nixos/modules/services/games/openarena.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / games / openarena.nix
at master 1.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  inherit (lib)
10    concatStringsSep
11    mkEnableOption
12    mkIf
13    mkOption
14    types
15    ;
16  cfg = config.services.openarena;
17in
18{
19  options = {
20    services.openarena = {
21      enable = mkEnableOption "OpenArena game server";
22      package = lib.mkPackageOption pkgs "openarena" { };
23
24      openPorts = mkOption {
25        type = types.bool;
26        default = false;
27        description = "Whether to open firewall ports for OpenArena";
28      };
29
30      extraFlags = mkOption {
31        type = types.listOf types.str;
32        default = [ ];
33        description = "Extra flags to pass to {command}`oa_ded`";
34        example = [
35          "+set dedicated 2"
36          "+set sv_hostname 'My NixOS OpenArena Server'"
37          # Load a map. Mandatory for clients to be able to connect.
38          "+map oa_dm1"
39        ];
40      };
41    };
42  };
43
44  config = mkIf cfg.enable {
45    networking.firewall = mkIf cfg.openPorts {
46      allowedUDPPorts = [ 27960 ];
47    };
48
49    systemd.services.openarena = {
50      description = "OpenArena";
51      wantedBy = [ "multi-user.target" ];
52      after = [ "network.target" ];
53
54      serviceConfig = {
55        DynamicUser = true;
56        StateDirectory = "openarena";
57        ExecStart = "${cfg.package}/bin/oa_ded +set fs_basepath ${cfg.package}/share/openarena +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
58        Restart = "on-failure";
59
60        # Hardening
61        CapabilityBoundingSet = "";
62        NoNewPrivileges = true;
63        PrivateDevices = true;
64      };
65    };
66  };
67}