Implement media group for NFS permission management

- Create shared media-group.nix module with fixed GID (993)
- Add both geir and sma users to media group for shared NFS access
- Update NFS server configuration to use root:media ownership with 0775 permissions
- Convert all media services to use media group instead of users group:
  - Jellyfin, Calibre-web, Audiobookshelf, Transmission
- Enable group write access to all NFS shares (/mnt/storage/*)
- Maintain security with root ownership while allowing group collaboration

This resolves NFS permission issues by providing consistent group-based access
control across all media services and storage directories.

modules/users/geir.nix

@@ -8,6 +8,10 @@
   # Import custom packages from the flake
   homeLabPackages = import ../../packages {inherit pkgs;};
 in {
+  imports = [
+    ./media-group.nix
+  ];
+
   users.users.geir = {
     description = "Geir Okkenhaug Jerstad - Primary User";
     isNormalUser = true;
@@ -22,6 +26,7 @@ in {
       "audio" # audio devices
       "video" # video devices
       "render" # GPU access
+      "media" # shared media access for NFS shares
     ];
 
     shell = pkgs.zsh;

modules/users/media-group.nix

@@ -0,0 +1,12 @@
+# Media Group Configuration
+# Shared group for NFS media access permissions
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # Create the media group for shared NFS access
+  users.groups.media = {
+    gid = 993; # Fixed GID for consistency across machines
+  };
+}

modules/users/sma.nix

@@ -6,6 +6,10 @@
   pkgs,
   ...
 }: {
+  imports = [
+    ./media-group.nix
+  ];
+
   users.users.sma = {
     description = "Diziet Sma - System Administrator";
     isNormalUser = true;
@@ -20,6 +24,7 @@
       "incus-admin" # container management
       "podman" # container runtime
       "docker" # docker compatibility (if needed)
+      "media" # shared media access for NFS shares
     ];
 
     # Security-focused shell setup