From 08e3169e17db90f556415b9ed46cc650d33a46e6 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Wed, 18 Mar 2026 11:02:35 +0100 Subject: [PATCH] tools: Centralize GPU group setup via setup_hwaccel improve hardware-acceleration setup to centralize service user group management. Install scripts (emby, plex, ollama, channels) now pass a service user to setup_hwaccel (or no user for channels) and have had inline /etc/group sed/usermod tweaks removed. misc/tools.func updated: setup_hwaccel accepts an optional service_user and forwards it to _setup_gpu_permissions, which now adds the service user to render and video groups if provided. This consolidates GPU permission changes in one place and removes duplicated per-service group edits. --- install/channels-install.sh | 1 - install/emby-install.sh | 10 +--------- install/ollama-install.sh | 4 +--- install/plex-install.sh | 7 +------ misc/tools.func | 11 ++++++++++- 5 files changed, 13 insertions(+), 20 deletions(-) diff --git a/install/channels-install.sh b/install/channels-install.sh index ce79ccee8..ceaaac426 100644 --- a/install/channels-install.sh +++ b/install/channels-install.sh @@ -35,7 +35,6 @@ setup_hwaccel msg_info "Installing Channels DVR Server (Patience)" cd /opt $STD bash <(curl -fsSL https://getchannels.com/dvr/setup.sh) -sed -i -e 's/^sgx:x:104:$/render:x:104:root/' -e 's/^render:x:106:root$/sgx:x:106:/' /etc/group msg_ok "Installed Channels DVR Server" motd_ssh diff --git a/install/emby-install.sh b/install/emby-install.sh index 73ed6143c..84b879f3c 100644 --- a/install/emby-install.sh +++ b/install/emby-install.sh @@ -13,18 +13,10 @@ setting_up_container network_check update_os -setup_hwaccel +setup_hwaccel "emby" fetch_and_deploy_gh_release "emby" "MediaBrowser/Emby.Releases" "binary" -msg_info "Configuring Emby" -if [[ "$CTTYPE" == "0" ]]; then - sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,emby/' -e 's/^render:x:108:root,emby$/ssl-cert:x:108:/' /etc/group -else - sed -i -e 's/^ssl-cert:x:104:$/render:x:104:emby/' -e 's/^render:x:108:emby$/ssl-cert:x:108:/' /etc/group -fi -msg_ok "Configured Emby" - motd_ssh customize cleanup_lxc diff --git a/install/ollama-install.sh b/install/ollama-install.sh index 6f4a5db13..2d050f60c 100644 --- a/install/ollama-install.sh +++ b/install/ollama-install.sh @@ -42,7 +42,7 @@ EOF $STD apt update msg_ok "Set up Intel® Repositories" -setup_hwaccel +setup_hwaccel "ollama" msg_info "Installing Intel® Level Zero" # Debian 13+ has newer Level Zero packages in system repos that conflict with Intel repo packages @@ -89,8 +89,6 @@ msg_info "Creating ollama User and Group" if ! id ollama >/dev/null 2>&1; then useradd -r -s /usr/sbin/nologin -U -m -d /usr/share/ollama ollama fi -$STD usermod -aG render ollama || true -$STD usermod -aG video ollama || true $STD usermod -aG ollama $(id -u -n) msg_ok "Created ollama User and adjusted Groups" diff --git a/install/plex-install.sh b/install/plex-install.sh index e2a142724..757bac495 100644 --- a/install/plex-install.sh +++ b/install/plex-install.sh @@ -13,7 +13,7 @@ setting_up_container network_check update_os -setup_hwaccel +setup_hwaccel "plex" msg_info "Setting Up Plex Media Server Repository" setup_deb822_repo \ @@ -26,11 +26,6 @@ msg_ok "Set Up Plex Media Server Repository" msg_info "Installing Plex Media Server" $STD apt install -y plexmediaserver -if [[ "$CTTYPE" == "0" ]]; then - sed -i -e 's/^ssl-cert:x:104:plex$/render:x:104:root,plex/' -e 's/^render:x:108:root$/ssl-cert:x:108:plex/' /etc/group -else - sed -i -e 's/^ssl-cert:x:104:plex$/render:x:104:plex/' -e 's/^render:x:108:$/ssl-cert:x:108:/' /etc/group -fi msg_ok "Installed Plex Media Server" motd_ssh diff --git a/misc/tools.func b/misc/tools.func index f1ac3bc00..d3866b5f4 100644 --- a/misc/tools.func +++ b/misc/tools.func @@ -4215,6 +4215,8 @@ function setup_gs() { # - NVIDIA requires matching host driver version # ------------------------------------------------------------------------------ function setup_hwaccel() { + local service_user="${1:-}" + # Check if user explicitly disabled GPU in advanced settings # ENABLE_GPU is exported from build.func if [[ "${ENABLE_GPU:-no}" == "no" ]]; then @@ -4466,7 +4468,7 @@ function setup_hwaccel() { # ═══════════════════════════════════════════════════════════════════════════ # Device Permissions # ═══════════════════════════════════════════════════════════════════════════ - _setup_gpu_permissions "$in_ct" + _setup_gpu_permissions "$in_ct" "$service_user" cache_installed_version "hwaccel" "1.0" msg_ok "Setup Hardware Acceleration" @@ -5100,6 +5102,7 @@ EOF # ══════════════════════════════════════════════════════════════════════════════ _setup_gpu_permissions() { local in_ct="$1" + local service_user="${2:-}" # /dev/dri permissions (Intel/AMD) if [[ "$in_ct" == "0" && -d /dev/dri ]]; then @@ -5166,6 +5169,12 @@ _setup_gpu_permissions() { chmod 666 /dev/kfd 2>/dev/null || true msg_info "AMD ROCm compute device configured" fi + + # Add service user to render and video groups for GPU hardware acceleration + if [[ -n "$service_user" ]]; then + $STD usermod -aG render "$service_user" 2>/dev/null || true + $STD usermod -aG video "$service_user" 2>/dev/null || true + fi } # ------------------------------------------------------------------------------