weilite/media: add group "media"

machines/weilite/default.nix

@@ -12,6 +12,13 @@
     ./services
   ];
 
+  options = {
+    node = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+    };
+  };
+
   config = {
     networking.hostName = "weilite";
     commonSettings = {
@@ -21,6 +28,9 @@
       };
       comin.enable = true;
     };
+    node = {
+      mediaDir = "/mnt/nixos/media";
+    };
 
     boot = {
       loader = {
@@ -123,13 +133,6 @@
         after = [ "mnt-nixos.mount" ];
         wantedBy = [ "immich-server.service" ];
       }
-      {
-        what = "/mnt/nixos/media";
-        where = "/var/lib/jellyfin/media";
-        options = "bind";
-        after = [ "mnt-nixos.mount" ];
-        wantedBy = [ "jellyfin.service" ];
-      }
     ];
 
     hardware.graphics = {

machines/weilite/services/jellyfin.nix

@@ -1,7 +1,16 @@
 { config, pkgs, ... }:
+let
+  cfg = config.services.jellyfin;
+in
 {
   services.jellyfin.enable = true;
 
+  systemd.services.jellyfin.serviceConfig = {
+    BindReadOnlyPaths = [
+      "/mnt/nixos/media:${cfg.dataDir}/media"
+    ];
+  };
+
   environment.systemPackages = with pkgs; [
     jellyfin
     jellyfin-web
@@ -12,4 +21,5 @@
   '';
   networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
   users.users.jellyfin.extraGroups = [ "render" ];
+  users.groups.media.members = [ cfg.user ];
 }

machines/weilite/services/media-download.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
   services.jackett = {
     enable = true;
@@ -27,4 +27,9 @@
   services.radarr = {
     enable = true;
   };
+
+  users.groups.media.members = [
+    config.services.sonarr.user
+    config.services.radarr.user
+  ];
 }

machines/weilite/services/transmission.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   cfg = config.services.transmission;
 in
@@ -15,13 +15,14 @@ in
 
   services.transmission = {
     enable = true;
+    package = pkgs.transmission_4;
     openPeerPorts = true;
     credentialsFile = config.sops.templates."transmission-cred.json".path;
     settings = {
       download-dir = "/mnt/nixos/media";
       incomplete-dir = "/mnt/nixos/transmission/incomplete";
       alt-speed-down = 40960;
-      alt-speed-enabled = false;
+      alt-speed-enabled = true;
       alt-speed-time-begin = 60;
       alt-speed-time-day = 127;
       alt-speed-time-enabled = true;
@@ -30,16 +31,16 @@ in
       bind-address-ipv4 = "0.0.0.0";
       bind-address-ipv6 = "::";
       download-queue-enabled = true;
-      download-queue-size = 5;
+      download-queue-size = 10;
       incomplete-dir-enabled = true;
       lpd-enabled = false;
-      message-level = 2;
+      message-level = 4;
       peer-congestion-algorithm = "";
       peer-id-ttl-hours = 6;
       peer-limit-global = 200;
       peer-limit-per-torrent = 50;
       peer-port = 51413;
-      peer-socket-tos = "cs2";
+      peer-socket-tos = "cs1";
       pex-enabled = true;
       preallocation = 1;
       prefetch-enabled = true;
@@ -64,4 +65,5 @@ in
     reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port}
   '';
   networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan
+  users.groups.media.members = [ cfg.user ];
 }