From 8118e3de43d2303449af0d0ee5cd3c6d32021d51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Koutensk=C3=BD?= Date: Wed, 21 Dec 2022 01:08:48 +0100 Subject: [PATCH] nixos/gonic: init --- maintainers/maintainer-list.nix | 6 ++ .../manual/release-notes/rl-2305.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/audio/gonic.nix | 89 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/gonic.nix | 18 ++++ pkgs/servers/gonic/default.nix | 5 ++ 7 files changed, 122 insertions(+) create mode 100644 nixos/modules/services/audio/gonic.nix create mode 100644 nixos/tests/gonic.nix diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 5ed1ff7612f6..44c62c626999 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1520,6 +1520,12 @@ githubId = 12958979; name = "Mika Naylor"; }; + autrimpo = { + email = "michal@koutensky.net"; + github = "autrimpo"; + githubId = 5968483; + name = "Michal Koutenský"; + }; autumnal = { name = "Sven Friedrich"; email = "sven@autumnal.de"; diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 4a57ac25ef0d..7f6e5c9eba2e 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -86,6 +86,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable). +- [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable). + - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 61d9e263bb81..a6ed4dc05fde 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -306,6 +306,7 @@ ./services/audio/alsa.nix ./services/audio/botamusique.nix ./services/audio/gmediarender.nix + ./services/audio/gonic.nix ./services/audio/hqplayerd.nix ./services/audio/icecast.nix ./services/audio/jack.nix diff --git a/nixos/modules/services/audio/gonic.nix b/nixos/modules/services/audio/gonic.nix new file mode 100644 index 000000000000..65cf10f2c4b4 --- /dev/null +++ b/nixos/modules/services/audio/gonic.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.gonic; + settingsFormat = pkgs.formats.keyValue { + mkKeyValue = lib.generators.mkKeyValueDefault { } " "; + listsAsDuplicateKeys = true; + }; +in +{ + options = { + services.gonic = { + + enable = mkEnableOption (lib.mdDoc "Gonic music server"); + + settings = mkOption rec { + type = settingsFormat.type; + apply = recursiveUpdate default; + default = { + listen-addr = "127.0.0.1:4747"; + cache-path = "/var/cache/gonic"; + tls-cert = null; + tls-key = null; + }; + example = { + music-path = [ "/mnt/music" ]; + podcast-path = "/mnt/podcasts"; + }; + description = lib.mdDoc '' + Configuration for Gonic, see for supported values. + ''; + }; + + }; + }; + + config = mkIf cfg.enable { + systemd.services.gonic = { + description = "Gonic Media Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = + let + # these values are null by default but should not appear in the final config + filteredSettings = filterAttrs (n: v: !((n == "tls-cert" || n == "tls-key") && v == null)) cfg.settings; + in + "${pkgs.gonic}/bin/gonic -config-path ${settingsFormat.generate "gonic" filteredSettings}"; + DynamicUser = true; + StateDirectory = "gonic"; + CacheDirectory = "gonic"; + WorkingDirectory = "/var/lib/gonic"; + RuntimeDirectory = "gonic"; + RootDirectory = "/run/gonic"; + ReadWritePaths = ""; + BindReadOnlyPaths = [ + # gonic can access scrobbling services + "-/etc/ssl/certs/ca-certificates.crt" + builtins.storeDir + cfg.settings.podcast-path + ] ++ cfg.settings.music-path + ++ lib.optional (cfg.settings.tls-cert != null) cfg.settings.tls-cert + ++ lib.optional (cfg.settings.tls-key != null) cfg.settings.tls-key; + CapabilityBoundingSet = ""; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + RestrictRealtime = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + UMask = "0066"; + ProtectHostname = true; + }; + }; + }; + + meta.maintainers = [ maintainers.autrimpo ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9acb2dc7a45b..03fa8e046b91 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -279,6 +279,7 @@ in { gocd-agent = handleTest ./gocd-agent.nix {}; gocd-server = handleTest ./gocd-server.nix {}; gollum = handleTest ./gollum.nix {}; + gonic = handleTest ./gonic.nix {}; google-oslogin = handleTest ./google-oslogin {}; gotify-server = handleTest ./gotify-server.nix {}; grafana = handleTest ./grafana {}; diff --git a/nixos/tests/gonic.nix b/nixos/tests/gonic.nix new file mode 100644 index 000000000000..726d7da0970f --- /dev/null +++ b/nixos/tests/gonic.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "gonic"; + + nodes.machine = { ... }: { + services.gonic = { + enable = true; + settings = { + music-path = [ "/tmp" ]; + podcast-path = "/tmp"; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("gonic") + machine.wait_for_open_port(4747) + ''; +}) diff --git a/pkgs/servers/gonic/default.nix b/pkgs/servers/gonic/default.nix index be137a4df779..7178694868b8 100644 --- a/pkgs/servers/gonic/default.nix +++ b/pkgs/servers/gonic/default.nix @@ -1,4 +1,5 @@ { lib, stdenv, buildGoModule, fetchFromGitHub +, nixosTests , pkg-config, taglib, zlib # Disable on-the-fly transcoding, @@ -40,6 +41,10 @@ buildGoModule rec { '"${lib.getBin mpv}/bin/mpv"' ''; + passthru = { + tests.gonic = nixosTests.gonic; + }; + meta = { homepage = "https://github.com/sentriz/gonic"; description = "Music streaming server / subsonic server API implementation";