gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(nfs): clean up kyuuto fs exports

Browse source
This commit is contained in:
arcnmx 2024-11-24 13:23:15 -08:00
parent 2bb878be1d
commit 64efbaf503
5 changed files with 94 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/extern/nixos/kyuuto.nix vendored
View file

@ -104,13 +104,19 @@
];
nfs.fstabOptions = [
"noauto"
"lazytime" "noatime"
#"nfsvers=4"
"soft"
"nocto"
"retrans=2"
"timeo=60"
"actimeo=300"
"acregmin=60"
"acdirmin=60"
];
smb.fstabOptions = [
"noauto"
"lazytime" "noatime"
(mkIf (config.smb.user != null) "user=${config.smb.user}")
];
automount.fstabOptions = [

170
nixos/kyuuto/nfs.nix
View file

@ -3,7 +3,9 @@
lib,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.attrsets) mapAttrs' mapAttrsToList nameValuePair;
inherit (lib.lists) concatLists;
inherit (config) kyuuto;
inherit (config.services.nfs.export) flagSets;
nfsRoot = {
@ -12,14 +14,53 @@
media = "${nfsRoot}/kyuuto/media";
data = "${nfsRoot}/kyuuto/data";
systems = "${nfsRoot}/kyuuto/systems";
gengetsu = "${nfsRoot.systems}/gengetsu";
mugetsu = "${nfsRoot.systems}/mugetsu";
goliath = "${nfsRoot.systems}/goliath";
};
mkSystemExport = { name, fsid, machine, flags ? ["async"], machineFlags ? flagSets.metal }: {
flags = flagSets.common ++ ["fsid=${toString fsid}"] ++ flags;
clients = {
${name} = {
inherit machine;
flags = machineFlags;
};
admin = {
machine = flagSets.adminClients;
flags = machineFlags;
};
};
};
mkSystemExports = name: { machine, fileSystems }: let
systemRoot = "${nfsRoot.systems}/${name}";
mapSystemExport = fsName: fs: nameValuePair "${systemRoot}/${fsName}" (mkSystemExport ({
inherit name machine;
} // fs));
in mapAttrs' mapSystemExport fileSystems;
exportedSystems = {
gengetsu = {
machine = flagSets.gengetsuClients;
fileSystems = {
root.fsid = 162;
boot.fsid = 163;
};
};
mugetsu = {
machine = flagSets.mugetsuClients;
fileSystems = {
root.fsid = 170;
boot.fsid = 171;
};
};
goliath = {
machine = flagSets.goliathClients;
fileSystems = {
root.fsid = 172;
boot.fsid = 173;
};
};
};
in {
services.nfs = {
export = {
paths = {
export = let
exportPaths = {
${nfsRoot.media} = {
flags = flagSets.common ++ ["fsid=128"] ++ flagSets.secip ++ ["rw"] ++ flagSets.anon_ro;
clients = {
@ -47,61 +88,13 @@ in {
};
};
};
"${nfsRoot.gengetsu}/root" = {
flags = flagSets.common ++ ["fsid=162"] ++ ["async"];
clients = {
gengetsu = {
machine = flagSets.gengetsuClients;
flags = flagSets.metal;
};
};
};
"${nfsRoot.gengetsu}/boot" = {
flags = flagSets.common ++ ["fsid=163"] ++ ["async"];
clients = {
gengetsu = {
machine = flagSets.gengetsuClients;
flags = flagSets.metal;
};
};
};
"${nfsRoot.mugetsu}/root" = {
flags = flagSets.common ++ ["fsid=170"] ++ ["async"];
clients = {
mugetsu = {
machine = flagSets.mugetsuClients;
flags = flagSets.metal;
};
};
};
"${nfsRoot.mugetsu}/boot" = {
flags = flagSets.common ++ ["fsid=171"] ++ ["async"];
clients = {
mugetsu = {
machine = flagSets.mugetsuClients;
flags = flagSets.metal;
};
};
};
"${nfsRoot.goliath}/root" = {
flags = flagSets.common ++ ["fsid=172"] ++ ["async"];
clients = {
goliath = {
machine = flagSets.goliathClients;
flags = flagSets.metal;
};
};
};
"${nfsRoot.goliath}/boot" = {
flags = flagSets.common ++ ["fsid=173"] ++ ["async"];
clients = {
goliath = {
machine = flagSets.goliathClients;
flags = flagSets.metal;
};
};
};
};
systemPaths = mkMerge (mapAttrsToList mkSystemExports exportedSystems);
in {
paths = mkMerge [
exportPaths
systemPaths
];
};
};
systemd.mounts = let
@ -112,52 +105,39 @@ in {
"nfs-mountd.service"
];
before = wantedBy;
in
mkIf config.services.nfs.server.enable [
{
mkMount = { what, where, ... }@args: {
inherit type options wantedBy before;
} // args;
mkSystemMount = { name, fsName }: let
systemRoot = "${nfsRoot.systems}/${name}";
in mkMount {
what = "${kyuuto.dataDir}/systems/${name}/fs/${fsName}";
where = "${systemRoot}/${fsName}";
};
mapSystemMounts = name: { fileSystems, ... }: let
mapFileSystem = fsName: fs: mkSystemMount { inherit name fsName; };
in mapAttrsToList mapFileSystem fileSystems;
systemMounts = let
systemMounts = mapAttrsToList mapSystemMounts exportedSystems;
in concatLists systemMounts;
exportMounts = map mkMount [
{
what = kyuuto.mountDir;
where = nfsRoot.media;
}
{
inherit type options wantedBy before;
what = kyuuto.dataDir;
where = nfsRoot.data;
}
{
inherit type options wantedBy before;
what = kyuuto.transferDir;
where = nfsRoot.transfer;
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/gengetsu/fs/root";
where = "${nfsRoot.gengetsu}/root";
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/gengetsu/fs/boot";
where = "${nfsRoot.gengetsu}/boot";
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/mugetsu/fs/root";
where = "${nfsRoot.mugetsu}/root";
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/mugetsu/fs/boot";
where = "${nfsRoot.mugetsu}/boot";
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/goliath/fs/root";
where = "${nfsRoot.goliath}/root";
}
{
inherit type options wantedBy before;
what = "${kyuuto.dataDir}/systems/goliath/fs/boot";
where = "${nfsRoot.goliath}/boot";
}
];
pathMounts = mkMerge [
exportMounts
systemMounts
];
in
mkIf config.services.nfs.server.enable pathMounts;
}

7
nixos/netboot/kyuuto.nix
View file

@ -10,6 +10,8 @@
inherit (lib.modules) mkIf mkDefault mkMerge;
cfg = config.gensokyo-zone.netboot;
nfsEnabled = config.boot.initrd.supportedFilesystems.nfs or config.boot.initrd.supportedFilesystems.nfs4 or false;
defaultCacheTimeoutMax = 60 * 60; # 1h
defaultCacheTimeoutMin = 60; # 1m
in {
options.gensokyo-zone.netboot = with lib.types; {
# TODO: default = true;
@ -26,6 +28,11 @@ in {
type = listOf str;
default = [
"nolock" # required in order to mount in initrd when statd daemon isn't running
"nocto"
"lazytime" "noatime"
"actimeo=${toString defaultCacheTimeoutMax}"
"acregmin=${toString defaultCacheTimeoutMin}"
"acdirmin=${toString defaultCacheTimeoutMin}"
];
};
};

4
nixos/nfs.nix
View file

@ -101,6 +101,10 @@ in {
trustedClients = [
"@trusted"
];
adminClients = [
"@admin"
# XXX: include tailscale addresses of trusted machines here too?
];
tailClients = optionals config.services.tailscale.enable cidrForNetwork.tail.all;
localClients = cidrForNetwork.allLan.all ++ flagSets.tailClients;
allClients = flagSets.clientGroups ++ flagSets.trustedClients ++ flagSets.localClients;

2
systems/reimu/lxc.json
View file

@ -3,8 +3,10 @@
"lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/gengetsu mnt/kyuuto-data/systems/gengetsu none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/gengetsu/fs/root mnt/kyuuto-data/systems/gengetsu/fs/root none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/gengetsu/fs/boot mnt/kyuuto-data/systems/gengetsu/fs/boot none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/mugetsu mnt/kyuuto-data/systems/mugetsu none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/mugetsu/fs/root mnt/kyuuto-data/systems/mugetsu/fs/root none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/mugetsu/fs/boot mnt/kyuuto-data/systems/mugetsu/fs/boot none bind,optional,create=dir",
"/mnt/kyuuto-data/systems/goliath mnt/kyuuto-data/systems/goliath none bind,optional,create=dir",