mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-06 21:17:14 -06:00
fix: samba perms unfucked
This commit is contained in:
Nick
parent
d788440daa
commit
ecbbebfd90
3 changed files with 31 additions and 6 deletions
|
|
@ -234,8 +234,8 @@ in
|
||||||
"IdentityFile=/var/run/secrets/ssh/private"
|
"IdentityFile=/var/run/secrets/ssh/private"
|
||||||
];
|
];
|
||||||
fileModeAndDirMode = [
|
fileModeAndDirMode = [
|
||||||
"file_mode=0644"
|
"file_mode=0664"
|
||||||
"dir_mode=0755"
|
"dir_mode=0775"
|
||||||
];
|
];
|
||||||
userIdForUser0 = [
|
userIdForUser0 = [
|
||||||
"uid=1000"
|
"uid=1000"
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,16 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.jellyfin = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = serviceCfg.name;
|
||||||
|
uid = 993;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.jellyfin = {
|
||||||
|
gid = 993;
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
22
|
22
|
||||||
serviceCfg.ports.port0
|
serviceCfg.ports.port0
|
||||||
|
|
@ -48,7 +58,7 @@ in
|
||||||
device = "tmpfs";
|
device = "tmpfs";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [
|
options = [
|
||||||
"size=4G"
|
"size=6G"
|
||||||
"mode=1777"
|
"mode=1777"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
@ -166,13 +176,27 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
users = {
|
||||||
|
groups.jellyfin = {
|
||||||
|
gid = 993;
|
||||||
|
members = [ user0 ];
|
||||||
|
};
|
||||||
|
|
||||||
users.users.caddy.extraGroups = [ "acme" ];
|
users = {
|
||||||
|
jellyfin = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = serviceCfg.name;
|
||||||
|
uid = 993;
|
||||||
|
};
|
||||||
|
caddy.extraGroups = [ "acme" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -"
|
||||||
"d ${serviceCfg.mntPaths.path0}/data 0755 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/data 0755 microvm wheel - -"
|
||||||
"d ${serviceCfg.mntPaths.path0}/cache 0755 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/cache 0755 microvm wheel - -"
|
||||||
"d ${serviceCfg.mntPaths.path0}/media 0775 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/media 0775 microvm wheel - -"
|
||||||
|
"Z ${serviceCfg.mntPaths.path0}/media 0775 jellyfin jellyfin - -"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ let
|
||||||
inherit (flake.config.services) instances;
|
inherit (flake.config.services) instances;
|
||||||
inherit (flake.config.people) user0;
|
inherit (flake.config.people) user0;
|
||||||
service = instances.samba;
|
service = instances.samba;
|
||||||
|
jellyfin = instances.jellyfin;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# If you ever need to start fresh, you need to add yourself to the Samba users database:
|
# If you ever need to start fresh, you need to add yourself to the Samba users database:
|
||||||
|
|
@ -23,8 +24,8 @@ in
|
||||||
"guest ok" = "no";
|
"guest ok" = "no";
|
||||||
"create mask" = "0664";
|
"create mask" = "0664";
|
||||||
"directory mask" = "0775";
|
"directory mask" = "0775";
|
||||||
"force user" = user0;
|
"force user" = jellyfin.name;
|
||||||
"force group" = "users";
|
"force group" = jellyfin.name;
|
||||||
"force create mode" = "0664";
|
"force create mode" = "0664";
|
||||||
"force directory mode" = "0775";
|
"force directory mode" = "0775";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue