fix(media): resolve arr stack deployment failures

- prowlarr: remove serviceFilePerms (DynamicUser has no static user) - sonarr/radarr: move media dir creation to system-level tmpfiles rules to avoid unsafe path transition from /torrents (qbittorrent:media) - jellyseerr: override DynamicUser=false, create static user/group, use serviceFilePerms for ZFS-backed configDir permissions Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-02-18 15:28:41 -05:00
parent f6804a76b2
commit 4e19e67356
4 changed files with 22 additions and 9 deletions
--- a/services/sonarr.nix
+++ b/services/sonarr.nix
@@ -15,10 +15,15 @@
    ])
    (lib.serviceFilePerms "sonarr" [
      "Z ${service_configs.sonarr.dataDir} 0700 ${config.services.sonarr.user} ${config.services.sonarr.group}"
-      "d ${service_configs.media.tvDir} 0775 ${config.services.sonarr.user} ${service_configs.media_group}"
    ])
  ];

+  systemd.tmpfiles.rules = [
+    "d /torrents/media 2775 root ${service_configs.media_group} -"
+    "d ${service_configs.media.tvDir} 2775 root ${service_configs.media_group} -"
+    "d ${service_configs.media.moviesDir} 2775 root ${service_configs.media_group} -"
+  ];
+
  services.sonarr = {
    enable = true;
    dataDir = service_configs.sonarr.dataDir;