From 64efbaf503680e84a70fb31d458bcd5d016780f1 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sun, 24 Nov 2024 13:23:15 -0800 Subject: [PATCH] chore(nfs): clean up kyuuto fs exports --- modules/extern/nixos/kyuuto.nix | 6 ++ nixos/kyuuto/nfs.nix | 170 ++++++++++++++------------------ nixos/netboot/kyuuto.nix | 7 ++ nixos/nfs.nix | 4 + systems/reimu/lxc.json | 2 + 5 files changed, 94 insertions(+), 95 deletions(-) diff --git a/modules/extern/nixos/kyuuto.nix b/modules/extern/nixos/kyuuto.nix index c1491b92..452f7c13 100644 --- a/modules/extern/nixos/kyuuto.nix +++ b/modules/extern/nixos/kyuuto.nix @@ -104,13 +104,19 @@ ]; nfs.fstabOptions = [ "noauto" + "lazytime" "noatime" #"nfsvers=4" "soft" + "nocto" "retrans=2" "timeo=60" + "actimeo=300" + "acregmin=60" + "acdirmin=60" ]; smb.fstabOptions = [ "noauto" + "lazytime" "noatime" (mkIf (config.smb.user != null) "user=${config.smb.user}") ]; automount.fstabOptions = [ diff --git a/nixos/kyuuto/nfs.nix b/nixos/kyuuto/nfs.nix index 5a1d73a3..43413909 100644 --- a/nixos/kyuuto/nfs.nix +++ b/nixos/kyuuto/nfs.nix @@ -3,7 +3,9 @@ lib, ... }: let - inherit (lib.modules) mkIf; + inherit (lib.modules) mkIf mkMerge; + inherit (lib.attrsets) mapAttrs' mapAttrsToList nameValuePair; + inherit (lib.lists) concatLists; inherit (config) kyuuto; inherit (config.services.nfs.export) flagSets; nfsRoot = { @@ -12,14 +14,53 @@ media = "${nfsRoot}/kyuuto/media"; data = "${nfsRoot}/kyuuto/data"; systems = "${nfsRoot}/kyuuto/systems"; - gengetsu = "${nfsRoot.systems}/gengetsu"; - mugetsu = "${nfsRoot.systems}/mugetsu"; - goliath = "${nfsRoot.systems}/goliath"; + }; + mkSystemExport = { name, fsid, machine, flags ? ["async"], machineFlags ? flagSets.metal }: { + flags = flagSets.common ++ ["fsid=${toString fsid}"] ++ flags; + clients = { + ${name} = { + inherit machine; + flags = machineFlags; + }; + admin = { + machine = flagSets.adminClients; + flags = machineFlags; + }; + }; + }; + mkSystemExports = name: { machine, fileSystems }: let + systemRoot = "${nfsRoot.systems}/${name}"; + mapSystemExport = fsName: fs: nameValuePair "${systemRoot}/${fsName}" (mkSystemExport ({ + inherit name machine; + } // fs)); + in mapAttrs' mapSystemExport fileSystems; + exportedSystems = { + gengetsu = { + machine = flagSets.gengetsuClients; + fileSystems = { + root.fsid = 162; + boot.fsid = 163; + }; + }; + mugetsu = { + machine = flagSets.mugetsuClients; + fileSystems = { + root.fsid = 170; + boot.fsid = 171; + }; + }; + goliath = { + machine = flagSets.goliathClients; + fileSystems = { + root.fsid = 172; + boot.fsid = 173; + }; + }; }; in { services.nfs = { - export = { - paths = { + export = let + exportPaths = { ${nfsRoot.media} = { flags = flagSets.common ++ ["fsid=128"] ++ flagSets.secip ++ ["rw"] ++ flagSets.anon_ro; clients = { @@ -47,61 +88,13 @@ in { }; }; }; - "${nfsRoot.gengetsu}/root" = { - flags = flagSets.common ++ ["fsid=162"] ++ ["async"]; - clients = { - gengetsu = { - machine = flagSets.gengetsuClients; - flags = flagSets.metal; - }; - }; - }; - "${nfsRoot.gengetsu}/boot" = { - flags = flagSets.common ++ ["fsid=163"] ++ ["async"]; - clients = { - gengetsu = { - machine = flagSets.gengetsuClients; - flags = flagSets.metal; - }; - }; - }; - "${nfsRoot.mugetsu}/root" = { - flags = flagSets.common ++ ["fsid=170"] ++ ["async"]; - clients = { - mugetsu = { - machine = flagSets.mugetsuClients; - flags = flagSets.metal; - }; - }; - }; - "${nfsRoot.mugetsu}/boot" = { - flags = flagSets.common ++ ["fsid=171"] ++ ["async"]; - clients = { - mugetsu = { - machine = flagSets.mugetsuClients; - flags = flagSets.metal; - }; - }; - }; - "${nfsRoot.goliath}/root" = { - flags = flagSets.common ++ ["fsid=172"] ++ ["async"]; - clients = { - goliath = { - machine = flagSets.goliathClients; - flags = flagSets.metal; - }; - }; - }; - "${nfsRoot.goliath}/boot" = { - flags = flagSets.common ++ ["fsid=173"] ++ ["async"]; - clients = { - goliath = { - machine = flagSets.goliathClients; - flags = flagSets.metal; - }; - }; - }; }; + systemPaths = mkMerge (mapAttrsToList mkSystemExports exportedSystems); + in { + paths = mkMerge [ + exportPaths + systemPaths + ]; }; }; systemd.mounts = let @@ -112,52 +105,39 @@ in { "nfs-mountd.service" ]; before = wantedBy; - in - mkIf config.services.nfs.server.enable [ + mkMount = { what, where, ... }@args: { + inherit type options wantedBy before; + } // args; + mkSystemMount = { name, fsName }: let + systemRoot = "${nfsRoot.systems}/${name}"; + in mkMount { + what = "${kyuuto.dataDir}/systems/${name}/fs/${fsName}"; + where = "${systemRoot}/${fsName}"; + }; + mapSystemMounts = name: { fileSystems, ... }: let + mapFileSystem = fsName: fs: mkSystemMount { inherit name fsName; }; + in mapAttrsToList mapFileSystem fileSystems; + systemMounts = let + systemMounts = mapAttrsToList mapSystemMounts exportedSystems; + in concatLists systemMounts; + exportMounts = map mkMount [ { - inherit type options wantedBy before; what = kyuuto.mountDir; where = nfsRoot.media; } { - inherit type options wantedBy before; what = kyuuto.dataDir; where = nfsRoot.data; } { - inherit type options wantedBy before; what = kyuuto.transferDir; where = nfsRoot.transfer; } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/gengetsu/fs/root"; - where = "${nfsRoot.gengetsu}/root"; - } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/gengetsu/fs/boot"; - where = "${nfsRoot.gengetsu}/boot"; - } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/mugetsu/fs/root"; - where = "${nfsRoot.mugetsu}/root"; - } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/mugetsu/fs/boot"; - where = "${nfsRoot.mugetsu}/boot"; - } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/goliath/fs/root"; - where = "${nfsRoot.goliath}/root"; - } - { - inherit type options wantedBy before; - what = "${kyuuto.dataDir}/systems/goliath/fs/boot"; - where = "${nfsRoot.goliath}/boot"; - } ]; + pathMounts = mkMerge [ + exportMounts + systemMounts + ]; + in + mkIf config.services.nfs.server.enable pathMounts; } diff --git a/nixos/netboot/kyuuto.nix b/nixos/netboot/kyuuto.nix index f9a71bbf..361ccedb 100644 --- a/nixos/netboot/kyuuto.nix +++ b/nixos/netboot/kyuuto.nix @@ -10,6 +10,8 @@ inherit (lib.modules) mkIf mkDefault mkMerge; cfg = config.gensokyo-zone.netboot; nfsEnabled = config.boot.initrd.supportedFilesystems.nfs or config.boot.initrd.supportedFilesystems.nfs4 or false; + defaultCacheTimeoutMax = 60 * 60; # 1h + defaultCacheTimeoutMin = 60; # 1m in { options.gensokyo-zone.netboot = with lib.types; { # TODO: default = true; @@ -26,6 +28,11 @@ in { type = listOf str; default = [ "nolock" # required in order to mount in initrd when statd daemon isn't running + "nocto" + "lazytime" "noatime" + "actimeo=${toString defaultCacheTimeoutMax}" + "acregmin=${toString defaultCacheTimeoutMin}" + "acdirmin=${toString defaultCacheTimeoutMin}" ]; }; }; diff --git a/nixos/nfs.nix b/nixos/nfs.nix index 2ed97f7c..e9a2b1be 100644 --- a/nixos/nfs.nix +++ b/nixos/nfs.nix @@ -101,6 +101,10 @@ in { trustedClients = [ "@trusted" ]; + adminClients = [ + "@admin" + # XXX: include tailscale addresses of trusted machines here too? + ]; tailClients = optionals config.services.tailscale.enable cidrForNetwork.tail.all; localClients = cidrForNetwork.allLan.all ++ flagSets.tailClients; allClients = flagSets.clientGroups ++ flagSets.trustedClients ++ flagSets.localClients; diff --git a/systems/reimu/lxc.json b/systems/reimu/lxc.json index 9f1b2898..42af1287 100644 --- a/systems/reimu/lxc.json +++ b/systems/reimu/lxc.json @@ -3,8 +3,10 @@ "lxc.mount.entry": [ "/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir", "/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir", + "/mnt/kyuuto-data/systems/gengetsu mnt/kyuuto-data/systems/gengetsu none bind,optional,create=dir", "/mnt/kyuuto-data/systems/gengetsu/fs/root mnt/kyuuto-data/systems/gengetsu/fs/root none bind,optional,create=dir", "/mnt/kyuuto-data/systems/gengetsu/fs/boot mnt/kyuuto-data/systems/gengetsu/fs/boot none bind,optional,create=dir", + "/mnt/kyuuto-data/systems/mugetsu mnt/kyuuto-data/systems/mugetsu none bind,optional,create=dir", "/mnt/kyuuto-data/systems/mugetsu/fs/root mnt/kyuuto-data/systems/mugetsu/fs/root none bind,optional,create=dir", "/mnt/kyuuto-data/systems/mugetsu/fs/boot mnt/kyuuto-data/systems/mugetsu/fs/boot none bind,optional,create=dir", "/mnt/kyuuto-data/systems/goliath mnt/kyuuto-data/systems/goliath none bind,optional,create=dir",