nixos/modules/services/audio/music-assistant.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / audio / music-assistant.nix
at 25.11-pre 2.7 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  utils,
  6  ...
  7}:
  8
  9let
 10  inherit (lib)
 11    mkIf
 12    mkEnableOption
 13    mkOption
 14    mkPackageOption
 15    types
 16    ;
 17
 18  inherit (types)
 19    listOf
 20    enum
 21    str
 22    ;
 23
 24  cfg = config.services.music-assistant;
 25
 26  finalPackage = cfg.package.override {
 27    inherit (cfg) providers;
 28  };
 29in
 30
 31{
 32  meta.buildDocsInSandbox = false;
 33
 34  options.services.music-assistant = {
 35    enable = mkEnableOption "Music Assistant";
 36
 37    package = mkPackageOption pkgs "music-assistant" { };
 38
 39    extraOptions = mkOption {
 40      type = listOf str;
 41      default = [
 42        "--config"
 43        "/var/lib/music-assistant"
 44      ];
 45      example = [
 46        "--log-level"
 47        "DEBUG"
 48      ];
 49      description = ''
 50        List of extra options to pass to the music-assistant executable.
 51      '';
 52    };
 53
 54    providers = mkOption {
 55      type = listOf (enum cfg.package.providerNames);
 56      default = [ ];
 57      example = [
 58        "opensubsonic"
 59        "snapcast"
 60      ];
 61      description = ''
 62        List of provider names for which dependencies will be installed.
 63      '';
 64    };
 65  };
 66
 67  config = mkIf cfg.enable {
 68    systemd.services.music-assistant = {
 69      description = "Music Assistant";
 70      documentation = [ "https://music-assistant.io" ];
 71
 72      after = [ "network-online.target" ];
 73      wants = [ "network-online.target" ];
 74
 75      wantedBy = [ "multi-user.target" ];
 76
 77      environment = {
 78        HOME = "/var/lib/music-assistant";
 79        PYTHONPATH = finalPackage.pythonPath;
 80      };
 81
 82      serviceConfig = {
 83        ExecStart = utils.escapeSystemdExecArgs (
 84          [
 85            (lib.getExe cfg.package)
 86          ]
 87          ++ cfg.extraOptions
 88        );
 89        DynamicUser = true;
 90        StateDirectory = "music-assistant";
 91        AmbientCapabilities = "";
 92        CapabilityBoundingSet = [ "" ];
 93        DevicePolicy = "closed";
 94        LockPersonality = true;
 95        MemoryDenyWriteExecute = true;
 96        ProcSubset = "pid";
 97        ProtectClock = true;
 98        ProtectControlGroups = true;
 99        ProtectHome = true;
100        ProtectHostname = true;
101        ProtectKernelLogs = true;
102        ProtectKernelModules = true;
103        ProtectKernelTunables = true;
104        ProtectProc = "invisible";
105        RestrictAddressFamilies = [
106          "AF_INET"
107          "AF_INET6"
108          "AF_NETLINK"
109        ];
110        RestrictNamespaces = true;
111        RestrictRealtime = true;
112        SystemCallArchitectures = "native";
113        SystemCallFilter = [
114          "@system-service"
115          "~@privileged @resources"
116        ];
117        RestrictSUIDSGID = true;
118        UMask = "0077";
119      };
120    };
121  };
122}