diff options
author | nu-nu-ko <153512689+nu-nu-ko@users.noreply.github.com> | 2024-03-01 12:27:02 +1300 |
---|---|---|
committer | nuko <nuko@shimeji.cafe> | 2024-05-10 21:16:29 +1200 |
commit | 4987663e27cc32e610c4194973f7203d1ac95090 (patch) | |
tree | 7b44dbf541858cff1e7cf427e2956657d2213c5b | |
parent | bbba2bde441f191e354046493b0c31f630d65955 (diff) |
nixos/navidrome: add user/group options
-rw-r--r-- | nixos/modules/services/audio/navidrome.nix | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/nixos/modules/services/audio/navidrome.nix b/nixos/modules/services/audio/navidrome.nix index 65efbea51aac5..595c86908a48c 100644 --- a/nixos/modules/services/audio/navidrome.nix +++ b/nixos/modules/services/audio/navidrome.nix @@ -12,7 +12,7 @@ let mkOption recursiveUpdate ; - inherit (lib.types) bool; + inherit (lib.types) bool str; cfg = config.services.navidrome; settingsFormat = pkgs.formats.json { }; in @@ -37,6 +37,18 @@ in description = "Configuration for Navidrome, see <https://www.navidrome.org/docs/usage/configuration-options/> for supported values."; }; + user = mkOption { + type = str; + default = "navidrome"; + description = "User under which Navidrome runs."; + }; + + group = mkOption { + type = str; + default = "navidrome"; + description = "Group under which Navidrome runs."; + }; + openFirewall = mkOption { type = bool; default = false; @@ -58,7 +70,8 @@ in ExecStart = '' ${cfg.package}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings} ''; - DynamicUser = true; + User = cfg.user; + Group = cfg.group; StateDirectory = "navidrome"; WorkingDirectory = "/var/lib/navidrome"; RuntimeDirectory = "navidrome"; @@ -100,6 +113,16 @@ in ProtectHostname = true; }; }; + + users.users = mkIf (cfg.user == "navidrome") { + navidrome = { + inherit (cfg) group; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "navidrome") { navidrome = { }; }; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.Port ]; }; } |