From e5a8540928bb9734201663ec232e4b1359aaa395 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Tue, 13 Feb 2024 16:56:44 -0800
Subject: [PATCH] chore(kyuuto): reorganize library

---
 nixos/kyuuto/mount.nix     | 43 ++++++++++++++++++++++++++++++--------
 nixos/kyuuto/samba.nix     | 38 ++++++++++++++++++++++++++-------
 systems/mediabox/nixos.nix |  2 +-
 3 files changed, 66 insertions(+), 17 deletions(-)

diff --git a/nixos/kyuuto/mount.nix b/nixos/kyuuto/mount.nix
index 18c27ebc..ca2fefd6 100644
--- a/nixos/kyuuto/mount.nix
+++ b/nixos/kyuuto/mount.nix
@@ -5,6 +5,8 @@
 }: let
   inherit (lib.options) mkOption mkEnableOption;
   inherit (lib.modules) mkIf mkMerge;
+  inherit (lib.strings) match concatStringsSep;
+  inherit (lib.lists) optional;
   cfg = config.kyuuto;
 in {
   options.kyuuto = with lib.types; {
@@ -21,18 +23,41 @@ in {
       type = path;
       default = cfg.mountDir + "/transfer";
     };
+    shareDir = mkOption {
+      type = path;
+      default = cfg.mountDir + "/shared";
+    };
   };
 
   config = {
-    systemd.tmpfiles.rules = mkIf cfg.setup [
-      "d ${cfg.transferDir} 3775 guest kyuuto"
-      "d ${cfg.libraryDir} 3775 kat kyuuto"
-      "d ${cfg.libraryDir}/unsorted 3775 guest kyuuto"
-      "d ${cfg.libraryDir}/music 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/anime 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/tv 7775 sonarr kyuuto"
-      "d ${cfg.libraryDir}/movies 7775 radarr kyuuto"
-    ];
+    systemd.tmpfiles.rules = let
+      isGroupWritable = mode: match "[375][0-7][76][0-7]" mode != null;
+      isOtherWritable = mode: match "[375][0-7][0-7][76]" mode != null;
+      mkKyuutoDir = {
+        path,
+        mode ? "3775",
+        owner ? "guest",
+        group ? "kyuuto",
+        acls ? optional (isGroupWritable mode) "default:group::rwx"
+          ++ optional (isOtherWritable mode) "default:other::rwx",
+      }: [
+        "d ${path} ${mode} ${owner} ${group}"
+      ] ++ optional (acls != [ ]) "a+ ${path} - - - - ${concatStringsSep "," acls}";
+    in mkIf cfg.setup (
+      mkKyuutoDir { path = cfg.transferDir; }
+      ++ mkKyuutoDir { path = cfg.shareDir; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/unsorted"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music"; owner = "root"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music/assorted"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/music/collections"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/anime"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/tv"; owner = "sonarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/movies"; owner = "radarr"; mode = "7775"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/software"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/books"; }
+      ++ mkKyuutoDir { path = cfg.libraryDir + "/games"; }
+    );
 
     users = let
       mapId = id: if config.proxmoxLXC.privileged or true then 100000 + id else id;
diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix
index 281a6266..0ee15f66 100644
--- a/nixos/kyuuto/samba.nix
+++ b/nixos/kyuuto/samba.nix
@@ -11,6 +11,17 @@
   cfg = config.services.samba;
   localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
     ++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
+  kyuuto-media = {
+    path = kyuuto.mountDir;
+    comment = "Kyuuto Media";
+    writeable = true;
+    public = false;
+    "valid users" = [ "@kyuuto-peeps" ];
+    "acl group control" = true;
+    "create mask" = "0664";
+    "force directory mode" = "3000";
+    "directory mask" = "7775";
+  };
 in {
   services.samba = {
     usershare = {
@@ -35,9 +46,9 @@ in {
         "force directory mode" = "3000";
         "directory mask" = "7775";
       };
-      kyuuto-access = {
+      kyuuto-library-access = {
         path = kyuuto.libraryDir;
-        comment = "Kyuuto Media Access";
+        comment = "Kyuuto Library Access";
         writeable = false;
         browseable = true;
         public = true;
@@ -47,13 +58,26 @@ in {
         ];
         "hosts allow" = localAddrs;
       };
-      kyuuto-media = {
-        path = kyuuto.mountDir;
-        comment = "Kyuuto Media";
+      kyuuto-media = mkMerge [
+        kyuuto-media
+        {
+          browseable = true;
+          "hosts allow" = localAddrs;
+        }
+      ];
+      kyuuto-media-global = mkMerge [
+        kyuuto-media
+        {
+          browseable = false;
+        }
+      ];
+      shared = {
+        path = kyuuto.shareDir;
+        comment = "Shared Data";
         writeable = true;
-        browseable = true;
         public = false;
-        "valid users" = [ "@kyuuto-peeps" ];
+        browseable = false;
+        "valid users" = [ "@peeps" ];
         "acl group control" = true;
         "create mask" = "0664";
         "force directory mode" = "3000";
diff --git a/systems/mediabox/nixos.nix b/systems/mediabox/nixos.nix
index 4971f51f..b24b329b 100644
--- a/systems/mediabox/nixos.nix
+++ b/systems/mediabox/nixos.nix
@@ -14,7 +14,7 @@
     "/mnt/Anime".hostPath = kyuuto.libraryDir + "/anime";
     "/mnt/Shows".hostPath = kyuuto.libraryDir + "/tv";
     "/mnt/Movies".hostPath = kyuuto.libraryDir + "/movies";
-    "/mnt/Music".hostPath = kyuuto.libraryDir + "/music";
+    "/mnt/Music".hostPath = kyuuto.libraryDir + "/music/assorted";
   };
 in {
   imports = let