New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
roon-server: disable DynamicUser #66291
Conversation
DynamicUser currently breaks the backup functionality provided by roon, as the roon server cannot write to non-canonical directories and the recycled UIDs/GIDs would make managing permissions for the directory impossible. On top of that, it would break the ability to manage the local music library files (as it would not be able to delete them).
You should use a normal NixOS user declaration instead then. How it is now the service would run as |
Yeah I figured I need to do some sort of id declaration. adding it in now |
Adds defined IDs
Also, should I set |
Yeah I'd set |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there an explicit reason to make the user
and group
configurable instead of hard coding?
If the user changes the user for roon, we can assume they handled the setup for it
There's not a specific reason for customizing it, no. It can be hard-coded. |
Actually, I think it would be useful at make managing permissions easier. Roon itself is usually packaged to run as root, which means it usually ignores a lot of this (and it makes some assumptions about things it can do) |
@@ -19,6 +19,20 @@ in { | |||
TCP: 9100 - 9200 | |||
''; | |||
}; | |||
user = mkOption { | |||
type = types.string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use types.str
instead. types.string
is deprecated
Anything else I ought to clean up here? |
Yeah looks good |
Motivation for this change
DynamicUser currently breaks the backup functionality provided by roon,
as the roon server cannot write to non-canonical directories and the
recycled UIDs/GIDs would make managing permissions for the directory
impossible. On top of that, it would break the ability to manage the
local music library files (as it would not be able to delete them).
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)