home/kubernetes-deployments
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Fix GID of Jellyseerr

Browse source 
Run media containers with umask
This commit is contained in:
Pim Kunis 2025-01-06 12:58:02 +01:00
parent abb7a131bc
commit 9ae4ff3ca3
6 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/media.nix
View file

@ -142,8 +142,7 @@
securityContext = { securityContext = {
fsGroup = 51; fsGroup = 51;
# FIXME fsGroupChangePolicy = "OnRootMismatch";
fsGroupChangePolicy = "Always";
}; };
}; };
}; };
@ -193,7 +192,7 @@
securityContext = { securityContext = {
# TODO: don't hardcode this # TODO: don't hardcode this
fsGroup = 409; fsGroup = 51;
fsGroupChangePolicy = "OnRootMismatch"; fsGroupChangePolicy = "OnRootMismatch";
}; };
}; };

7
nixng-configurations/jellyseerr.nix
View file

@ -1,17 +1,20 @@
{ {
config, config,
lib,
nglib, nglib,
... ...
}: { }: {
dinit.enable = true; dinit.enable = true;
init.services.jellyseerr.shutdownOnExit = true; init.services.jellyseerr = {
shutdownOnExit = true;
group = lib.mkForce "media";
};
services.jellyseerr = { services.jellyseerr = {
enable = true; enable = true;
configDir = "/app/config"; configDir = "/app/config";
}; };
# TODO: should actually make this the main GID I think
users.groups.media = nglib.mkDefaultRec { users.groups.media = nglib.mkDefaultRec {
gid = config.ids.gids.media; gid = config.ids.gids.media;
members = ["jellyseerr"]; members = ["jellyseerr"];

1
nixng-modules/bazarr.nix
View file

@ -26,6 +26,7 @@ in {
group = lib.mkDefault "bazarr"; group = lib.mkDefault "bazarr";
script = pkgs.writeShellScript "bazarr-run" '' script = pkgs.writeShellScript "bazarr-run" ''
umask 0002
${lib.getExe cfg.package} \ ${lib.getExe cfg.package} \
--no-update \ --no-update \
--config '${cfg.configDir}' --config '${cfg.configDir}'

11
nixng-modules/jellyseerr.nix
View file

@ -34,7 +34,10 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
init.services.jellyseerr = { init.services.jellyseerr = {
enabled = true; enabled = true;
script = lib.getExe cfg.package; script = pkgs.writeShellScript "jellyseerr-run" ''
umask 0002
${lib.getExe cfg.package}
'';
user = lib.mkDefault "jellyseerr"; user = lib.mkDefault "jellyseerr";
group = lib.mkDefault "jellyseerr"; group = lib.mkDefault "jellyseerr";
}; };
@ -48,15 +51,15 @@ in {
}; };
}; };
users.users.${cfgInit.user} = nglib.mkDefaultRec { users.users.${cfgInit.user} = lib.mkIf (cfgInit.user == "jellyseerr") (nglib.mkDefaultRec {
description = "jellyseerr"; description = "jellyseerr";
group = cfgInit.group; group = cfgInit.group;
createHome = false; createHome = false;
home = "/var/empty"; home = "/var/empty";
useDefaultShell = true; useDefaultShell = true;
uid = config.ids.uids.jellyseerr; uid = config.ids.uids.jellyseerr;
}; });
users.groups.${cfgInit.group} = nglib.mkDefaultRec {gid = config.ids.gids.jellyseerr;}; users.groups.${cfgInit.group} = lib.mkIf (cfgInit.group == "jellyseerr") (nglib.mkDefaultRec {gid = config.ids.gids.jellyseerr;});
}; };
} }

1
nixng-modules/radarr.nix
View file

@ -26,6 +26,7 @@ in {
group = lib.mkDefault "radarr"; group = lib.mkDefault "radarr";
script = pkgs.writeShellScript "radarr-run.sh" '' script = pkgs.writeShellScript "radarr-run.sh" ''
umask 0002
${lib.getExe cfg.package} -nobrowser -data='${cfg.dataDir}' ${lib.getExe cfg.package} -nobrowser -data='${cfg.dataDir}'
''; '';
}; };

1
nixng-modules/sonarr.nix
View file

@ -26,6 +26,7 @@ in {
group = lib.mkDefault "sonarr"; group = lib.mkDefault "sonarr";
script = pkgs.writeShellScript "sonarr-run" '' script = pkgs.writeShellScript "sonarr-run" ''
umask 0002
${lib.getExe cfg.package} -nobrowser -data=${cfg.dataDir} ${lib.getExe cfg.package} -nobrowser -data=${cfg.dataDir}
''; '';
}; };