diff --git a/modules/extern/nixos/kyuuto.nix b/modules/extern/nixos/kyuuto.nix index cb653b83..c1491b92 100644 --- a/modules/extern/nixos/kyuuto.nix +++ b/modules/extern/nixos/kyuuto.nix @@ -29,33 +29,24 @@ (mkIf config.smb.enable config.smb.fstabOptions) (mkIf config.automount.enable config.automount.fstabOptions) ]; + mountOptions = subpath: { + enable = + mkEnableOption "/mnt/${subpath}" + // { + default = true; + }; + krb5.enable = + mkEnableOption "krb5" + // { + default = enabled.krb5; + }; + }; in { options = with lib.types; { enable = mkEnableOption "kyuuto"; - media = { - enable = - mkEnableOption "/mnt/kyuuto-media" - // { - default = true; - }; - krb5.enable = - mkEnableOption "krb5" - // { - default = enabled.krb5; - }; - }; - transfer = { - enable = - mkEnableOption "/mnt/kyuuto-transfer" - // { - default = true; - }; - krb5.enable = - mkEnableOption "krb5" - // { - default = enabled.krb5; - }; - }; + media = mountOptions "kyuuto-media"; + data = mountOptions "kyuuto-data"; + transfer = mountOptions "kyuuto-transfer"; shared.enable = mkEnableOption "/mnt/kyuuto-shared"; domain = mkOption { type = str; @@ -127,17 +118,15 @@ "x-systemd.mount-timeout=2m" "x-systemd.idle-timeout=10m" ]; - setFilesystems = { - "/mnt/kyuuto-media" = mkIf config.media.enable { + setFilesystems = let + mkKyuutoFs = { + cfg, + nfsSubpath, + smbSubpath, + }: mkIf cfg.enable { device = mkMerge [ - (mkIf config.nfs.enable "nfs.${config.domain}:/srv/fs/kyuuto/media") - (mkIf config.smb.enable ( - if config.smb.user != null && access.local.enable - then ''\\smb.${config.domain}\kyuuto-media'' - else if config.smb.user != null - then ''\\smb.${config.domain}\kyuuto-media-global'' - else ''\\smb.${config.domain}\kyuuto-library-access'' - )) + (mkIf config.nfs.enable "nfs.${config.domain}:/srv/fs/${nfsSubpath}") + (mkIf config.smb.enable ''\\smb.${config.domain}\${smbSubpath}'') ]; fsType = mkMerge [ (mkIf config.nfs.enable "nfs4") @@ -145,12 +134,27 @@ ]; options = mkMerge (setFilesystemOptions ++ [ - (mkIf config.media.krb5.enable [ + (mkIf cfg.krb5.enable [ "sec=krb5" (mkIf config.nfs.enable "nfsvers=4") ]) ]); }; + in { + "/mnt/kyuuto-media" = mkKyuutoFs { + cfg = config.media; + nfsSubpath = "kyuuto/media"; + smbSubpath = if config.smb.user != null && access.local.enable + then "kyuuto-media" + else if config.smb.user != null + then "kyuuto-library-net" + else "kyuuto-library"; + }; + "/mnt/kyuuto-data" = mkKyuutoFs { + cfg = config.data; + nfsSubpath = "kyuuto/data"; + smbSubpath = "kyuuto-data"; + }; "/mnt/kyuuto-transfer" = mkIf config.transfer.enable { device = mkMerge [ (mkIf config.nfs.enable "nfs.${config.domain}:/srv/fs/kyuuto/transfer") @@ -162,7 +166,7 @@ ]; options = mkMerge (setFilesystemOptions ++ [ - (mkIf config.media.krb5.enable [ + (mkIf config.transfer.krb5.enable [ ( if access.local.enable || access.tail.enabled then "sec=sys:krb5" @@ -199,6 +203,7 @@ }; in { "${escapeSystemdPath "/mnt/kyuuto-media"}.mount" = mkIf config.media.enable netMountConfig; + "${escapeSystemdPath "/mnt/kyuuto-data"}.mount" = mkIf config.data.enable netMountConfig; "${escapeSystemdPath "/mnt/kyuuto-transfer"}.mount" = mkIf config.transfer.enable netMountConfig; "${escapeSystemdPath "/mnt/kyuuto-shared"}.mount" = mkIf (config.shared.enable && config.smb.enable) netMountConfig; }; diff --git a/nixos/kyuuto/nfs.nix b/nixos/kyuuto/nfs.nix index 2ff3ed81..69f9ab8b 100644 --- a/nixos/kyuuto/nfs.nix +++ b/nixos/kyuuto/nfs.nix @@ -13,6 +13,7 @@ __toString = _: config.services.nfs.export.root.path; transfer = "${nfsRoot}/kyuuto/transfer"; media = "${nfsRoot}/kyuuto/media"; + data = "${nfsRoot}/kyuuto/data"; }; in { services.nfs = { @@ -27,6 +28,15 @@ in { }; }; }; + ${nfsRoot.data} = { + flags = flagSets.common ++ ["fsid=130"] ++ flagSets.secip ++ ["rw"] ++ flagSets.anon_ro; + clients = { + local = { + machine = flagSets.allClients; + flags = flagSets.seclocal ++ ["rw" "no_all_squash"]; + }; + }; + }; ${nfsRoot.transfer} = { flags = flagSets.common ++ ["fsid=129"] ++ ["rw" "async"]; clients = { @@ -54,6 +64,11 @@ in { what = kyuuto.mountDir; where = nfsRoot.media; } + { + inherit type options wantedBy before; + what = kyuuto.dataDir; + where = nfsRoot.data; + } { inherit type options wantedBy before; what = kyuuto.transferDir; diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix index 2c01b385..a7bb5b45 100644 --- a/nixos/kyuuto/samba.nix +++ b/nixos/kyuuto/samba.nix @@ -81,6 +81,17 @@ in { "valid users" = ["@kyuuto-peeps"]; } ]; + kyuuto-data = mkMerge [ + kyuuto-media + { + path = kyuuto.dataDir; + comment = "Kyuuto Data"; + writeable = true; + public = false; + browseable = false; + "valid users" = ["@kyuuto-peeps"]; + } + ]; shared = { path = kyuuto.shareDir; comment = "Shared Data";