2023-09-01 01:23:35 +00:00
|
|
|
{ config, ... }:
|
2023-09-01 00:39:22 +00:00
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./nfs.nix
|
|
|
|
./sftpgo.nix
|
|
|
|
];
|
2023-09-01 01:23:35 +00:00
|
|
|
|
2023-09-01 03:37:33 +00:00
|
|
|
users.groups.export = {};
|
2023-09-01 01:23:35 +00:00
|
|
|
|
|
|
|
fileSystems."/var/export/media" = {
|
|
|
|
# everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
|
|
|
|
device = "/var/lib/uninsane/media";
|
|
|
|
options = [ "rbind" ];
|
|
|
|
};
|
2023-09-01 03:37:33 +00:00
|
|
|
# fileSystems."/var/export/playground" = {
|
|
|
|
# device = config.fileSystems."/mnt/persist/ext".device;
|
|
|
|
# fsType = "btrfs";
|
|
|
|
# options = [
|
|
|
|
# "subvol=export-playground"
|
|
|
|
# "compress=zstd"
|
|
|
|
# "defaults"
|
|
|
|
# ];
|
|
|
|
# };
|
|
|
|
# N.B.: the backing directory should be manually created here **as a btrfs subvolume** and with a quota.
|
|
|
|
# - `sudo btrfs subvolume create /mnt/persist/ext/persist/var/export/playground`
|
|
|
|
# - `sudo btrfs quota enable /mnt/persist/ext/persist/var/export/playground`
|
|
|
|
# - `sudo btrfs quota rescan -sw /mnt/persist/ext/persist/var/export/playground`
|
|
|
|
# to adjust the limits (which apply at the block layer, i.e. post-compression):
|
|
|
|
# - `sudo btrfs qgroup limit 20G /mnt/persist/ext/persist/var/export/playground`
|
|
|
|
# to query the quota/status:
|
|
|
|
# - `sudo btrfs qgroup show -re /var/export/playground`
|
|
|
|
sane.persist.sys.ext = [
|
|
|
|
{ user = "root"; group = "export"; mode = "0775"; path = "/var/export/playground"; }
|
|
|
|
];
|
2023-09-01 01:23:35 +00:00
|
|
|
|
|
|
|
sane.fs."/var/export/README.md" = {
|
|
|
|
wantedBy = [ "nfs.service" "sftpgo.service" ];
|
|
|
|
file.text = ''
|
|
|
|
- media/ read-only: Videos, Music, Books, etc
|
|
|
|
- playground/ read-write: use it to share files with other users of this server
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-09-01 03:37:33 +00:00
|
|
|
sane.fs."/var/export/playground/README.md" = {
|
|
|
|
wantedBy = [ "nfs.service" "sftpgo.service" ];
|
|
|
|
file.text = ''
|
2023-09-01 10:08:29 +00:00
|
|
|
this directory is intentionally read+write by anyone with access (i.e. on the LAN).
|
2023-09-01 03:37:33 +00:00
|
|
|
- share files
|
|
|
|
- write poetry
|
|
|
|
- be a friendly troll
|
|
|
|
'';
|
|
|
|
};
|
2023-09-01 00:39:22 +00:00
|
|
|
}
|