urbackup-server: init at 2.5.33; nixos/urbackup: init module

[Quince-Pie]

This PR adds in urbackup-server package and NixOS module.

the urbackup-server package applies a workaround for allowing the generation of keys & using state directory (since it's set at compile time).

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[r-vdp]

Can this service not run with a dynamic user and the right capabilities, to avoid needing to allocate static IDs? See also the comment on top of ids.nix

[Quince-Pie]

Can this service not run with a dynamic user and the right capabilities, to avoid needing to allocate static IDs? See also the comment on top of ids.nix

Apologies for missing that note on ids.nix.
I Removed the static ids from the service and ids.nix.

I did attempt to use DynamicUser to avoid a user all together but i believe the service requires a user name matching the one in the config (urbackup as a fallback if not specified).

Edit: It's possible to use DynamicUser but that would block the wrapper from running urbackupsrv for commands like defrag-database and repair-database

[r-vdp]

Can this service not run with a dynamic user and the right capabilities, to avoid needing to allocate static IDs? See also the comment on top of ids.nix

Apologies for missing that note on ids.nix.
I Removed the static ids from the service and ids.nix.

I did attempt to use DynamicUser to avoid a user all together but i believe the service requires a user name matching the one in the config (urbackup as a fallback if not specified).

Edit: It's possible to use DynamicUser but that would block the wrapper from running urbackupsrv for commands like defrag-database and repair-database

What do they need that's preventing them from working? Maybe there's a way.

[Quince-Pie]

Some permissions issues by looking at the trace:

openat(AT_FDCWD, "urbackup/backup_server.db", O_RDONLY) = -1 EACCES (Permission denied)
brk(0x207fe000)                         = 0x207fe000
brk(0x207fa000)                         = 0x207fa000
brk(0x20824000)                         = 0x20824000
openat(AT_FDCWD, "urbackup/backup_server.db", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EACCES (Permission denied)
brk(0x207f2000)                         = 0x207f2000
getcwd("/var/lib", 4096)                = 9
newfstatat(AT_FDCWD, "/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/urbackup", {st_mode=S_IFLNK|0777, st_size=16, ...}, AT_SYMLINK_NOFOLLOW) = 0
readlink("/var/lib/urbackup", "private/urbackup", 4096) = 16
newfstatat(AT_FDCWD, "/var/lib/private", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/private/urbackup", 0x7ffc7b1f2040, AT_SYMLINK_NOFOLLOW) = -1 EACCES (Permission denied)

Trying to make a wrapper using systemd-run, but running into the same issue. (but weirdly disappears when using strace on it, so perhaps some setuid issues since urbackupsrv tries to to change the uid)

reference

  urbackupsrvWrapper = pkgs.writeShellScriptBin "urbackupsrv-admin" ''
    exec systemd-run \
      --pipe \
      --pty \
      --wait \
      --collect \
      --property=DynamicUser=yes \
      --property=User=${cfg.user} \
      --property=Group=urbackup \
      --service-type=exec \
      -- \
      ${cfg.package}/bin/urbackupsrv "$@"
  '';

UPDATE:

trying out the same logic as

nixpkgs/nixos/modules/services/web-apps/photoprism.nix

Lines 18 to 25 in eb39cec

	manage = pkgs.writeShellScript "manage" ''
	set -o allexport # Export the following env vars
	${lib.toShellVars env}
	eval "$(${config.systemd.package}/bin/systemctl show -pUID,MainPID photoprism.service | ${pkgs.gnused}/bin/sed "s/UID/ServiceUID/")"
	exec ${pkgs.util-linux}/bin/nsenter \
	-t $MainPID -m -S $ServiceUID -G $ServiceUID --wdns=${cfg.storagePath} \
	${cfg.package}/bin/photoprism "$@"
	'';

seems to allow urbackupsrv to behave properly. One problem, though, is that some commands such as urbackup defrag-database requires the service to be off. Which then breaks the wrapper due to no pid/uid

UPDATE 2:

Since the service status and the commands for urbackupsrv are mutually exclusive, adding the same StateDirectory to the systemd-run wrapper should not cause any problem.