chore(kyuuto): reorganize library

2026-02-09 04:19:19 -08:00 · 2024-02-13 16:56:44 -08:00 · 2024-02-13 16:56:44 -08:00 · e5a8540928
commit e5a8540928
parent f035c8227b
3 changed files with 66 additions and 17 deletions
--- a/nixos/kyuuto/mount.nix
+++ b/nixos/kyuuto/mount.nix
@ -5,6 +5,8 @@
 }: let
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.modules) mkIf mkMerge;
+  inherit (lib.strings) match concatStringsSep;
+  inherit (lib.lists) optional;
  cfg = config.kyuuto;
 in {
  options.kyuuto = with lib.types; {
@ -21,18 +23,41 @@ in {
      type = path;
      default = cfg.mountDir + "/transfer";
    };
+    shareDir = mkOption {
+      type = path;
+      default = cfg.mountDir + "/shared";
+    };
  };

  config = {
-    systemd.tmpfiles.rules = mkIf cfg.setup [
-      "d ${cfg.transferDir} 3775 guest kyuuto"
-      "d ${cfg.libraryDir} 3775 kat kyuuto"
-      "d ${cfg.libraryDir}/unsorted 3775 guest kyuuto"
-      "d ${cfg.libraryDir}/music 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/anime 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/tv 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/movies 7775 radarr kyuuto"
-    ];
+    systemd.tmpfiles.rules = let
+      isGroupWritable = mode: match "[375][0-7][76][0-7]" mode != null;
+      isOtherWritable = mode: match "[375][0-7][0-7][76]" mode != null;
+      mkKyuutoDir = {
+        path,
+        mode ? "3775",
+        owner ? "guest",
+        group ? "kyuuto",
+        acls ? optional (isGroupWritable mode) "default:group::rwx"
+          ++ optional (isOtherWritable mode) "default:other::rwx",
+      }: [
+        "d ${path} ${mode} ${owner} ${group}"
+      ] ++ optional (acls != [ ]) "a+ ${path} - - - - ${concatStringsSep "," acls}";
+    in mkIf cfg.setup (
+      mkKyuutoDir { path = cfg.transferDir; }
+      ++ mkKyuutoDir { path = cfg.shareDir; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/unsorted"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music"; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music/assorted"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music/collections"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/anime"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/tv"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/movies"; owner = "radarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/software"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/books"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/games"; }
+    );

    users = let
      mapId = id: if config.proxmoxLXC.privileged or true then 100000 + id else id;
--- a/nixos/kyuuto/samba.nix
+++ b/nixos/kyuuto/samba.nix
@ -11,6 +11,17 @@
  cfg = config.services.samba;
  localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
    ++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
+  kyuuto-media = {
+    path = kyuuto.mountDir;
+    comment = "Kyuuto Media";
+    writeable = true;
+    public = false;
+    "valid users" = [ "@kyuuto-peeps" ];
+    "acl group control" = true;
+    "create mask" = "0664";
+    "force directory mode" = "3000";
+    "directory mask" = "7775";
+  };
 in {
  services.samba = {
    usershare = {
@ -35,9 +46,9 @@ in {
        "force directory mode" = "3000";
        "directory mask" = "7775";
      };
-      kyuuto-access = {
+      kyuuto-library-access = {
        path = kyuuto.libraryDir;
-        comment = "Kyuuto Media Access";
+        comment = "Kyuuto Library Access";
        writeable = false;
        browseable = true;
        public = true;
@ -47,13 +58,26 @@ in {
        ];
        "hosts allow" = localAddrs;
      };
-      kyuuto-media = {
-        path = kyuuto.mountDir;
-        comment = "Kyuuto Media";
+      kyuuto-media = mkMerge [
+        kyuuto-media
+        {
+          browseable = true;
+          "hosts allow" = localAddrs;
+        }
+      ];
+      kyuuto-media-global = mkMerge [
+        kyuuto-media
+        {
+          browseable = false;
+        }
+      ];
+      shared = {
+        path = kyuuto.shareDir;
+        comment = "Shared Data";
        writeable = true;
-        browseable = true;
        public = false;
-        "valid users" = [ "@kyuuto-peeps" ];
+        browseable = false;
+        "valid users" = [ "@peeps" ];
        "acl group control" = true;
        "create mask" = "0664";
        "force directory mode" = "3000";
--- a/systems/mediabox/nixos.nix
+++ b/systems/mediabox/nixos.nix
@ -14,7 +14,7 @@
    "/mnt/Anime".hostPath = kyuuto.libraryDir + "/anime";
    "/mnt/Shows".hostPath = kyuuto.libraryDir + "/tv";
    "/mnt/Movies".hostPath = kyuuto.libraryDir + "/movies";
-    "/mnt/Music".hostPath = kyuuto.libraryDir + "/music";
+    "/mnt/Music".hostPath = kyuuto.libraryDir + "/music/assorted";
  };
 in {
  imports = let