nix-infra/config/hosts/audio/shairport-sync.nix
June ae11e1f3da Move PipeWire configuration into own file
Also add link to documentation.
2023-10-16 22:52:35 +02:00

68 lines
1.9 KiB
Nix

# Sources for this configuration:
# - https://github.com/mikebrady/shairport-sync/blob/f5c4b51da827a7f8d9a72a1b6f986807aba47bfc/AIRPLAY2.md
# - https://github.com/mikebrady/nqptp
# - https://github.com/mikebrady/nqptp/blob/050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7/nqptp.service.in
{ pkgs, lib, ... }:
{
services.shairport-sync = {
enable = true;
arguments = "-o pw";
};
users.users.shairport.extraGroups = [ "pipewire" ];
environment.etc.shairport-sync-config = {
enable = true;
source = ./shairport-sync.conf;
target = "shairport-sync.conf";
};
users.users.nqptp = {
isSystemUser = true;
group = "nqptp";
};
users.groups.nqptp = { };
systemd.services.nqptp = {
enable = true;
description = "NQPTP -- Not Quite PTP";
unitConfig = {
Wants = [ "network-online.target" ];
After = [ "network.target" "network-online.target" ];
Before = [ "shairport-sync.service" ];
};
serviceConfig = {
ExecStart = "${pkgs.nqptp}/bin/nqptp";
User = "nqptp";
Group = "nqptp";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
wantedBy = [ "multi-user.target" ];
};
# See here for docs:
# https://github.com/mikebrady/shairport-sync/blob/4ca5a15de2d53c69e6c3c23b0440c27978bb91df/TROUBLESHOOTING.md#ufw-firewall-blocking-ports-commonly-includes-raspberry-pi
# These docs seem like they also include the ports for AirPlay 1. Since we're
# doing just AirPlay 2, we can have a more restrictive firewall than
# documented there.
# This more restritive firewall also matches with a packet capture I did.
networking.firewall = {
allowedTCPPorts = [ 7000 ];
allowedUDPPorts = [ 319 320 5353 ];
allowedTCPPortRanges = [
{
from = 32768;
to = 60999;
}
];
allowedUDPPortRanges = [
{
from = 32768;
to = 60999;
}
];
};
}