nixos/modules/services/web-apps/screego.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / screego.nix
at 25.11-pre 2.8 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  inherit (lib) mkOption types mkIf;
10  cfg = config.services.screego;
11  defaultSettings = {
12    SCREEGO_SERVER_ADDRESS = "127.0.0.1:5050";
13    SCREEGO_TURN_ADDRESS = "0.0.0.0:3478";
14    SCREEGO_TURN_PORT_RANGE = "50000:55000";
15    SCREEGO_SESSION_TIMEOUT_SECONDS = "0";
16    SCREEGO_CLOSE_ROOM_WHEN_OWNER_LEAVES = "true";
17    SCREEGO_AUTH_MODE = "turn";
18    SCREEGO_LOG_LEVEL = "info";
19  };
20in
21{
22  meta.maintainers = with lib.maintainers; [ pinpox ];
23
24  options.services.screego = {
25
26    enable = lib.mkEnableOption "screego screen-sharing server for developers";
27
28    openFirewall = mkOption {
29      type = types.bool;
30      default = false;
31      description = ''
32        Open the firewall port(s).
33      '';
34    };
35
36    environmentFile = mkOption {
37      default = null;
38      description = ''
39        Environment file (see {manpage}`systemd.exec(5)` "EnvironmentFile="
40        section for the syntax) passed to the service. This option can be
41        used to safely include secrets in the configuration.
42      '';
43      example = "/run/secrets/screego-envfile";
44      type = with types; nullOr path;
45    };
46
47    settings = lib.mkOption {
48      type = types.attrsOf types.str;
49      description = ''
50        Screego settings passed as Nix attribute set, they will be merged with
51        the defaults. Settings will be passed as environment variables.
52
53        See <https://screego.net/#/config> for possible values
54      '';
55      default = defaultSettings;
56      example = {
57        SCREEGO_EXTERNAL_IP = "dns:example.com";
58      };
59    };
60  };
61
62  config =
63    let
64      # User-provided settings should be merged with default settings,
65      # overwriting where necessary
66      mergedConfig = defaultSettings // cfg.settings;
67      turnUDPPorts = lib.splitString ":" mergedConfig.SCREEGO_TURN_PORT_RANGE;
68      turnPort = lib.toInt (builtins.elemAt (lib.splitString ":" mergedConfig.SCREEGO_TURN_ADDRESS) 1);
69    in
70    mkIf (cfg.enable) {
71
72      networking.firewall = lib.mkIf cfg.openFirewall {
73        allowedTCPPorts = [ turnPort ];
74        allowedUDPPorts = [ turnPort ];
75        allowedUDPPortRanges = [
76          {
77            from = lib.toInt (builtins.elemAt turnUDPPorts 0);
78            to = lib.toInt (builtins.elemAt turnUDPPorts 1);
79          }
80        ];
81      };
82
83      systemd.services.screego = {
84        wantedBy = [ "multi-user.target" ];
85        after = [ "network.target" ];
86        description = "screego screen-sharing for developers";
87        environment = mergedConfig;
88        serviceConfig = {
89          DynamicUser = true;
90          ExecStart = "${lib.getExe pkgs.screego} serve";
91          Restart = "on-failure";
92          RestartSec = "5s";
93        } // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; };
94      };
95    };
96}