roon-server: Add actual user piping

Adds defined IDs

nixos/modules/misc/ids.nix

@@ -340,6 +340,7 @@
       cockroachdb = 313;
       zoneminder = 314;
       paperless = 315;
+      roon-server = 316;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -640,6 +641,7 @@
       cockroachdb = 313;
       zoneminder = 314;
       paperless = 315;
+      roon-server = 316;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/services/audio/roon-server.nix

@@ -19,6 +19,20 @@ in {
           TCP: 9100 - 9200
         '';
       };
+      user = mkOption {
+        type = types.string;
+        default = "roon-server";
+        description = ''
+          User to run the Roon Server as.
+        '';
+      };
+      group = mkOption {
+        type = types.string;
+        default = "roon-server";
+        description = ''
+          Group to run the Roon Server as.
+        '';
+      };
     };
   };
 
@@ -33,7 +47,7 @@ in {
       serviceConfig = {
         ExecStart = "${pkgs.roon-server}/opt/start.sh";
         LimitNOFILE = 8192;
-        SupplementaryGroups = "audio";
+        User = cfg.user;
       };
     };
     
@@ -43,5 +57,16 @@ in {
       ];
       allowedUDPPorts = [ 9003 ];
     };
+
+    users.groups = singleton {
+      name = cfg.group;
+      gid = config.ids.gids.roon-server;
+    };
+    users.users = singleton {
+      name = cfg.user;
+      description = "Roon Server user";
+      uid = config.ids.uids.roon-server;
+      groups = [ cfg.group "audio" ];
+    };
   };
 }