From 4987663e27cc32e610c4194973f7203d1ac95090 Mon Sep 17 00:00:00 2001 From: nu-nu-ko <153512689+nu-nu-ko@users.noreply.github.com> Date: Fri, 1 Mar 2024 12:27:02 +1300 Subject: [PATCH] nixos/navidrome: add user/group options --- nixos/modules/services/audio/navidrome.nix | 27 ++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/audio/navidrome.nix b/nixos/modules/services/audio/navidrome.nix index 65efbea51aac..595c86908a48 100644 --- a/nixos/modules/services/audio/navidrome.nix +++ b/nixos/modules/services/audio/navidrome.nix @@ -12,7 +12,7 @@ let mkOption recursiveUpdate ; - inherit (lib.types) bool; + inherit (lib.types) bool str; cfg = config.services.navidrome; settingsFormat = pkgs.formats.json { }; in @@ -37,6 +37,18 @@ in description = "Configuration for Navidrome, see for supported values."; }; + user = mkOption { + type = str; + default = "navidrome"; + description = "User under which Navidrome runs."; + }; + + group = mkOption { + type = str; + default = "navidrome"; + description = "Group under which Navidrome runs."; + }; + openFirewall = mkOption { type = bool; default = false; @@ -58,7 +70,8 @@ in ExecStart = '' ${cfg.package}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings} ''; - DynamicUser = true; + User = cfg.user; + Group = cfg.group; StateDirectory = "navidrome"; WorkingDirectory = "/var/lib/navidrome"; RuntimeDirectory = "navidrome"; @@ -100,6 +113,16 @@ in ProtectHostname = true; }; }; + + users.users = mkIf (cfg.user == "navidrome") { + navidrome = { + inherit (cfg) group; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "navidrome") { navidrome = { }; }; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.Port ]; }; }