feat(rtl): service

2026-02-09 04:19:19 -08:00 · 2025-01-27 15:23:27 -08:00 · 2025-01-27 15:23:27 -08:00 · b4dbcc71f0
commit b4dbcc71f0
parent 6931de7d18
7 changed files with 156 additions and 6 deletions
--- a/modules/nixos/rtl_tcp.nix
+++ b/modules/nixos/rtl_tcp.nix
@ -0,0 +1,75 @@
+{
+  pkgs,
+  config,
+  lib,
+  utils,
+  ...
+}: let
+  inherit (lib.options) mkOption mkEnableOption mkPackageOption;
+  inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
+  inherit (lib.trivial) mapNullable;
+  inherit (lib.lists) optionals;
+  inherit (utils) escapeSystemdExecArgs;
+  cfg = config.services.rtl_tcp;
+  defaultPort = 1234;
+  defaultUser = "rtl_tcp";
+in {
+  options.services.rtl_tcp = with lib.types; {
+    enable = mkEnableOption "rtl_tcp";
+    package = mkPackageOption pkgs "rtl-sdr-blog" {};
+    port = mkOption {
+      type = port;
+      default = defaultPort;
+    };
+    openFirewall = mkOption {
+      type = bool;
+      default = false;
+    };
+    user = mkOption {
+      type = nullOr str;
+      default = defaultUser;
+    };
+    group = mkOption {
+      type = nullOr str;
+    };
+    extraArgs = mkOption {
+      type = listOf str;
+      default = [];
+    };
+  };
+
+  config = let
+    serviceConf.services.rtl_tcp = {
+      group = mkOptionDefault (if cfg.user == defaultUser then defaultUser else null);
+    };
+    execArgs = optionals (cfg.port != defaultPort) [
+      "-p" (toString cfg.port)
+    ] ++ cfg.extraArgs;
+    conf.systemd.services.rtl_tcp = {
+      wantedBy = ["multi-user.target"];
+      after = ["network.target"];
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/rtl_tcp ${escapeSystemdExecArgs execArgs}";
+        DynamicUser = mkDefault (cfg.user == null);
+        User = if cfg.user != null then cfg.user else defaultUser;
+        Group = cfg.group;
+      };
+    };
+    conf.environment.systemPackages = [cfg.package];
+    conf.users.users.${defaultUser} = mkIf (cfg.user == defaultUser) {
+      group = cfg.group;
+      isSystemUser = true;
+      extraGroups = mkIf config.hardware.rtl-sdr.enable [
+        "plugdev"
+      ];
+    };
+    conf.users.groups.${defaultUser} = mkIf (cfg.user == defaultUser) {
+    };
+    conf.networking.firewall = {
+      allowedTCPPorts = mkIf cfg.openFirewall [cfg.port];
+    };
+  in mkMerge [
+    (mkIf cfg.enable conf)
+    serviceConf
+  ];
+}
--- a/modules/system/exports/rtl.nix
+++ b/modules/system/exports/rtl.nix
@ -0,0 +1,34 @@
+{
+  lib,
+  gensokyo-zone,
+  ...
+}: let
+  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+in {
+  config.exports.services.rtl_tcp = {config, ...}: {
+    id = mkAlmostOptionDefault "rtl";
+    nixos = {
+      serviceAttr = "rtl_tcp";
+      assertions = let
+        mkAssertion = f: nixosConfig: let
+          cfg = nixosConfig.services.rtl_tcp;
+        in
+          f nixosConfig cfg;
+      in
+        mkIf config.enable [
+          (mkAssertion (nixosConfig: cfg: {
+            assertion = config.ports.tcp.port == cfg.port;
+            message = "port mismatch";
+          }))
+        ];
+    };
+    defaults.port.listen = mkAlmostOptionDefault "lan";
+    ports = {
+      tcp = {
+        port = mkAlmostOptionDefault 1234;
+        transport = "tcp";
+      };
+    };
+  };
+}
--- a/nixos/openwebrx.nix
+++ b/nixos/openwebrx.nix
@ -4,17 +4,25 @@
  pkgs,
  ...
 }: let
-  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkOption;
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
  cfg = config.services.openwebrx;
  user = "openwebrx";
 in {
-  services.openwebrx = {
+  options.services.openwebrx = with lib.types; {
+    hardwareDev = mkOption {
+      type = nullOr int;
+    };
+  };
+
+  config.services.openwebrx = {
    enable = mkDefault true;
    package = mkDefault pkgs.openwebrxplus;
    user = mkDefault user;
+    hardwareDev = mkIf config.hardware.rtl-sdr.enable (mkOptionDefault 0);
  };

-  users = mkIf cfg.enable {
+  config.users = mkIf cfg.enable {
    users.${user} = {
      uid = 912;
      isSystemUser = true;
@ -29,7 +37,7 @@ in {
    };
  };

-  sops.secrets = let
+  config.sops.secrets = let
    sopsFile = mkDefault ./secrets/openwebrx.yaml;
  in
    mkIf cfg.enable {
@ -41,7 +49,7 @@ in {
      };
    };

-  networking.firewall = mkIf cfg.enable {
+  config.networking.firewall = mkIf cfg.enable {
    interfaces.lan.allowedTCPPorts = mkIf cfg.enable [
      cfg.port
    ];
--- a/nixos/rtl_tcp.nix
+++ b/nixos/rtl_tcp.nix
@ -0,0 +1,18 @@
+{
+  config,
+  gensokyo-zone,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
+  cfg = config.services.rtl_tcp;
+in {
+  services.rtl_tcp = {
+    enable = mkAlmostOptionDefault true;
+  };
+  hardware.rtl-sdr.enable = mkAlmostOptionDefault true;
+  networking.firewall.interfaces.lan = mkIf (cfg.enable && !cfg.openFirewall) {
+    allowedTCPPorts = [cfg.port];
+  };
+}
--- a/systems/kasen/default.nix
+++ b/systems/kasen/default.nix
@ -13,6 +13,7 @@ _: {
      tailscale.enable = true;
      nginx.enable = true;
      openwebrx.enable = true;
+      rtl_tcp.enable = true;
    };
  };
  network.networks = {
--- a/systems/kasen/nixos.nix
+++ b/systems/kasen/nixos.nix
@ -3,7 +3,9 @@
  config,
  lib,
  ...
-}: {
+}: let
+  inherit (lib.modules) mkIf;
+in {
  imports = let
    inherit (meta) nixos;
  in [
@ -12,12 +14,14 @@
    nixos.tailscale
    nixos.nginx
    nixos.openwebrx
+    nixos.rtl_tcp
  ];

  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;

  hardware.rtl-sdr.enable = true;
+  services.openwebrx.hardwareDev = mkIf config.services.rtl_tcp.enable null;

  sops.defaultSopsFile = ./secrets.yaml;

--- a/tf/tailscale_devices.tf
+++ b/tf/tailscale_devices.tf
@ -3,6 +3,7 @@ locals {
  tailscale_tag_genso     = "tag:gensokyo"
  tailscale_tag_reisen    = "tag:reisen"
  tailscale_tag_minecraft = "tag:minecraft"
+  tailscale_tag_rtl       = "tag:rtl"

  tailscale_tag_arc        = "tag:arc"
  tailscale_tag_arc_deploy = "tag:arc-deploy"
@ -29,6 +30,7 @@ resource "tailscale_acl" "tailnet" {
      "${local.tailscale_tag_reisen}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
      "${local.tailscale_tag_genso}" : [local.tailscale_group_admin, local.tailscale_tag_arc_deploy, local.tailscale_tag_kat_deploy],
      "${local.tailscale_tag_minecraft}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
+      "${local.tailscale_tag_rtl}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
      "${local.tailscale_tag_arc}" : [local.tailscale_user_arc, local.tailscale_tag_arc_deploy],
      "${local.tailscale_tag_arc_deploy}" : [local.tailscale_user_arc],
      "${local.tailscale_tag_kat}" : [local.tailscale_user_kat, local.tailscale_tag_kat_deploy],
@ -60,6 +62,14 @@ resource "tailscale_acl" "tailnet" {
          "${local.tailscale_tag_minecraft}:19132,19133,25565",
        ]
      },
+      {
+        action = "accept"
+        src    = ["*"]
+        dst = [
+          "autogroup:self:*",
+          "${local.tailscale_tag_rtl}:1234",
+        ]
+      },
      {
        action = "accept"
        src    = [local.tailscale_group_member]