From 76442766ea8f2ca6279af55d650097ced2385c7b Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 17 May 2024 18:04:47 +0200 Subject: [PATCH] nixos/music-assistant: init --- nixos/modules/module-list.nix | 1 + .../services/audio/music-assistant.nix | 113 ++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 nixos/modules/services/audio/music-assistant.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5eac2ecf5fbc..d2d43dcdec26 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -376,6 +376,7 @@ ./services/audio/mopidy.nix ./services/audio/mpd.nix ./services/audio/mpdscribble.nix + ./services/audio/music-assistant.nix ./services/audio/mympd.nix ./services/audio/navidrome.nix ./services/audio/networkaudiod.nix diff --git a/nixos/modules/services/audio/music-assistant.nix b/nixos/modules/services/audio/music-assistant.nix new file mode 100644 index 000000000000..90c0b41fc587 --- /dev/null +++ b/nixos/modules/services/audio/music-assistant.nix @@ -0,0 +1,113 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) + mkIf + mkEnableOption + mkOption + mkPackageOption + types + ; + + inherit (types) + listOf + enum + str + ; + + cfg = config.services.music-assistant; + + finalPackage = cfg.package.override { + inherit (cfg) providers; + }; +in + +{ + meta.buildDocsInSandbox = false; + + options.services.music-assistant = { + enable = mkEnableOption "Music Assistant"; + + package = mkPackageOption pkgs "music-assistant" { }; + + extraOptions = mkOption { + type = listOf str; + default = [ "--config" "/var/lib/music-assistant" ]; + example = [ + "--log-level" + "DEBUG" + ]; + description = '' + List of extra options to pass to the music-assistant executable. + ''; + }; + + providers = mkOption { + type = listOf (enum cfg.package.providerNames); + default = []; + example = [ + "opensubsonic" + "snapcast" + ]; + description = '' + List of provider names for which dependencies will be installed. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.music-assistant = { + description = "Music Assistant"; + documentation = [ "https://music-assistant.io" ]; + + wantedBy = [ "multi-user.target" ]; + + environment = { + HOME = "/var/lib/music-assistant"; + PYTHONPATH = finalPackage.pythonPath; + }; + + serviceConfig = { + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe cfg.package) + ] ++ cfg.extraOptions); + DynamicUser = true; + StateDirectory = "music-assistant"; + AmbientCapabilities = ""; + CapabilityBoundingSet = [ "" ]; + DevicePolicy = "closed"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged @resources" + ]; + RestrictSUIDSGID = true; + UMask = "0077"; + }; + }; + }; +}