In the migration to `tmpfiles.d(5)`, I used the wrong type of file.
Using `f` would write the path to the file as its content, rather than
copy it. Unfortunately `C` and `C+` do not overwrite an existing file,
so using a symlink it the correct solution here.
This means the SSH key file must have `lohr` as an owner... Perhaps I
should make it so the service can read the file itself, rather than
rely on the filesystem location, so that I don't have to contort myself
quite so much to make it work.
OVH/Kimsufi are deprecating my current server by the end of the year. So
let's migrate to a new host.
This was more painful than initially planned, OVH introduced a change to
their rescue system which messes with the NixOS installation [1].
In the end I used a kexec image [2] to run the installation.
[1]: https://github.com/NixOS/nix/issues/7790
[2]: https://github.com/nix-community/nixos-images
I just noticed that all the metadata files Jellyfin stores have very
restrictive ACLs.
The whole point of the `media` group is to make my HTPC eco-system work
together. In particular this should allow Sonarr and friends to delete
folders without manual intervention.
My tandoor-recipes fix was merged upstream, so remove the overlay.
And because of the recent postgres bump for 23.11, `ensureDBOwnership`
is the new way of dealing with DB permissions [1]. This means I had to
fix manually migrate my `gitea` DB and make it match the DB user.
[1]: https://github.com/NixOS/nixpkgs/pull/266270
Let's consolidate all modules under one path, so that NixOS,
home-manager, and nix-darwin (if I ever end up using it down the line)
would go under the same folder.
Bruno BELANYI