colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: navidrome: give non-private dir and fix perms

Browse Source
This commit is contained in:
colin
2023-01-20 22:11:15 +00:00
parent b0c5a5907f
commit 2ee0f4efe2
2 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/by-name/servo/services/navidrome.nix
View File

@@ -1,11 +1,8 @@
{ ... }: { lib, ... }:
{ {
sane.persist.sys.plaintext = [ sane.persist.sys.plaintext = [
# TODO: we don't have a static user allocated for navidrome! { user = "navidrome"; group = "navidrome"; directory = "/var/lib/navidrome"; }
# the chown would happen too early for us to set static perms
"/var/lib/private/navidrome"
# { user = "navidrome"; group = "navidrome"; directory = "/var/lib/private/navidrome"; }
]; ];
services.navidrome.enable = true; services.navidrome.enable = true;
services.navidrome.settings = { services.navidrome.settings = {
@@ -18,6 +15,20 @@
ScanSchedule = "@every 1h"; ScanSchedule = "@every 1h";
}; };
systemd.services.navidrome.serviceConfig = {
# fix to use a normal user so we can configure perms correctly
DynamicUser = lib.mkForce false;
User = "navidrome";
Group = "navidrome";
};
users.groups.navidrome = {};
users.users.navidrome = {
group = "navidrome";
isSystemUser = true;
};
services.nginx.virtualHosts."music.uninsane.org" = { services.nginx.virtualHosts."music.uninsane.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

2
hosts/common/ids.nix
View File

@@ -25,6 +25,8 @@
sane.ids.signald.gid = 2403; sane.ids.signald.gid = 2403;
sane.ids.mautrix-signal.uid = 2404; sane.ids.mautrix-signal.uid = 2404;
sane.ids.mautrix-signal.gid = 2404; sane.ids.mautrix-signal.gid = 2404;
sane.ids.navidrome.uid = 2405;
sane.ids.navidrome.gid = 2405;
sane.ids.colin.uid = 1000; sane.ids.colin.uid = 1000;
sane.ids.guest.uid = 1100; sane.ids.guest.uid = 1100;