Rebase to flake parts #8

2026-05-08 21:48:22 -03:00
parent f98606dcce
commit 34b89af77f
30 changed files with 3567 additions and 1 deletions
@@ -0,0 +1,48 @@
+# Export large Jellyfin media trees to nix-server. Local path must already exist
+# (e.g. /mnt/test/jellyfin/{movies,tv}). On nix-server this is mounted at /mnt/nixdesk-jellyfin.
+#
+# After deploy: ensure Jellyfin can read files over NFS — typical fix:
+#   chmod -R a+rX /mnt/test/jellyfin
+{ ... }:
+{
+  # Avoid UID/GID mismatches across machines: map all NFS writes from nix-server to a single
+  # local system user/group on this server.
+  users.groups.nfsmedia = { gid = 990; };
+  users.users.nfsmedia = {
+    isSystemUser = true;
+    uid = 990;
+    group = "nfsmedia";
+  };
+
+  systemd.tmpfiles.settings."14900k-jellyfin-media-dirs" = {
+    "/mnt/test/jellyfin"."d" = { mode = "2775"; user = "nfsmedia"; group = "nfsmedia"; };
+    "/mnt/test/jellyfin/movies"."d" = { mode = "2775"; user = "nfsmedia"; group = "nfsmedia"; };
+    "/mnt/test/jellyfin/tv"."d" = { mode = "2775"; user = "nfsmedia"; group = "nfsmedia"; };
+  };
+
+  # Fixed ports so the firewall can allow NFS v3 helpers (see networking.firewall below).
+  services.nfs.server = {
+    enable = true;
+    mountdPort = 4000;
+    lockdPort = 4001;
+    statdPort = 4002;
+    exports = ''
+      /mnt/test/jellyfin 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=990,anongid=990)
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    111 # portmapper
+    2049
+    4000
+    4001
+    4002
+  ];
+  networking.firewall.allowedUDPPorts = [
+    111
+    2049
+    4000
+    4001
+    4002
+  ];
+}