From 8abe7b1d07f058c356e4559f60a9f49996fab569 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Thu, 12 Mar 2026 20:09:44 +0100
Subject: [PATCH] media1: fix promtail permissions for kodi log scraping

Add promtail to the kodi group and set kodi home to 750 so promtail
can read ~/.kodi/temp/kodi.log.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hosts/media1/media-desktop.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/media1/media-desktop.nix b/hosts/media1/media-desktop.nix
index beca374..d76b764 100644
--- a/hosts/media1/media-desktop.nix
+++ b/hosts/media1/media-desktop.nix
@@ -90,6 +90,7 @@ in
   users.users.kodi = {
     isNormalUser = true;
     home = "/home/kodi";
+    homeMode = "750";
     group = "kodi";
     extraGroups = [
       "video"
@@ -99,6 +100,9 @@ in
   };
   users.groups.kodi = { };
 
+  # Allow promtail to read kodi logs
+  users.users.promtail.extraGroups = [ "kodi" ];
+
   # Packages available on the system
   environment.systemPackages = [
     kodiPkg