diff --git a/nixos/kanidm.nix b/nixos/kanidm.nix index 7a6cb58d..f990559d 100644 --- a/nixos/kanidm.nix +++ b/nixos/kanidm.nix @@ -3,7 +3,7 @@ config, ... }: let - inherit (lib) mkDefault; + inherit (lib) mkIf mkDefault; cfg = config.services.kanidm; in { services.kanidm = { @@ -29,4 +29,8 @@ in { log_level = mkDefault "info"; }; }; + users = mkIf cfg.enableServer { + users.kanidm.uid = 994; + groups.kanidm.gid = 993; + }; } diff --git a/nixos/unifi.nix b/nixos/unifi.nix index fee06b44..9722ef97 100644 --- a/nixos/unifi.nix +++ b/nixos/unifi.nix @@ -29,4 +29,9 @@ in { 10001 # UDP port used for device discovery. ]; }; + + users = mkIf cfg.enable { + users.unifi.uid = 990; + groups.unifi.gid = 990; + }; } diff --git a/systems/mediabox/lxc.json b/systems/mediabox/lxc.json index 2f0fc50f..1480b689 100644 --- a/systems/mediabox/lxc.json +++ b/systems/mediabox/lxc.json @@ -4,6 +4,7 @@ "/mnt/kyuuto-media/library mnt/kyuuto-media/library none bind,optional,create=dir", "/mnt/kyuuto-media/downloads/deluge mnt/kyuuto-media/downloads/deluge none bind,optional,create=dir", "/rpool/caches/plex mnt/caches/plex none bind,optional,create=dir", + "/rpool/shared/plex mnt/shared/plex none bind,optional,create=dir", "/dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file" ], "lxc.idmap": [ diff --git a/systems/reisen/setup.sh b/systems/reisen/setup.sh index 7185ad51..b023ca9e 100644 --- a/systems/reisen/setup.sh +++ b/systems/reisen/setup.sh @@ -96,9 +96,38 @@ if [[ ! -d /rpool/shared ]]; then zfs create rpool/shared fi -if [[ ! -d /rpool/shared/nix ]]; then - zfs create rpool/shared/nix +if [[ ! -d /rpool/caches ]]; then + zfs create rpool/caches fi + +mkrpool() { + local SHARED_PATH SHARED_MODE SHARED_OWNER SHARED_GROUP + SHARED_PATH=$1 + SHARED_OWNER=$2 + SHARED_GROUP=$3 + SHARED_MODE=$4 + shift 4 + + if [[ ! -d "/rpool/$SHARED_PATH" ]]; then + zfs create "rpool/$SHARED_PATH" + fi + chmod "$SHARED_MODE" "/rpool/$SHARED_PATH" + chown "$SHARED_OWNER:$SHARED_GROUP" "/rpool/$SHARED_PATH" +} + +mkshared() { + local SHARED_PATH=$1 + shift + mkrpool "shared/$SHARED_PATH" "$@" +} + +mkcache() { + local SHARED_PATH=$1 + shift + mkrpool "caches/$SHARED_PATH" "$@" +} + +mkshared nix 0 0 0755 if [[ ! -d /rpool/shared/nix/store ]]; then zfs create -o compression=zstd rpool/shared/nix/store fi @@ -109,13 +138,7 @@ chown 100000:30000 /rpool/shared/nix/store chmod 1775 /rpool/shared/nix/store chown 100000:100000 /rpool/shared/nix/var -if [[ ! -d /rpool/caches ]]; then - zfs create rpool/caches -fi - -if [[ ! -d /rpool/caches/plex ]]; then - zfs create rpool/caches/plex -fi +mkcache plex 0 0 0755 if [[ ! -d /rpool/caches/plex/Cache ]]; then mkdir /rpool/caches/plex/Cache fi @@ -126,3 +149,11 @@ chown 100193:100193 /rpool/caches/plex/Cache chmod 0775 /rpool/caches/plex/Cache chown 100195:65534 /rpool/caches/plex/tautulli/cache chmod 0755 /rpool/caches/plex/tautulli/cache + +mkshared hass 100286 100286 0700 +mkshared kanidm 100994 100993 0700 +mkshared mosquitto 100246 100246 0700 +mkshared plex 100193 100193 0755 +mkshared postgresql 100071 100071 0750 +mkshared unifi 100990 100990 0755 +mkshared zigbee2mqtt 100317 100317 0700 diff --git a/systems/tei/lxc.json b/systems/tei/lxc.json index 1fa109b0..0da32168 100644 --- a/systems/tei/lxc.json +++ b/systems/tei/lxc.json @@ -1,6 +1,13 @@ { "lxc": { "lxc.mount.entry": [ + "/rpool/caches/zigbee2mqtt mnt/caches/zigbee2mqtt none bind,optional,create=dir", + "/rpool/shared/zigbee2mqtt mnt/shared/zigbee2mqtt none bind,optional,create=dir", + "/rpool/shared/mosquitto mnt/shared/mosquitto none bind,optional,create=dir", + "/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir", + "/rpool/shared/postgresql mnt/shared/postgresql none bind,optional,create=dir", + "/rpool/shared/kanidm mnt/shared/kanidm none bind,optional,create=dir", + "/rpool/shared/unifi mnt/shared/unifi none bind,optional,create=dir", "/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file", "/dev/net/tun dev/net/tun none bind,optional,create=file" ],