Merge pull request #66291 from reanimus/roon-no-dynamic

roon-server: disable DynamicUser
2019-08-20 18:12:36 +02:00 · 2019-08-20 18:12:36 +02:00 · dc0d945bdf
parent 20d253112d 9fec6dfa39
commit dc0d945bdf
1 changed files with 26 additions and 2 deletions
--- a/nixos/modules/services/audio/roon-server.nix
+++ b/nixos/modules/services/audio/roon-server.nix
@ -19,6 +19,20 @@ in {
          TCP: 9100 - 9200
        '';
      };
      user = mkOption {
        type = types.str;
        default = "roon-server";
        description = ''
          User to run the Roon Server as.
        '';
      };
      group = mkOption {
        type = types.str;
        default = "roon-server";
        description = ''
          Group to run the Roon Server as.
        '';
      };
    };
  };
@ -33,8 +47,8 @@ in {
      serviceConfig = {
        ExecStart = "${pkgs.roon-server}/opt/start.sh";
        LimitNOFILE = 8192;
-        DynamicUser = true;
+        User = cfg.user;
-        SupplementaryGroups = "audio";
+        Group = cfg.group;
        StateDirectory = name;
      };
    };
@ -45,5 +59,15 @@ in {
      ];
      allowedUDPPorts = [ 9003 ];
    };
    users.groups."${cfg.group}" = {};
    users.users."${cfg.user}" =
      if cfg.user == "roon-server" then {
        isSystemUser = true;
        description = "Roon Server user";
        groups = [ cfg.group "audio" ];
      }
      else {};
  };
 }