = {
 27            server.host = lib.mkOption {
 28              type = types.str;
 29              default = "localhost";
 30              example = "mumble.example.com";
 31              description = "Hostname of the mumble server to connect to.";
 32            };
 33
 34            server.port = lib.mkOption {
 35              type = types.port;
 36              default = 64738;
 37              description = "Port of the mumble server to connect to.";
 38            };
 39
 40            bot.username = lib.mkOption {
 41              type = types.str;
 42              default = "botamusique";
 43              description = "Name the bot should appear with.";
 44            };
 45
 46            bot.comment = lib.mkOption {
 47              type = types.str;
 48              default = "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!";
 49              description = "Comment displayed for the bot.";
 50            };
 51          };
 52        };
 53      default = { };
 54      description = ''
 55        Your {file}`configuration.ini` as a Nix attribute set. Look up
 56        possible options in the [configuration.example.ini](https://github.com/azlux/botamusique/blob/master/configuration.example.ini).
 57      '';
 58    };
 59  };
 60
 61  config = lib.mkIf cfg.enable {
 62    systemd.services.botamusique = {
 63      after = [ "network.target" ];
 64      wantedBy = [ "multi-user.target" ];
 65
 66      unitConfig.Documentation = "https://github.com/azlux/botamusique/wiki";
 67
 68      environment.HOME = "/var/lib/botamusique";
 69
 70      serviceConfig = {
 71        ExecStart = "${cfg.package}/bin/botamusique --config ${configFile}";
 72        Restart = "always"; # the bot exits when the server connection is lost
 73
 74        # Hardening
 75        CapabilityBoundingSet = [ "" ];
 76        DynamicUser = true;
 77        IPAddressDeny = [
 78          "link-local"
 79          "multicast"
 80        ];
 81        LockPersonality = true;
 82        MemoryDenyWriteExecute = true;
 83        ProcSubset = "pid";
 84        PrivateDevices = true;
 85        PrivateUsers = true;
 86        PrivateTmp = true;
 87        ProtectClock = true;
 88        ProtectControlGroups = true;
 89        ProtectHome = true;
 90        ProtectHostname = true;
 91        ProtectKernelLogs = true;
 92        ProtectKernelModules = true;
 93        ProtectKernelTunables = true;
 94        ProtectProc = "invisible";
 95        ProtectSystem = "strict";
 96        RestrictNamespaces = true;
 97        RestrictRealtime = true;
 98        RestrictAddressFamilies = [
 99          "AF_INET"
100          "AF_INET6"
101        ];
102        StateDirectory = "botamusique";
103        SystemCallArchitectures = "native";
104        SystemCallFilter = [
105          "@system-service @resources"
106          "~@privileged"
107        ];
108        UMask = "0077";
109        WorkingDirectory = "/var/lib/botamusique";
110      };
111    };
112  };
113}