add caps to container and nix

2024-08-08 00:50:33 +02:00 · 2024-08-08 00:50:33 +02:00 · adb0190b3f
commit adb0190b3f
parent 1978208b61
2 changed files with 34 additions and 2 deletions
--- a/services.nix
+++ b/services.nix
@ -0,0 +1,30 @@
+{ self, ...}: {config, lib, pkgs, ...}:
+
+let
+  cfg = config.services.sanic;
+  format = pkgs.formats.ini { };
+in
+{
+  options.services.sanic = {
+    enable = mkEnableOption (lib.mdDoc "sanic");
+    settings = mkOption {
+      type = format.type;
+      default = { };
+      description = lib.mkDoc ''
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.sanic = {
+      description = "chaos music control";
+      wantedBy = [ "multi-user.target" "default.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        ExecStart = "${self.packages.${pkgs.system}.default}/bin/sanic";
+        Restart = "on-failure";
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+      };
+    };
+  };
+}