8becc897ea
DynamicUser currently breaks the backup functionality provided by roon, as the roon server cannot write to non-canonical directories and the recycled UIDs/GIDs would make managing permissions for the directory impossible. On top of that, it would break the ability to manage the local music library files (as it would not be able to delete them).
47 lines
1,019 B
Nix
47 lines
1,019 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
name = "roon-server";
|
|
cfg = config.services.roon-server;
|
|
in {
|
|
options = {
|
|
services.roon-server = {
|
|
enable = mkEnableOption "Roon Server";
|
|
openFirewall = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Open ports in the firewall for the server.
|
|
|
|
UDP: 9003
|
|
TCP: 9100 - 9200
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.roon-server = {
|
|
after = [ "network.target" ];
|
|
description = "Roon Server";
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment.ROON_DATAROOT = "/var/lib/${name}";
|
|
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.roon-server}/opt/start.sh";
|
|
LimitNOFILE = 8192;
|
|
SupplementaryGroups = "audio";
|
|
};
|
|
};
|
|
|
|
networking.firewall = mkIf cfg.openFirewall {
|
|
allowedTCPPortRanges = [
|
|
{ from = 9100; to = 9200; }
|
|
];
|
|
allowedUDPPorts = [ 9003 ];
|
|
};
|
|
};
|
|
}
|