From 7b3d4bc0213735c56a362c841ec8a08302291a9f Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Fri, 1 Aug 2025 18:24:45 -0500
Subject: [PATCH] added acl rules to defiant media_directory

---
 modules/nixos-modules/server/jellyfin.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix
index bad04c9..294c8e1 100644
--- a/modules/nixos-modules/server/jellyfin.nix
+++ b/modules/nixos-modules/server/jellyfin.nix
@@ -52,6 +52,11 @@ in {
         ];
 
         networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort];
+
+        systemd.tmpfiles.rules = [
+          "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media"
+          "A ${config.services.jellyfin.media_directory} -    -        -               - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-"
+        ];
       }
       (lib.mkIf config.services.fail2ban.enable {
         environment.etc = {