@aanderse : thanks for all the comments. I don't know how I missed the user/group stuff. Anyways can you check the new commits and see if they're alright? I'll make similar changes to the headphones (#46514) module.

Hey all,

@rembo10 No worries, I agree with you, it's better to have all similar packages behind the same service. I suppose that, as they are all forks of sickbeard, they work the same.

However, I don't understand why we don't leverage Systemd's dynamicUser and all relative options (RuntimeDirectory, StateDirectory, etc…).

I did that in my PR (see https://github.com/NixOS/nixpkgs/pull/46340/files#diff-f653b9eaf598496872612beefd0cb752R32).

The beginning of ids.nix state that:

We only add static uids and gids for services where it is not feasible
to change uids/gids on service start, in example a service with a lot of
files.

And I don't think this is the case here.

What do you think ?

EDIT : formating

However, I don't understand why we don't leverage Systemd's dynamicUser and all relative options (RuntimeDirectory, StateDirectory, etc…).

@sterfield Interesting. Does sickbeard not store download files under the directory specified? How would that work with DynamicUser?

I have transmission running on my system and since there is a dedicated user I can add the transmission group to my own user accounts extra groups so I have access to the downloaded files.

Well, I looked at systemd's documentation page and found lots of interesting stuff.

Here, dynamicUser will not help, as Sickbeard/Sickrage/whatever searches for a corresponding line in /etc/passwd at boot time, but we can only declare a simple user and let the system decides the uid/gid. There's no point (IMHO) to force a specific uid/gid. I did the code in my PR (https://github.com/NixOS/nixpkgs/pull/46340/files#diff-f653b9eaf598496872612beefd0cb752R39) (actually, I declared only sickrage as a user and nogroup as a group. We could create an option to create a group if there's a specific need.)

As for the RuntimeDirectory, it's by default under /var/lib/sickrage which is the correct place. The only drawback I can see is the user cannot specify a data directory, but I don't think it's a problem, as it's only the place where the config file and the db is stored.

And obviously, RuntimeDirectory is kept between services's runs.

EDIT : formatting and some clarification.

@sterfield Interesting. Does sickbeard not store download files under the directory specified? How would that work with DynamicUser?

As far as I can remember, no. Sickbeard is storing its db in the data path, but download folders are then added after by the user.

I think it's useful to give them dedicated ids since they're moving files around. For example, I add sickbeard to the 'storage' group, which has write access to a mounted drive

I think it's useful to give them dedicated ids since they're moving files around. For example, I add sickbeard to the 'storage' group, which has write access to a mounted drive

But an non-dedicated id for sickrage / sickbeard will allow you to do that, no ?

Ah would it? Ok, sorry I think maybe I misunderstood. I'm happy to make the change as long as it'll work with my setup 😂😅

It has to be tested, but from my point of view:

• a sickbeard user is created along with the service
• you declare sickbeard as member of your storage group
• you declare your mountpoint with the storage group

and that should be it.

One additional option we could create is a list of group user sickbeard belongs to. By default, we keep nogroup but if the user add some groups, then we add sickbeard to those groups.

I'm still doing a bit of research but I stumbled across this comment that seems to suggest that it won't work for my use case (and I imagine many others') as these services are usually used in conjunction with transmission, sabnznd, etc. Sorry - I'm still trying to wrap my head around all of this so I might be missing something totally obvious. Reading the systemd link above, it seems like you can pass a list of groups to run the service as, but do they also have access to directories outside of /var/lib/service? Or would those directories need to be mounted?

That's what I mentioned in one of my comment:

• dynamicUser can be used, but you don't have a "real" user, only created by systemd at service boot, and deleted at service stop. I can be used here, but Sickbeard is checking user's password in /etc/passwd, which doesn't exist in that case and the application crashes (I tested it with Sickrage, so I assume that it's the same for other forks)
• runtimeDirectory can be used here, but as stated in the comment you linked, the directory is created under /var/lib/<some directory> and you don't have the choice for the location.
• creation of a specific user using Nixos user option creates a regular user.

So we can do three things here:

• creation of a user without fixed uid/gid and use of runtimeDirectory. We don't know the uid/gid chosen by Nixos and the datadir will be handled by systemd under /var/lib/sickbeard (for example).
  • Advantage: don't have to manage the datadir yourself, and let nixos decides the uid/gid. ids.nix will be less cluttered.
  • Disadvantage: you don't have a fixed uid/gid, but I don't see any impact here. The datadir is also fixed, preventing the user to chose his own datadir. That's fine by me, as I don't change its content manually, but it could be an issue for some user that wants a specific folder or to use a specific config.ini
• creation of a user without fixed uid/gid and creation of the datadir by Nixos install phase:
  • Advantage: datadir can be customized
  • Disadvantage: more things to manage at Nixos level
• creation of a user with fixed uid/gid and creation of the datadir by Nixos install phase:
  • Advantage: fixed uid and datadir can be customized
  • Disadvantage: more things to manage at Nixos level and ids.nix will have more ids declared

So ultimately, there's no big differences.

• if we want to customize datadir, then let's do it, but if there's no added value, we can let systemd handle this.
• we can declare a specific uid/gid for sickbeard user, but I don't see any added value here.

I'm not sure I know enough about this to make the decision as I'm quite new to nix / nixos so I'll defer to your guys' judgement on this

My opinion is that there can be a use case for specifying both username and group for services like this, so personally I would go with the third option which you currently have implemented.

I'll also add that I'm no authority though. :-)

I still don't understand why you want to fix uid/gid in ids.nix instead of using user option and let the system decide the uid/gid itself.

But the code looks good to me, so if you want to merge it like that, then go for it !

I'll leave it up to you guys to decide about the id situation. Just let me know and I can make changes

@sterfield Just reread your options... Is the only difference between option 2 and 3 the predefined ids?

If so I think I'm indifferent between the two. I still think there would be value in allowing the user to specify the user and group the service runs as, but I don't know enough about sickbeard to say.

It sounds like @rembo10 and I are leaving the decision to you.

So, I'm all for letting the user choose which user / group to handle the service. The code you did is really cool. The only concern I have is the use of predefined ids, where I don't see really the need here. In addition, some comments in the file mentioned to not go above uid 399, and we are getting close to that.

So here's my thoughts:

• remove the predefined ids from the current code and we push the code like that.
• in the meantime, I'll open a thread on discourse to understand how predefined ids are working, in which situation they are useful and in which they are not. If the content of the thread indicates that predefined ids are useful in our current situation. then I'll open up a second PR to rectify this.

What do you think ?

Sounds good to me.

Here's the thread on discourse : https://discourse.nixos.org/t/predefined-uids-gids-when-to-use-them-and-when-not-to-use-them/956?u=sterfield

I thought about it yesterday, and I found one use case where fixing the uid/gid could be beneficial.
Let's say you have a server running Nixos and a separate storage disk, where you store multiple files. Now, you are using an application that writes thousand of files under id, let's say 155. If you reinstall your server, it'll recreate the user for the application, but perhaps with a different uid. Now you have the same application, same user that cannot do anything on the storage disk, as all the files are owned by uid 155 that may not even exists on the server.

Predefined uid prevents this situation. Nothing that a good find can fix, but still.

You know what ? Merge this. I'll find the answers of my questions and will stop bothering you guys with that. After all, I'm the one having questions 😄

@GrahamcOfBorg build sickbeard sickgear sickrage

Success on aarch64-linux (full log)

Attempted: sickbeard, sickgear, sickrage

patching script interpreter paths in /nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1/SickBeard.py: interpreter directive changed from "/usr/bin/env python2.7" to "/nix/store/bp1c65zbbw6jfjws77pbgw48mjfmk9x3-python-2.7.15/bin/python2.7"
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1/lib/rarfile/dumprar.py: interpreter directive changed from " /usr/bin/env python" to "/nix/store/bp1c65zbbw6jfjws77pbgw48mjfmk9x3-python-2.7.15/bin/python"
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1/lib/pbr/tests/testpackage/setup.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/bp1c65zbbw6jfjws77pbgw48mjfmk9x3-python-2.7.15/bin/python"
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1/lib/imdb/locale/rebuildmo.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/bp1c65zbbw6jfjws77pbgw48mjfmk9x3-python-2.7.15/bin/python"
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1/lib/imdb/locale/generatepot.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/bp1c65zbbw6jfjws77pbgw48mjfmk9x3-python-2.7.15/bin/python"
checking for references to /build in /nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1...
/nix/store/0gmsl7zgq8kckcvcnkpvhs0rsvf134i3-sickbeard-2016-03-21
/nix/store/6r7j25hqqx2425kdsgvk5p2cy2865bm3-sickgear-0.17.5
/nix/store/izrqznjjm8iylplb1d4qdbhv8l3gb8zn-sickrage-v2018.07.21-1

Success on x86_64-darwin (full log)

Attempted: sickbeard, sickgear, sickrage

stripping (with command strip and flags -S) in /nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/lib  /nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/bin
patching script interpreter paths in /nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/lib/imdb/locale/generatepot.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/n1l7rs42a8idw195kqsw0slsg1pbmh17-python-2.7.15/bin/python"
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/lib/imdb/locale/rebuildmo.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/n1l7rs42a8idw195kqsw0slsg1pbmh17-python-2.7.15/bin/python"
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/lib/pbr/tests/testpackage/setup.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/n1l7rs42a8idw195kqsw0slsg1pbmh17-python-2.7.15/bin/python"
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/lib/rarfile/dumprar.py: interpreter directive changed from " /usr/bin/env python" to "/nix/store/n1l7rs42a8idw195kqsw0slsg1pbmh17-python-2.7.15/bin/python"
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1/SickBeard.py: interpreter directive changed from "/usr/bin/env python2.7" to "/nix/store/n1l7rs42a8idw195kqsw0slsg1pbmh17-python-2.7.15/bin/python2.7"
/nix/store/p5k8lvkiag4jmr23z03d8hhc0g7305y2-sickbeard-2016-03-21
/nix/store/1p62mr4rm5pgbaa0lvkzmn3yrqrq2w16-sickgear-0.17.5
/nix/store/jab2gic73hlllka71b37r9cqazfp47z5-sickrage-v2018.07.21-1

Success on x86_64-linux (full log)

Attempted: sickbeard, sickgear, sickrage

patching script interpreter paths in /nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1/lib/pbr/tests/testpackage/setup.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/r5x2dq8ansjrlfcf37qd7x8lp6xwwvm4-python-2.7.15/bin/python"
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1/lib/rarfile/dumprar.py: interpreter directive changed from " /usr/bin/env python" to "/nix/store/r5x2dq8ansjrlfcf37qd7x8lp6xwwvm4-python-2.7.15/bin/python"
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1/lib/imdb/locale/rebuildmo.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/r5x2dq8ansjrlfcf37qd7x8lp6xwwvm4-python-2.7.15/bin/python"
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1/lib/imdb/locale/generatepot.py: interpreter directive changed from "/usr/bin/env python" to "/nix/store/r5x2dq8ansjrlfcf37qd7x8lp6xwwvm4-python-2.7.15/bin/python"
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1/SickBeard.py: interpreter directive changed from "/usr/bin/env python2.7" to "/nix/store/r5x2dq8ansjrlfcf37qd7x8lp6xwwvm4-python-2.7.15/bin/python2.7"
checking for references to /build in /nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1...
/nix/store/i7wvyniv9vp8dkvxwnrp2zz8x98fnfnm-sickbeard-2016-03-21
/nix/store/dhz6fswkyh6w9h0wdwlbr02qrv0s3nqp-sickgear-0.17.5
/nix/store/rffb9g22riqy4sm72v0c1zb4hgap4nsw-sickrage-v2018.07.21-1

Thanks!