Merge pull request #66291 from reanimus/roon-no-dynamic

roon-server: disable DynamicUser
author: Silvan Mosberger <contact@infinisil.com> 2019-08-20 18:12:36 +0200
committer: GitHub <noreply@github.com> 2019-08-20 18:12:36 +0200
commit: dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6 (patch)
tree: 3926c759f21395289c9239d6059434a5ff22a2b9 /nixos/modules
parent: 20d253112d6499c757988360e5f607fee88840b1 (diff)
parent: 9fec6dfa39e3a9a0deab6713d2626c7a95b3437f (diff)
download: nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.gz
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.bz2
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.lz
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.xz
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.zst
nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.zip
1 files changed, 26 insertions, 2 deletions
diff --git a/nixos/modules/services/audio/roon-server.nix b/nixos/modules/services/audio/roon-server.nix
index 9562ad1b164e..d4b0b098b78e 100644
--- a/nixos/modules/services/audio/roon-server.nix
+++ b/nixos/modules/services/audio/roon-server.nix
@@ -19,6 +19,20 @@ in {
           TCP: 9100 - 9200
         '';
       };
+      user = mkOption {
+        type = types.str;
+        default = "roon-server";
+        description = ''
+          User to run the Roon Server as.
+        '';
+      };
+      group = mkOption {
+        type = types.str;
+        default = "roon-server";
+        description = ''
+          Group to run the Roon Server as.
+        '';
+      };
     };
   };
 
@@ -33,8 +47,8 @@ in {
       serviceConfig = {
         ExecStart = "${pkgs.roon-server}/opt/start.sh";
         LimitNOFILE = 8192;
-        DynamicUser = true;
-        SupplementaryGroups = "audio";
+        User = cfg.user;
+        Group = cfg.group;
         StateDirectory = name;
       };
     };
@@ -45,5 +59,15 @@ in {
       ];
       allowedUDPPorts = [ 9003 ];
     };
+
+    
+    users.groups."${cfg.group}" = {};
+    users.users."${cfg.user}" =
+      if cfg.user == "roon-server" then {
+        isSystemUser = true;
+        description = "Roon Server user";
+        groups = [ cfg.group "audio" ];
+      }
+      else {};
   };
 }
author	Silvan Mosberger <contact@infinisil.com>	2019-08-20 18:12:36 +0200
committer	GitHub <noreply@github.com>	2019-08-20 18:12:36 +0200
commit	dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6 (patch)
tree	3926c759f21395289c9239d6059434a5ff22a2b9 /nixos/modules
parent	20d253112d6499c757988360e5f607fee88840b1 (diff)
parent	9fec6dfa39e3a9a0deab6713d2626c7a95b3437f (diff)
download	nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.gz nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.bz2 nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.lz nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.xz nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.tar.zst nixlib-dc0d945bdfe6dba6df988fe0f9077d5623d7c6e6.zip