summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bureautomation/office-radio/webserver.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-01-25 08:32:21 +0100
committermakefu <github@syntax-fehler.de>2021-01-25 08:32:21 +0100
commit52f450b4c5bb178533574dca2de193de9b66b4ba (patch)
tree82cd79b13f926e2fc51d84063c8c9917e6ef7940 /makefu/2configs/bureautomation/office-radio/webserver.nix
parentdfcf2c428217d16459979bcc1c88de9ef99c8a22 (diff)
ma office-radio: init
Diffstat (limited to 'makefu/2configs/bureautomation/office-radio/webserver.nix')
-rw-r--r--makefu/2configs/bureautomation/office-radio/webserver.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+ mpds = import ./mpdconfig.nix;
+ pkg = pkgs.office-radio;
+in {
+ systemd.services.office-radio-appsrv = {
+ after = [ "network.target" ];
+ description = "Office Radio Appserver";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/office-radio";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+ systemd.services.office-radio-stopper = {
+ after = [ "network.target" ];
+ description = "Office Radio Script to stop idle streams";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/stop-idle-streams";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+}