diff --git a/flake.lock b/flake.lock index db0746a..59a3a96 100644 --- a/flake.lock +++ b/flake.lock @@ -428,7 +428,7 @@ "flake": false, "locked": { "lastModified": 1728502660, - "narHash": "sha256-+0EivmFXn/o4CE/7Tgo0DFixZo4ELwKJpfEdQllEJMw=", + "narHash": "sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E=", "type": "tarball", "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz" }, diff --git a/modules/nixos/services/arr.nix b/modules/nixos/services/arr.nix index d47f680..6a054fa 100644 --- a/modules/nixos/services/arr.nix +++ b/modules/nixos/services/arr.nix @@ -56,38 +56,32 @@ in services = { bazarr = { enable = true; - group = "media"; + group = "shared"; }; jellyseerr.enable = true; prowlarr.enable = true; sabnzbd = { enable = true; - group = "media"; + group = "shared"; # The config file must be editable within the application # It contains server configs and credentials configFile = "/data/downloads/sabnzbd/sabnzbd.ini"; }; sonarr = { enable = true; - group = "media"; + group = "shared"; }; radarr = { enable = true; - group = "media"; + group = "shared"; }; readarr = { enable = true; - group = "media"; + group = "shared"; }; }; - # Create a media group to be shared between services - users.groups.media = { }; - - # Give the human user access to the media group - users.users.${config.user}.extraGroups = [ "media" ]; - - # Allows media group to read/write the sabnzbd directory + # Allows shared group to read/write the sabnzbd directory users.users.sabnzbd.homeMode = "0770"; unfreePackages = [ "unrar" ]; # Required as a dependency for sabnzbd @@ -108,7 +102,7 @@ in handle = [ { handler = "reverse_proxy"; - # We're able to reference the url and port of the service dynamically + # We're able to reference the url and port of the service dynamically upstreams = [ { dial = arrConfig.sonarr.url; } ]; } ]; diff --git a/modules/nixos/services/audiobookshelf.nix b/modules/nixos/services/audiobookshelf.nix index 3791b4e..48fb41f 100644 --- a/modules/nixos/services/audiobookshelf.nix +++ b/modules/nixos/services/audiobookshelf.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.services.audiobookshelf.enable { services.audiobookshelf = { + group = "shared"; dataDir = "audiobookshelf"; }; @@ -23,15 +24,6 @@ # Configure Cloudflare DNS to point to this machine services.cloudflare-dyndns.domains = [ config.hostnames.audiobooks ]; - # Grant user access to Audiobookshelf directories - users.users.${config.user}.extraGroups = [ config.services.audiobookshelf.group ]; - - # Grant audiobookshelf access to media and Calibre directories - users.users.${config.services.audiobookshelf.user}.extraGroups = [ - "media" - "calibre-web" - ]; - }; } diff --git a/modules/nixos/services/calibre.nix b/modules/nixos/services/calibre.nix index d6a029e..477b2b6 100644 --- a/modules/nixos/services/calibre.nix +++ b/modules/nixos/services/calibre.nix @@ -28,6 +28,7 @@ in config = lib.mkIf config.services.calibre-web.enable { services.calibre-web = { + group = "shared"; openFirewall = true; options = { reverseProxyAuth.enable = false; diff --git a/modules/nixos/services/jellyfin.nix b/modules/nixos/services/jellyfin.nix index 96eeea4..a05730f 100644 --- a/modules/nixos/services/jellyfin.nix +++ b/modules/nixos/services/jellyfin.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.services.jellyfin.enable { - services.jellyfin.group = "media"; + services.jellyfin.group = "shared"; users.users.jellyfin = { isSystemUser = true; }; @@ -49,8 +49,8 @@ # Create videos directory, allow anyone in Jellyfin group to manage it systemd.tmpfiles.rules = [ - "d /var/lib/jellyfin 0775 jellyfin media" - "d /var/lib/jellyfin/library 0775 jellyfin media" + "d /var/lib/jellyfin 0775 jellyfin shared" + "d /var/lib/jellyfin/library 0775 jellyfin shared" ]; # Enable VA-API for hardware transcoding