nixos/modules/security/rtkit.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / security / rtkit.nix
at master 1.5 kB view raw
 1# A module for ‘rtkit’, a DBus system service that hands out realtime
 2# scheduling priority to processes that ask for it.
 3
 4{
 5  config,
 6  lib,
 7  pkgs,
 8  utils,
 9  ...
10}:
11
12with lib;
13
14let
15  cfg = config.security.rtkit;
16  package = pkgs.rtkit;
17
18in
19{
20
21  options = {
22
23    security.rtkit.enable = mkOption {
24      type = types.bool;
25      default = false;
26      description = ''
27        Whether to enable the RealtimeKit system service, which hands
28        out realtime scheduling priority to user processes on
29        demand. For example, PulseAudio and PipeWire use this to
30        acquire realtime priority.
31      '';
32    };
33
34    security.rtkit.args = mkOption {
35      type = types.listOf types.str;
36      default = [ ];
37      description = ''
38        Command-line options for `rtkit-daemon`.
39      '';
40      example = [
41        "--our-realtime-priority=29"
42        "--max-realtime-priority=28"
43      ];
44    };
45
46  };
47
48  config = mkIf cfg.enable {
49
50    security.polkit.enable = true;
51
52    # To make polkit pickup rtkit policies
53    environment.systemPackages = [ package ];
54
55    services.dbus.packages = [ package ];
56
57    systemd.packages = [ package ];
58
59    systemd.services.rtkit-daemon = {
60      serviceConfig.ExecStart = [
61        "" # Resets command from upstream unit.
62        "${package}/libexec/rtkit-daemon ${utils.escapeSystemdExecArgs cfg.args}"
63      ];
64    };
65
66    users.users.rtkit = {
67      isSystemUser = true;
68      group = "rtkit";
69      description = "RealtimeKit daemon";
70    };
71    users.groups.rtkit = { };
72
73  };
74
75}