try to fix perms, use nixarr values

hosts/h001/mods/nixarr.nix

@@ -13,32 +13,6 @@ let
 in
 {
   config = {
-    users.groups.media.gid = lib.mkForce 2000;
-
-    # Make sure enabled media services can write to the NFS mediaDir.
-    users.users.sonarr.extraGroups = lib.mkIf config.nixarr.sonarr.enable (lib.mkAfter [ "media" ]);
-    users.users.radarr.extraGroups = lib.mkIf config.nixarr.radarr.enable (lib.mkAfter [ "media" ]);
-    users.users.bazarr.extraGroups = lib.mkIf config.nixarr.bazarr.enable (lib.mkAfter [ "media" ]);
-    users.users.prowlarr.extraGroups = lib.mkIf config.nixarr.prowlarr.enable (lib.mkAfter [ "media" ]);
-    users.users.lidarr.extraGroups = lib.mkIf config.nixarr.lidarr.enable (lib.mkAfter [ "media" ]);
-    users.users.jellyfin.extraGroups = lib.mkIf config.nixarr.jellyfin.enable (lib.mkAfter [ "media" ]);
-    users.users.jellyseerr.extraGroups = lib.mkIf config.nixarr.jellyseerr.enable (lib.mkAfter [ "media" ]);
-    users.users.sabnzbd.extraGroups = lib.mkIf config.nixarr.sabnzbd.enable (lib.mkAfter [ "media" ]);
-    users.users.transmission.extraGroups = lib.mkIf config.nixarr.transmission.enable (lib.mkAfter [ "media" ]);
-
-    users.users.pinchflat.extraGroups = lib.mkAfter [ "media" ];
-    systemd.services.pinchflat.serviceConfig.UMask = "0002";
-
-    systemd.services.sonarr.serviceConfig.UMask = lib.mkIf config.nixarr.sonarr.enable "0002";
-    systemd.services.radarr.serviceConfig.UMask = lib.mkIf config.nixarr.radarr.enable "0002";
-    systemd.services.bazarr.serviceConfig.UMask = lib.mkIf config.nixarr.bazarr.enable "0002";
-    systemd.services.prowlarr.serviceConfig.UMask = lib.mkIf config.nixarr.prowlarr.enable "0002";
-    systemd.services.lidarr.serviceConfig.UMask = lib.mkIf config.nixarr.lidarr.enable "0002";
-    systemd.services.jellyfin.serviceConfig.UMask = lib.mkIf config.nixarr.jellyfin.enable "0002";
-    systemd.services.jellyseerr.serviceConfig.UMask = lib.mkIf config.nixarr.jellyseerr.enable "0002";
-    systemd.services.sabnzbd.serviceConfig.UMask = lib.mkIf config.nixarr.sabnzbd.enable "0002";
-    systemd.services.transmission.serviceConfig.UMask = lib.mkIf config.nixarr.transmission.enable "0002";
-
     nixarr = {
       enable = true;
       # mediaDir = "/drives/wd10/nixarr/media";
@@ -104,3 +78,4 @@ in
     };
   };
 }
+

hosts/h001/mods/pinchflat.nix

@@ -12,6 +12,9 @@ let
     inherit (pkgs) system;
     config.allowUnfree = true;
   };
+
+  gid = 186;
+  uid = 186;
 in
 {
   disabledModules = [ declaration ];
@@ -29,17 +32,23 @@ in
       };
     };
 
-    users.users.pinchflat.isSystemUser = true;
-    users.users.pinchflat.group = "pinchflat";
-    users.users.pinchflat.extraGroups = lib.mkAfter [
-      "media"
+    users = {
+      groups.pinchflat.gid = gid;
+      users.pinchflat = {
+        isSystemUser = true;
+        group = "pinchflat";
+        uid = uid;
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '${config.services.pinchflat.mediaDir}' 0775 pinchflat pinchflat - -"
     ];
-    users.groups.pinchflat = { };
+
     systemd.services.pinchflat.serviceConfig = {
       DynamicUser = lib.mkForce false;
       User = "pinchflat";
       Group = "pinchflat";
-      UMask = "0002";
     };
 
     # Use Nixarr vpn
@@ -54,7 +63,6 @@ in
       }
     ];
 
-
     services.nginx = {
       virtualHosts = {
         "pinchflat" = {