diff --git a/modules/nixos/deertopia/copyparty.nix b/modules/nixos/deertopia/copyparty.nix
index 9d8d85a..9ca7f91 100644
--- a/modules/nixos/deertopia/copyparty.nix
+++ b/modules/nixos/deertopia/copyparty.nix
@@ -19,9 +19,18 @@ in {
 
     nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
 
+    # HACK: Ad-hoc permissions, as typical.
+    users.users.copyparty.extraGroups = [ "jellyfin" ];
+
+    # HACK: Make files created by copypaste.service initialise with the mode
+    # 775.
+    systemd.services.copyparty.serviceConfig.UMask = lib.mkForce "002";
+
     services.copyparty = {
       enable = true;
       settings = {
+        # These three options are necessary for SSO integration.  No idea what
+        # they do. }:)
         xff-src = "lan";
         idp-h-usr = "remote-user";
         idp-h-grp = "remote-groups";
@@ -42,6 +51,8 @@ in {
         enableACME = true;
         extraConfig = ''
           include ${./authelia/authelia-location.conf};
+          # Increase limit of upload sizes.
+          client_max_body_size 20G;
         '';
         locations."/".extraConfig = ''
           include ${./authelia/authelia-authrequest.conf};
diff --git a/modules/nixos/deertopia/jellyfin.nix b/modules/nixos/deertopia/jellyfin.nix
index a001e0f..de54772 100644
--- a/modules/nixos/deertopia/jellyfin.nix
+++ b/modules/nixos/deertopia/jellyfin.nix
@@ -28,6 +28,9 @@ in {
       openFirewall = true;
     };
 
+    # HACK: Force the mode 664 upon Jellyfin-created files.
+    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "002";
+
     sydnix.deertopia.nginx.vhosts."watch".vhost =
       # Currently no (convenient) way to specify Jellyfin's port from Nix.
       let port = builtins.toString 8096;