Implement media group for NFS permission management

- Create shared media-group.nix module with fixed GID (993)
- Add both geir and sma users to media group for shared NFS access
- Update NFS server configuration to use root:media ownership with 0775 permissions
- Convert all media services to use media group instead of users group:
  - Jellyfin, Calibre-web, Audiobookshelf, Transmission
- Enable group write access to all NFS shares (/mnt/storage/*)
- Maintain security with root ownership while allowing group collaboration

This resolves NFS permission issues by providing consistent group-based access
control across all media services and storage directories.

machines/grey-area/services/audiobook.nix

@@ -1,11 +1,18 @@
-{ configs, pkgs, ... }:
 {
+  configs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../../modules/users/media-group.nix
+  ];
+
   environment.systemPackages = [
     pkgs.audiobookshelf
   ];
-  services.audiobookshelf.group = "users";
+  services.audiobookshelf.group = "media";
   services.audiobookshelf.enable = true;
-  services.audiobookshelf.host = "0.0.0.0" ;
+  services.audiobookshelf.host = "0.0.0.0";
   services.audiobookshelf.port = 8000;
   services.audiobookshelf.openFirewall = true;
 }

machines/grey-area/services/calibre-web.nix

@@ -1,16 +1,23 @@
-{ config, pkgs, ... }:
 {
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../../modules/users/media-group.nix
+  ];
+
   services.calibre-web = {
     enable = true;
-    group = "users";
+    group = "media";
     listen = {
-        ip = "0.0.0.0";
-        port = 8083;
+      ip = "0.0.0.0";
+      port = 8083;
     };
     options = {
       calibreLibrary = "/mnt/remote/media/books/calibre/";
       enableBookUploading = true;
     };
   };
-  networking.firewall.allowedTCPPorts = [ 8083 ];
+  networking.firewall.allowedTCPPorts = [8083];
 }

machines/grey-area/services/jellyfin.nix

@@ -1,9 +1,16 @@
-{ config, pkgs, ... }:
 {
-  services.jellyfin = { 
-  	enable = true;
-	  group = "users";
-	};	
-  networking.firewall.allowedTCPPorts = [ 8096 8920 ];
-  networking.firewall.allowedUDPPorts = [ 1900 7359 ];
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../../modules/users/media-group.nix
+  ];
+
+  services.jellyfin = {
+    enable = true;
+    group = "media";
+  };
+  networking.firewall.allowedTCPPorts = [8096 8920];
+  networking.firewall.allowedUDPPorts = [1900 7359];
 }