diff --git a/nixarr/default.nix b/nixarr/default.nix index 5cdcf81..ff53408 100644 --- a/nixarr/default.nix +++ b/nixarr/default.nix @@ -118,13 +118,14 @@ in { media.gid = 992; prowlarr = {}; transmission = {}; - jellyfin = {}; + streamer = {}; + torrenter = {}; }; # TODO: This is BAD. But seems necessary when using containers. # The prefered solution is to just remove containerization. # Look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix users.users = { - jellyfin = { + streamer = { isSystemUser = true; uid = lib.mkForce 316; }; @@ -148,9 +149,8 @@ in { group = "media"; uid = lib.mkForce 309; }; - transmission = { + torrenter = { isSystemUser = true; - group = "media"; uid = lib.mkForce 70; }; prowlarr = { @@ -163,19 +163,19 @@ in { systemd.tmpfiles.rules = [ # Media dirs "d '${cfg.mediaDir}' 0775 root media - -" - "d '${cfg.mediaDir}/library' 0775 jellyfin media - -" - "d '${cfg.mediaDir}/library/series' 0775 jellyfin media - -" - "d '${cfg.mediaDir}/library/movies' 0775 jellyfin media - -" - "d '${cfg.mediaDir}/library/music' 0775 jellyfin media - -" - "d '${cfg.mediaDir}/library/books' 0775 jellyfin media - -" - "d '${cfg.mediaDir}/torrents' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/.incomplete' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/.watch' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/manual' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/liadarr' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/radarr' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/sonarr' 0755 transmission media - -" - "d '${cfg.mediaDir}/torrents/readarr' 0755 transmission media - -" + "d '${cfg.mediaDir}/library' 0775 streamer media - -" + "d '${cfg.mediaDir}/library/shows' 0775 streamer media - -" + "d '${cfg.mediaDir}/library/movies' 0775 streamer media - -" + "d '${cfg.mediaDir}/library/music' 0775 streamer media - -" + "d '${cfg.mediaDir}/library/books' 0775 streamer media - -" + "d '${cfg.mediaDir}/torrents' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/.incomplete' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/.watch' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/manual' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/liadarr' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/radarr' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/sonarr' 0755 torrenter media - -" + "d '${cfg.mediaDir}/torrents/readarr' 0755 torrenter media - -" ]; util-nixarr.vpnnamespace = { diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index c0c1979..b2c24d4 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -95,11 +95,13 @@ in { mkIf cfg.enable { systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' 0700 jellyfin root - -" + "d '${cfg.stateDir}' 0700 streamer root - -" ]; services.jellyfin = { enable = cfg.enable; + user = "streamer"; + group = "streamer"; logDir = "${cfg.stateDir}/log"; cacheDir = "${cfg.stateDir}/cache"; dataDir = "${cfg.stateDir}/data"; @@ -186,11 +188,13 @@ in { }; config = { - users.groups.jellyfin = {}; - users.users.jellyfin = { - uid = lib.mkForce config.users.users.jellyfin.uid; + users.groups.streamer = { + gid = config.users.groups.streamer.gid; + }; + users.users.streamer = { + uid = lib.mkForce config.users.users.streamer.uid; isSystemUser = true; - group = "jellyfin"; + group = "streamer"; }; # Use systemd-resolved inside the container @@ -201,6 +205,8 @@ in { services.jellyfin = { enable = true; + user = "streamer"; + group = "streamer"; logDir = "${cfg.stateDir}/log"; cacheDir = "${cfg.stateDir}/cache"; dataDir = "${cfg.stateDir}/data"; diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix index 2729a83..ca188c2 100644 --- a/nixarr/transmission/default.nix +++ b/nixarr/transmission/default.nix @@ -90,14 +90,15 @@ in { config = mkIf cfg.enable { systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' 0700 transmission root - -" + "d '${cfg.stateDir}' 0700 torrenter root - -" # This is fixes a bug in nixpks TODO: create nixpkgs issue - "d '${cfg.stateDir}/.config/transmission-daemon' 0700 transmission root - -" + "d '${cfg.stateDir}/.config/transmission-daemon' 0700 torrenter root - -" ]; services.transmission = mkIf (!cfg.vpn.enable) { enable = true; - group = "media"; + user = "torrenter"; + group = "torrenter"; home = cfg.stateDir; webHome = if cfg.flood.enable @@ -183,13 +184,13 @@ in { }; config = { - users.groups.media = { - gid = config.users.groups.media.gid; + users.groups.torrenter = { + gid = config.users.groups.torrenter.gid; }; - users.users.transmission = { - uid = lib.mkForce config.users.users.transmission.uid; + users.users.torrenter = { + uid = lib.mkForce config.users.users.torrenter.uid; isSystemUser = true; - group = "media"; + group = "torrenter"; }; # Use systemd-resolved inside the container @@ -205,8 +206,8 @@ in { services.transmission = { enable = true; - # This is maybe wrong, too afraid to fix it lol - group = "media"; + user = "torrenter"; + group = "torrenter"; webHome = if cfg.flood.enable then pkgs.flood-for-transmission