nixos/screego: init module

Add module for screego
2024-07-31 21:31:37 +02:00 · 2024-07-31 21:31:37 +02:00 · c882d9b673
commit c882d9b673
parent 3c5b0cd257
2 changed files with 97 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1464,6 +1464,7 @@
  ./services/web-apps/pretix.nix
  ./services/web-apps/prosody-filer.nix
  ./services/web-apps/rimgo.nix
+  ./services/web-apps/screego.nix
  ./services/web-apps/sftpgo.nix
  ./services/web-apps/suwayomi-server.nix
  ./services/web-apps/rss-bridge.nix
--- a/nixos/modules/services/web-apps/screego.nix
+++ b/nixos/modules/services/web-apps/screego.nix
@ -0,0 +1,96 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib) mkOption types mkIf;
+  cfg = config.services.screego;
+  defaultSettings = {
+    SCREEGO_SERVER_ADDRESS = "127.0.0.1:5050";
+    SCREEGO_TURN_ADDRESS = "0.0.0.0:3478";
+    SCREEGO_TURN_PORT_RANGE = "50000:55000";
+    SCREEGO_SESSION_TIMEOUT_SECONDS = "0";
+    SCREEGO_CLOSE_ROOM_WHEN_OWNER_LEAVES = "true";
+    SCREEGO_AUTH_MODE = "turn";
+    SCREEGO_LOG_LEVEL = "info";
+  };
+in
+{
+  meta.maintainers = with lib.maintainers; [ pinpox ];
+
+  options.services.screego = {
+
+    enable = lib.mkEnableOption "screego screen-sharing server for developers";
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Open the firewall port(s).
+      '';
+    };
+
+    environmentFile = mkOption {
+      default = null;
+      description = ''
+        Environment file (see {manpage}`systemd.exec(5)` "EnvironmentFile="
+        section for the syntax) passed to the service. This option can be
+        used to safely include secrets in the configuration.
+      '';
+      example = "/run/secrets/screego-envfile";
+      type = with types; nullOr path;
+    };
+
+    settings = lib.mkOption {
+      type = types.attrsOf types.str;
+      description = ''
+        Screego settings passed as Nix attribute set, they will be merged with
+        the defaults. Settings will be passed as environment variables.
+
+        See https://screego.net/#/config for possible values
+      '';
+      default = defaultSettings;
+      example = {
+        SCREEGO_EXTERNAL_IP = "dns:example.com";
+      };
+    };
+  };
+
+  config =
+    let
+      # User-provided settings should be merged with default settings,
+      # overwriting where necessary
+      mergedConfig = defaultSettings // cfg.settings;
+      turnUDPPorts = lib.splitString ":" mergedConfig.SCREEGO_TURN_PORT_RANGE;
+      turnPort = lib.toInt (builtins.elemAt (lib.splitString ":" mergedConfig.SCREEGO_TURN_ADDRESS) 1);
+    in
+    mkIf (cfg.enable) {
+
+      networking.firewall = lib.mkIf cfg.openFirewall {
+        allowedTCPPorts = [ turnPort ];
+        allowedUDPPorts = [ turnPort ];
+        allowedUDPPortRanges = [
+          {
+            from = lib.toInt (builtins.elemAt turnUDPPorts 0);
+            to = lib.toInt (builtins.elemAt turnUDPPorts 1);
+          }
+        ];
+      };
+
+      systemd.services.screego = {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        description = "screego screen-sharing for developers";
+        environment = mergedConfig;
+        serviceConfig = {
+          DynamicUser = true;
+          ExecStart = "${lib.getExe pkgs.screego} serve";
+          Restart = "on-failure";
+          RestartSec = "5s";
+        } // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; };
+      };
+    };
+}