Make AirPlay 2 work for Shairport Sync on Audio host

- use nqptp - use Shairport Sync and nqptp versions, which work - disable IPv6, since Shairport Sync doesn't work with it for some reason - configure firewall for AirPlay 2 - use correct subnet
2023-10-15 21:44:25 +02:00 · 2023-10-15 21:44:25 +02:00 · c72b30aa6a
commit c72b30aa6a
parent eaedf34aa2
3 changed files with 98 additions and 19 deletions
--- a/config/hosts/audio/networking.nix
+++ b/config/hosts/audio/networking.nix
@ -1,19 +1,21 @@
 { config, pkgs, ... }:

 {
-  networking.interfaces.net0 = {
-    ipv4.addresses = [
-      {
-        address = "10.31.210.10";
-        prefixLength = 25;
-      }
-    ];
-    ipv6.addresses = [
-      {
-        address = "2a07:c480:0:1d2:0000:0000:1000:000a";
-        prefixLength = 64;
-      }
+  networking = {
+    interfaces.net0 = {
+      ipv4.addresses = [
+        {
+          address = "10.31.210.10";
+          prefixLength = 23;
+        }
+      ];
+    };
+    defaultGateway = "10.31.210.1";
+    nameservers = [
+      "10.31.210.1"
    ];
+    # Disable IPv6, since Shairport-Sync doesn't work with IPv6. Unclear why.
+    enableIPv6 = false;
  };
  systemd.network.links."10-net0" = {
    matchConfig.MACAddress = "1E:EF:2D:92:81:DA";
--- a/config/hosts/audio/shairport-sync.nix
+++ b/config/hosts/audio/shairport-sync.nix
@ -1,9 +1,14 @@
-{ ... }:
+# Sources for this configuration:
+# - https://github.com/mikebrady/shairport-sync/blob/f5c4b51da827a7f8d9a72a1b6f986807aba47bfc/AIRPLAY2.md
+# - https://github.com/mikebrady/nqptp
+# - https://github.com/mikebrady/nqptp/blob/050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7/nqptp.service.in
+
+{ pkgs, lib, ... }:
+
 {
  services.shairport-sync = {
    enable = true;
-    openFirewall = true;
-    arguments = "-v -o alsa -- -d plughw:1,0 -r 48000";
+    arguments = "-o alsa -- -d plughw:1,0 -r 48000";
  };

  environment.etc.shairport-sync-config = {
@ -11,4 +16,50 @@
    source = ./shairport-sync.conf;
    target = "shairport-sync.conf";
  };
+
+  users.users.nqptp = {
+    isSystemUser = true;
+    group = "nqptp";
+  };
+  users.groups.nqptp = { };
+
+  systemd.services.nqptp = {
+    enable = true;
+    description = "NQPTP -- Not Quite PTP";
+    unitConfig = {
+      Wants = [ "network-online.target" ];
+      After = [ "network.target" "network-online.target" ];
+      Before = [ "shairport-sync.service" ];
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.nqptp}/bin/nqptp";
+      User = "nqptp";
+      Group = "nqptp";
+      AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  # See here for docs:
+  # https://github.com/mikebrady/shairport-sync/blob/4ca5a15de2d53c69e6c3c23b0440c27978bb91df/TROUBLESHOOTING.md#ufw-firewall-blocking-ports-commonly-includes-raspberry-pi
+  # These docs seem like they also include the ports for AirPlay 1. Since we're
+  # doing just AirPlay 2, we can have a more restrictive firewall than
+  # documented there.
+  # This more restritive firewall also matches with a packet capture I did.
+  networking.firewall = {
+    allowedTCPPorts = [ 7000 ];
+    allowedUDPPorts = [ 319 320 5353 ];
+    allowedTCPPortRanges = [
+      {
+        from = 32768;
+        to = 60999;
+      }
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 32768;
+        to = 60999;
+      }
+    ];
+  };
 }