geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement media group for NFS permission management

Browse source 
- Create shared media-group.nix module with fixed GID (993)
- Add both geir and sma users to media group for shared NFS access
- Update NFS server configuration to use root:media ownership with 0775 permissions
- Convert all media services to use media group instead of users group:
  - Jellyfin, Calibre-web, Audiobookshelf, Transmission
- Enable group write access to all NFS shares (/mnt/storage/*)
- Maintain security with root ownership while allowing group collaboration

This resolves NFS permission issues by providing consistent group-based access
control across all media services and storage directories.
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-11 09:33:24 +02:00
parent 2276dd59cd
commit 967ba38411
8 changed files with 83 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

25
machines/sleeper-service/nfs.nix
View file

@ -1,8 +1,14 @@
# NFS Server Configuration
# Network File System server for home lab storage
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
../../modules/users/media-group.nix
];
# NFS server configuration
services.nfs.server = {
enable = true;
@ -16,13 +22,14 @@
createMountPoints = true;
};
# Ensure the storage subdirectories exist (ZFS dataset is mounted at /mnt/storage)
# systemd.tmpfiles.rules = [
# "d /mnt/storage/media 0755 sma users -"
# "d /mnt/storage/downloads 0755 sma users -"
# "d /mnt/storage/backups 0755 sma users -"
# "d /mnt/storage/shares 0755 sma users -"
# ];
# Ensure the storage subdirectories exist with proper ownership (ZFS dataset is mounted at /mnt/storage)
# Setting ownership to root:media with group write permissions for shared access
systemd.tmpfiles.rules = [
"d /mnt/storage/media 0775 root media -"
"d /mnt/storage/downloads 0775 root media -"
"d /mnt/storage/backups 0775 root media -"
"d /mnt/storage/shares 0775 root media -"
];
# Required packages for NFS
environment.systemPackages = with pkgs; [