storage: add mounts by label
Signed-off-by: Myned <dev@bjork.tech>
This commit is contained in:
parent
c3a1eb812c
commit
1346b1ca63
5 changed files with 86 additions and 98 deletions
|
@ -5,19 +5,4 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
custom.hostname = "myeck";
|
custom.hostname = "myeck";
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/mnt/external" = {
|
|
||||||
device = "/dev/disk/by-label/external";
|
|
||||||
options = [
|
|
||||||
"noatime"
|
|
||||||
"nofail"
|
|
||||||
"users"
|
|
||||||
"exec"
|
|
||||||
"x-gvfs-show"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = ["z /mnt/external 0755 myned users"];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,10 @@
|
||||||
width = 3440;
|
width = 3440;
|
||||||
height = 1440;
|
height = 1440;
|
||||||
refresh = 100;
|
refresh = 100;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
storage.mnt = ["gayme" "myve"];
|
||||||
|
|
||||||
vm.passthrough = {
|
vm.passthrough = {
|
||||||
enable = true;
|
enable = true;
|
||||||
driver = "amdgpu";
|
driver = "amdgpu";
|
||||||
|
@ -18,6 +22,7 @@
|
||||||
intel = true;
|
intel = true;
|
||||||
node = "pci_0000_03_00_0";
|
node = "pci_0000_03_00_0";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
@ -12,6 +12,7 @@ with lib; {
|
||||||
networking.enable = true;
|
networking.enable = true;
|
||||||
packages.enable = true;
|
packages.enable = true;
|
||||||
security.enable = true;
|
security.enable = true;
|
||||||
|
storage.enable = true;
|
||||||
users.enable = true;
|
users.enable = true;
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -1,83 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
cfg = config.custom.settings.mounts;
|
|
||||||
in {
|
|
||||||
options.custom.settings.mounts.enable = mkOption {default = false;};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
# Enforce permissions for mountpoint directory
|
|
||||||
systemd.tmpfiles.rules = ["d /mnt/remote 0755 root root"];
|
|
||||||
|
|
||||||
#!! FUSE does not support remount, sometimes causing activation errors on switch
|
|
||||||
# https://github.com/libfuse/libfuse/issues/717
|
|
||||||
#?? sudo umount /mnt/remote && sudo mount /mnt/remote
|
|
||||||
# https://wiki.nixos.org/wiki/SSHFS
|
|
||||||
# https://man.archlinux.org/man/sshfs.1
|
|
||||||
fileSystems = let
|
|
||||||
#?? "/mnt/PATH" = remote "PATH" UID GID "UMASK"
|
|
||||||
remote = path: uid: gid: umask: {
|
|
||||||
# https://robot.hetzner.com/storage
|
|
||||||
device = "u415778@u415778.your-storagebox.de:/home/${path}";
|
|
||||||
fsType = "sshfs";
|
|
||||||
|
|
||||||
options = [
|
|
||||||
"noatime" # Do not modify access time
|
|
||||||
"reconnect" # Gracefully handle network issues
|
|
||||||
"default_permissions" # Check local permissions
|
|
||||||
"allow_other" # Grant other users access
|
|
||||||
"umask=${umask}" # Set permissions mask
|
|
||||||
"uid=${toString uid}" # Set user id
|
|
||||||
"gid=${toString gid}" # Set group id
|
|
||||||
"idmap=user" # Map local users to remote
|
|
||||||
"transform_symlinks" # Convert absolute symlinks to relative
|
|
||||||
"compression=no" # Save CPU cycles at the cost of transfer speed
|
|
||||||
"port=23"
|
|
||||||
"IdentityFile=/etc/ssh/id_ed25519" # !! SSH key configured imperatively
|
|
||||||
"ServerAliveInterval=15" # Prevent application hangs on reconnect
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
# Use umask to set sshfs permissions
|
|
||||||
#!! Up to 10 simultaneous connections with Hetzner
|
|
||||||
#?? docker compose exec CONTAINER cat /etc/passwd
|
|
||||||
"/mnt/remote/conduwuit" = remote "conduwuit" 300 300 "0077"; # conduit:conduit @ 0700
|
|
||||||
#// "/mnt/remote/nextcloud" = remote "nextcloud" 33 33 "0007"; # www-data:www-data @ 0700
|
|
||||||
"/mnt/remote/syncthing" = remote "syncthing" 237 237 "0077"; # syncthing:syncthing @ 0700
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://wiki.nixos.org/wiki/Rclone
|
|
||||||
# https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg/#rclone
|
|
||||||
#!! SSH keys configured imperatively
|
|
||||||
#!! rclone attempts to write to immutable config; need to manually merge changes
|
|
||||||
# https://github.com/rclone/rclone/issues/3655
|
|
||||||
# TODO: Attempt to use rclone after daemon is fixed
|
|
||||||
# https://github.com/rclone/rclone/issues/5664
|
|
||||||
# environment.etc."rclone.conf".text = ''
|
|
||||||
# [remote]
|
|
||||||
# type = sftp
|
|
||||||
# host = u415778.your-storagebox.de
|
|
||||||
# user = u415778
|
|
||||||
# port = 23
|
|
||||||
# key_file = /etc/ssh/id_ed25519
|
|
||||||
# shell_type = unix
|
|
||||||
# '';
|
|
||||||
|
|
||||||
# fileSystems."/mnt/remote" = {
|
|
||||||
# device = "remote:/home";
|
|
||||||
# fsType = "rclone";
|
|
||||||
|
|
||||||
# options = [
|
|
||||||
# "nodev"
|
|
||||||
# "nofail"
|
|
||||||
# "reconnect"
|
|
||||||
# "args2env" # Pass secrets as environment variables
|
|
||||||
# "default_permissions"
|
|
||||||
# "config=/etc/rclone.conf"
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
};
|
|
||||||
}
|
|
80
options/custom/settings/storage.nix
Normal file
80
options/custom/settings/storage.nix
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.custom.settings.storage;
|
||||||
|
in {
|
||||||
|
options.custom.settings.storage = {
|
||||||
|
enable = mkOption {default = false;};
|
||||||
|
mnt = mkOption {default = [];};
|
||||||
|
remote = mkOption {default = false;};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# Enforce permissions for mountpoint directory
|
||||||
|
systemd.tmpfiles.settings."10-storage" = {
|
||||||
|
"/mnt/remote" = {
|
||||||
|
d = {
|
||||||
|
mode = "0755";
|
||||||
|
user = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
#!! FUSE does not support remount, sometimes causing activation errors on switch
|
||||||
|
# https://github.com/libfuse/libfuse/issues/717
|
||||||
|
#?? sudo umount /mnt/remote && sudo mount /mnt/remote
|
||||||
|
# https://wiki.nixos.org/wiki/SSHFS
|
||||||
|
# https://man.archlinux.org/man/sshfs.1
|
||||||
|
fileSystems = let
|
||||||
|
#?? "/mnt/PATH" = remote "PATH" UID GID "UMASK"
|
||||||
|
remote = path: uid: gid: umask: {
|
||||||
|
# https://robot.hetzner.com/storage
|
||||||
|
device = "u415778@u415778.your-storagebox.de:/home/${path}";
|
||||||
|
fsType = "sshfs";
|
||||||
|
|
||||||
|
options = [
|
||||||
|
"noatime" # Do not modify access time
|
||||||
|
"reconnect" # Gracefully handle network issues
|
||||||
|
"default_permissions" # Check local permissions
|
||||||
|
"allow_other" # Grant other users access
|
||||||
|
"umask=${umask}" # Set permissions mask
|
||||||
|
"uid=${toString uid}" # Set user id
|
||||||
|
"gid=${toString gid}" # Set group id
|
||||||
|
"idmap=user" # Map local users to remote
|
||||||
|
"transform_symlinks" # Convert absolute symlinks to relative
|
||||||
|
"compression=no" # Save CPU cycles at the cost of transfer speed
|
||||||
|
"port=23"
|
||||||
|
"IdentityFile=/etc/ssh/id_ed25519" # !! SSH key configured imperatively
|
||||||
|
"ServerAliveInterval=15" # Prevent application hangs on reconnect
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in
|
||||||
|
# Map list of disk labels to /mnt/LABEL with user defaults
|
||||||
|
mergeAttrsList (forEach cfg.mnt (label: {
|
||||||
|
"/mnt/${label}" = {
|
||||||
|
device = "/dev/disk/by-label/${label}";
|
||||||
|
|
||||||
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"noatime"
|
||||||
|
"nofail"
|
||||||
|
"user"
|
||||||
|
"exec"
|
||||||
|
"x-gvfs-show"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}))
|
||||||
|
// optionalAttrs cfg.remote {
|
||||||
|
# Use umask to set sshfs permissions
|
||||||
|
#!! Up to 10 simultaneous connections with Hetzner
|
||||||
|
#?? docker compose exec CONTAINER cat /etc/passwd
|
||||||
|
#// "/mnt/remote/conduwuit" = remote "conduwuit" 300 300 "0077"; # conduit:conduit @ 0700
|
||||||
|
#// "/mnt/remote/nextcloud" = remote "nextcloud" 33 33 "0007"; # www-data:www-data @ 0700
|
||||||
|
#// "/mnt/remote/syncthing" = remote "syncthing" 237 237 "0077"; # syncthing:syncthing @ 0700
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue