weilite/media: add group "media"

2024-12-26 20:27:18 +08:00 · 2024-12-26 20:27:18 +08:00 · 6bf9d771a1
commit 6bf9d771a1
parent 408ea16f6d
4 changed files with 33 additions and 13 deletions
--- a/machines/weilite/default.nix
+++ b/machines/weilite/default.nix
@ -12,6 +12,13 @@
    ./services
  ];

+  options = {
+    node = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+    };
+  };
+
  config = {
    networking.hostName = "weilite";
    commonSettings = {
@ -21,6 +28,9 @@
      };
      comin.enable = true;
    };
+    node = {
+      mediaDir = "/mnt/nixos/media";
+    };

    boot = {
      loader = {
@ -123,13 +133,6 @@
        after = [ "mnt-nixos.mount" ];
        wantedBy = [ "immich-server.service" ];
      }
-      {
-        what = "/mnt/nixos/media";
-        where = "/var/lib/jellyfin/media";
-        options = "bind";
-        after = [ "mnt-nixos.mount" ];
-        wantedBy = [ "jellyfin.service" ];
-      }
    ];

    hardware.graphics = {
--- a/machines/weilite/services/jellyfin.nix
+++ b/machines/weilite/services/jellyfin.nix
@ -1,7 +1,16 @@
 { config, pkgs, ... }:
+let
+  cfg = config.services.jellyfin;
+in
 {
  services.jellyfin.enable = true;

+  systemd.services.jellyfin.serviceConfig = {
+    BindReadOnlyPaths = [
+      "/mnt/nixos/media:${cfg.dataDir}/media"
+    ];
+  };
+
  environment.systemPackages = with pkgs; [
    jellyfin
    jellyfin-web
@ -12,4 +21,5 @@
  '';
  networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
  users.users.jellyfin.extraGroups = [ "render" ];
+  users.groups.media.members = [ cfg.user ];
 }
--- a/machines/weilite/services/media-download.nix
+++ b/machines/weilite/services/media-download.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
  services.jackett = {
    enable = true;
@ -27,4 +27,9 @@
  services.radarr = {
    enable = true;
  };
+
+  users.groups.media.members = [
+    config.services.sonarr.user
+    config.services.radarr.user
+  ];
 }
--- a/machines/weilite/services/transmission.nix
+++ b/machines/weilite/services/transmission.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
  cfg = config.services.transmission;
 in
@ -15,13 +15,14 @@ in

  services.transmission = {
    enable = true;
+    package = pkgs.transmission_4;
    openPeerPorts = true;
    credentialsFile = config.sops.templates."transmission-cred.json".path;
    settings = {
      download-dir = "/mnt/nixos/media";
      incomplete-dir = "/mnt/nixos/transmission/incomplete";
      alt-speed-down = 40960;
-      alt-speed-enabled = false;
+      alt-speed-enabled = true;
      alt-speed-time-begin = 60;
      alt-speed-time-day = 127;
      alt-speed-time-enabled = true;
@ -30,16 +31,16 @@ in
      bind-address-ipv4 = "0.0.0.0";
      bind-address-ipv6 = "::";
      download-queue-enabled = true;
-      download-queue-size = 5;
+      download-queue-size = 10;
      incomplete-dir-enabled = true;
      lpd-enabled = false;
-      message-level = 2;
+      message-level = 4;
      peer-congestion-algorithm = "";
      peer-id-ttl-hours = 6;
      peer-limit-global = 200;
      peer-limit-per-torrent = 50;
      peer-port = 51413;
-      peer-socket-tos = "cs2";
+      peer-socket-tos = "cs1";
      pex-enabled = true;
      preallocation = 1;
      prefetch-enabled = true;
@ -64,4 +65,5 @@ in
    reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port}
  '';
  networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan
+  users.groups.media.members = [ cfg.user ];
 }