modules/nixos/gonic.nix at deck

hyl.st / helm
fork atom
nix config
fork atom
helm / modules / nixos / gonic.nix
at deck 109 lines 3.0 kB view raw
wrap content
Anish Lakhwara all: welcome to 23.05 2y ago
e352f951
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.mossnet.gonic;
  7  configFile = "/etc/gonic/config";
  8  dataFolder = "/var/lib/gonic";
  9in {
 10  options = {
 11
 12    mossnet.gonic = {
 13      enable = mkEnableOption "Gonic music server and streamer";
 14
 15      settings = lib.mkOption {
 16        type = types.str;
 17        default = {};
 18        example = literalExample ''
 19            music-path        <path to your music dir>
 20            podcast-path      <path to your podcasts dir>
 21            cache-path        <path to cache dir>
 22        '';
 23        description = ''
 24          Configuration for Gonic, see <link xlink:href="https://github.com/sentriz/gonic"/> for supported values.
 25      '';
 26      };
 27
 28      user = mkOption {
 29        type = types.str;
 30        default = "gonic";
 31        description = "User account under which gonic runs.";
 32      };
 33
 34      group = mkOption {
 35        type = types.str;
 36        default = "gonic";
 37        description = "Group account under which gonic runs.";
 38      };
 39
 40    };
 41  };
 42
 43  config = mkIf cfg.enable {
 44
 45    environment.etc."gonic/config".text = cfg.settings;
 46
 47    systemd.services.gonic = {
 48      description = "gonic Music Server and Streamer compatible with Subsonic/Airsonic";
 49      after = [ "remote-fs.target" "network.target" ];
 50      wantedBy = [ "multi-user.target" ];
 51      environment = {
 52        #GONIC_MUSIC_PATH
 53        #GONIC_PODCAST_PATH
 54        #GONIC_CACHE_PATH
 55        #GONIC_DB_PATH
 56        GONIC_SCAN_INTERVAL="800";
 57        #...
 58      };
 59      serviceConfig = {
 60        ExecStart = "${pkgs.gonic}/bin/gonic -config-path /etc/gonic/config";
 61        WorkingDirectory = dataFolder;
 62        TimeoutStopSec = "20";
 63        KillMode = "process";
 64        Restart = "on-failure";
 65        RestartSec = "10";
 66        User = cfg.user;
 67        Group = cfg.group;
 68        DevicePolicy = "closed";
 69        NoNewPrivileges= " yes";
 70        PrivateTmp = "yes";
 71        PrivateUsers = "yes";
 72        ProtectControlGroups = "yes";
 73        ProtectKernelModules = "yes";
 74        ProtectKernelTunables = "yes";
 75        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
 76        RestrictNamespaces = "yes";
 77        RestrictRealtime = "yes";
 78        SystemCallFilter = "~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap";
 79        ReadWritePaths = dataFolder;
 80        StateDirectory = baseNameOf dataFolder;
 81      };
 82    };
 83
 84    users.users = optionalAttrs (cfg.user == "gonic") ({
 85      gonic = {
 86        description = "gonic service user";
 87        name = cfg.user;
 88        group = cfg.group;
 89        isSystemUser = true;
 90      };
 91    });
 92
 93    users.groups = optionalAttrs (cfg.group == "gonic") ({
 94      gonic = {};
 95    });
 96    
 97    services.nginx.virtualHosts."music.mossnet.lan" = {
 98      enableACME = false;
 99      forceSSL = false;
100
101      locations."/" = {
102        extraConfig = ''
103          proxy_pass http://localhost:4747/;
104          proxy_set_header X-Forwarded-Host $host;
105        '';
106      };
107    };
108  };
109}