summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bureautomation/office-radio/webserver.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-02-18 20:25:47 +0100
committertv <tv@krebsco.de>2021-02-18 20:25:47 +0100
commitf9bc618fada82326ed371b131eaed34d21626ae9 (patch)
treec48156ed3dc16594907c3744b14fcdafd2409206 /makefu/2configs/bureautomation/office-radio/webserver.nix
parent9365aff352d99b7506bafbef6682de7bfb00df27 (diff)
parent8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs/bureautomation/office-radio/webserver.nix')
-rw-r--r--makefu/2configs/bureautomation/office-radio/webserver.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+ mpds = import ./mpdconfig.nix;
+ pkg = pkgs.office-radio;
+in {
+ systemd.services.office-radio-appsrv = {
+ after = [ "network.target" ];
+ description = "Office Radio Appserver";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/office-radio";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+ systemd.services.office-radio-stopper = {
+ after = [ "network.target" ];
+ description = "Office Radio Script to stop idle streams";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/stop-idle-streams";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+}