diff --git a/modules/config/pulseaudio.nix b/modules/config/pulseaudio.nix index 0d0dd829782d..35b7cbb01582 100644 --- a/modules/config/pulseaudio.nix +++ b/modules/config/pulseaudio.nix @@ -48,6 +48,9 @@ with pkgs.lib; } ]; + # Allow PulseAudio to get realtime priority using rtkit. + security.rtkit.enable = true; + }; } diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 02c9cefc3152..4181cd53ef85 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -63,6 +63,7 @@ in fourStore = 42; fourStoreEndpoint = 43; virtuoso = 44; + rtkit = 45; # When adding a uid, make sure it doesn't match an existing gid. diff --git a/modules/module-list.nix b/modules/module-list.nix index c2c8d4ee7ab6..77acac428022 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -45,6 +45,7 @@ ./security/pam_usb.nix ./security/policykit.nix ./security/polkit.nix + ./security/rtkit.nix ./security/setuid-wrappers.nix ./security/sudo.nix ./services/amqp/rabbitmq.nix diff --git a/modules/security/rtkit.nix b/modules/security/rtkit.nix new file mode 100644 index 000000000000..060ff87f9ead --- /dev/null +++ b/modules/security/rtkit.nix @@ -0,0 +1,39 @@ +# A module for ‘rtkit’, a DBus system service that hands out realtime +# scheduling priority to processes that ask for it. + +{ config, pkgs, ... }: + +with pkgs.lib; + +{ + + options = { + + security.rtkit.enable = mkOption { + default = false; + description = '' + Whether to enable the RealtimeKit system service, which hands + out realtime scheduling priority to user processes on + demand. For example, the PulseAudio server uses this to + acquire realtime priority. + ''; + }; + + }; + + + config = mkIf config.security.rtkit.enable { + + environment.systemPackages = [ pkgs.rtkit ]; + + services.dbus.packages = [ pkgs.rtkit ]; + + users.extraUsers = singleton + { name = "rtkit"; + uid = config.ids.uids.rtkit; + description = "RealtimeKit daemon"; + }; + + }; + +}