Unverified Commit 14c9bfb2 authored by emilylange's avatar emilylange
Browse files

nixos/music-assistant: fix yt-dlp challenge solving for YouTube Music 

The YouTube Music provider uses yt-dlp, which in turn wants ffmpeg and
deno in the $PATH. Additionally, deno uses JIT for which we have to
relax our unit sandboxing.
parent 8fd3b130

nixos/modules/services/audio/music-assistant.nix

+11 −1
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ let 
  finalPackage = cfg.package.override {

    inherit (cfg) providers;

  };



  # YouTube Music needs deno with JIT to solve yt-dlp challenges

  useYTMusic = lib.elem "ytmusic" cfg.providers;

in



{
@@ -89,6 +92,10 @@ in 
        ]

        ++ lib.optionals (lib.elem "snapcast" cfg.providers) [

          snapcast

        ]

        ++ lib.optionals useYTMusic [

          deno

          ffmpeg

        ];



      serviceConfig = {
@@ -104,7 +111,7 @@ in 
        CapabilityBoundingSet = [ "" ];

        DevicePolicy = "closed";

        LockPersonality = true;

        MemoryDenyWriteExecute = true;

        MemoryDenyWriteExecute = !useYTMusic;

        ProcSubset = "pid";

        ProtectClock = true;

        ProtectControlGroups = true;
@@ -125,6 +132,9 @@ in 
        SystemCallFilter = [

          "@system-service"

          "~@privileged @resources"

        ]

        ++ lib.optionals useYTMusic [

          "@pkey"

        ];

        RestrictSUIDSGID = true;

        UMask = "0077";