build succeed on swan

hosts/x86_64-linux/swan/default.nix

@@ -14,6 +14,7 @@ rec {
     server.enable = true;
     home.enable = true;
     nas.enable = true;
+    shared-media.enable = true;
   };
 
   home-manager.users."noah" = {
@@ -28,6 +29,8 @@ rec {
     home.stateVersion = "23.05";
   };
 
+  system.stateVersion = "23.05";
+
   # Not sure what's necessary but too afraid to remove anything
   boot.initrd.availableKernelModules = [
     "xhci_pci"
@@ -63,7 +66,7 @@ rec {
   # Sets root ext4 filesystem instead of declaring it manually
   disko = {
     enableConfig = true;
-    devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; });
+    devices = (import ./root.nix { disk = "/dev/nvme0n1"; });
   };
 
   # Allows private remote access over the internet

hosts/x86_64-linux/tempest/default.nix

@@ -17,6 +17,8 @@ rec {
     gaming.enable = true;
   };
 
+  nmasur.presets.services.grub.enable = true;
+
   home-manager.users."noah" = {
     nmasur.settings = {
       username = nmasur.settings.username;

platforms/nixos/modules/nmasur/presets/services/arr/arr.nix

@@ -60,28 +60,23 @@ in
     services = {
       bazarr = {
         enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       };
       jellyseerr.enable = true;
       prowlarr.enable = true;
       sabnzbd = {
         enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
         # The config file must be editable within the application
         # It contains server configs and credentials
         configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
       };
       sonarr = {
         enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       };
       radarr = {
         enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       };
       readarr = {
         enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       };
     };
 
@@ -96,7 +91,6 @@ in
       {
         # Group means that routes with the same name are mutually exclusive,
         # so they are split between the appropriate services.
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -112,7 +106,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -127,7 +120,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -142,7 +134,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -158,7 +149,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -178,7 +168,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [
           {
             host = [ hostnames.download ];
@@ -193,7 +182,6 @@ in
         ];
       }
       {
-        group = "download";
         match = [ { host = [ hostnames.download ]; } ];
         handle = [
           {

platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix

@@ -19,10 +19,6 @@ in
     services.audiobookshelf = {
       enable = true;
 
-      # Setting a generic group to make it easier for the different programs
-      # that make use of the same files
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
-
       # This is the default /var/lib/audiobookshelf
       dataDir = "audiobookshelf";
     };

platforms/nixos/modules/nmasur/presets/services/calibre-web.nix

@@ -26,7 +26,6 @@ in
   config = lib.mkIf cfg.enable {
 
     services.calibre-web = {
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       openFirewall = true;
       options = {
         reverseProxyAuth.enable = false;

platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix

@@ -68,7 +68,11 @@ in
     # Tell Caddy to use Cloudflare DNS for ACME challenge validation
     services.caddy.package = pkgs.caddy.withPlugins {
       plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ];
-      hash = "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
+      hash =
+        if pkgs.stdenv.isx86_64 then
+          "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="
+        else
+          "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
     };
     nmasur.presets.services.caddy.tlsPolicies = [
       {

platforms/nixos/modules/nmasur/presets/services/immich.nix

@@ -13,7 +13,6 @@ in
     services.immich = {
       enable = true;
       port = 2283;
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
       database.enable = true;
       redis.enable = true;
       machine-learning.enable = true;

platforms/nixos/modules/nmasur/presets/services/jellyfin.nix

@@ -18,10 +18,11 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
-    users.users.jellyfin = {
-      isSystemUser = true;
-    };
+    services.jellyfin.enable = true;
+
+    # users.users.jellyfin = {
+    #   isSystemUser = true;
+    # };
 
     nmasur.presets.services.caddy.routes = [
       # Prevent public access to Prometheus metrics.
@@ -77,9 +78,6 @@ in
       "video"
     ]; # Access to /dev/dri
 
-    # Fix issue where Jellyfin-created directories don't allow access for media group
-    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
-
     # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
     nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
   };

platforms/nixos/modules/nmasur/presets/services/metrics/prometheus-exporters.nix

@@ -34,11 +34,11 @@ in
     ];
 
     services.prometheus = {
-      exporters.node.enable = config.prometheus.exporters.enable;
+      exporters.node.enable = true;
       exporters.node.enabledCollectors = [ ];
       exporters.node.disabledCollectors = [ "cpufreq" ];
-      exporters.systemd.enable = config.prometheus.exporters.enable;
-      exporters.process.enable = config.prometheus.exporters.enable;
+      exporters.systemd.enable = true;
+      exporters.process.enable = true;
       exporters.process.settings.process_names = [
         # Remove nix store path from process name
         {

platforms/nixos/modules/nmasur/presets/services/metrics/vm-agent.nix

@@ -3,8 +3,8 @@
 
 {
   config,
+  pkgs,
   lib,
-  pkgs-stable,
   ...
 }:
 
@@ -37,7 +37,7 @@ in
 
     services.vmagent = {
       enable = true;
-      package = pkgs-stable.vmagent;
+      package = pkgs.stable.vmagent;
       prometheusConfig = prometheusConfig;
       remoteWrite = {
         url = "https://${hostnames.prometheus}/api/v1/write";

platforms/nixos/modules/nmasur/presets/services/nextcloud/nextcloud.nix

@@ -220,7 +220,7 @@ in
     # Log metrics to prometheus
     networking.hosts."127.0.0.1" = [ hostnames.content ];
     services.prometheus.exporters.nextcloud = {
-      enable = config.prometheus.exporters.enable;
+      enable = true;
       username = config.services.nextcloud.config.adminuser;
       url = "https://${hostnames.content}";
       passwordFile = config.services.nextcloud.config.adminpassFile;

platforms/nixos/modules/nmasur/presets/zfs.nix

@@ -19,7 +19,7 @@ in
     boot.kernelPackages = pkgs.linuxPackages; # Defaults to latest LTS
     boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation
     boot.supportedFilesystems = [ "zfs" ];
-    services.prometheus.exporters.zfs.enable = config.prometheus.exporters.enable;
+    services.prometheus.exporters.zfs.enable = true;
     nmasur.presets.services.prometheus-exporters.scrapeTargets = [
       "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
     ];

platforms/nixos/modules/nmasur/profiles/home.nix

@@ -17,7 +17,6 @@ in
   config = lib.mkIf cfg.enable {
 
     nmasur.presets.services = {
-      grub.enable = lib.mkDefault true;
       # Configure physical power buttons
       logind.enable = lib.mkDefault true;
     };

platforms/nixos/modules/nmasur/profiles/shared-media.nix

@@ -21,5 +21,20 @@ in
     # Give the human user access to the shared group
     users.users.${username}.extraGroups = [ config.users.groups.shared.name ];
 
+    services = {
+      audiobookshelf.group = "shared";
+      bazarr.group = "shared";
+      jellyfin.group = "shared";
+      radarr.group = "shared";
+      readarr.group = "shared";
+      sabnzbd.group = "shared";
+      sonarr.group = "shared";
+      immich.group = "shared";
+      calibre-web.group = "shared";
+    };
+
+    # Fix issue where Jellyfin-created directories don't allow access for media group
+    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
+
   };
 }

platforms/nixos/modules/services/filebrowser.nix

@@ -31,7 +31,6 @@ in
     passwordHash = lib.mkOption {
       type = lib.types.str;
       description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
-      default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
     };
   };
 
@@ -39,7 +38,7 @@ in
 
     environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings;
 
-    systemd.services.filebrowser = lib.mkIf config.filebrowser.enable {
+    systemd.services.filebrowser = {
       description = "Filebrowser cloud file services";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
@@ -58,9 +57,6 @@ in
       path = [ pkgs.getent ]; # Fix: getent not found in $PATH
     };
 
-    # Configure Cloudflare DNS to point to this machine
-    services.cloudflare-dyndns.domains = [ hostnames.files ];
-
   };
 
 }