2023-06-15 10:08:54 +00:00
|
|
|
# docs
|
|
|
|
# - x-systemd options: <https://www.freedesktop.org/software/systemd/man/systemd.mount.html>
|
|
|
|
|
2023-06-15 02:31:17 +00:00
|
|
|
{ pkgs, sane-lib, ... }:
|
2022-06-02 10:40:14 +00:00
|
|
|
|
2023-06-15 08:40:21 +00:00
|
|
|
let fsOpts = rec {
|
|
|
|
common = [
|
2022-06-10 07:38:02 +00:00
|
|
|
"_netdev"
|
2023-06-15 08:40:21 +00:00
|
|
|
"noatime"
|
2023-06-28 10:50:39 +00:00
|
|
|
"user" # allow any user with access to the device to mount the fs
|
2023-06-15 08:40:21 +00:00
|
|
|
"x-systemd.requires=network-online.target"
|
|
|
|
"x-systemd.after=network-online.target"
|
2023-06-15 10:08:54 +00:00
|
|
|
"x-systemd.mount-timeout=10s" # how long to wait for mount **and** how long to wait for unmount
|
2023-06-15 08:40:21 +00:00
|
|
|
];
|
2023-06-15 09:25:48 +00:00
|
|
|
auto = [ "x-systemd.automount" ];
|
2023-06-15 10:08:54 +00:00
|
|
|
noauto = [ "noauto" ]; # don't mount as part of remote-fs.target
|
2023-06-15 09:25:48 +00:00
|
|
|
wg = [
|
|
|
|
"x-systemd.requires=wireguard-wg-home.service"
|
|
|
|
"x-systemd.after=wireguard-wg-home.service"
|
|
|
|
];
|
|
|
|
|
|
|
|
ssh = common ++ [
|
2022-06-10 07:38:02 +00:00
|
|
|
"identityfile=/home/colin/.ssh/id_ed25519"
|
|
|
|
"allow_other"
|
|
|
|
"default_permissions"
|
2022-08-31 02:55:15 +00:00
|
|
|
];
|
2023-06-15 09:25:48 +00:00
|
|
|
sshColin = ssh ++ [
|
2022-08-31 05:25:22 +00:00
|
|
|
"transform_symlinks"
|
2022-08-31 04:14:12 +00:00
|
|
|
"idmap=user"
|
2022-06-10 07:38:02 +00:00
|
|
|
"uid=1000"
|
|
|
|
"gid=100"
|
|
|
|
];
|
2023-06-15 09:25:48 +00:00
|
|
|
sshRoot = ssh ++ [
|
2022-08-31 05:25:22 +00:00
|
|
|
# we don't transform_symlinks because that breaks the validity of remote /nix stores
|
2022-11-07 02:54:22 +00:00
|
|
|
"sftp_server=/run/wrappers/bin/sudo\\040/run/current-system/sw/libexec/sftp-server"
|
2022-08-31 04:14:12 +00:00
|
|
|
];
|
2023-06-15 08:40:21 +00:00
|
|
|
# in the event of hunt NFS mounts, consider:
|
|
|
|
# - <https://unix.stackexchange.com/questions/31979/stop-broken-nfs-mounts-from-locking-a-directory>
|
2023-06-15 09:25:48 +00:00
|
|
|
|
|
|
|
# NFS options: <https://linux.die.net/man/5/nfs>
|
|
|
|
# actimeo=n = how long (in seconds) to cache file/dir attributes (default: 3-60s)
|
|
|
|
# bg = retry failed mounts in the background
|
|
|
|
# retry=n = for how many minutes `mount` will retry NFS mount operation
|
|
|
|
# soft = on "major timeout", report I/O error to userspace
|
|
|
|
# retrans=n = how many times to retry a NFS request before giving userspace a "server not responding" error (default: 3)
|
|
|
|
# timeo=n = number of *deciseconds* to wait for a response before retrying it (default: 600)
|
|
|
|
# note: client uses a linear backup, so the second request will have double this timeout, then triple, etc.
|
|
|
|
nfs = common ++ [
|
|
|
|
# "actimeo=10"
|
2023-06-15 10:08:54 +00:00
|
|
|
"bg"
|
2023-06-15 09:25:48 +00:00
|
|
|
"retrans=4"
|
|
|
|
"retry=0"
|
|
|
|
"soft"
|
|
|
|
"timeo=15"
|
2023-06-17 10:03:44 +00:00
|
|
|
"nofail" # don't fail remote-fs.target when this mount fails (not an option for sshfs else would be common)
|
2023-06-15 09:25:48 +00:00
|
|
|
];
|
2022-06-10 07:38:02 +00:00
|
|
|
};
|
|
|
|
in
|
2022-06-02 10:40:14 +00:00
|
|
|
{
|
2023-06-15 10:08:54 +00:00
|
|
|
# fileSystems."/mnt/servo-nfs" = {
|
|
|
|
# device = "servo-hn:/";
|
|
|
|
# noCheck = true;
|
|
|
|
# fsType = "nfs";
|
|
|
|
# options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
|
|
|
# };
|
|
|
|
fileSystems."/mnt/servo-nfs/media" = {
|
|
|
|
device = "servo-hn:/media";
|
2023-06-15 02:14:42 +00:00
|
|
|
noCheck = true;
|
|
|
|
fsType = "nfs";
|
2023-06-15 09:25:48 +00:00
|
|
|
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
2023-06-15 02:14:42 +00:00
|
|
|
};
|
|
|
|
# fileSystems."/mnt/servo-media-nfs" = {
|
2023-06-15 08:40:21 +00:00
|
|
|
# device = "servo-hn:/media";
|
2023-06-15 02:14:42 +00:00
|
|
|
# noCheck = true;
|
|
|
|
# fsType = "nfs";
|
2023-06-15 08:40:21 +00:00
|
|
|
# options = fsOpts.common ++ fsOpts.auto;
|
2023-06-15 02:14:42 +00:00
|
|
|
# };
|
2023-06-15 02:31:17 +00:00
|
|
|
sane.fs."/mnt/servo-media" = sane-lib.fs.wantedSymlinkTo "/mnt/servo-nfs/media";
|
2023-06-15 02:14:42 +00:00
|
|
|
|
2022-06-14 07:13:39 +00:00
|
|
|
fileSystems."/mnt/servo-media-wan" = {
|
2022-06-29 08:17:53 +00:00
|
|
|
device = "colin@uninsane.org:/var/lib/uninsane/media";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshColin ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-06-10 07:38:02 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/servo-media-wan" = sane-lib.fs.wantedDir;
|
2022-06-14 07:13:39 +00:00
|
|
|
fileSystems."/mnt/servo-media-lan" = {
|
2022-06-29 08:17:53 +00:00
|
|
|
device = "colin@servo:/var/lib/uninsane/media";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshColin ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-08-31 02:55:15 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/servo-media-lan" = sane-lib.fs.wantedDir;
|
2022-08-31 02:55:15 +00:00
|
|
|
fileSystems."/mnt/servo-root-wan" = {
|
|
|
|
device = "colin@uninsane.org:/";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshRoot ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-08-31 02:55:15 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/servo-root-wan" = sane-lib.fs.wantedDir;
|
2022-08-31 02:55:15 +00:00
|
|
|
fileSystems."/mnt/servo-root-lan" = {
|
|
|
|
device = "colin@servo:/";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshRoot ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-06-02 10:40:14 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/servo-root-lan" = sane-lib.fs.wantedDir;
|
2022-06-14 05:25:38 +00:00
|
|
|
fileSystems."/mnt/desko-home" = {
|
|
|
|
device = "colin@desko:/home/colin";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshColin ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-06-14 05:25:38 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/desko-home" = sane-lib.fs.wantedDir;
|
2022-08-31 04:14:12 +00:00
|
|
|
fileSystems."/mnt/desko-root" = {
|
|
|
|
device = "colin@desko:/";
|
2023-06-15 08:40:21 +00:00
|
|
|
fsType = "fuse.sshfs";
|
|
|
|
options = fsOpts.sshRoot ++ fsOpts.noauto;
|
2022-09-27 11:32:17 +00:00
|
|
|
noCheck = true;
|
2022-08-31 04:14:12 +00:00
|
|
|
};
|
2023-06-20 08:40:25 +00:00
|
|
|
sane.fs."/mnt/desko-root" = sane-lib.fs.wantedDir;
|
2022-06-14 05:25:38 +00:00
|
|
|
|
2023-06-15 10:08:54 +00:00
|
|
|
environment.pathsToLink = [
|
|
|
|
# needed to achieve superuser access for user-mounted filesystems (see optionsRoot above)
|
|
|
|
# we can only link whole directories here, even though we're only interested in pkgs.openssh
|
|
|
|
"/libexec"
|
|
|
|
];
|
|
|
|
|
2022-06-02 10:40:14 +00:00
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.sshfs-fuse
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|