68 lines
2.4 KiB
Nix
68 lines
2.4 KiB
Nix
# rtkit/RealtimeKit: allow applications which want realtime audio (e.g. Dino? Pulseaudio server?) to request it.
|
|
# this might require more configuration (e.g. polkit-related) to work exactly as desired.
|
|
# - readme outlines requirements: <https://github.com/heftig/rtkit>
|
|
# XXX(2023/10/12): rtkit does not play well on moby. any application sending audio out dies after 10s.
|
|
# - note that `rtkit-daemon` can be launched with a lot of config
|
|
# - suggest using a much less aggressive canary. maybe try that?
|
|
# - see: <https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Performance-tuning>
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.sane.programs.rtkit;
|
|
in
|
|
{
|
|
sane.programs.rtkit = {
|
|
packageUnwrapped = pkgs.rmDbusServices pkgs.rtkit;
|
|
# services.rtkit = {
|
|
# description = "rtkit: grant realtime scheduling privileges to select processes";
|
|
# command = "${cfg.package}/libexec/rtkit-daemon";
|
|
# };
|
|
};
|
|
|
|
systemd.services.rtkit-daemon = lib.mkIf cfg.enabled {
|
|
description = "rtkit: grant realtime scheduling privileges to select processes";
|
|
wantedBy = [ "default.target" ];
|
|
serviceConfig = {
|
|
ExecStart = lib.escapeShellArgs [
|
|
"${cfg.package}/libexec/rtkit-daemon"
|
|
"--scheduling-policy=FIFO"
|
|
"--our-realtime-priority=79"
|
|
"--max-realtime-priority=78" # N.B.: setting this too aggressively can hang weak devices!
|
|
"--min-nice-level=-19"
|
|
"--rttime-usec-max=2000000"
|
|
"--users-max=100"
|
|
"--processes-per-user-max=1000"
|
|
"--threads-per-user-max=10000"
|
|
"--actions-burst-sec=10"
|
|
"--actions-per-burst-max=1000"
|
|
"--canary-cheep-msec=30000"
|
|
"--canary-watchdog-msec=60000"
|
|
];
|
|
|
|
Type = "simple";
|
|
# Type = "dbus";
|
|
# BusName = "org.freedesktop.RealtimeKit1";
|
|
Restart = "on-failure";
|
|
# User = "rtkit"; # it wants starts as root
|
|
# Group = "rtkit";
|
|
# wantedBy = [ "default.target" ];
|
|
# TODO: harden
|
|
CapabilityBoundingSet = "CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_CHROOT CAP_SETGID CAP_SETUID";
|
|
};
|
|
};
|
|
users.users.rtkit = lib.mkIf cfg.enabled {
|
|
isSystemUser = true;
|
|
group = "rtkit";
|
|
description = "RealtimeKit daemon";
|
|
};
|
|
users.groups.rtkit = lib.mkIf cfg.enabled {};
|
|
|
|
|
|
environment.systemPackages = lib.mkIf cfg.enabled [
|
|
# for /share/polkit-1, but unclear if actually needed
|
|
cfg.package
|
|
];
|
|
security.polkit = lib.mkIf cfg.enabled {
|
|
enable = true;
|
|
};
|
|
}
|