Merge remote-tracking branch 'gum/master'

1 files changed, 40 insertions, 0 deletions

diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+  mpds = import ./mpdconfig.nix;
+  pkg = pkgs.office-radio;
+in {
+  systemd.services.office-radio-appsrv = {
+    after = [ "network.target" ];
+    description = "Office Radio Appserver";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+        ExecStart = "${pkg}/bin/office-radio";
+        DynamicUser = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+        RestrictNamespaces = true;
+        Restart = "always";
+    };
+  };
+  systemd.services.office-radio-stopper = {
+    after = [ "network.target" ];
+    description = "Office Radio Script to stop idle streams";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+        ExecStart = "${pkg}/bin/stop-idle-streams";
+        DynamicUser = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+        RestrictNamespaces = true;
+        Restart = "always";
+    };
+  };
+}