From 15e09573d5ae83481101aa7e97989ed617a455ad Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 1 Sep 2023 01:23:35 +0000
Subject: [PATCH] exports: consolidate nfs and sftpgo mounts into /var/export

---
 .../by-name/servo/services/export/default.nix | 37 ++++++++++++++++++-
 hosts/by-name/servo/services/export/nfs.nix   |  8 +---
 .../by-name/servo/services/export/sftpgo.nix  | 28 +++-----------
 3 files changed, 43 insertions(+), 30 deletions(-)

diff --git a/hosts/by-name/servo/services/export/default.nix b/hosts/by-name/servo/services/export/default.nix
index 43af48fa..53b558d7 100644
--- a/hosts/by-name/servo/services/export/default.nix
+++ b/hosts/by-name/servo/services/export/default.nix
@@ -1,7 +1,42 @@
-{ ... }:
+{ config, ... }:
 {
   imports = [
     ./nfs.nix
     ./sftpgo.nix
   ];
+
+
+  fileSystems."/var/export/media" = {
+    # everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
+    device = "/var/lib/uninsane/media";
+    options = [ "rbind" ];
+  };
+  fileSystems."/var/export/playground" = {
+    device = config.fileSystems."/mnt/persist/ext".device;
+    fsType = "btrfs";
+    options = [
+      "subvol=export-playground"
+      "compress=zstd"
+      "defaults"
+    ];
+  };
+
+  sane.fs."/var/export/README.md" = {
+    wantedBy = [ "nfs.service" "sftpgo.service" ];
+    file.text = ''
+      - media/         read-only:  Videos, Music, Books, etc
+      - playground/    read-write: use it to share files with other users of this server
+    '';
+  };
+
+  # sane.fs."/var/lib/sftpgo/export/playground/README.md" = {
+  #   wantedBy = [ "nfs.service" "sftpgo.service" ];
+  #   file.text = ''
+  #     this directory is intentionally read+write by anyone.
+  #     there are no rules, except a server-level quota:
+  #     - share files
+  #     - write poetry
+  #     - be a friendly troll
+  #   '';
+  # };
 }
diff --git a/hosts/by-name/servo/services/export/nfs.nix b/hosts/by-name/servo/services/export/nfs.nix
index 80962205..75e5d1a2 100644
--- a/hosts/by-name/servo/services/export/nfs.nix
+++ b/hosts/by-name/servo/services/export/nfs.nix
@@ -56,12 +56,6 @@
   #
   # 10.0.0.0/8 to export (readonly) both to LAN (unencrypted) and wg vpn (encrypted)
   services.nfs.server.exports = ''
-    /var/nfs/export 10.78.79.0/22(ro,crossmnt,fsid=0,subtree_check) 10.0.10.0/24(rw,no_root_squash,crossmnt,fsid=0,subtree_check)
+    /var/export 10.78.79.0/22(ro,crossmnt,fsid=0,subtree_check) 10.0.10.0/24(rw,no_root_squash,crossmnt,fsid=0,subtree_check)
   '';
-
-  fileSystems."/var/nfs/export/media" = {
-    # everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
-    device = "/var/lib/uninsane/media";
-    options = [ "rbind" ];
-  };
 }
diff --git a/hosts/by-name/servo/services/export/sftpgo.nix b/hosts/by-name/servo/services/export/sftpgo.nix
index ee6d0903..27c89b64 100644
--- a/hosts/by-name/servo/services/export/sftpgo.nix
+++ b/hosts/by-name/servo/services/export/sftpgo.nix
@@ -44,7 +44,7 @@ let
     status = 1;
     username = "anonymous";
     expiration_date = 0;
-    home_dir = "/var/lib/sftpgo/export";
+    home_dir = "/var/export";
     # uid/gid 0 means to inherit sftpgo uid.
     # - i.e. users can't read files which Linux user `sftpgo` can't read
     # - uploaded files belong to Linux user `sftpgo`
@@ -172,23 +172,14 @@ in
     };
   };
 
-  fileSystems."/var/lib/sftpgo/export/media" = {
-    # everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
-    device = "/var/lib/uninsane/media";
-    options = [ "rbind" ];
-  };
+  # fileSystems."/var/lib/sftpgo/export/media" = {
+  #   # everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
+  #   device = "/var/lib/uninsane/media";
+  #   options = [ "rbind" ];
+  # };
   # sane.persist.sys.plaintext = [
   #   { user = "sftpgo"; group = "sftpgo"; path = "/var/lib/sftpgo/export/playground"; }
   # ];
-  fileSystems."/var/lib/sftpgo/export/playground" = {
-    device = config.fileSystems."/mnt/persist/ext".device;
-    fsType = "btrfs";
-    options = [
-      "subvol=export-playground"
-      "compress=zstd"
-      "defaults"
-    ];
-  };
   # sane.fs."/var/lib/sftpgo/export/playground/README.md" = {
   #   wantedBy = [ "sftpgo.service" ];
   #   file.text = ''
@@ -199,11 +190,4 @@ in
   #     - be a friendly troll
   #   '';
   # };
-  sane.fs."/var/lib/sftpgo/export/README.md" = {
-    wantedBy = [ "sftpgo.service" ];
-    file.text = ''
-      - media/         read-only:  Videos, Music, Books, etc
-      - playground/    read-write: use it to share files with other users of this server
-    '';
-  };
 }