From 8b23224b6b9628b672f1e387eaecf409710033c9 Mon Sep 17 00:00:00 2001 From: xunuwu Date: Thu, 29 May 2025 08:20:44 +0200 Subject: [PATCH] fix permissions for media directories --- sys/machines/hopper/lab/navidrome/default.nix | 2 ++ sys/machines/hopper/lab/samba.nix | 8 +++++++- sys/machines/hopper/lab/slskd.nix | 2 ++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/sys/machines/hopper/lab/navidrome/default.nix b/sys/machines/hopper/lab/navidrome/default.nix index 5b7c0fb..621e329 100644 --- a/sys/machines/hopper/lab/navidrome/default.nix +++ b/sys/machines/hopper/lab/navidrome/default.nix @@ -3,6 +3,8 @@ pkgs, ... }: { + users.users.navidrome.extraGroups = ["media"]; + services.navidrome = { enable = true; package = pkgs.navidrome.overrideAttrs { diff --git a/sys/machines/hopper/lab/samba.nix b/sys/machines/hopper/lab/samba.nix index 5e1ed08..f606862 100644 --- a/sys/machines/hopper/lab/samba.nix +++ b/sys/machines/hopper/lab/samba.nix @@ -7,16 +7,22 @@ extraGroups = ["transmission" "vault" "media"]; }; + users.users.media = { + isSystemUser = true; + group = "media"; + }; + users.groups.vault = {}; systemd.tmpfiles.rules = [ "d /srv/vault 0770 root vault -" + "d /media/library 0770 media media -" ]; services.samba = { enable = true; openFirewall = true; settings = { global = { - "log level" = 6; + "log level" = "3 passdb:5 auth:5"; "log file" = "/var/log/samba/samba.log"; "server string" = config.networking.hostName; "hosts allow" = "192.168.50.0/24"; diff --git a/sys/machines/hopper/lab/slskd.nix b/sys/machines/hopper/lab/slskd.nix index c4c6d85..8d3e747 100644 --- a/sys/machines/hopper/lab/slskd.nix +++ b/sys/machines/hopper/lab/slskd.nix @@ -8,6 +8,8 @@ vpnNamespace = "wg"; }; + users.users.slskd.extraGroups = ["media"]; + services.slskd = { enable = true; environmentFile = config.sops.secrets.slskd.path;