67 lines
1.9 KiB
Nix
67 lines
1.9 KiB
Nix
# SPDX-FileCopyrightText: 2022-2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
mkMount = remote: { port ? 22, ro ? true, idmap ? null }:
|
|
assert !(isNull idmap) -> lib.elem idmap.type [ "simple" ];
|
|
{
|
|
device = remote;
|
|
fsType = "sshfs";
|
|
options = [
|
|
"allow_other"
|
|
|
|
"_netdev"
|
|
"x-systemd.idle-timeout=5min"
|
|
"x-systemd.automount"
|
|
|
|
"port=${toString port}"
|
|
|
|
"reconnect"
|
|
"ServerAliveInterval=15"
|
|
"ServerAliveCountMax=1"
|
|
"IdentityFile=${config.sops.secrets.media-ssh-key.path}"
|
|
] ++ lib.optionals ro [
|
|
"ro"
|
|
] ++ lib.optionals (!ro) [
|
|
"default_permissions" # if it is writable, permissions should be checked
|
|
] ++ lib.optionals (!(isNull idmap)) ([
|
|
"idmap=${if lib.elem idmap.type [ "file" "user" ] then idmap.type else "file"}"
|
|
"nomap=ignore"
|
|
] ++ lib.optionals (idmap.type == "simple") [
|
|
"uidfile=${pkgs.writeText "uidfile" ''
|
|
${idmap.username}:${toString idmap.uid}
|
|
''}"
|
|
"gidfile=${pkgs.writeText "gidfile" ''
|
|
${idmap.groupname}:${toString idmap.gid}
|
|
''}"
|
|
]);
|
|
};
|
|
in
|
|
lib.mkIf config.sbruder.gui.enable {
|
|
sops.secrets.media-ssh-key = { };
|
|
|
|
system.fsPackages = with pkgs; [ sshfs ];
|
|
|
|
fileSystems = {
|
|
"/home/simon/mounts/media" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/cold/media" { };
|
|
"/home/simon/mounts/torrent" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/hot/torrent" { };
|
|
"/home/simon/mounts/storagebox" = mkMount "u313368@personal.storagebox.sbruder.de:" {
|
|
port = 23;
|
|
ro = false;
|
|
idmap = {
|
|
type = "simple";
|
|
username = "simon";
|
|
groupname = "users";
|
|
uid = 313368;
|
|
gid = 313368;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/simon/mounts 0750 simon users - -"
|
|
];
|
|
}
|