ookflix: add containers

2024-12-02 12:30:30 +11:00 · 2024-12-02 12:30:30 +11:00 · 79a37fa8eb
commit 79a37fa8eb
parent 4ee2e2a877
13 changed files with 303 additions and 68 deletions
--- a/modules/nixos/server/services/ookflix/shared.nix
+++ b/modules/nixos/server/services/ookflix/shared.nix
@ -0,0 +1,66 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (config.ooknet.host) admin;
+  inherit (config.ooknet.server) ookflix;
+  inherit (config.ooknet.server.ookflix) volumes groups;
+  inherit (config.ooknet.server.ookflix.services) jellyfin plex sonarr radarr prowlarr transmission;
+  mediaDirPermissions = {
+    mode = "0775";
+    user = admin.name;
+    group = groups.media.name;
+  };
+  downloadDirPermissions = {
+    mode = "0770";
+    user = admin.name;
+    group = groups.downloads.name;
+  };
+  ifTheyExist = users: builtins.filter (user: builtins.hasAttr user config.users.users) users;
+in {
+  config = mkIf ookflix.enable {
+    users.groups = {
+      ${groups.media.name} = {
+        inherit (groups.media) name gid;
+        members = ifTheyExist [
+          jellyfin.user.name
+          plex.user.name
+          sonarr.user.name
+          radarr.user.name
+          prowlarr.user.name
+        ];
+      };
+      ${groups.downloads.name} = {
+        inherit (groups.downloads) name gid;
+        members = ifTheyExist [
+          sonarr.user.name
+          radarr.user.name
+          prowlarr.user.name
+          transmission.user.name
+        ];
+      };
+    };
+    systemd.tmpfiles.settings = {
+      contentRoot = {
+        "${volumes.content.root}"."d" = {
+          mode = "0775";
+          user = "root";
+          group = "root";
+        };
+      };
+      mediaDirectories = {
+        "${volumes.media.root}"."d" = mediaDirPermissions;
+        "${volumes.media.tv}"."d" = mediaDirPermissions;
+        "${volumes.media.movies}"."d" = mediaDirPermissions;
+      };
+      downloadDirectories = {
+        "${volumes.downloads.root}"."d" = downloadDirPermissions;
+        "${volumes.downloads.complete}"."d" = downloadDirPermissions;
+        "${volumes.downloads.incomplete}"."d" = downloadDirPermissions;
+        "${volumes.downloads.watch}"."d" = downloadDirPermissions;
+      };
+    };
+  };
+}