Merge pull request #275281 from eliandoran/feature/mympd-service

nixos/mympd: init
This commit is contained in:
Doron Behar 2023-12-24 18:43:03 +00:00 committed by GitHub
commit 067338523e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 159 additions and 0 deletions

View file

@ -344,6 +344,7 @@
./services/audio/mopidy.nix ./services/audio/mopidy.nix
./services/audio/mpd.nix ./services/audio/mpd.nix
./services/audio/mpdscribble.nix ./services/audio/mpdscribble.nix
./services/audio/mympd.nix
./services/audio/navidrome.nix ./services/audio/navidrome.nix
./services/audio/networkaudiod.nix ./services/audio/networkaudiod.nix
./services/audio/roon-bridge.nix ./services/audio/roon-bridge.nix

View file

@ -0,0 +1,129 @@
{ pkgs, config, lib, ... }:
let
cfg = config.services.mympd;
in {
options = {
services.mympd = {
enable = lib.mkEnableOption (lib.mdDoc "MyMPD server");
package = lib.mkPackageOption pkgs "mympd" {};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Open ports needed for the functionality of the program.
'';
};
extraGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "music" ];
description = lib.mdDoc ''
Additional groups for the systemd service.
'';
};
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = with lib.types; attrsOf (nullOr (oneOf [ str bool int ]));
options = {
http_port = lib.mkOption {
type = lib.types.port;
description = lib.mdDoc ''
The HTTP port where mympd's web interface will be available.
The HTTPS/SSL port can be configured via {option}`config`.
'';
example = "8080";
};
ssl = lib.mkOption {
type = lib.types.bool;
description = lib.mdDoc ''
Whether to enable listening on the SSL port.
Refer to <https://jcorporation.github.io/myMPD/configuration/configuration-files#ssl-options>
for more information.
'';
default = false;
};
};
};
description = lib.mdDoc ''
Manages the configuration files declaratively. For all the configuration
options, see <https://jcorporation.github.io/myMPD/configuration/configuration-files>.
Each key represents the "File" column from the upstream configuration table, and the
value is the content of that file.
'';
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.mympd = {
# upstream service config: https://github.com/jcorporation/myMPD/blob/master/contrib/initscripts/mympd.service.in
after = [ "mpd.service" ];
wantedBy = [ "multi-user.target" ];
preStart = with lib; ''
config_dir="/var/lib/mympd/config"
mkdir -p "$config_dir"
${pipe cfg.settings [
(mapAttrsToList (name: value: ''
echo -n "${if isBool value then boolToString value else toString value}" > "$config_dir/${name}"
''))
(concatStringsSep "\n")
]}
'';
unitConfig = {
Description = "myMPD server daemon";
Documentation = "man:mympd(1)";
};
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
DynamicUser = true;
ExecStart = lib.getExe cfg.package;
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictRealtime = true;
StateDirectory = "mympd";
CacheDirectory = "mympd";
RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK AF_UNIX";
RestrictNamespaces = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
SupplementaryGroups = cfg.extraGroups;
};
};
networking.firewall = lib.mkMerge [
(lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.http_port ];
})
(lib.mkIf (cfg.openFirewall && cfg.settings.ssl && cfg.settings.ssl_port != null) {
allowedTCPPorts = [ cfg.settings.ssl_port ];
})
];
};
meta.maintainers = [ lib.maintainers.eliandoran ];
}

View file

@ -544,6 +544,7 @@ in {
munin = handleTest ./munin.nix {}; munin = handleTest ./munin.nix {};
mutableUsers = handleTest ./mutable-users.nix {}; mutableUsers = handleTest ./mutable-users.nix {};
mxisd = handleTest ./mxisd.nix {}; mxisd = handleTest ./mxisd.nix {};
mympd = handleTest ./mympd.nix {};
mysql = handleTest ./mysql/mysql.nix {}; mysql = handleTest ./mysql/mysql.nix {};
mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {}; mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {};
mysql-backup = handleTest ./mysql/mysql-backup.nix {}; mysql-backup = handleTest ./mysql/mysql-backup.nix {};

27
nixos/tests/mympd.nix Normal file
View file

@ -0,0 +1,27 @@
import ./make-test-python.nix ({pkgs, lib, ... }: {
name = "mympd";
nodes.mympd = {
services.mympd = {
enable = true;
settings = {
http_port = 8081;
};
};
services.mpd.enable = true;
};
testScript = ''
start_all();
machine.wait_for_unit("mympd.service");
# Ensure that mympd can connect to mpd
machine.wait_until_succeeds(
"journalctl -eu mympd -o cat | grep 'Connected to MPD'"
)
# Ensure that the web server is working
machine.succeed("curl http://localhost:8081 --compressed | grep -o myMPD")
'';
})

View file

@ -63,5 +63,6 @@ stdenv.mkDerivation (finalAttrs: {
maintainers = [ lib.maintainers.doronbehar ]; maintainers = [ lib.maintainers.doronbehar ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl2Plus; license = lib.licenses.gpl2Plus;
mainProgram = "mympd";
}; };
}) })