refactor: more shared data

nixos/kanidm.nix

@@ -3,7 +3,7 @@
   config,
   ...
 }: let
-  inherit (lib) mkDefault;
+  inherit (lib) mkIf mkDefault;
   cfg = config.services.kanidm;
 in {
   services.kanidm = {
@@ -29,4 +29,8 @@ in {
       log_level = mkDefault "info";
     };
   };
+  users = mkIf cfg.enableServer {
+    users.kanidm.uid = 994;
+    groups.kanidm.gid = 993;
+  };
 }

nixos/unifi.nix

@@ -29,4 +29,9 @@ in {
       10001 # UDP port used for device discovery.
     ];
   };
+
+  users = mkIf cfg.enable {
+    users.unifi.uid = 990;
+    groups.unifi.gid = 990;
+  };
 }

systems/mediabox/lxc.json

@@ -4,6 +4,7 @@
 			"/mnt/kyuuto-media/library mnt/kyuuto-media/library none bind,optional,create=dir",
 			"/mnt/kyuuto-media/downloads/deluge mnt/kyuuto-media/downloads/deluge none bind,optional,create=dir",
 			"/rpool/caches/plex mnt/caches/plex none bind,optional,create=dir",
+			"/rpool/shared/plex mnt/shared/plex none bind,optional,create=dir",
 			"/dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file"
 		],
 		"lxc.idmap": [

systems/reisen/setup.sh

@@ -96,9 +96,38 @@ if [[ ! -d /rpool/shared ]]; then
 	zfs create rpool/shared
 fi
 
-if [[ ! -d /rpool/shared/nix ]]; then
+if [[ ! -d /rpool/caches ]]; then
-	zfs create rpool/shared/nix
+	zfs create rpool/caches
 fi
+
+mkrpool() {
+	local SHARED_PATH SHARED_MODE SHARED_OWNER SHARED_GROUP
+	SHARED_PATH=$1
+	SHARED_OWNER=$2
+	SHARED_GROUP=$3
+	SHARED_MODE=$4
+	shift 4
+
+	if [[ ! -d "/rpool/$SHARED_PATH" ]]; then
+		zfs create "rpool/$SHARED_PATH"
+	fi
+	chmod "$SHARED_MODE" "/rpool/$SHARED_PATH"
+	chown "$SHARED_OWNER:$SHARED_GROUP" "/rpool/$SHARED_PATH"
+}
+
+mkshared() {
+	local SHARED_PATH=$1
+	shift
+	mkrpool "shared/$SHARED_PATH" "$@"
+}
+
+mkcache() {
+	local SHARED_PATH=$1
+	shift
+	mkrpool "caches/$SHARED_PATH" "$@"
+}
+
+mkshared nix 0 0 0755
 if [[ ! -d /rpool/shared/nix/store ]]; then
 	zfs create -o compression=zstd rpool/shared/nix/store
 fi
@@ -109,13 +138,7 @@ chown 100000:30000 /rpool/shared/nix/store
 chmod 1775 /rpool/shared/nix/store
 chown 100000:100000 /rpool/shared/nix/var
 
-if [[ ! -d /rpool/caches ]]; then
+mkcache plex 0 0 0755
-	zfs create rpool/caches
-fi
-
-if [[ ! -d /rpool/caches/plex ]]; then
-	zfs create rpool/caches/plex
-fi
 if [[ ! -d /rpool/caches/plex/Cache ]]; then
 	mkdir /rpool/caches/plex/Cache
 fi
@@ -126,3 +149,11 @@ chown 100193:100193 /rpool/caches/plex/Cache
 chmod 0775 /rpool/caches/plex/Cache
 chown 100195:65534 /rpool/caches/plex/tautulli/cache
 chmod 0755 /rpool/caches/plex/tautulli/cache
+
+mkshared hass 100286 100286 0700
+mkshared kanidm 100994 100993 0700
+mkshared mosquitto 100246 100246 0700
+mkshared plex 100193 100193 0755
+mkshared postgresql 100071 100071 0750
+mkshared unifi 100990 100990 0755
+mkshared zigbee2mqtt 100317 100317 0700

systems/tei/lxc.json

@@ -1,6 +1,13 @@
 {
 	"lxc": {
 		"lxc.mount.entry": [
+			"/rpool/caches/zigbee2mqtt mnt/caches/zigbee2mqtt none bind,optional,create=dir",
+			"/rpool/shared/zigbee2mqtt mnt/shared/zigbee2mqtt none bind,optional,create=dir",
+			"/rpool/shared/mosquitto mnt/shared/mosquitto none bind,optional,create=dir",
+			"/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir",
+			"/rpool/shared/postgresql mnt/shared/postgresql none bind,optional,create=dir",
+			"/rpool/shared/kanidm mnt/shared/kanidm none bind,optional,create=dir",
+			"/rpool/shared/unifi mnt/shared/unifi none bind,optional,create=dir",
 			"/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file",
 			"/dev/net/tun dev/net/tun none bind,optional,create=file"
 		],