diff options
author | Pascal Bach <pascal.bach@nextrem.ch> | 2021-09-23 22:54:29 +0200 |
---|---|---|
committer | Pascal Bach <pascal.bach@nextrem.ch> | 2021-11-09 17:00:06 +0100 |
commit | 9abd378c7e577b4ce1ab5f668aaa7adbb9660768 (patch) | |
tree | 0234b8028e716745e413fe7aee4825ffa5068754 | |
parent | efba6e40cd71ff09bf362050a9e72ff801dec148 (diff) | |
download | nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar.gz nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar.bz2 nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar.lz nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar.xz nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.tar.zst nixpkgs-9abd378c7e577b4ce1ab5f668aaa7adbb9660768.zip |
nixos/antennas: initial service
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/antennas.nix | 80 |
2 files changed, 81 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8021682e3ff..c5f0b211ff8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -685,6 +685,7 @@ ./services/networking/3proxy.nix ./services/networking/adguardhome.nix ./services/networking/amuled.nix + ./services/networking/antennas.nix ./services/networking/aria2.nix ./services/networking/asterisk.nix ./services/networking/atftpd.nix diff --git a/nixos/modules/services/networking/antennas.nix b/nixos/modules/services/networking/antennas.nix new file mode 100644 index 00000000000..ef98af22f20 --- /dev/null +++ b/nixos/modules/services/networking/antennas.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.services.antennas; +in + +{ + options = { + services.antennas = { + enable = mkEnableOption "Antennas"; + + tvheadendUrl = mkOption { + type = types.str; + default = "http://localhost:9981"; + description = "URL of Tvheadend."; + }; + + antennasUrl = mkOption { + type = types.str; + default = "http://127.0.0.1:5004"; + description = "URL of Antennas."; + }; + + tunerCount = mkOption { + type = types.int; + default = 6; + description = "Numbers of tuners in tvheadend."; + }; + + deviceUUID = mkOption { + type = types.str; + default = "2f70c0d7-90a3-4429-8275-cbeeee9cd605"; + description = "Device tuner UUID. Change this if you are running multiple instances."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.antennas = { + description = "Antennas HDHomeRun emulator for Tvheadend. "; + wantedBy = [ "multi-user.target" ]; + + # Config + environment = { + TVHEADEND_URL = cfg.tvheadendUrl; + ANTENNAS_URL = cfg.antennasUrl; + TUNER_COUNT = toString cfg.tunerCount; + DEVICE_UUID = cfg.deviceUUID; + }; + + serviceConfig = { + ExecStart = "${pkgs.antennas}/bin/antennas"; + + # Antennas expects all resources like html and config to be relative to it's working directory + WorkingDirectory = "${pkgs.antennas}/libexec/antennas/deps/antennas/"; + + # Hardening + CapabilityBoundingSet = [ "" ]; + DynamicUser = true; + LockPersonality = true; + ProcSubset = "pid"; + PrivateDevices = true; + PrivateUsers = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictNamespaces = true; + RestrictRealtime = true; + }; + }; + }; +} |