From 1346b1ca63c569508a73773417adce4bd54fb48d Mon Sep 17 00:00:00 2001 From: Myned Date: Fri, 6 Dec 2024 19:53:38 -0600 Subject: [PATCH] storage: add mounts by label Signed-off-by: Myned --- machines/myeck/default.nix | 15 ------ machines/mynix/default.nix | 5 ++ options/custom/settings/default.nix | 1 + options/custom/settings/mounts.nix | 83 ----------------------------- options/custom/settings/storage.nix | 80 +++++++++++++++++++++++++++ 5 files changed, 86 insertions(+), 98 deletions(-) delete mode 100644 options/custom/settings/mounts.nix create mode 100644 options/custom/settings/storage.nix diff --git a/machines/myeck/default.nix b/machines/myeck/default.nix index f0ac707..0060cfb 100644 --- a/machines/myeck/default.nix +++ b/machines/myeck/default.nix @@ -5,19 +5,4 @@ ]; custom.hostname = "myeck"; - - fileSystems = { - "/mnt/external" = { - device = "/dev/disk/by-label/external"; - options = [ - "noatime" - "nofail" - "users" - "exec" - "x-gvfs-show" - ]; - }; - }; - - systemd.tmpfiles.rules = ["z /mnt/external 0755 myned users"]; } diff --git a/machines/mynix/default.nix b/machines/mynix/default.nix index 79a2793..18c664c 100644 --- a/machines/mynix/default.nix +++ b/machines/mynix/default.nix @@ -9,6 +9,10 @@ width = 3440; height = 1440; refresh = 100; + + settings = { + storage.mnt = ["gayme" "myve"]; + vm.passthrough = { enable = true; driver = "amdgpu"; @@ -18,6 +22,7 @@ intel = true; node = "pci_0000_03_00_0"; }; + }; }; boot = { diff --git a/options/custom/settings/default.nix b/options/custom/settings/default.nix index 656923a..abd1bb6 100644 --- a/options/custom/settings/default.nix +++ b/options/custom/settings/default.nix @@ -12,6 +12,7 @@ with lib; { networking.enable = true; packages.enable = true; security.enable = true; + storage.enable = true; users.enable = true; }) diff --git a/options/custom/settings/mounts.nix b/options/custom/settings/mounts.nix deleted file mode 100644 index be2721d..0000000 --- a/options/custom/settings/mounts.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.custom.settings.mounts; -in { - options.custom.settings.mounts.enable = mkOption {default = false;}; - - config = mkIf cfg.enable { - # Enforce permissions for mountpoint directory - systemd.tmpfiles.rules = ["d /mnt/remote 0755 root root"]; - - #!! FUSE does not support remount, sometimes causing activation errors on switch - # https://github.com/libfuse/libfuse/issues/717 - #?? sudo umount /mnt/remote && sudo mount /mnt/remote - # https://wiki.nixos.org/wiki/SSHFS - # https://man.archlinux.org/man/sshfs.1 - fileSystems = let - #?? "/mnt/PATH" = remote "PATH" UID GID "UMASK" - remote = path: uid: gid: umask: { - # https://robot.hetzner.com/storage - device = "u415778@u415778.your-storagebox.de:/home/${path}"; - fsType = "sshfs"; - - options = [ - "noatime" # Do not modify access time - "reconnect" # Gracefully handle network issues - "default_permissions" # Check local permissions - "allow_other" # Grant other users access - "umask=${umask}" # Set permissions mask - "uid=${toString uid}" # Set user id - "gid=${toString gid}" # Set group id - "idmap=user" # Map local users to remote - "transform_symlinks" # Convert absolute symlinks to relative - "compression=no" # Save CPU cycles at the cost of transfer speed - "port=23" - "IdentityFile=/etc/ssh/id_ed25519" # !! SSH key configured imperatively - "ServerAliveInterval=15" # Prevent application hangs on reconnect - ]; - }; - in { - # Use umask to set sshfs permissions - #!! Up to 10 simultaneous connections with Hetzner - #?? docker compose exec CONTAINER cat /etc/passwd - "/mnt/remote/conduwuit" = remote "conduwuit" 300 300 "0077"; # conduit:conduit @ 0700 - #// "/mnt/remote/nextcloud" = remote "nextcloud" 33 33 "0007"; # www-data:www-data @ 0700 - "/mnt/remote/syncthing" = remote "syncthing" 237 237 "0077"; # syncthing:syncthing @ 0700 - }; - - # https://wiki.nixos.org/wiki/Rclone - # https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg/#rclone - #!! SSH keys configured imperatively - #!! rclone attempts to write to immutable config; need to manually merge changes - # https://github.com/rclone/rclone/issues/3655 - # TODO: Attempt to use rclone after daemon is fixed - # https://github.com/rclone/rclone/issues/5664 - # environment.etc."rclone.conf".text = '' - # [remote] - # type = sftp - # host = u415778.your-storagebox.de - # user = u415778 - # port = 23 - # key_file = /etc/ssh/id_ed25519 - # shell_type = unix - # ''; - - # fileSystems."/mnt/remote" = { - # device = "remote:/home"; - # fsType = "rclone"; - - # options = [ - # "nodev" - # "nofail" - # "reconnect" - # "args2env" # Pass secrets as environment variables - # "default_permissions" - # "config=/etc/rclone.conf" - # ]; - # }; - }; -} diff --git a/options/custom/settings/storage.nix b/options/custom/settings/storage.nix new file mode 100644 index 0000000..36dbf6d --- /dev/null +++ b/options/custom/settings/storage.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.custom.settings.storage; +in { + options.custom.settings.storage = { + enable = mkOption {default = false;}; + mnt = mkOption {default = [];}; + remote = mkOption {default = false;}; + }; + + config = mkIf cfg.enable { + # Enforce permissions for mountpoint directory + systemd.tmpfiles.settings."10-storage" = { + "/mnt/remote" = { + d = { + mode = "0755"; + user = "root"; + group = "root"; + }; + }; + }; + + #!! FUSE does not support remount, sometimes causing activation errors on switch + # https://github.com/libfuse/libfuse/issues/717 + #?? sudo umount /mnt/remote && sudo mount /mnt/remote + # https://wiki.nixos.org/wiki/SSHFS + # https://man.archlinux.org/man/sshfs.1 + fileSystems = let + #?? "/mnt/PATH" = remote "PATH" UID GID "UMASK" + remote = path: uid: gid: umask: { + # https://robot.hetzner.com/storage + device = "u415778@u415778.your-storagebox.de:/home/${path}"; + fsType = "sshfs"; + + options = [ + "noatime" # Do not modify access time + "reconnect" # Gracefully handle network issues + "default_permissions" # Check local permissions + "allow_other" # Grant other users access + "umask=${umask}" # Set permissions mask + "uid=${toString uid}" # Set user id + "gid=${toString gid}" # Set group id + "idmap=user" # Map local users to remote + "transform_symlinks" # Convert absolute symlinks to relative + "compression=no" # Save CPU cycles at the cost of transfer speed + "port=23" + "IdentityFile=/etc/ssh/id_ed25519" # !! SSH key configured imperatively + "ServerAliveInterval=15" # Prevent application hangs on reconnect + ]; + }; + in + # Map list of disk labels to /mnt/LABEL with user defaults + mergeAttrsList (forEach cfg.mnt (label: { + "/mnt/${label}" = { + device = "/dev/disk/by-label/${label}"; + + options = [ + "defaults" + "noatime" + "nofail" + "user" + "exec" + "x-gvfs-show" + ]; + }; + })) + // optionalAttrs cfg.remote { + # Use umask to set sshfs permissions + #!! Up to 10 simultaneous connections with Hetzner + #?? docker compose exec CONTAINER cat /etc/passwd + #// "/mnt/remote/conduwuit" = remote "conduwuit" 300 300 "0077"; # conduit:conduit @ 0700 + #// "/mnt/remote/nextcloud" = remote "nextcloud" 33 33 "0007"; # www-data:www-data @ 0700 + #// "/mnt/remote/syncthing" = remote "syncthing" 237 237 "0077"; # syncthing:syncthing @ 0700 + }; + }; +}