Simon Bruder
4f536a00d2
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq interfering in queries for hosts on the LAN often causes problems. This domain is specifically for the case of not having DNSSEC on it.
63 lines
1.8 KiB
Nix
63 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
mkMount = remote: { port ? 22, ro ? true, idmap ? null }:
|
|
assert !(isNull idmap) -> lib.elem idmap.type [ "simple" ];
|
|
{
|
|
device = remote;
|
|
fsType = "sshfs";
|
|
options = [
|
|
"allow_other"
|
|
|
|
"_netdev"
|
|
"x-systemd.idle-timeout=5min"
|
|
"x-systemd.automount"
|
|
|
|
"port=${toString port}"
|
|
|
|
"reconnect"
|
|
"ServerAliveInterval=15"
|
|
"ServerAliveCountMax=1"
|
|
"IdentityFile=${config.sops.secrets.media-ssh-key.path}"
|
|
] ++ lib.optionals ro [
|
|
"ro"
|
|
] ++ lib.optionals (!ro) [
|
|
"default_permissions" # if it is writable, permissions should be checked
|
|
] ++ lib.optionals (!(isNull idmap)) ([
|
|
"idmap=${if lib.elem idmap.type [ "file" "user" ] then idmap.type else "file"}"
|
|
"nomap=ignore"
|
|
] ++ lib.optionals (idmap.type == "simple") [
|
|
"uidfile=${pkgs.writeText "uidfile" ''
|
|
${idmap.username}:${toString idmap.uid}
|
|
''}"
|
|
"gidfile=${pkgs.writeText "gidfile" ''
|
|
${idmap.groupname}:${toString idmap.gid}
|
|
''}"
|
|
]);
|
|
};
|
|
in
|
|
lib.mkIf config.sbruder.gui.enable {
|
|
sops.secrets.media-ssh-key = { };
|
|
|
|
system.fsPackages = with pkgs; [ sshfs ];
|
|
|
|
fileSystems = {
|
|
"/home/simon/mounts/media" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/cold/media" { };
|
|
"/home/simon/mounts/torrent" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/hot/torrent" { };
|
|
"/home/simon/mounts/storagebox" = mkMount "u313368@personal.storagebox.sbruder.de:" {
|
|
port = 23;
|
|
ro = false;
|
|
idmap = {
|
|
type = "simple";
|
|
username = "simon";
|
|
groupname = "users";
|
|
uid = 313368;
|
|
gid = 313368;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/simon/mounts 0750 simon users - -"
|
|
];
|
|
}
|