don't check canonicalized paths while sandboxed

Because the configured paths won't exist in the sandbox, so
canonicalization would fail.

nix/modules/default/default.nix

@@ -12,7 +12,7 @@ let
   cfg = config.services.grapevine;
   configFile = format.generate "config.toml" cfg.settings;
   validateConfig = file: pkgs.runCommand "grapevine-checked-config" {} ''
-    ${lib.getExe cfg.package} check-config -c ${lib.escapeShellArg file}
+    ${lib.getExe cfg.package} check-config -sc ${lib.escapeShellArg file}
     ln -s ${lib.escapeShellArg file} "$out"
   '';
   format = pkgs.formats.toml {};

src/cli.rs

@@ -42,6 +42,13 @@ pub(crate) struct CheckConfigArgs {
 
     #[clap(flatten)]
     observability: ObservabilityArgs,
+
+    /// Supply this option if the check is being performed in a sandbox.
+    ///
+    /// This causes certain checks that can only be run against the actual
+    /// installation to be skipped.
+    #[arg(long, short)]
+    sandboxed: bool,
 }
 
 /// Wrapper for the `--config` arg.
@@ -96,9 +103,7 @@ impl Args {
 
         match self.command {
             Command::Serve(args) => serve::run(args).await?,
-            Command::CheckConfig(args) => {
-                check_config::run(args.config).await?;
-            }
+            Command::CheckConfig(args) => check_config::run(args).await?,
         }
         Ok(())
     }

src/cli/check_config.rs

@@ -1,11 +1,12 @@
 use tracing::info;
 
-use crate::{cli::ConfigArg, config, error};
+use crate::{cli::CheckConfigArgs, config, error};
 
 pub(crate) async fn run(
-    args: ConfigArg,
+    args: CheckConfigArgs,
 ) -> Result<(), error::CheckConfigCommand> {
-    let _config = config::load(args.config.as_ref()).await?;
+    let _config =
+        config::load(args.config.config.as_ref(), args.sandboxed).await?;
     info!("Configuration looks good");
     Ok(())
 }

src/cli/serve.rs

@@ -70,7 +70,7 @@ use crate::{
 pub(crate) async fn run(args: ServeArgs) -> Result<(), error::ServeCommand> {
     use error::ServeCommand as Error;
 
-    let config = config::load(args.config.config.as_ref()).await?;
+    let config = config::load(args.config.config.as_ref(), false).await?;
 
     rustls::crypto::ring::default_provider()
         .install_default()

src/config.rs

@@ -514,7 +514,10 @@ fn search() -> Result<PathBuf, error::ConfigSearch> {
 }
 
 /// Load the configuration from the given path or XDG Base Directories
-pub(crate) async fn load<P>(path: Option<P>) -> Result<Config, error::Config>
+pub(crate) async fn load<P>(
+    path: Option<P>,
+    sandboxed: bool,
+) -> Result<Config, error::Config>
 where
     P: AsRef<Path>,
 {
@@ -544,18 +547,20 @@ where
                 return Err(Error::DatabaseMediaOverlap);
             }
 
-            let media_path = x
-                .path
-                .canonicalize()
-                .map_err(|e| Error::Canonicalize(e, x.path.clone()))?;
+            if !sandboxed {
+                let media_path = x
+                    .path
+                    .canonicalize()
+                    .map_err(|e| Error::Canonicalize(e, x.path.clone()))?;
 
-            let database_path =
-                config.database.path.canonicalize().map_err(|e| {
-                    Error::Canonicalize(e, config.database.path.clone())
-                })?;
+                let database_path =
+                    config.database.path.canonicalize().map_err(|e| {
+                        Error::Canonicalize(e, config.database.path.clone())
+                    })?;
 
-            if overlap(&media_path, &database_path) {
-                return Err(Error::DatabaseMediaOverlap);
+                if overlap(&media_path, &database_path) {
+                    return Err(Error::DatabaseMediaOverlap);
+                }
             }
         }
     }