From 04765def80669e2193db91d2452198ca557e70e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= <c@rey.foo>
Date: Wed, 10 Dec 2025 11:06:17 -0800
Subject: [PATCH] Periodically update permissions for Samba shares

---
 hosts/glyph/services/samba.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/hosts/glyph/services/samba.nix b/hosts/glyph/services/samba.nix
index fb52553d..85637fb5 100644
--- a/hosts/glyph/services/samba.nix
+++ b/hosts/glyph/services/samba.nix
@@ -51,4 +51,33 @@
       }
       // shares;
   };
+
+  systemd.services.ensureSambaPermissions = {
+    description = "Ensures correct permissions within Samba shares";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = let
+        defaultUsrGrp = "mu:users";
+        plexUsrGrp = with config.services.plex; "${user}:${group}";
+        transmissionUsrGrp = with config.services.transmission; "${user}:${group}";
+      in [
+        "${pkgs.coreutils}/bin/chown -R ${defaultUsrGrp} archive"
+        "${pkgs.coreutils}/bin/chown -R ${defaultUsrGrp} backup"
+        # N.B.: /mnt/media/Music is used by Roon, not Plex
+        "${pkgs.coreutils}/bin/chown -R ${plexUsrGrp} media/Movies media/TV media/Video"
+        "${pkgs.coreutils}/bin/chown -R ${defaultUsrGrp} media/Music"
+        "${pkgs.coreutils}/bin/chown -R ${transmissionUsrGrp} torrents"
+        "${pkgs.coreutils}/bin/chown -R ${defaultUsrGrp} unsorted"
+      ];
+      WorkingDirectory = "/mnt";
+    };
+  };
+
+  systemd.timers.ensureSambaPermissions = {
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnCalendar = "hourly";
+      Persistent = true;
+    };
+  };
 }