From 55bc2a63be112cd93819fe168eacbdbccf9f0642 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 30 Dec 2025 15:34:45 -0600 Subject: [PATCH 01/17] update opencode --- flakes/opencode/flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flakes/opencode/flake.lock b/flakes/opencode/flake.lock index c41ca50b..2c9880e4 100644 --- a/flakes/opencode/flake.lock +++ b/flakes/opencode/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1766870016, - "narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=", + "lastModified": 1767026758, + "narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce", + "rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d", "type": "github" }, "original": { @@ -21,11 +21,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1767028968, - "narHash": "sha256-Z6Jk9Ee3+KHaQf7V/zbHHgotZ0gQA5Mtqpzs8PAQmBY=", + "lastModified": 1767126722, + "narHash": "sha256-bXBpPQ9altAzsuFKhIS83LKwuLIxKJ4gWMAG5xzk+fM=", "owner": "sst", "repo": "opencode", - "rev": "b7ce46f7a12e68283d6588c33aaf972426ddd65e", + "rev": "3fe5d91372fdf859e09ed5a2aefe359e0648ed10", "type": "github" }, "original": { From 29127dcdecf05ccde75760245cbf5de269afec33 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 30 Dec 2025 15:48:59 -0600 Subject: [PATCH 02/17] try drop params --- hosts/h001/mods/litellm.nix | 1 + hosts/lio/flake.lock | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/hosts/h001/mods/litellm.nix b/hosts/h001/mods/litellm.nix index a1cdf325..a165ed2c 100644 --- a/hosts/h001/mods/litellm.nix +++ b/hosts/h001/mods/litellm.nix @@ -103,6 +103,7 @@ in model = "litellm_proxy/${m}"; api_base = "http://100.64.0.8:9010/air_prd"; api_key = "na"; + drop_params = true; }; }) # curl -L t.net.joshuabell.xyz:9010/air_prd/models | jq '.data.[].id' diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index dd156ada..0b9c2b74 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -321,11 +321,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1766870016, - "narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=", + "lastModified": 1767026758, + "narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce", + "rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d", "type": "github" }, "original": { @@ -1237,11 +1237,11 @@ }, "locked": { "dir": "flakes/opencode", - "lastModified": 1767029710, - "narHash": "sha256-MqilsCw9R5Rnq6qFBVctn/WtYO6vA8Rlt14tgKiIC/s=", + "lastModified": 1767130486, + "narHash": "sha256-uqNOE5wBvgXgluAkVWWy7/GXpsdgUnZt4gTYTNnbnM8=", "ref": "refs/heads/master", - "rev": "3f8232e8f98713bc74c8f4ace0694cdc19ae2d3d", - "revCount": 988, + "rev": "b322c942bbf340ab70b2e2a021f2c5359f0330dc", + "revCount": 1011, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1256,11 +1256,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1767028968, - "narHash": "sha256-Z6Jk9Ee3+KHaQf7V/zbHHgotZ0gQA5Mtqpzs8PAQmBY=", + "lastModified": 1767126722, + "narHash": "sha256-bXBpPQ9altAzsuFKhIS83LKwuLIxKJ4gWMAG5xzk+fM=", "owner": "sst", "repo": "opencode", - "rev": "b7ce46f7a12e68283d6588c33aaf972426ddd65e", + "rev": "3fe5d91372fdf859e09ed5a2aefe359e0648ed10", "type": "github" }, "original": { From c982d3995d78a9035d04a456c03d25468d8f9477 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 30 Dec 2025 20:25:18 -0600 Subject: [PATCH 03/17] try modify params option --- hosts/h001/mods/litellm.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/h001/mods/litellm.nix b/hosts/h001/mods/litellm.nix index a165ed2c..d60c2d63 100644 --- a/hosts/h001/mods/litellm.nix +++ b/hosts/h001/mods/litellm.nix @@ -41,6 +41,7 @@ in litellm_settings = { check_provider_endpoints = true; drop_params = true; + modify_params = true; }; model_list = [ ] From 68b869ecf20d59e76d7b8d73b0a4c37c6d1fc678 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 09:38:09 -0600 Subject: [PATCH 04/17] add more shortcuts to plasma --- flakes/de_plasma/home_manager/shortcuts.nix | 29 +++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/flakes/de_plasma/home_manager/shortcuts.nix b/flakes/de_plasma/home_manager/shortcuts.nix index 0211a29d..194a45fe 100644 --- a/flakes/de_plasma/home_manager/shortcuts.nix +++ b/flakes/de_plasma/home_manager/shortcuts.nix @@ -29,7 +29,17 @@ let kwinMoveWorkspace = builtins.listToAttrs ( map (i: { name = "Window to Desktop ${toString i}"; - value = "Meta+Shift+${toString i}"; + value = + let + idx = i - 1; + in + if idx < builtins.length workspaceLetters then + [ + "Meta+Shift+${toString i}" + "Meta+Shift+${builtins.elemAt workspaceLetters idx}" + ] + else + "Meta+Shift+${toString i}"; }) workspaces ); in @@ -41,6 +51,21 @@ in kwin = { "Window Close" = "Meta+Q"; "Overview" = "Meta"; + + # Vim-style focus move + "Switch Window Left" = "Meta+H"; + "Switch Window Down" = "Meta+J"; + "Switch Window Up" = "Meta+K"; + "Switch Window Right" = "Meta+L"; + + # Vim-style snap/maximize/restore + "Window Quick Tile Left" = "Meta+Shift+H"; + "Window Quick Tile Right" = "Meta+Shift+L"; + + # No dedicated "unsnap" action; this reliably breaks quick-tiling. + "Window Move Center" = "Meta+Shift+J"; + + "Window Maximize" = "Meta+Shift+K"; } // kwinWorkspace // kwinMoveWorkspace; @@ -50,7 +75,7 @@ in }; ksmserver = { - "Lock Session" = "Meta+Shift+L"; + "Lock Session" = "none"; }; # "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+K"; From 23b9b9c00465c35baa19fe386c776df60fb10c0f Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 10:53:16 -0600 Subject: [PATCH 05/17] attempt to fix my permissions for media --- hosts/h001/mods/nixarr.nix | 28 ++++++++++++++++++++++++++ hosts/h001/mods/pinchflat.nix | 7 ++++--- hosts/h002/nfs-data.nix | 37 +++++++++++++++++++++++++++++++++-- hosts/lio/flake.lock | 16 +++++++-------- hosts/lio/flake.nix | 1 + 5 files changed, 76 insertions(+), 13 deletions(-) diff --git a/hosts/h001/mods/nixarr.nix b/hosts/h001/mods/nixarr.nix index b12607fb..245fd4f1 100644 --- a/hosts/h001/mods/nixarr.nix +++ b/hosts/h001/mods/nixarr.nix @@ -13,6 +13,34 @@ let in { config = { + users.groups.media = { + gid = 2000; + }; + + # Make sure all media services can write to NFS mediaDir. + users.users.sonarr.extraGroups = lib.mkAfter [ "media" ]; + users.users.radarr.extraGroups = lib.mkAfter [ "media" ]; + users.users.bazarr.extraGroups = lib.mkAfter [ "media" ]; + users.users.prowlarr.extraGroups = lib.mkAfter [ "media" ]; + users.users.lidarr.extraGroups = lib.mkAfter [ "media" ]; + users.users.jellyfin.extraGroups = lib.mkAfter [ "media" ]; + users.users.jellyseerr.extraGroups = lib.mkAfter [ "media" ]; + users.users.sabnzbd.extraGroups = lib.mkAfter [ "media" ]; + users.users.transmission.extraGroups = lib.mkAfter [ "media" ]; + + users.users.pinchflat.extraGroups = lib.mkAfter [ "media" ]; + systemd.services.pinchflat.serviceConfig.UMask = "0002"; + + systemd.services.sonarr.serviceConfig.UMask = "0002"; + systemd.services.radarr.serviceConfig.UMask = "0002"; + systemd.services.bazarr.serviceConfig.UMask = "0002"; + systemd.services.prowlarr.serviceConfig.UMask = "0002"; + systemd.services.lidarr.serviceConfig.UMask = "0002"; + systemd.services.jellyfin.serviceConfig.UMask = "0002"; + systemd.services.jellyseerr.serviceConfig.UMask = "0002"; + systemd.services.sabnzbd.serviceConfig.UMask = "0002"; + systemd.services.transmission.serviceConfig.UMask = "0002"; + nixarr = { enable = true; # mediaDir = "/drives/wd10/nixarr/media"; diff --git a/hosts/h001/mods/pinchflat.nix b/hosts/h001/mods/pinchflat.nix index 9568b5f9..e2faa4f2 100644 --- a/hosts/h001/mods/pinchflat.nix +++ b/hosts/h001/mods/pinchflat.nix @@ -31,11 +31,15 @@ in users.users.pinchflat.isSystemUser = true; users.users.pinchflat.group = "pinchflat"; + users.users.pinchflat.extraGroups = lib.mkAfter [ + "media" + ]; users.groups.pinchflat = { }; systemd.services.pinchflat.serviceConfig = { DynamicUser = lib.mkForce false; User = "pinchflat"; Group = "pinchflat"; + UMask = "0002"; }; # Use Nixarr vpn @@ -50,9 +54,6 @@ in } ]; - systemd.tmpfiles.rules = [ - "d '${config.services.pinchflat.mediaDir}' 0775 pinchflat pinchflat - -" - ]; services.nginx = { virtualHosts = { diff --git a/hosts/h002/nfs-data.nix b/hosts/h002/nfs-data.nix index 79eac45b..48fd3fb1 100644 --- a/hosts/h002/nfs-data.nix +++ b/hosts/h002/nfs-data.nix @@ -6,11 +6,44 @@ }: lib.mkMerge [ ({ + users.groups.media = { + gid = 2000; + }; + + # Keep exported paths group-writable for media services. + # `2` (setgid) makes new files inherit group `media`. + systemd.tmpfiles.rules = [ + "d /data/nixarr 2775 root media - -" + "d /data/nixarr/media 2775 root media - -" + "d /data/pinchflat 2775 root media - -" + "d /data/pinchflat/media 2775 root media - -" + ]; + + # One-shot fixup for existing files after migrations/rsync. + systemd.services.nfs-media-permissions = { + description = "Fix NFS media permissions"; + after = [ "local-fs.target" ]; + before = [ "nfs-server.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + path = [ pkgs.coreutils pkgs.findutils ]; + script = '' + set -euo pipefail + + for dir in /data/nixarr/media /data/pinchflat/media; do + mkdir -p "$dir" + chgrp -R media "$dir" || true + chmod -R g+rwX "$dir" || true + find "$dir" -type d -print0 | xargs -0 chmod 2775 || true + done + ''; + }; + services.nfs.server = { enable = true; exports = '' - /data 100.64.0.0/10(rw,sync,no_subtree_check,fsid=0,crossmnt) - /data 10.12.14.0/10(rw,sync,no_subtree_check,fsid=0,crossmnt) + /data 100.64.0.0/10(rw,sync,no_subtree_check,no_root_squash,fsid=0,crossmnt) + /data 10.12.14.0/10(rw,sync,no_subtree_check,no_root_squash,fsid=0,crossmnt) ''; }; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 0b9c2b74..c8611dc4 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -123,11 +123,11 @@ }, "locked": { "dir": "flakes/de_plasma", - "lastModified": 1766961967, - "narHash": "sha256-ccLRTjpQ3tqvNMMhCn02+WS74KE0i8bYLI/Jh4GdoiQ=", + "lastModified": 1767147918, + "narHash": "sha256-ymvfM1mfs/nKsHovMkM4UROtH5X/WHXl0IEVsD3Z1Eg=", "ref": "refs/heads/master", - "rev": "6b023457ec9053e748bc49ac3e28ea82e2f998d4", - "revCount": 975, + "rev": "c982d3995d78a9035d04a456c03d25468d8f9477", + "revCount": 1013, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1384,11 +1384,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1766468664, - "narHash": "sha256-QfAZCWfwIDiOvikyMb9Tsg2X0n659zd6DxDT88ILE4I=", + "lastModified": 1767195473, + "narHash": "sha256-xL3DZSWiNSvW58LsJwFIpQ9i3Vs5uaYUjbL60rpFxPk=", "ref": "refs/heads/master", - "rev": "99a57f25b959d7226d68f1b53ff60f0c4cc5b210", - "revCount": 326, + "rev": "88e86b5a7d40697ade905f534dcd5372a67b8102", + "revCount": 328, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 2a09864f..4154e110 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -187,6 +187,7 @@ ttyd pavucontrol nfs-utils + jellyfin-media-player ]; services.flatpak.packages = [ From 209443296fb1224938a20e7e82fc20d47e360f1c Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:11:13 -0600 Subject: [PATCH 06/17] new flake command helper --- .../common/nix_modules/essentials/default.nix | 1 + .../nix_modules/essentials/flake.func.sh | 133 ++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 flakes/common/nix_modules/essentials/flake.func.sh diff --git a/flakes/common/nix_modules/essentials/default.nix b/flakes/common/nix_modules/essentials/default.nix index 12dcbf01..a9d4d9b1 100644 --- a/flakes/common/nix_modules/essentials/default.nix +++ b/flakes/common/nix_modules/essentials/default.nix @@ -64,5 +64,6 @@ with lib; (builtins.readFile ./unix_utils.func.sh) (builtins.readFile ./nixpkg.func.sh) (builtins.readFile ./envrc-import.func.sh) + (builtins.readFile ./flake.func.sh) ]; } diff --git a/flakes/common/nix_modules/essentials/flake.func.sh b/flakes/common/nix_modules/essentials/flake.func.sh new file mode 100644 index 00000000..ced628c2 --- /dev/null +++ b/flakes/common/nix_modules/essentials/flake.func.sh @@ -0,0 +1,133 @@ +_flake_usage() { + cat <<'EOF' +usage: + flake update pick inputs via fzf + flake update update specific inputs + flake update -a|--all update all inputs +EOF +} + +_flake_root() { + local dir + dir="$(pwd -P)" + + while [ "$dir" != "/" ]; do + if [ -f "$dir/flake.nix" ]; then + echo "$dir" + return 0 + fi + dir="$(dirname "$dir")" + done + + return 1 +} + +flake() { + local subcommand + subcommand="${1:-}" + + case "$subcommand" in + update) + shift + + local root + root="$(_flake_root)" || { + echo "Error: not in a flake directory (missing flake.nix)" >&2 + return 1 + } + + local lock_file + lock_file="$root/flake.lock" + + local all + all=0 + + while [ $# -gt 0 ]; do + case "$1" in + -a|--all) + all=1 + shift + ;; + -h|--help) + _flake_usage + return 0 + ;; + --) + shift + break + ;; + -*) + echo "Error: unknown flag: $1" >&2 + _flake_usage >&2 + return 1 + ;; + *) + break + ;; + esac + done + + if [ "$all" -eq 1 ]; then + (cd "$root" && nix flake update) + return $? + fi + + if [ $# -gt 0 ]; then + echo "Updating inputs: $*" + (cd "$root" && nix flake update "$@") + return $? + fi + + if [ ! -f "$lock_file" ]; then + echo "Error: missing $lock_file" >&2 + echo "Run: (cd \"$root\" && nix flake lock)" >&2 + return 1 + fi + + if ! command -v fzf >/dev/null 2>&1; then + echo "Error: fzf not found" >&2 + return 1 + fi + + if ! command -v jq >/dev/null 2>&1; then + echo "Error: jq not found" >&2 + return 1 + fi + + local selected + selected="$( + jq -r '.nodes.root.inputs | keys[]' "$lock_file" | \ + fzf --multi \ + --prompt='flake update > ' \ + --header='TAB to select, ENTER to update' + )" + + if [ -z "$selected" ]; then + echo "No inputs selected" + return 1 + fi + + local inputs + inputs=() + + while IFS= read -r input; do + [ -z "$input" ] && continue + inputs+=("$input") + done <<< "$selected" + + echo "Updating inputs: ${inputs[*]}" + (cd "$root" && nix flake update "${inputs[@]}") + return $? + ;; + + -h|--help|help|"") + _flake_usage + ;; + + *) + echo "Error: unknown subcommand: $subcommand" >&2 + _flake_usage >&2 + return 1 + ;; + esac +} From fb37ecaa6746a72305b82441b36338e74874a862 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:11:37 -0600 Subject: [PATCH 07/17] new helper on lio --- hosts/lio/flake.lock | 66 ++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index c8611dc4..d737cdaf 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -31,11 +31,11 @@ }, "locked": { "dir": "flakes/beszel", - "lastModified": 1766961967, - "narHash": "sha256-ccLRTjpQ3tqvNMMhCn02+WS74KE0i8bYLI/Jh4GdoiQ=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "6b023457ec9053e748bc49ac3e28ea82e2f998d4", - "revCount": 975, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -64,11 +64,11 @@ "common": { "locked": { "dir": "flakes/common", - "lastModified": 1767108596, - "narHash": "sha256-G24jIpfoSg3e4yUtAJnJsA6Mw+INLd3g85JzLWj+1j8=", + "lastModified": 1767201073, + "narHash": "sha256-UpY2rT7+j2t1K5Ed0wp/nKrSSA7WcZ1BpU1B3vPrbJA=", "ref": "refs/heads/master", - "rev": "31f2ef23a0382b3149866ee3665a64843870d7a6", - "revCount": 1007, + "rev": "209443296fb1224938a20e7e82fc20d47e360f1c", + "revCount": 1016, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -123,11 +123,11 @@ }, "locked": { "dir": "flakes/de_plasma", - "lastModified": 1767147918, - "narHash": "sha256-ymvfM1mfs/nKsHovMkM4UROtH5X/WHXl0IEVsD3Z1Eg=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "c982d3995d78a9035d04a456c03d25468d8f9477", - "revCount": 1013, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -161,11 +161,11 @@ }, "locked": { "dir": "flakes/flatpaks", - "lastModified": 1766961967, - "narHash": "sha256-ccLRTjpQ3tqvNMMhCn02+WS74KE0i8bYLI/Jh4GdoiQ=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "6b023457ec9053e748bc49ac3e28ea82e2f998d4", - "revCount": 975, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -202,11 +202,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1766939458, - "narHash": "sha256-VvZeAKyB3vhyHStSO8ACKzWRKNQPmVWktjfuSVdvtUA=", + "lastModified": 1767024057, + "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=", "owner": "rycee", "repo": "home-manager", - "rev": "e298a148013c980e3c8c0ac075295fab5074d643", + "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1", "type": "github" }, "original": { @@ -273,11 +273,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", "type": "github" }, "original": { @@ -305,11 +305,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1766736597, - "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", + "lastModified": 1767047869, + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852", + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", "type": "github" }, "original": { @@ -1237,11 +1237,11 @@ }, "locked": { "dir": "flakes/opencode", - "lastModified": 1767130486, - "narHash": "sha256-uqNOE5wBvgXgluAkVWWy7/GXpsdgUnZt4gTYTNnbnM8=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "b322c942bbf340ab70b2e2a021f2c5359f0330dc", - "revCount": 1011, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1446,11 +1446,11 @@ }, "locked": { "dir": "flakes/secrets", - "lastModified": 1766961967, - "narHash": "sha256-ccLRTjpQ3tqvNMMhCn02+WS74KE0i8bYLI/Jh4GdoiQ=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "6b023457ec9053e748bc49ac3e28ea82e2f998d4", - "revCount": 975, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, From df184b40e0b8cf33078bc622fdf8a852955f279a Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:11:56 -0600 Subject: [PATCH 08/17] tighten up h002 data perm cleanup --- hosts/h002/nfs-data.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/hosts/h002/nfs-data.nix b/hosts/h002/nfs-data.nix index 48fd3fb1..c2fea7b2 100644 --- a/hosts/h002/nfs-data.nix +++ b/hosts/h002/nfs-data.nix @@ -20,21 +20,24 @@ lib.mkMerge [ ]; # One-shot fixup for existing files after migrations/rsync. + # Runs before `nfs-server` so clients always see correct perms. systemd.services.nfs-media-permissions = { description = "Fix NFS media permissions"; after = [ "local-fs.target" ]; before = [ "nfs-server.service" ]; - wantedBy = [ "multi-user.target" ]; + requiredBy = [ "nfs-server.service" ]; serviceConfig.Type = "oneshot"; path = [ pkgs.coreutils pkgs.findutils ]; script = '' set -euo pipefail + getent group media >/dev/null + for dir in /data/nixarr/media /data/pinchflat/media; do mkdir -p "$dir" - chgrp -R media "$dir" || true - chmod -R g+rwX "$dir" || true - find "$dir" -type d -print0 | xargs -0 chmod 2775 || true + chgrp -R media "$dir" + chmod -R g+rwX "$dir" + find "$dir" -type d -exec chmod 2775 {} + done ''; }; From 5aa58ce2c024a1a6c581d6ba96772660f64690e0 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:14:55 -0600 Subject: [PATCH 09/17] tighten up h002 data perm cleanup --- hosts/h002/nfs-data.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/h002/nfs-data.nix b/hosts/h002/nfs-data.nix index c2fea7b2..392d0c62 100644 --- a/hosts/h002/nfs-data.nix +++ b/hosts/h002/nfs-data.nix @@ -27,7 +27,7 @@ lib.mkMerge [ before = [ "nfs-server.service" ]; requiredBy = [ "nfs-server.service" ]; serviceConfig.Type = "oneshot"; - path = [ pkgs.coreutils pkgs.findutils ]; + path = [ pkgs.coreutils pkgs.findutils pkgs.glibc.bin ]; script = '' set -euo pipefail From c4d5d8c1f88679a64a96756368b61b4e1ba1c6d2 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:21:29 -0600 Subject: [PATCH 10/17] remove the fixer we are doing it manually --- hosts/h002/nfs-data.nix | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/hosts/h002/nfs-data.nix b/hosts/h002/nfs-data.nix index 392d0c62..61f98b09 100644 --- a/hosts/h002/nfs-data.nix +++ b/hosts/h002/nfs-data.nix @@ -19,28 +19,6 @@ lib.mkMerge [ "d /data/pinchflat/media 2775 root media - -" ]; - # One-shot fixup for existing files after migrations/rsync. - # Runs before `nfs-server` so clients always see correct perms. - systemd.services.nfs-media-permissions = { - description = "Fix NFS media permissions"; - after = [ "local-fs.target" ]; - before = [ "nfs-server.service" ]; - requiredBy = [ "nfs-server.service" ]; - serviceConfig.Type = "oneshot"; - path = [ pkgs.coreutils pkgs.findutils pkgs.glibc.bin ]; - script = '' - set -euo pipefail - - getent group media >/dev/null - - for dir in /data/nixarr/media /data/pinchflat/media; do - mkdir -p "$dir" - chgrp -R media "$dir" - chmod -R g+rwX "$dir" - find "$dir" -type d -exec chmod 2775 {} + - done - ''; - }; services.nfs.server = { enable = true; From b26f61f473f71971732f0fe1327bc52e3e81e5d2 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:23:36 -0600 Subject: [PATCH 11/17] force 2000 --- hosts/h001/mods/nixarr.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/h001/mods/nixarr.nix b/hosts/h001/mods/nixarr.nix index 245fd4f1..1fc1b585 100644 --- a/hosts/h001/mods/nixarr.nix +++ b/hosts/h001/mods/nixarr.nix @@ -13,9 +13,7 @@ let in { config = { - users.groups.media = { - gid = 2000; - }; + users.groups.media.gid = lib.mkForce 2000; # Make sure all media services can write to NFS mediaDir. users.users.sonarr.extraGroups = lib.mkAfter [ "media" ]; From 08e8ac2b217a39d36d6104fd872a3e31ad88d026 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:27:07 -0600 Subject: [PATCH 12/17] conditionals on users --- hosts/h001/mods/nixarr.nix | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/h001/mods/nixarr.nix b/hosts/h001/mods/nixarr.nix index 1fc1b585..995e1dce 100644 --- a/hosts/h001/mods/nixarr.nix +++ b/hosts/h001/mods/nixarr.nix @@ -15,29 +15,29 @@ in config = { users.groups.media.gid = lib.mkForce 2000; - # Make sure all media services can write to NFS mediaDir. - users.users.sonarr.extraGroups = lib.mkAfter [ "media" ]; - users.users.radarr.extraGroups = lib.mkAfter [ "media" ]; - users.users.bazarr.extraGroups = lib.mkAfter [ "media" ]; - users.users.prowlarr.extraGroups = lib.mkAfter [ "media" ]; - users.users.lidarr.extraGroups = lib.mkAfter [ "media" ]; - users.users.jellyfin.extraGroups = lib.mkAfter [ "media" ]; - users.users.jellyseerr.extraGroups = lib.mkAfter [ "media" ]; - users.users.sabnzbd.extraGroups = lib.mkAfter [ "media" ]; - users.users.transmission.extraGroups = lib.mkAfter [ "media" ]; + # Make sure enabled media services can write to the NFS mediaDir. + users.users.sonarr.extraGroups = lib.mkIf config.nixarr.sonarr.enable (lib.mkAfter [ "media" ]); + users.users.radarr.extraGroups = lib.mkIf config.nixarr.radarr.enable (lib.mkAfter [ "media" ]); + users.users.bazarr.extraGroups = lib.mkIf config.nixarr.bazarr.enable (lib.mkAfter [ "media" ]); + users.users.prowlarr.extraGroups = lib.mkIf config.nixarr.prowlarr.enable (lib.mkAfter [ "media" ]); + users.users.lidarr.extraGroups = lib.mkIf config.nixarr.lidarr.enable (lib.mkAfter [ "media" ]); + users.users.jellyfin.extraGroups = lib.mkIf config.nixarr.jellyfin.enable (lib.mkAfter [ "media" ]); + users.users.jellyseerr.extraGroups = lib.mkIf config.nixarr.jellyseerr.enable (lib.mkAfter [ "media" ]); + users.users.sabnzbd.extraGroups = lib.mkIf config.nixarr.sabnzbd.enable (lib.mkAfter [ "media" ]); + users.users.transmission.extraGroups = lib.mkIf config.nixarr.transmission.enable (lib.mkAfter [ "media" ]); users.users.pinchflat.extraGroups = lib.mkAfter [ "media" ]; systemd.services.pinchflat.serviceConfig.UMask = "0002"; - systemd.services.sonarr.serviceConfig.UMask = "0002"; - systemd.services.radarr.serviceConfig.UMask = "0002"; - systemd.services.bazarr.serviceConfig.UMask = "0002"; - systemd.services.prowlarr.serviceConfig.UMask = "0002"; - systemd.services.lidarr.serviceConfig.UMask = "0002"; - systemd.services.jellyfin.serviceConfig.UMask = "0002"; - systemd.services.jellyseerr.serviceConfig.UMask = "0002"; - systemd.services.sabnzbd.serviceConfig.UMask = "0002"; - systemd.services.transmission.serviceConfig.UMask = "0002"; + systemd.services.sonarr.serviceConfig.UMask = lib.mkIf config.nixarr.sonarr.enable "0002"; + systemd.services.radarr.serviceConfig.UMask = lib.mkIf config.nixarr.radarr.enable "0002"; + systemd.services.bazarr.serviceConfig.UMask = lib.mkIf config.nixarr.bazarr.enable "0002"; + systemd.services.prowlarr.serviceConfig.UMask = lib.mkIf config.nixarr.prowlarr.enable "0002"; + systemd.services.lidarr.serviceConfig.UMask = lib.mkIf config.nixarr.lidarr.enable "0002"; + systemd.services.jellyfin.serviceConfig.UMask = lib.mkIf config.nixarr.jellyfin.enable "0002"; + systemd.services.jellyseerr.serviceConfig.UMask = lib.mkIf config.nixarr.jellyseerr.enable "0002"; + systemd.services.sabnzbd.serviceConfig.UMask = lib.mkIf config.nixarr.sabnzbd.enable "0002"; + systemd.services.transmission.serviceConfig.UMask = lib.mkIf config.nixarr.transmission.enable "0002"; nixarr = { enable = true; From a321a55f4f180cf2c04965c1791df0256b2c338b Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 11:43:50 -0600 Subject: [PATCH 13/17] update h002 --- hosts/h002/flake.lock | 159 +++++++++++++++++++++--------------------- 1 file changed, 80 insertions(+), 79 deletions(-) diff --git a/hosts/h002/flake.lock b/hosts/h002/flake.lock index ce89d194..6d195dd5 100644 --- a/hosts/h002/flake.lock +++ b/hosts/h002/flake.lock @@ -31,11 +31,11 @@ }, "locked": { "dir": "flakes/beszel", - "lastModified": 1766960535, - "narHash": "sha256-t9xcmWlc2kB1wcKH4V9OMQoQYoMS4pDK/TLOGmmohf8=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "a76b100f6eae86dbcb9327fece4ee03bebe5410a", - "revCount": 974, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -64,11 +64,11 @@ "common": { "locked": { "dir": "flakes/common", - "lastModified": 1767040959, - "narHash": "sha256-YZyIBq1N0iRMN+R/LGNLmmkSmimer6MMysP032xC3C8=", + "lastModified": 1767201116, + "narHash": "sha256-7TY7SqMveHel8tPQ96+rpLimpb39xsCLScI1M/i87Fg=", "ref": "refs/heads/master", - "rev": "d4f62bef186fd1a16510854754f5b328c3e4cab8", - "revCount": 993, + "rev": "df184b40e0b8cf33078bc622fdf8a852955f279a", + "revCount": 1018, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -140,11 +140,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1765979862, - "narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=", + "lastModified": 1767024057, + "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=", "owner": "rycee", "repo": "home-manager", - "rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9", + "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765762245, - "narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=", + "lastModified": 1766736597, + "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d", + "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765838191, - "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", + "lastModified": 1767047869, + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", "type": "github" }, "original": { @@ -211,15 +211,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1764776358, - "narHash": "sha256-MxXSCRiV7DI5U3Ra1UxVJTTUyKsONAE8+8QdSXsGIhA=", + "lastModified": 1766309749, + "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0b8cec1eb2241336971009cdd4af641b930d0d97", + "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -259,11 +260,11 @@ "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": { "flake": false, "locked": { - "lastModified": 1763599441, - "narHash": "sha256-RwCQQfgQIQITVSJSX+QOSIOChT7E2AXdIwfU07S9GaU=", + "lastModified": 1766398838, + "narHash": "sha256-pO+bnwywDmhEpmU3Zw2VCAT8uLEgRlpHcAfW9NwqWis=", "owner": "CopilotC-Nvim", "repo": "CopilotChat.nvim", - "rev": "df5376c132382dd47e3e552612940cbf25b3580c", + "rev": "ed94e56ee8292f5df351e17709ff4b178ca84200", "type": "github" }, "original": { @@ -307,11 +308,11 @@ "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { "flake": false, "locked": { - "lastModified": 1764732647, - "narHash": "sha256-jya61X22LbcT4hpeio3qE/oOI/lvqKpf09oGEHHvQdA=", + "lastModified": 1765914395, + "narHash": "sha256-A7pm8sBQWsZl3Kc7JBh3gBUyKb6GfJ5J0zfn3mSGjKs=", "owner": "MeanderingProgrammer", "repo": "render-markdown.nvim", - "rev": "b2b135347e299ffbf7f4123fb7811899b0c9f4b8", + "rev": "07d088bf8bdadd159eb807b90eaee86a4778383f", "type": "github" }, "original": { @@ -387,11 +388,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1764655248, - "narHash": "sha256-9nUBzwbMkzLySMW/Y0EkFpvFgHeW5YDQ3J3moVQarjQ=", + "lastModified": 1766167236, + "narHash": "sha256-+Z1foMyKMxyMmYqmyu1KWiyL4Fc0Zm2SYV7RoZ9Ut2I=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "e9c00ea7813006dfa29f35c174f83f0184d45a93", + "rev": "8b92ea89835b8e5dbc779a675ebb0e5fcb9a1993", "type": "github" }, "original": { @@ -403,11 +404,11 @@ "nvim_plugin-catppuccin/nvim": { "flake": false, "locked": { - "lastModified": 1764084803, - "narHash": "sha256-ds+Rm9H00s++RC1dH4OQpCg1FXSm4HuwDGzr4ah0YBU=", + "lastModified": 1765701669, + "narHash": "sha256-8GKpGGdeBwxuMrheojyl162CzUntRcq9AktQVmKbpuI=", "owner": "catppuccin", "repo": "nvim", - "rev": "ce4a8e0d5267e67056f9f4dcf6cb1d0933c8ca00", + "rev": "ce8d176faa4643e026e597ae3c31db59b63cef09", "type": "github" }, "original": { @@ -419,11 +420,11 @@ "nvim_plugin-chrisgrieser/nvim-early-retirement": { "flake": false, "locked": { - "lastModified": 1764104935, - "narHash": "sha256-mvs0uIoxidy3jfC6oymwhaZVRbJrW+/kuMcIpR8TI6M=", + "lastModified": 1766186911, + "narHash": "sha256-COYpFOZTMGpZVfSJFMix/6TM5Eeemngcx1iukMa2nDE=", "owner": "chrisgrieser", "repo": "nvim-early-retirement", - "rev": "cd29cf40af7473530a8598245ba1d348fd5e1fa0", + "rev": "86edd80026e4eea2cef7d1e5dadcf34432e6098d", "type": "github" }, "original": { @@ -451,11 +452,11 @@ "nvim_plugin-folke/lazy.nvim": { "flake": false, "locked": { - "lastModified": 1762421181, - "narHash": "sha256-h5404njTAfqMJFQ3MAr2PWSbV81eS4aIs0cxAXkT0EM=", + "lastModified": 1765971162, + "narHash": "sha256-5A4kducPwKb5fKX4oSUFvo898P0dqfsqqLxFaXBsbQY=", "owner": "folke", "repo": "lazy.nvim", - "rev": "85c7ff3711b730b4030d03144f6db6375044ae82", + "rev": "306a05526ada86a7b30af95c5cc81ffba93fef97", "type": "github" }, "original": { @@ -563,11 +564,11 @@ "nvim_plugin-j-hui/fidget.nvim": { "flake": false, "locked": { - "lastModified": 1761243883, - "narHash": "sha256-XXTeJweQRIsC/WFhFxFbepOETV8e5Wfmh513su2Wve0=", + "lastModified": 1766143069, + "narHash": "sha256-uy2Z6vn9UYDN7Dr7iuiTrualRQdmUT0dwHP/eZXA/uA=", "owner": "j-hui", "repo": "fidget.nvim", - "rev": "e32b672d8fd343f9d6a76944fedb8c61d7d8111a", + "rev": "64463022a1f2ff1318ab22a2ea4125ed9313a483", "type": "github" }, "original": { @@ -675,11 +676,11 @@ "nvim_plugin-mfussenegger/nvim-lint": { "flake": false, "locked": { - "lastModified": 1763729870, - "narHash": "sha256-9fIZPUZhnQEHJtvboCs+A2QXo4UMTFejuHNagDkfkRk=", + "lastModified": 1766127989, + "narHash": "sha256-ysIoJ8uMAHu/OCemQ3yUYMhKIVnSDLQCvJH0SaGIOK4=", "owner": "mfussenegger", "repo": "nvim-lint", - "rev": "d1118791070d090777398792a73032a0ca5c79ff", + "rev": "7a64f4067065c16a355d40d0d599b8ca6b25de6d", "type": "github" }, "original": { @@ -691,11 +692,11 @@ "nvim_plugin-mrcjkb/rustaceanvim": { "flake": false, "locked": { - "lastModified": 1764542305, - "narHash": "sha256-t7xAQ9sczLyA1zODmD+nEuWuLnhrfSOoPu/4G/YTGdU=", + "lastModified": 1766276825, + "narHash": "sha256-dcXnh5SYPh1VRctTuCnuVPKFQuAI4XEvQasolCOv+Xw=", "owner": "mrcjkb", "repo": "rustaceanvim", - "rev": "6c3785d6a230bec63f70c98bf8e2842bed924245", + "rev": "0fa0462a2d6c9629e0bd03d1902e6a1472ceac3e", "type": "github" }, "original": { @@ -707,11 +708,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1764477618, - "narHash": "sha256-IpVDEOr//Jy+r3Z5Qo8nxDa3fNO+BTBKzAmbqvxtCQE=", + "lastModified": 1766443238, + "narHash": "sha256-P95gPOwJ+rRofLb8iV5UOnh26to1I3sFrWGlGxHyz1M=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "effe4bf2e1afb881ea67291c648b68dd3dfc927a", + "rev": "b34c08e0ea22bac67798f00238318fd16bd99b7c", "type": "github" }, "original": { @@ -819,11 +820,11 @@ "nvim_plugin-nvim-telescope/telescope.nvim": { "flake": false, "locked": { - "lastModified": 1764418954, - "narHash": "sha256-e6XSJRv4KB0z+nzGWmlV/YZNwWsyrrpQTloePRKWmw4=", + "lastModified": 1766268405, + "narHash": "sha256-O1rUiVKpDSvKMkZMFaEd8/ACcSgO/lfa1+Hc8uHbFOI=", "owner": "nvim-telescope", "repo": "telescope.nvim", - "rev": "e69b434b968a33815e2f02a5c7bd7b8dd4c7d4b2", + "rev": "e709d31454ee6e6157f0537f861f797bd44c0bad", "type": "github" }, "original": { @@ -835,11 +836,11 @@ "nvim_plugin-nvim-tree/nvim-tree.lua": { "flake": false, "locked": { - "lastModified": 1764713359, - "narHash": "sha256-dSaO5esPKj1y4vNyLb3AK9egmFJsmWxkGOT+etJsbRA=", + "lastModified": 1766192360, + "narHash": "sha256-Br+r9f/2o0AkewnGm7kFNfl3uYm1Akkklof0Sm5AL2M=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "59088b96a32ea47caf4976e164dbd88b86447fb7", + "rev": "b8b44b6a2494d086a9177251a119f9daec6cace8", "type": "github" }, "original": { @@ -851,11 +852,11 @@ "nvim_plugin-nvim-tree/nvim-web-devicons": { "flake": false, "locked": { - "lastModified": 1761440007, - "narHash": "sha256-klBjUtj0AvarN5a6O8Hh2t5BuOTe/m3ps2cHnlxVJvE=", + "lastModified": 1766287594, + "narHash": "sha256-ZdFRd0//C0Lle4cYIoAHBdz/yvQqmeylLNwvSifaWm4=", "owner": "nvim-tree", "repo": "nvim-web-devicons", - "rev": "8dcb311b0c92d460fac00eac706abd43d94d68af", + "rev": "6788013bb9cb784e606ada44206b0e755e4323d7", "type": "github" }, "original": { @@ -867,11 +868,11 @@ "nvim_plugin-nvim-treesitter/nvim-treesitter-context": { "flake": false, "locked": { - "lastModified": 1762769683, - "narHash": "sha256-ICwAUXKngSPsJ6VV+84KUPqtAwlGPrm4FIf9ioisiz8=", + "lastModified": 1765030629, + "narHash": "sha256-3NtwOA9d2ezLoo7qnzKAr6gwEdcpUqLc7ou4QI+9rDY=", "owner": "nvim-treesitter", "repo": "nvim-treesitter-context", - "rev": "660861b1849256398f70450afdf93908d28dc945", + "rev": "64dd4cf3f6fd0ab17622c5ce15c91fc539c3f24a", "type": "github" }, "original": { @@ -979,11 +980,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1764743081, - "narHash": "sha256-qCjrMt3fsRbLr/iM7nFHG7oKtyTTGcse4/cJbm3odJE=", + "lastModified": 1766346125, + "narHash": "sha256-Pp4bGTlZEqxHoHqVCEekDdg2jvNayxAuBReK4HJ6yGg=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "ffe26e8df8115c9665d24231f8a49fadb2d611ce", + "rev": "5420c4b5ea0aeb99c09cfbd4fd0b70d257b44f25", "type": "github" }, "original": { @@ -1091,11 +1092,11 @@ "nvim_plugin-zbirenbaum/copilot.lua": { "flake": false, "locked": { - "lastModified": 1764638966, - "narHash": "sha256-wQ6SfAunVMd5tNeM7RMvrfPC2ELRibyEQboVQlU/fBs=", + "lastModified": 1766207702, + "narHash": "sha256-879050VUJpWBrHxUA3hRpcYbn3KgBGpVpKLdSVOwbIA=", "owner": "zbirenbaum", "repo": "copilot.lua", - "rev": "881f99b827d65b41f522eecc21b112cf518028ac", + "rev": "e78d1ffebdf6ccb6fd8be4e6898030c1cf5f9b64", "type": "github" }, "original": { @@ -1196,11 +1197,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1765641080, - "narHash": "sha256-AyPi7rZVfjTjQrhPHP+ugpVY8tcUzF3Lw1RjACuxAms=", + "lastModified": 1767195473, + "narHash": "sha256-xL3DZSWiNSvW58LsJwFIpQ9i3Vs5uaYUjbL60rpFxPk=", "ref": "refs/heads/master", - "rev": "224ad4e3ecd9421c7469c4f06ff5faf7f6e8bedb", - "revCount": 325, + "rev": "88e86b5a7d40697ade905f534dcd5372a67b8102", + "revCount": 328, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, @@ -1217,11 +1218,11 @@ ] }, "locked": { - "lastModified": 1764729618, - "narHash": "sha256-z4RA80HCWv2los1KD346c+PwNPzMl79qgl7bCVgz8X0=", + "lastModified": 1766457837, + "narHash": "sha256-aeBbkQ0HPFNOIsUeEsXmZHXbYq4bG8ipT9JRlCcKHgU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "52764074a85145d5001bf0aa30cb71936e9ad5b8", + "rev": "2c7510a559416d07242621d036847152d970612b", "type": "github" }, "original": { @@ -1258,11 +1259,11 @@ }, "locked": { "dir": "flakes/secrets", - "lastModified": 1766960535, - "narHash": "sha256-t9xcmWlc2kB1wcKH4V9OMQoQYoMS4pDK/TLOGmmohf8=", + "lastModified": 1767199996, + "narHash": "sha256-+QX8YguilhZBVvu80QZh/NDK18EWCiebo5MEgytncZQ=", "ref": "refs/heads/master", - "rev": "a76b100f6eae86dbcb9327fece4ee03bebe5410a", - "revCount": 974, + "rev": "23b9b9c00465c35baa19fe386c776df60fb10c0f", + "revCount": 1015, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, From 4499673d46239914a7a731cc9512687d6dfac971 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 12:18:33 -0600 Subject: [PATCH 14/17] try to fix perms, use nixarr values --- hosts/h001/mods/nixarr.nix | 27 +-- hosts/h001/mods/pinchflat.nix | 22 ++- hosts/h002/flake.nix | 4 + hosts/h002/nfs-data-users-nixarr.nix | 242 +++++++++++++++++++++++++++ hosts/h002/nfs-data.nix | 14 -- 5 files changed, 262 insertions(+), 47 deletions(-) create mode 100644 hosts/h002/nfs-data-users-nixarr.nix diff --git a/hosts/h001/mods/nixarr.nix b/hosts/h001/mods/nixarr.nix index 995e1dce..e776b426 100644 --- a/hosts/h001/mods/nixarr.nix +++ b/hosts/h001/mods/nixarr.nix @@ -13,32 +13,6 @@ let in { config = { - users.groups.media.gid = lib.mkForce 2000; - - # Make sure enabled media services can write to the NFS mediaDir. - users.users.sonarr.extraGroups = lib.mkIf config.nixarr.sonarr.enable (lib.mkAfter [ "media" ]); - users.users.radarr.extraGroups = lib.mkIf config.nixarr.radarr.enable (lib.mkAfter [ "media" ]); - users.users.bazarr.extraGroups = lib.mkIf config.nixarr.bazarr.enable (lib.mkAfter [ "media" ]); - users.users.prowlarr.extraGroups = lib.mkIf config.nixarr.prowlarr.enable (lib.mkAfter [ "media" ]); - users.users.lidarr.extraGroups = lib.mkIf config.nixarr.lidarr.enable (lib.mkAfter [ "media" ]); - users.users.jellyfin.extraGroups = lib.mkIf config.nixarr.jellyfin.enable (lib.mkAfter [ "media" ]); - users.users.jellyseerr.extraGroups = lib.mkIf config.nixarr.jellyseerr.enable (lib.mkAfter [ "media" ]); - users.users.sabnzbd.extraGroups = lib.mkIf config.nixarr.sabnzbd.enable (lib.mkAfter [ "media" ]); - users.users.transmission.extraGroups = lib.mkIf config.nixarr.transmission.enable (lib.mkAfter [ "media" ]); - - users.users.pinchflat.extraGroups = lib.mkAfter [ "media" ]; - systemd.services.pinchflat.serviceConfig.UMask = "0002"; - - systemd.services.sonarr.serviceConfig.UMask = lib.mkIf config.nixarr.sonarr.enable "0002"; - systemd.services.radarr.serviceConfig.UMask = lib.mkIf config.nixarr.radarr.enable "0002"; - systemd.services.bazarr.serviceConfig.UMask = lib.mkIf config.nixarr.bazarr.enable "0002"; - systemd.services.prowlarr.serviceConfig.UMask = lib.mkIf config.nixarr.prowlarr.enable "0002"; - systemd.services.lidarr.serviceConfig.UMask = lib.mkIf config.nixarr.lidarr.enable "0002"; - systemd.services.jellyfin.serviceConfig.UMask = lib.mkIf config.nixarr.jellyfin.enable "0002"; - systemd.services.jellyseerr.serviceConfig.UMask = lib.mkIf config.nixarr.jellyseerr.enable "0002"; - systemd.services.sabnzbd.serviceConfig.UMask = lib.mkIf config.nixarr.sabnzbd.enable "0002"; - systemd.services.transmission.serviceConfig.UMask = lib.mkIf config.nixarr.transmission.enable "0002"; - nixarr = { enable = true; # mediaDir = "/drives/wd10/nixarr/media"; @@ -104,3 +78,4 @@ in }; }; } + diff --git a/hosts/h001/mods/pinchflat.nix b/hosts/h001/mods/pinchflat.nix index e2faa4f2..4a5a9c67 100644 --- a/hosts/h001/mods/pinchflat.nix +++ b/hosts/h001/mods/pinchflat.nix @@ -12,6 +12,9 @@ let inherit (pkgs) system; config.allowUnfree = true; }; + + gid = 186; + uid = 186; in { disabledModules = [ declaration ]; @@ -29,17 +32,23 @@ in }; }; - users.users.pinchflat.isSystemUser = true; - users.users.pinchflat.group = "pinchflat"; - users.users.pinchflat.extraGroups = lib.mkAfter [ - "media" + users = { + groups.pinchflat.gid = gid; + users.pinchflat = { + isSystemUser = true; + group = "pinchflat"; + uid = uid; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${config.services.pinchflat.mediaDir}' 0775 pinchflat pinchflat - -" ]; - users.groups.pinchflat = { }; + systemd.services.pinchflat.serviceConfig = { DynamicUser = lib.mkForce false; User = "pinchflat"; Group = "pinchflat"; - UMask = "0002"; }; # Use Nixarr vpn @@ -54,7 +63,6 @@ in } ]; - services.nginx = { virtualHosts = { "pinchflat" = { diff --git a/hosts/h002/flake.nix b/hosts/h002/flake.nix index 75620a84..58fbe636 100644 --- a/hosts/h002/flake.nix +++ b/hosts/h002/flake.nix @@ -10,6 +10,8 @@ beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; + + nixarr.url = "github:rasmus-kirk/nixarr"; }; outputs = @@ -70,8 +72,10 @@ }; }) + inputs.nixarr.nixosModules.default ./hardware-configuration.nix ./nfs-data.nix + ./nfs-data-users-nixarr.nix ( { config, diff --git a/hosts/h002/nfs-data-users-nixarr.nix b/hosts/h002/nfs-data-users-nixarr.nix new file mode 100644 index 00000000..fcc912fb --- /dev/null +++ b/hosts/h002/nfs-data-users-nixarr.nix @@ -0,0 +1,242 @@ +{ lib, config, ... }: +# This file sets up perms for MEDIA only (not state dirs) on this system since we are running nixarr on another host but NFS mounting the data drive from here. +let + globals = config.util-nixarr.globals; + nixarr = { + mediaDir = "/data/nixarr/media"; + }; + + pinchflatMediaDir = "/data/pinchflat/media"; + pinchflat = true; + pinchflatId = 186; + + # Matches up to my h001/mods/nixarr|pinchflat.nix files + audiobookshelf = false; + jellyfin = true; + komga = false; + lidarr = false; + plex = false; + radarr = true; + readarr-audiobook = false; + readarr = false; + sabnzbd = true; + sonarr = true; + transmission = true; + whisparr = false; +in +lib.mkMerge [ + (lib.mkIf pinchflat { + users = { + groups.pinchflat.gid = pinchflatId; + users.pinchflat = { + isSystemUser = true; + group = "pinchflat"; + uid = pinchflatId; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${pinchflatMediaDir}' 0775 pinchflat pinchflat - -" + ]; + }) + (lib.mkIf audiobookshelf { + users = { + groups.${globals.audiobookshelf.group}.gid = globals.gids.${globals.audiobookshelf.group}; + users.${globals.audiobookshelf.user} = { + isSystemUser = true; + group = globals.audiobookshelf.group; + uid = globals.uids.${globals.audiobookshelf.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/podcasts' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf jellyfin { + users = { + groups.${globals.jellyfin.group}.gid = globals.gids.${globals.jellyfin.group}; + users.${globals.jellyfin.user} = { + isSystemUser = true; + group = globals.jellyfin.group; + uid = globals.uids.${globals.jellyfin.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf komga { + users = { + groups.${globals.komga.group}.gid = globals.gids.${globals.komga.group}; + users.${globals.komga.user} = { + isSystemUser = true; + group = globals.komga.group; + uid = globals.uids.${globals.komga.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf lidarr { + users = { + groups.${globals.lidarr.group}.gid = globals.gids.${globals.lidarr.group}; + users.${globals.lidarr.user} = { + isSystemUser = true; + group = globals.lidarr.group; + uid = globals.uids.${globals.lidarr.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf plex { + users = { + groups.${globals.plex.group}.gid = globals.gids.${globals.plex.group}; + users.${globals.plex.user} = { + isSystemUser = true; + group = globals.plex.group; + uid = globals.uids.${globals.plex.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf radarr { + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + + users = { + groups.${globals.radarr.group}.gid = globals.gids.${globals.radarr.group}; + users.${globals.radarr.user} = { + isSystemUser = true; + group = globals.radarr.group; + uid = globals.uids.${globals.radarr.user}; + }; + }; + }) + (lib.mkIf readarr-audiobook { + users = { + groups.${globals.readarr-audiobook.group}.gid = globals.gids.${globals.readarr-audiobook.group}; + users.${globals.readarr-audiobook.user} = { + isSystemUser = true; + group = globals.readarr-audiobook.group; + uid = globals.uids.${globals.readarr-audiobook.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf readarr { + users = { + groups.${globals.readarr.group}.gid = globals.gids.${globals.readarr.group}; + users.${globals.readarr.user} = { + isSystemUser = true; + group = globals.readarr.group; + uid = globals.uids.${globals.readarr.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf sabnzbd { + users = { + groups.${globals.sabnzbd.group}.gid = globals.gids.${globals.sabnzbd.group}; + users.${globals.sabnzbd.user} = { + isSystemUser = true; + group = globals.sabnzbd.group; + uid = globals.uids.${globals.sabnzbd.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/usenet' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/.incomplete' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/.watch' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/manual' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/lidarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/radarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/sonarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + "d '${nixarr.mediaDir}/usenet/readarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -" + ]; + }) + (lib.mkIf sonarr { + users = { + groups.${globals.sonarr.group}.gid = globals.gids.${globals.sonarr.group}; + users.${globals.sonarr.user} = { + isSystemUser = true; + group = globals.sonarr.group; + uid = globals.uids.${globals.sonarr.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) + (lib.mkIf transmission { + users = { + groups.${globals.transmission.group}.gid = globals.gids.${globals.transmission.group}; + users.${globals.transmission.user} = { + isSystemUser = true; + group = globals.transmission.group; + uid = globals.uids.${globals.transmission.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/torrents' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/.incomplete' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/.watch' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/manual' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/lidarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/radarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/sonarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + "d '${nixarr.mediaDir}/torrents/readarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -" + ]; + }) + (lib.mkIf whisparr { + users = { + groups.${globals.whisparr.group}.gid = globals.gids.${globals.whisparr.group}; + users.${globals.whisparr.user} = { + isSystemUser = true; + group = globals.whisparr.group; + uid = globals.uids.${globals.whisparr.user}; + }; + }; + + systemd.tmpfiles.rules = [ + "d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + "d '${nixarr.mediaDir}/library/xxx' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" + ]; + }) +] diff --git a/hosts/h002/nfs-data.nix b/hosts/h002/nfs-data.nix index 61f98b09..7bcd43b2 100644 --- a/hosts/h002/nfs-data.nix +++ b/hosts/h002/nfs-data.nix @@ -6,20 +6,6 @@ }: lib.mkMerge [ ({ - users.groups.media = { - gid = 2000; - }; - - # Keep exported paths group-writable for media services. - # `2` (setgid) makes new files inherit group `media`. - systemd.tmpfiles.rules = [ - "d /data/nixarr 2775 root media - -" - "d /data/nixarr/media 2775 root media - -" - "d /data/pinchflat 2775 root media - -" - "d /data/pinchflat/media 2775 root media - -" - ]; - - services.nfs.server = { enable = true; exports = '' From 18d5bc95f4631f02c5f081615527151272bb1261 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 12:28:20 -0600 Subject: [PATCH 15/17] update and fix all perms --- hosts/h001/flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index a39f8264..b2fbaaf9 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -80,11 +80,11 @@ "common": { "locked": { "dir": "flakes/common", - "lastModified": 1767041053, - "narHash": "sha256-lWHud2uIyG9gycStWMSgK3Xlr0MtfUPhbfrztOxuBTI=", + "lastModified": 1767201689, + "narHash": "sha256-Pwo17S0ryXIrWK96LgS7kuP5dpIs7tq0SagCFncp/Nc=", "ref": "refs/heads/master", - "rev": "fd3bb24e4a0c366958c47fccc19d8738408be76d", - "revCount": 996, + "rev": "c4d5d8c1f88679a64a96756368b61b4e1ba1c6d2", + "revCount": 1020, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, From 6cf74d7c16456c2e23f19bd653a279cf86c2901f Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 14:19:57 -0600 Subject: [PATCH 16/17] h002 --- hosts/h002/nfs-data-users-nixarr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/h002/nfs-data-users-nixarr.nix b/hosts/h002/nfs-data-users-nixarr.nix index fcc912fb..d7a65f35 100644 --- a/hosts/h002/nfs-data-users-nixarr.nix +++ b/hosts/h002/nfs-data-users-nixarr.nix @@ -36,7 +36,7 @@ lib.mkMerge [ }; systemd.tmpfiles.rules = [ - "d '${pinchflatMediaDir}' 0775 pinchflat pinchflat - -" + "d '${pinchflatMediaDir}' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -" ]; }) (lib.mkIf audiobookshelf { From 841aaf49681cbe8414fc45afec092c8a68683510 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 31 Dec 2025 14:47:15 -0600 Subject: [PATCH 17/17] updates --- hosts/h002/flake.lock | 83 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 5 deletions(-) diff --git a/hosts/h002/flake.lock b/hosts/h002/flake.lock index 6d195dd5..24870a38 100644 --- a/hosts/h002/flake.lock +++ b/hosts/h002/flake.lock @@ -177,6 +177,26 @@ "type": "github" } }, + "nixarr": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "vpnconfinement": "vpnconfinement", + "website-builder": "website-builder" + }, + "locked": { + "lastModified": 1765731404, + "narHash": "sha256-eIEh60iK0L4X7UHj7dOZWZEkmWRA1H7ovjVJsfrPavQ=", + "owner": "rasmus-kirk", + "repo": "nixarr", + "rev": "204da9209ad4e921c3562a6bca5ac8ad5b6ed9bc", + "type": "github" + }, + "original": { + "owner": "rasmus-kirk", + "repo": "nixarr", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1766736597, @@ -194,6 +214,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1767047869, "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", @@ -209,7 +245,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1766309749, "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", @@ -225,7 +261,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1761672384, "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", @@ -1110,7 +1146,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -1132,14 +1168,15 @@ "beszel": "beszel", "common": "common", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2", + "nixarr": "nixarr", + "nixpkgs": "nixpkgs_3", "ros_neovim": "ros_neovim", "secrets": "secrets" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1302,6 +1339,42 @@ "repo": "default", "type": "github" } + }, + "vpnconfinement": { + "locked": { + "lastModified": 1765634578, + "narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=", + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a", + "type": "github" + }, + "original": { + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "type": "github" + } + }, + "website-builder": { + "inputs": { + "nixpkgs": [ + "nixarr", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753958235, + "narHash": "sha256-Rd27XQJKv8Z4BCr3gdbaHFd0TmumiGxdjGRzsEf/mOg=", + "owner": "rasmus-kirk", + "repo": "website-builder", + "rev": "00a14b7ae7baef2197978ba7c3fe72dfca7bc475", + "type": "github" + }, + "original": { + "owner": "rasmus-kirk", + "repo": "website-builder", + "type": "github" + } } }, "root": "root",