fix: samba perms unfucked

2025-12-06 13:07:13 -06:00 · 2025-11-29 05:01:10 -06:00 · 2025-11-29 05:01:10 -06:00 · ecbbebfd90
commit ecbbebfd90
parent d788440daa
3 changed files with 31 additions and 6 deletions
--- a/modules/config/default.nix
+++ b/modules/config/default.nix
@ -234,8 +234,8 @@ in
            "IdentityFile=/var/run/secrets/ssh/private"
          ];
          fileModeAndDirMode = [
-            "file_mode=0644"
-            "dir_mode=0755"
+            "file_mode=0664"
+            "dir_mode=0775"
          ];
          userIdForUser0 = [
            "uid=1000"
--- a/modules/nixos/guests/jellyfin/default.nix
+++ b/modules/nixos/guests/jellyfin/default.nix
@ -37,6 +37,16 @@ in
          };
        };

+        users.users.jellyfin = {
+          isSystemUser = true;
+          group = serviceCfg.name;
+          uid = 993;
+        };
+
+        users.groups.jellyfin = {
+          gid = 993;
+        };
+
        networking.firewall.allowedTCPPorts = [
          22
          serviceCfg.ports.port0
@ -48,7 +58,7 @@ in
          device = "tmpfs";
          fsType = "tmpfs";
          options = [
-            "size=4G"
+            "size=6G"
            "mode=1777"
          ];
        };
@ -166,13 +176,27 @@ in
      };
    };
  };
+  users = {
+    groups.jellyfin = {
+      gid = 993;
+      members = [ user0 ];
+    };

-  users.users.caddy.extraGroups = [ "acme" ];
+    users = {
+      jellyfin = {
+        isSystemUser = true;
+        group = serviceCfg.name;
+        uid = 993;
+      };
+      caddy.extraGroups = [ "acme" ];
+    };
+  };

  systemd.tmpfiles.rules = [
    "d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -"
    "d ${serviceCfg.mntPaths.path0}/data 0755 microvm wheel - -"
    "d ${serviceCfg.mntPaths.path0}/cache 0755 microvm wheel - -"
    "d ${serviceCfg.mntPaths.path0}/media 0775 microvm wheel - -"
+    "Z ${serviceCfg.mntPaths.path0}/media 0775 jellyfin jellyfin - -"
  ];
 }
--- a/modules/nixos/services/samba/sambaCeres/default.nix
+++ b/modules/nixos/services/samba/sambaCeres/default.nix
@ -6,6 +6,7 @@ let
  inherit (flake.config.services) instances;
  inherit (flake.config.people) user0;
  service = instances.samba;
+  jellyfin = instances.jellyfin;
 in
 {
  # If you ever need to start fresh, you need to add yourself to the Samba users database:
@ -23,8 +24,8 @@ in
          "guest ok" = "no";
          "create mask" = "0664";
          "directory mask" = "0775";
-          "force user" = user0;
-          "force group" = "users";
+          "force user" = jellyfin.name;
+          "force group" = jellyfin.name;
          "force create mode" = "0664";
          "force directory mode" = "0775";
        };