967ba38411
- Create shared media-group.nix module with fixed GID (993) - Add both geir and sma users to media group for shared NFS access - Update NFS server configuration to use root:media ownership with 0775 permissions - Convert all media services to use media group instead of users group: - Jellyfin, Calibre-web, Audiobookshelf, Transmission - Enable group write access to all NFS shares (/mnt/storage/*) - Maintain security with root ownership while allowing group collaboration This resolves NFS permission issues by providing consistent group-based access control across all media services and storage directories.
40 lines
1.3 KiB
Nix
40 lines
1.3 KiB
Nix
# NFS Server Configuration
|
|
# Network File System server for home lab storage
|
|
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
../../modules/users/media-group.nix
|
|
];
|
|
|
|
# NFS server configuration
|
|
services.nfs.server = {
|
|
enable = true;
|
|
# Export the storage directory (ZFS dataset)
|
|
# Allow access from both local network and Tailscale network
|
|
exports = ''
|
|
/mnt/storage 10.0.0.0/24(rw,sync,no_subtree_check,no_root_squash) 100.64.0.0/10(rw,sync,no_subtree_check,no_root_squash)
|
|
/mnt/storage/media 10.0.0.0/24(rw,sync,no_subtree_check,no_root_squash) 100.64.0.0/10(rw,sync,no_subtree_check,no_root_squash)
|
|
'';
|
|
# Create exports on startup
|
|
createMountPoints = true;
|
|
};
|
|
|
|
# Ensure the storage subdirectories exist with proper ownership (ZFS dataset is mounted at /mnt/storage)
|
|
# Setting ownership to root:media with group write permissions for shared access
|
|
systemd.tmpfiles.rules = [
|
|
"d /mnt/storage/media 0775 root media -"
|
|
"d /mnt/storage/downloads 0775 root media -"
|
|
"d /mnt/storage/backups 0775 root media -"
|
|
"d /mnt/storage/shares 0775 root media -"
|
|
];
|
|
|
|
# Required packages for NFS
|
|
environment.systemPackages = with pkgs; [
|
|
nfs-utils
|
|
];
|
|
|
|
# Firewall rules are already configured in network module
|
|
}
|