media-mount: Add storage box

2022-08-09 15:13:50 +02:00 · 2022-08-09 15:13:50 +02:00 · 0b4bfc931c
parent 685d3fa9f2
commit 0b4bfc931c
2 changed files with 47 additions and 17 deletions
--- a/modules/media-mount.nix
+++ b/modules/media-mount.nix
@ -1,22 +1,39 @@
 { config, lib, pkgs, ... }:
 let
-  mkMount = remote: {
-    device = remote;
-    fsType = "sshfs";
-    options = [
-      "ro"
-      "allow_other"
+  mkMount = remote: { port ? 22, ro ? true, idmap ? null }:
+    assert !(isNull idmap) -> lib.elem idmap.type [ "simple" ];
+    {
+      device = remote;
+      fsType = "sshfs";
+      options = [
+        "allow_other"

-      "_netdev"
-      "x-systemd.idle-timeout=5min"
-      "x-systemd.automount"
+        "_netdev"
+        "x-systemd.idle-timeout=5min"
+        "x-systemd.automount"

-      "reconnect"
-      "ServerAliveInterval=15"
-      "ServerAliveCountMax=1"
-      "IdentityFile=${config.sops.secrets.media-ssh-key.path}"
-    ];
-  };
+        "port=${toString port}"
+
+        "reconnect"
+        "ServerAliveInterval=15"
+        "ServerAliveCountMax=1"
+        "IdentityFile=${config.sops.secrets.media-ssh-key.path}"
+      ] ++ lib.optionals ro [
+        "ro"
+      ] ++ lib.optionals (!ro) [
+        "default_permissions" # if it is writable, permissions should be checked
+      ] ++ lib.optionals (!(isNull idmap)) ([
+        "idmap=${if lib.elem idmap.type [ "file" "user" ] then idmap.type else "file"}"
+        "nomap=ignore"
+      ] ++ lib.optionals (idmap.type == "simple") [
+        "uidfile=${pkgs.writeText "uidfile" ''
+          ${idmap.username}:${toString idmap.uid}
+        ''}"
+        "gidfile=${pkgs.writeText "gidfile" ''
+          ${idmap.groupname}:${toString idmap.gid}
+        ''}"
+      ]);
+    };
 in
 lib.mkIf config.sbruder.gui.enable {
  sops.secrets.media-ssh-key = { };
@ -24,7 +41,18 @@ lib.mkIf config.sbruder.gui.enable {
  system.fsPackages = with pkgs; [ sshfs ];

  fileSystems = {
-    "/home/simon/mounts/media" = mkMount "media@fuuko.home.sbruder.de:/data/media";
-    "/home/simon/mounts/torrent" = mkMount "media@fuuko.home.sbruder.de:/data/torrent";
+    "/home/simon/mounts/media" = mkMount "media@fuuko.home.sbruder.de:/data/media" { };
+    "/home/simon/mounts/torrent" = mkMount "media@fuuko.home.sbruder.de:/data/torrent" { };
+    "/home/simon/mounts/storagebox" = mkMount "u313368@personal.storagebox.sbruder.de:" {
+      port = 23;
+      ro = false;
+      idmap = {
+        type = "simple";
+        username = "simon";
+        groupname = "users";
+        uid = 313368;
+        gid = 313368;
+      };
+    };
  };
 }
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -11,6 +11,8 @@
  programs.ssh.knownHosts = {
    "[git.sbruder.de]:2022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINV/2NbmkWuOs/RyULTex1MkLaKrrDJFj8piX2CR+ms/";

+    "[personal.storagebox.sbruder.de]:23".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
+
    sayuri = {
      hostNames = [ "sayuri" "sayuri.home.sbruder.de" "sayuri.vpn.sbruder.de" ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg/622wS8SFlzS29TPW9li3pNdbdHNjlGb4XTyXR0QR";