{ config, pkgs, lib, ... }: let cfg = config.services.greg-ng; in { options.services.greg-ng = { enable = lib.mkEnableOption "greg-ng, an mpv based media player"; package = lib.mkPackageOption pkgs "greg-ng" { }; mpvPackage = lib.mkPackageOption pkgs "mpv" { }; enableSway = lib.mkEnableOption "sway as the main window manager"; enablePipewire = lib.mkEnableOption "pipewire" // { default = true; }; enableDebug = lib.mkEnableOption "debug logs"; # TODO: create some better descriptions settings = { host = lib.mkOption { type = lib.types.str; default = "localhost"; example = "0.0.0.0"; description = '' Which host to bind to. ''; }; port = lib.mkOption { type = lib.types.port; default = 8008; example = 10008; description = '' Which port to bind to. ''; }; mpv-socket-path = lib.mkOption { type = lib.types.str; default = "%t/greg-ng-mpv.sock"; description = '' Path to the mpv socket. ''; }; mpv-executable-path = lib.mkOption { type = lib.types.str; default = lib.getExe cfg.mpvPackage; defaultText = lib.literalExpression '' lib.getExe config.services.greg-ng.mpvPackage ''; description = '' Path to the mpv executable. ''; }; mpv-config-file = lib.mkOption { type = with lib.types; nullOr str; default = null; description = '' Path to the mpv config file. ''; }; auto-start-mpv = lib.mkOption { type = lib.types.bool; default = true; description = '' Whether to automatically start mpv. ''; }; force-auto-start = lib.mkOption { type = lib.types.bool; default = true; description = '' Whether to force auto starting mpv. ''; }; }; }; config = lib.mkMerge [ (lib.mkIf cfg.enable { users = { users.greg = { isNormalUser = true; group = "greg"; uid = 2000; description = "loud gym bro"; }; groups.greg.gid = 2000; }; systemd.user.services.greg-ng = { description = "greg-ng, an mpv based media player"; wantedBy = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ]; environment = { RUST_LOG = lib.mkIf cfg.enableDebug "greg_ng=trace,mpvipc=trace"; }; serviceConfig = { Type = "simple"; ExecStart = "${lib.getExe cfg.package} ${lib.cli.toGNUCommandLineShell { } cfg.settings}"; Restart = "always"; RestartSec = 3; IPAddressDeny = lib.optionals (lib.elem cfg.settings.host [ null "localhost" "127.0.0.1" ]) [ "any" ]; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; AmbientCapabilities = [ "" ]; CapabilityBoundingSet = [ "" ]; DeviceAllow = [ "" ]; LockPersonality = true; # Might work, but wouldn't bet on it with embedded scripting lang in mpv MemoryDenyWriteExecute = false; NoNewPrivileges = true; # MPV and mesa tries to talk directly to the GPU. PrivateDevices = false; PrivateMounts = true; PrivateTmp = true; PrivateUsers = true; ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectHome = "tmpfs"; ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; UMask = "0077"; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; }; }; }) (lib.mkIf (cfg.enable && cfg.enablePipewire) { services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; }) (lib.mkIf (cfg.enable && cfg.enableSway) { programs.sway = { enable = true; wrapperFeatures.gtk = true; }; xdg.portal = { enable = true; wlr.enable = true; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; services.greetd = { enable = true; settings = rec { initial_session = { command = "${pkgs.sway}/bin/sway"; user = "greg"; }; default_session = initial_session; }; }; }) ]; }