97 lines
2.8 KiB
Nix
97 lines
2.8 KiB
Nix
|
{
|
||
|
config,
|
||
|
lib,
|
||
|
pkgs,
|
||
|
...
|
||
|
}:
|
||
|
|
||
|
let
|
||
|
inherit (lib) mkOption types mkIf;
|
||
|
cfg = config.services.screego;
|
||
|
defaultSettings = {
|
||
|
SCREEGO_SERVER_ADDRESS = "127.0.0.1:5050";
|
||
|
SCREEGO_TURN_ADDRESS = "0.0.0.0:3478";
|
||
|
SCREEGO_TURN_PORT_RANGE = "50000:55000";
|
||
|
SCREEGO_SESSION_TIMEOUT_SECONDS = "0";
|
||
|
SCREEGO_CLOSE_ROOM_WHEN_OWNER_LEAVES = "true";
|
||
|
SCREEGO_AUTH_MODE = "turn";
|
||
|
SCREEGO_LOG_LEVEL = "info";
|
||
|
};
|
||
|
in
|
||
|
{
|
||
|
meta.maintainers = with lib.maintainers; [ pinpox ];
|
||
|
|
||
|
options.services.screego = {
|
||
|
|
||
|
enable = lib.mkEnableOption "screego screen-sharing server for developers";
|
||
|
|
||
|
openFirewall = mkOption {
|
||
|
type = types.bool;
|
||
|
default = false;
|
||
|
description = ''
|
||
|
Open the firewall port(s).
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
environmentFile = mkOption {
|
||
|
default = null;
|
||
|
description = ''
|
||
|
Environment file (see {manpage}`systemd.exec(5)` "EnvironmentFile="
|
||
|
section for the syntax) passed to the service. This option can be
|
||
|
used to safely include secrets in the configuration.
|
||
|
'';
|
||
|
example = "/run/secrets/screego-envfile";
|
||
|
type = with types; nullOr path;
|
||
|
};
|
||
|
|
||
|
settings = lib.mkOption {
|
||
|
type = types.attrsOf types.str;
|
||
|
description = ''
|
||
|
Screego settings passed as Nix attribute set, they will be merged with
|
||
|
the defaults. Settings will be passed as environment variables.
|
||
|
|
||
|
See https://screego.net/#/config for possible values
|
||
|
'';
|
||
|
default = defaultSettings;
|
||
|
example = {
|
||
|
SCREEGO_EXTERNAL_IP = "dns:example.com";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config =
|
||
|
let
|
||
|
# User-provided settings should be merged with default settings,
|
||
|
# overwriting where necessary
|
||
|
mergedConfig = defaultSettings // cfg.settings;
|
||
|
turnUDPPorts = lib.splitString ":" mergedConfig.SCREEGO_TURN_PORT_RANGE;
|
||
|
turnPort = lib.toInt (builtins.elemAt (lib.splitString ":" mergedConfig.SCREEGO_TURN_ADDRESS) 1);
|
||
|
in
|
||
|
mkIf (cfg.enable) {
|
||
|
|
||
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||
|
allowedTCPPorts = [ turnPort ];
|
||
|
allowedUDPPorts = [ turnPort ];
|
||
|
allowedUDPPortRanges = [
|
||
|
{
|
||
|
from = lib.toInt (builtins.elemAt turnUDPPorts 0);
|
||
|
to = lib.toInt (builtins.elemAt turnUDPPorts 1);
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
|
||
|
systemd.services.screego = {
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "network.target" ];
|
||
|
description = "screego screen-sharing for developers";
|
||
|
environment = mergedConfig;
|
||
|
serviceConfig = {
|
||
|
DynamicUser = true;
|
||
|
ExecStart = "${lib.getExe pkgs.screego} serve";
|
||
|
Restart = "on-failure";
|
||
|
RestartSec = "5s";
|
||
|
} // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; };
|
||
|
};
|
||
|
};
|
||
|
}
|