diff options
| author | Rickard Nilsson <rickynils@gmail.com> | 2014-09-02 13:16:13 +0200 |
|---|---|---|
| committer | Rickard Nilsson <rickynils@gmail.com> | 2014-09-03 10:25:36 +0200 |
| commit | 56102642fa957ab1c7c3b22675ae0113303097f4 (patch) | |
| tree | 8e2477888aba6300b95faef0f1299c2b3d0bb921 /nixos | |
| parent | c4494144fd511970c777eea5b8ce099601f6e12b (diff) | |
| download | nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar.gz nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar.bz2 nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar.lz nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar.xz nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.tar.zst nixpkgs-56102642fa957ab1c7c3b22675ae0113303097f4.zip | |
pulseaudio: Add pulse-access group, controlling access to the system-wide PA daemon
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/config/pulseaudio.nix | 21 | ||||
| -rw-r--r-- | nixos/modules/misc/ids.nix | 1 |
2 files changed, 15 insertions, 7 deletions
diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 1b84bbaf10c..fd29e235768 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -10,10 +10,12 @@ let systemWide = cfg.enable && cfg.systemWide; nonSystemWide = cfg.enable && !cfg.systemWide; - uid = config.ids.uids.pulseaudio; - gid = config.ids.gids.pulseaudio; + ids = config.ids; - stateDir = "/run/pulse"; + uid = ids.uids.pulseaudio; + gid = ids.gids.pulseaudio; + + stateDir = "/var/run/pulse"; # Create pulse/client.conf even if PulseAudio is disabled so # that we can disable the autospawn feature in programs that @@ -138,19 +140,24 @@ in { group = "pulse"; extraGroups = [ "audio" ]; description = "PulseAudio system service user"; + home = stateDir; + createHome = true; }; users.extraGroups.pulse.gid = gid; + users.extraGroups.pulse-access = { + gid = ids.gids.pulse-access; + members = with builtins; config.users.extraGroups.audio.members ++ ( + attrNames(filterAttrs (n: u: elem "audio" u.extraGroups) config.users.extraUsers) + ); + }; + systemd.services.pulseaudio = { description = "PulseAudio System-Wide Server"; wantedBy = [ "sound.target" ]; before = [ "sound.target" ]; environment.PULSE_RUNTIME_PATH = stateDir; - preStart = '' - mkdir -p --mode 755 ${stateDir} - chown -R pulse:pulse ${stateDir} - ''; serviceConfig = { ExecStart = "${cfg.package}/bin/pulseaudio -D --log-level=${cfg.daemon.logLevel} --system --use-pid-file -n --file=${cfg.configFile}"; PIDFile = "${stateDir}/pid"; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index efd8b253cd4..d72649cd33d 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -270,6 +270,7 @@ riemann = 137; riemanndash = 138; uhub = 142; + pulse-access = 143; # When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399! |