{ config, pkgs, ... }:
let
payas = "payas";
in
{
# Open navidrome port, but only for local network
networking.firewall.extraCommands = ''
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 4533:4533 -j nixos-fw-accept
iptables -A nixos-fw -p udp --source 192.168.0.0/24 --dport 4533:4533 -j nixos-fw-accept
'';
services.navidrome = {
enable = true;
settings = {
# Address is set by individual host
Port = 4533;
MusicFolder = "/home/payas/Music/";
DataFolder = "/home/payas/.navidrome/";
EnableCoverAnimation = false;
DefaultTheme = "Extra Dark";
CoverJpegQuality = 100;
LastFM.Enabled = false;
ListenBrainz.Enabled = true;
EnableUserEditing = true;
};
systemd.services.navidrome =
cfg = config.services.navidrome.settings;
serviceConfig = {
User = payas;
Group = payas;
ProtectHome = pkgs.lib.mkForce "tmpfs";
BindPaths = [ cfg.DataFolder ];
BindReadOnlyPaths = pkgs.lib.mkForce [
builtins.storeDir
cfg.MusicFolder
];
}