From 6a2563f058a0a7f4f2617d0196f16bab851894bb Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Tue, 7 Apr 2026 20:51:22 +0100
Subject: [PATCH] Fix go2rtc: use RuntimeDirectory instead of mkdir /run/go2rtc

DynamicUser can't write to /run directly. RuntimeDirectory lets systemd
create and manage the directory.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 services/go2rtc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/go2rtc.nix b/services/go2rtc.nix
index 72be359..2db8d52 100644
--- a/services/go2rtc.nix
+++ b/services/go2rtc.nix
@@ -12,7 +12,6 @@ let
   injectSecrets = pkgs.writeShellScript "go2rtc-inject-secrets" ''
     set -euo pipefail
     SECRETS="/var/secrets/go2rtc-rtsp-url"
-    mkdir -p /run/go2rtc
     if [ -f "$SECRETS" ]; then
       RTSP_URL=$(tr -d '\n' < "$SECRETS")
       ${pkgs.gnused}/bin/sed "s|@RTSP_URL@|$RTSP_URL|g" ${configTemplate} > /run/go2rtc/config.yaml
@@ -35,6 +34,7 @@ in
 
     # Override to use runtime-templated config with secrets
     systemd.services.go2rtc.serviceConfig = {
+      RuntimeDirectory = "go2rtc";
       ExecStartPre = [ "!${injectSecrets}" ];
       ExecStart = lib.mkForce "${config.services.go2rtc.package}/bin/go2rtc -config /run/go2rtc/config.yaml";
     };