libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
This reverts commit fb6d63f3fd.
I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
Directory mode 755 is standard for running services. Without this,
downloadDirPermissions doesn't have any use since other users can't even
look inside the main transmission directory
Currently if you specify home to be someplace else than ~/ for user
then Transmissions always attempts to load the config from the
default location which is $HOME/.config/transmission-daemon based on documentation:
https://github.com/transmission/transmission/wiki/Configuration-Files
Which means that the changes done to the config under settingsDir in
ExecPreStart have no effect because they are modifying a file that is never loaded.
I've added an explicit --config-dir ${settingsDir} to make sure
that Transmission loads the correct config file even when home is changed.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Allow the user to specify the permissions to apply to download folders
used by transmission. This is useful e.g. when they are stored on a
network share and accessed by other users.
This commit also makes the home and config directories 700, as there
is should be no need for wider permissions there.
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
Note: I ignored the C++ libraries, but it appears we're not currently
using them. Once we do, we'll probably want to put them in a separate
output as well (to prevent non-C++ users from depending on Boost).
In NixOS/nixpkgs@da6bc44 @thoughtpolice
made the Transmission NixOS module override the umask setting in the
Transmission config. This commit removes that override.
I want a different umask setting and I guess it is possible that other
people might want it to. Thus I think it is a good idea to respect the
umask settings in the Transmission config.
Currently only the hardcoded default directories are created, not the
directories that the user may have provided. Fix that.
[Bjørn: fix small typo (%{settingsDir} => ${settingsDir}) and change
commit message.]