From e15b612b3c18fd087b56bf67ce731e3ec6620700 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sun, 17 Apr 2022 23:43:42 -0400
Subject: [PATCH] Shared group/user for consistent permissions+access

---
 common/server/samba.nix               |  7 ++++++-
 machines/storage/s0/configuration.nix | 16 ++++++++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/common/server/samba.nix b/common/server/samba.nix
index c47fc26..af6d6c8 100644
--- a/common/server/samba.nix
+++ b/common/server/samba.nix
@@ -34,7 +34,7 @@
           "guest ok" = "yes";
           "create mask" = "0644";
           "directory mask" = "0755";
-          "force user" = "googlebot";
+          "force user" = "public_data";
           "force group" = "public_data";
         };
         private = {
@@ -84,5 +84,10 @@
     ];
 
     users.groups.public_data.gid = 994;
+    users.users.public_data = {
+      isSystemUser = true;
+      group = "public_data";
+      uid = 994;
+    };
   };
 }
\ No newline at end of file
diff --git a/machines/storage/s0/configuration.nix b/machines/storage/s0/configuration.nix
index 80b5376..f679c84 100644
--- a/machines/storage/s0/configuration.nix
+++ b/machines/storage/s0/configuration.nix
@@ -57,10 +57,18 @@
   containers.vpn = mkVpnContainer pkgs "/data/samba/Public/Plex" {
     services.prowlarr.enable = true;
     services.sonarr.enable = true;
+    services.sonarr.user = "public_data";
+    services.sonarr.group = "public_data";
     services.bazarr.enable = true;
+    services.bazarr.user = "public_data";
+    services.bazarr.group = "public_data";
     services.radarr.enable = true;
+    services.radarr.user = "public_data";
+    services.radarr.group = "public_data";
     services.lidarr.enable = true;
-    users.groups.transmission.members = [ "prowlarr" "sonarr" "bazarr" "radarr" "lidarr" ];
+    services.lidarr.user = "public_data";
+    services.lidarr.group = "public_data";
+    users.groups.transmission.members = [ "sonarr" "bazarr" "radarr" "lidarr" ];
     services.transmission = {
       enable = true;
       performanceNetParameters = true;
@@ -107,8 +115,12 @@
         "download-queue-size" = 20; # gotta go fast
       };
     };
-    users.groups.public_data.members = [ "prowlarr" "sonarr" "bazarr" "radarr" "lidarr" "transmission" ];
     users.groups.public_data.gid = 994;
+    users.users.public_data = {
+      isSystemUser = true;
+      group = "public_data";
+      uid = 994;
+    };
   };
   # containers cannot unlock their own secrets right now. unlock it here
   age.secrets."pia-login.conf".file = ../../../secrets/pia-login.conf;