nixos/modules/services/audio/music-assistant.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / audio / music-assistant.nix
at master 2.9 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  utils,
  6  ...
  7}:
  8
  9let
 10  inherit (lib)
 11    mkIf
 12    mkEnableOption
 13    mkOption
 14    mkPackageOption
 15    types
 16    ;
 17
 18  inherit (types)
 19    listOf
 20    enum
 21    str
 22    ;
 23
 24  cfg = config.services.music-assistant;
 25
 26  finalPackage = cfg.package.override {
 27    inherit (cfg) providers;
 28  };
 29in
 30
 31{
 32  meta.buildDocsInSandbox = false;
 33
 34  options.services.music-assistant = {
 35    enable = mkEnableOption "Music Assistant";
 36
 37    package = mkPackageOption pkgs "music-assistant" { };
 38
 39    extraOptions = mkOption {
 40      type = listOf str;
 41      default = [
 42        "--config"
 43        "/var/lib/music-assistant"
 44      ];
 45      example = [
 46        "--log-level"
 47        "DEBUG"
 48      ];
 49      description = ''
 50        List of extra options to pass to the music-assistant executable.
 51      '';
 52    };
 53
 54    providers = mkOption {
 55      type = listOf (enum cfg.package.providerNames);
 56      default = [ ];
 57      example = [
 58        "opensubsonic"
 59        "snapcast"
 60      ];
 61      description = ''
 62        List of provider names for which dependencies will be installed.
 63      '';
 64    };
 65  };
 66
 67  config = mkIf cfg.enable {
 68    systemd.services.music-assistant = {
 69      description = "Music Assistant";
 70      documentation = [ "https://music-assistant.io" ];
 71
 72      after = [ "network-online.target" ];
 73      wants = [ "network-online.target" ];
 74
 75      wantedBy = [ "multi-user.target" ];
 76
 77      environment = {
 78        HOME = "/var/lib/music-assistant";
 79        PYTHONPATH = finalPackage.pythonPath;
 80      };
 81
 82      path =
 83        with pkgs;
 84        [
 85          lsof
 86        ]
 87        ++ lib.optionals (lib.elem "spotify" cfg.providers) [
 88          librespot
 89        ]
 90        ++ lib.optionals (lib.elem "snapcast" cfg.providers) [
 91          snapcast
 92        ];
 93
 94      serviceConfig = {
 95        ExecStart = utils.escapeSystemdExecArgs (
 96          [
 97            (lib.getExe cfg.package)
 98          ]
 99          ++ cfg.extraOptions
100        );
101        DynamicUser = true;
102        StateDirectory = "music-assistant";
103        AmbientCapabilities = "";
104        CapabilityBoundingSet = [ "" ];
105        DevicePolicy = "closed";
106        LockPersonality = true;
107        MemoryDenyWriteExecute = true;
108        ProcSubset = "pid";
109        ProtectClock = true;
110        ProtectControlGroups = true;
111        ProtectHome = true;
112        ProtectHostname = true;
113        ProtectKernelLogs = true;
114        ProtectKernelModules = true;
115        ProtectKernelTunables = true;
116        ProtectProc = "invisible";
117        RestrictAddressFamilies = [
118          "AF_INET"
119          "AF_INET6"
120          "AF_NETLINK"
121        ];
122        RestrictNamespaces = true;
123        RestrictRealtime = true;
124        SystemCallArchitectures = "native";
125        SystemCallFilter = [
126          "@system-service"
127          "~@privileged @resources"
128        ];
129        RestrictSUIDSGID = true;
130        UMask = "0077";
131      };
132    };
133  };
134}