nixpkgs/nixos/modules/services/networking/syncplay.nix
2022-03-24 04:46:26 +01:00

97 lines
2.4 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.syncplay;
cmdArgs =
[ "--port" cfg.port ]
++ optionals (cfg.salt != null) [ "--salt" cfg.salt ]
++ optionals (cfg.certDir != null) [ "--tls" cfg.certDir ];
in
{
options = {
services.syncplay = {
enable = mkOption {
type = types.bool;
default = false;
description = "If enabled, start the Syncplay server.";
};
port = mkOption {
type = types.port;
default = 8999;
description = ''
TCP port to bind to.
'';
};
salt = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted.
'';
};
certDir = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
TLS certificates directory to use for encryption. See
<link xlink:href="https://github.com/Syncplay/syncplay/wiki/TLS-support"/>.
'';
};
user = mkOption {
type = types.str;
default = "nobody";
description = ''
User to use when running Syncplay.
'';
};
group = mkOption {
type = types.str;
default = "nogroup";
description = ''
Group to use when running Syncplay.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to the file that contains the server password. If
<literal>null</literal>, the server doesn't require a password.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.syncplay = {
description = "Syncplay Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
LoadCredential = lib.mkIf (cfg.passwordFile != null) "password:${cfg.passwordFile}";
};
script = ''
${lib.optionalString (cfg.passwordFile != null) ''
export SYNCPLAY_PASSWORD=$(cat "''${CREDENTIALS_DIRECTORY}/password")
''}
exec ${pkgs.syncplay}/bin/syncplay-server ${escapeShellArgs cmdArgs}
'';
};
};
}