try to fix perms, use nixarr values

2025-12-31 12:18:33 -06:00 · 2025-12-31 12:18:33 -06:00 · 4499673d46
commit 4499673d46
parent 08e8ac2b21
5 changed files with 262 additions and 47 deletions
--- a/hosts/h001/mods/pinchflat.nix
+++ b/hosts/h001/mods/pinchflat.nix
@ -12,6 +12,9 @@ let
    inherit (pkgs) system;
    config.allowUnfree = true;
  };
+
+  gid = 186;
+  uid = 186;
 in
 {
  disabledModules = [ declaration ];
@ -29,17 +32,23 @@ in
      };
    };

-    users.users.pinchflat.isSystemUser = true;
-    users.users.pinchflat.group = "pinchflat";
-    users.users.pinchflat.extraGroups = lib.mkAfter [
-      "media"
+    users = {
+      groups.pinchflat.gid = gid;
+      users.pinchflat = {
+        isSystemUser = true;
+        group = "pinchflat";
+        uid = uid;
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '${config.services.pinchflat.mediaDir}' 0775 pinchflat pinchflat - -"
    ];
-    users.groups.pinchflat = { };
+
    systemd.services.pinchflat.serviceConfig = {
      DynamicUser = lib.mkForce false;
      User = "pinchflat";
      Group = "pinchflat";
-      UMask = "0002";
    };

    # Use Nixarr vpn
@ -54,7 +63,6 @@ in
      }
    ];

-
    services.nginx = {
      virtualHosts = {
        "pinchflat" = {