2023-06-15 10:08:54 +00:00
|
|
|
# docs
|
|
|
|
# - x-systemd options: <https://www.freedesktop.org/software/systemd/man/systemd.mount.html>
|
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
{ lib, pkgs, sane-lib, ... }:
|
2022-06-02 10:40:14 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
let
|
|
|
|
fsOpts = rec {
|
|
|
|
common = [
|
|
|
|
"_netdev"
|
|
|
|
"noatime"
|
|
|
|
"user" # allow any user with access to the device to mount the fs
|
|
|
|
"x-systemd.requires=network-online.target"
|
|
|
|
"x-systemd.after=network-online.target"
|
|
|
|
"x-systemd.mount-timeout=10s" # how long to wait for mount **and** how long to wait for unmount
|
|
|
|
];
|
|
|
|
auto = [ "x-systemd.automount" ];
|
|
|
|
noauto = [ "noauto" ]; # don't mount as part of remote-fs.target
|
|
|
|
wg = [
|
|
|
|
"x-systemd.requires=wireguard-wg-home.service"
|
|
|
|
"x-systemd.after=wireguard-wg-home.service"
|
|
|
|
];
|
2023-06-15 09:25:48 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
ssh = common ++ [
|
|
|
|
"identityfile=/home/colin/.ssh/id_ed25519"
|
|
|
|
"allow_other"
|
|
|
|
"default_permissions"
|
|
|
|
];
|
|
|
|
sshColin = ssh ++ [
|
|
|
|
"transform_symlinks"
|
|
|
|
"idmap=user"
|
|
|
|
"uid=1000"
|
|
|
|
"gid=100"
|
|
|
|
];
|
|
|
|
sshRoot = ssh ++ [
|
|
|
|
# we don't transform_symlinks because that breaks the validity of remote /nix stores
|
|
|
|
"sftp_server=/run/wrappers/bin/sudo\\040/run/current-system/sw/libexec/sftp-server"
|
|
|
|
];
|
|
|
|
# in the event of hunt NFS mounts, consider:
|
|
|
|
# - <https://unix.stackexchange.com/questions/31979/stop-broken-nfs-mounts-from-locking-a-directory>
|
2023-06-15 09:25:48 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
# NFS options: <https://linux.die.net/man/5/nfs>
|
|
|
|
# actimeo=n = how long (in seconds) to cache file/dir attributes (default: 3-60s)
|
|
|
|
# bg = retry failed mounts in the background
|
|
|
|
# retry=n = for how many minutes `mount` will retry NFS mount operation
|
|
|
|
# soft = on "major timeout", report I/O error to userspace
|
|
|
|
# retrans=n = how many times to retry a NFS request before giving userspace a "server not responding" error (default: 3)
|
|
|
|
# timeo=n = number of *deciseconds* to wait for a response before retrying it (default: 600)
|
|
|
|
# note: client uses a linear backup, so the second request will have double this timeout, then triple, etc.
|
|
|
|
nfs = common ++ [
|
|
|
|
# "actimeo=10"
|
|
|
|
"bg"
|
|
|
|
"retrans=4"
|
|
|
|
"retry=0"
|
|
|
|
"soft"
|
|
|
|
"timeo=15"
|
|
|
|
"nofail" # don't fail remote-fs.target when this mount fails (not an option for sshfs else would be common)
|
|
|
|
];
|
|
|
|
};
|
|
|
|
remoteHome = host: {
|
2024-02-06 05:48:11 +00:00
|
|
|
fileSystems."/mnt/${host}/home" = {
|
2023-08-20 06:20:04 +00:00
|
|
|
device = "colin@${host}:/home/colin";
|
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshColin ++ fsOpts.noauto;
|
|
|
|
noCheck = true;
|
|
|
|
};
|
2024-02-06 05:48:11 +00:00
|
|
|
sane.fs."/mnt/${host}/home" = sane-lib.fs.wantedDir;
|
2023-08-20 06:20:04 +00:00
|
|
|
};
|
2022-06-10 07:38:02 +00:00
|
|
|
in
|
2023-08-20 06:20:04 +00:00
|
|
|
lib.mkMerge [
|
|
|
|
{
|
|
|
|
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
|
|
|
|
sane.fs."/var/lib/private".dir.acl.mode = "0700";
|
2023-07-13 23:37:30 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
# in-memory compressed RAM
|
|
|
|
# defaults to compressing at most 50% size of RAM
|
|
|
|
# claimed compression ratio is about 2:1
|
|
|
|
# - but on moby w/ zstd default i see 4-7:1 (ratio lowers as it fills)
|
|
|
|
# note that idle overhead is about 0.05% of capacity (e.g. 2B per 4kB page)
|
|
|
|
# docs: <https://www.kernel.org/doc/Documentation/blockdev/zram.txt>
|
|
|
|
#
|
|
|
|
# to query effectiveness:
|
|
|
|
# `cat /sys/block/zram0/mm_stat`. whitespace separated fields:
|
|
|
|
# - *orig_data_size* (bytes)
|
|
|
|
# - *compr_data_size* (bytes)
|
|
|
|
# - mem_used_total (bytes)
|
|
|
|
# - mem_limit (bytes)
|
|
|
|
# - mem_used_max (bytes)
|
|
|
|
# - *same_pages* (pages which are e.g. all zeros (consumes no additional mem))
|
|
|
|
# - *pages_compacted* (pages which have been freed thanks to compression)
|
|
|
|
# - huge_pages (incompressible)
|
|
|
|
#
|
|
|
|
# see also:
|
|
|
|
# - `man zramctl`
|
|
|
|
zramSwap.enable = true;
|
|
|
|
# how much ram can be swapped into the zram device.
|
|
|
|
# this shouldn't be higher than the observed compression ratio.
|
|
|
|
# the default is 50% (why?)
|
|
|
|
# 100% should be "guaranteed" safe so long as the data is even *slightly* compressible.
|
|
|
|
# but it decreases working memory under the heaviest of loads by however much space the compressed memory occupies (e.g. 50% if 2:1; 25% if 4:1)
|
|
|
|
zramSwap.memoryPercent = 100;
|
2023-06-15 02:14:42 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
# fileSystems."/mnt/servo-nfs" = {
|
|
|
|
# device = "servo-hn:/";
|
|
|
|
# noCheck = true;
|
|
|
|
# fsType = "nfs";
|
|
|
|
# options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
|
|
|
# };
|
2024-02-06 05:48:11 +00:00
|
|
|
fileSystems."/mnt/servo/media" = {
|
2023-08-20 06:20:04 +00:00
|
|
|
device = "servo-hn:/media";
|
|
|
|
noCheck = true;
|
|
|
|
fsType = "nfs";
|
|
|
|
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
|
|
|
};
|
2024-02-06 05:48:11 +00:00
|
|
|
fileSystems."/mnt/servo/playground" = {
|
2023-09-01 10:10:28 +00:00
|
|
|
device = "servo-hn:/playground";
|
|
|
|
noCheck = true;
|
|
|
|
fsType = "nfs";
|
|
|
|
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
|
|
|
};
|
2023-08-20 06:20:04 +00:00
|
|
|
# fileSystems."/mnt/servo-media-nfs" = {
|
|
|
|
# device = "servo-hn:/media";
|
|
|
|
# noCheck = true;
|
|
|
|
# fsType = "nfs";
|
|
|
|
# options = fsOpts.common ++ fsOpts.auto;
|
|
|
|
# };
|
2024-02-06 05:48:11 +00:00
|
|
|
# sane.fs."/mnt/servo-media" = sane-lib.fs.wantedSymlinkTo "/mnt/servo-nfs/media";
|
2022-06-14 05:25:38 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
environment.pathsToLink = [
|
|
|
|
# needed to achieve superuser access for user-mounted filesystems (see optionsRoot above)
|
|
|
|
# we can only link whole directories here, even though we're only interested in pkgs.openssh
|
|
|
|
"/libexec"
|
|
|
|
];
|
2023-08-14 08:10:17 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.sshfs-fuse
|
|
|
|
];
|
|
|
|
}
|
2023-06-15 10:08:54 +00:00
|
|
|
|
2023-08-20 06:20:04 +00:00
|
|
|
(remoteHome "desko")
|
2023-08-20 06:26:20 +00:00
|
|
|
(remoteHome "lappy")
|
2023-08-20 06:20:04 +00:00
|
|
|
(remoteHome "moby")
|
|
|
|
]
|
2022-06-02 10:40:14 +00:00
|
|
|
|