Why isn't my navidrome service seeing my music dir?

im not flakepilled yet so here’s what i have in my configuration.nix folder

    services.navidrome = {
      enable = true;
      settings = {
        Address = "0.0.0.0";
        Port = 4533;
        MusicFolder = "/home/began-headless/externalMusic";
        EnableSharing = true;
      };
    };

navidrome starts fine and i can access the webpage, but it’s not seeing my music dir. here are the logs:

Jun 10 12:38:55 nixos navidrome[4511]: time="2024-06-10T12:38:55-04:00" level=error msg="Error stating dir" error="stat music: no such file or >
Jun 10 12:38:55 nixos navidrome[4511]: time="2024-06-10T12:38:55-04:00" level=error msg="Error importing MediaFolder" error="stat music: no suc>
Jun 10 12:38:55 nixos navidrome[4511]: time="2024-06-10T12:38:55-04:00" level=error msg="Errors while scanning media. Please check the logs"
Jun 10 12:38:55 nixos navidrome[4511]: time="2024-06-10T12:38:55-04:00" level=error msg="Error executing initial scan" error="scan error"
Jun 10 12:39:53 nixos navidrome[4511]: time="2024-06-10T12:39:53-04:00" level=error msg="Error stating dir" error="stat music: no such file or >

if i just run navidrome --musicfolder "/dir/for/music" it sees it just fine. the music folder is a mounted external drive. but ive adjusted the permissions and it doesn’t see the music if i just have it in my regular music folder either. what gives?

Almost certainly caused by the defaults set in the systemd service in the navidrome module. See the module in nixpkgs where ProtectHome is enabled.

You can disable this with something like the following:

{
  systemd.services.navidrome.serviceConfig.ProtectHome = "read-only";
}

Alternatively if you still want to protect the rest of /home from being visible something like the following should work:

{
  systemd.services.navidrome.serviceConfig.ProtectHome = "tmpfs";
}

Not 100% sure this will work, but combined with the module definition here it should.