1 { config, lib, pkgs, ... }:
7 cfg = config.services.roon-bridge;
10 services.roon-bridge = {
11 enable = mkEnableOption "Roon Bridge";
12 openFirewall = mkOption {
16 Open ports in the firewall for the bridge.
21 default = "roon-bridge";
23 User to run the Roon bridge as.
28 default = "roon-bridge";
30 Group to run the Roon Bridge as.
36 config = mkIf cfg.enable {
37 systemd.services.roon-bridge = {
38 after = [ "network.target" ];
39 description = "Roon Bridge";
40 wantedBy = [ "multi-user.target" ];
42 environment.ROON_DATAROOT = "/var/lib/${name}";
45 ExecStart = "${pkgs.roon-bridge}/bin/RoonBridge";
49 StateDirectory = name;
53 networking.firewall = mkIf cfg.openFirewall {
54 allowedTCPPortRanges = [{ from = 9100; to = 9200; }];
55 allowedUDPPorts = [ 9003 ];
56 extraCommands = optionalString (!config.networking.nftables.enable) ''
57 iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
58 iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
59 iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT
60 iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
61 iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
63 extraInputRules = optionalString config.networking.nftables.enable ''
64 ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept
65 ip daddr 224.0.0.0/4 accept
66 pkttype { multicast, broadcast } accept
71 users.groups.${cfg.group} = {};
72 users.users.${cfg.user} =
73 optionalAttrs (cfg.user == "roon-bridge") {
75 description = "Roon Bridge user";
77 extraGroups = [ "audio" ];