nixos-configuration/hosts/iron/services/snapcast/ledfx.nix

{ pkgs, ... }:
let
  interfaces = import ../../interfaces.nix;
in
{
  networking.firewall.interfaces."${interfaces.lan}".allowedTCPPorts = [
    8888
  ];

  systemd.services.snapclient-ledfx = {
    enable = true;
    description = "Snapcast client";
    wants = [ "network.target" "sound.target" ];
    after = [ "network.target" "sound.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      DynamicUser = "yes";
      ExecStart = "${pkgs.snapcast}/bin/snapclient --host 127.0.0.1 --hostID ledfx -i 2 --player alsa -s ledfx";
      Group = "audio";
      NoNewPrivileges = true;
      ProtectControlGroups = true;
      ProtectHome = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
      RestrictNamespaces = true;
      RuntimeDirectory = "snapclient-ledfx";
    };
  };

  systemd.services.ledfx = {
    enable = true;
    description = "LedFx";
    wants = [ "network.target" "sound.target" "snapclient-ledfx.service" ];
    after = [ "network.target" "sound.target" "snapclient-ledfx.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      DynamicUser = "yes";
      ExecStart = "${pkgs.ledfx}/bin/ledfx --host 0.0.0.0 -p 8888 -c %S/ledfx";
      Group = "audio";
      NoNewPrivileges = true;
      ProtectControlGroups = true;
      ProtectHome = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
      RestrictNamespaces = true;
      StateDirectory = "ledfx";
      StateDirectoryMode = "0755";
    };
  };
}