jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: moved nixos modules to dendrite pattern

Browse source
This commit is contained in:
Leyla Becker 2026-04-07 15:39:45 -05:00
parent df8dd110ad
commit 0ea11e0236
219 changed files with 4802 additions and 4820 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/nixos/programs/network_storage/default.nix Normal file
View file

@ -0,0 +1,10 @@
{config, ...}: let
mod = config.flake.nixosModules;
in {
flake.nixosModules.network-storage = {
imports = [
mod.network-storage-service
mod.network-storage-nfs
];
};
}

88
modules/nixos/programs/network_storage/network_storage.nix Normal file
View file

@ -0,0 +1,88 @@
{...}: {
flake.nixosModules.network-storage-service = {
config,
lib,
...
}: let
export_directory = config.host.network_storage.export_directory;
in {
options = {
host.network_storage = {
enable = lib.mkEnableOption "is this machine going to export network storage";
export_directory = lib.mkOption {
type = lib.types.path;
description = "what are exports going to be stored in";
default = "/exports";
};
directories = lib.mkOption {
type = lib.types.listOf (lib.types.submodule ({config, ...}: {
options = {
folder = lib.mkOption {
type = lib.types.str;
description = "what is the name of this export directory";
};
bind = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "is this directory bound to anywhere";
default = null;
};
user = lib.mkOption {
type = lib.types.str;
description = "what user owns this directory";
default = "nouser";
};
group = lib.mkOption {
type = lib.types.str;
description = "what group owns this directory";
default = "nogroup";
};
_directory = lib.mkOption {
internal = true;
readOnly = true;
type = lib.types.path;
default = "${export_directory}/${config.folder}";
};
};
}));
description = "list of directory names to export";
};
};
};
config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [
{
# create any folders that we need to have for our exports
systemd.tmpfiles.rules =
[
"d ${config.host.network_storage.export_directory} 2775 nobody nogroup -"
]
++ (
builtins.map (
directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}"
)
config.host.network_storage.directories
);
# set up any bind mounts that we need for our exports
fileSystems = builtins.listToAttrs (
builtins.map (directory:
lib.attrsets.nameValuePair directory._directory {
device = directory.bind;
options = ["bind"];
}) (
builtins.filter (directory: directory.bind != null) config.host.network_storage.directories
)
);
}
# (lib.mkIf config.host.impermanence.enable {
# environment.persistence."/persist/replicate/system/root" = {
# enable = true;
# hideMounts = true;
# directories = [
# config.host.network_storage.export_directory
# ];
# };
# })
]);
};
}

109
modules/nixos/programs/network_storage/nfs.nix Normal file
View file

@ -0,0 +1,109 @@
{...}: {
flake.nixosModules.network-storage-nfs = {
config,
lib,
...
}: {
options = {
host.network_storage.nfs = {
enable = lib.mkEnableOption "is this server going to export network storage as nfs shares";
port = lib.mkOption {
type = lib.types.int;
default = 2049;
description = "port that nfs will run on";
};
directories = lib.mkOption {
type = lib.types.listOf (
lib.types.enum (
builtins.map (
directory: directory.folder
)
config.host.network_storage.directories
)
);
description = "list of exported directories to be exported via nfs";
};
};
};
config = lib.mkMerge [
{
assertions = [
{
assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable);
message = "nfs cant be enabled with network storage disabled";
}
];
}
(
lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) {
services.nfs = {
settings = {
nfsd = {
threads = 32;
port = config.host.network_storage.nfs.port;
};
};
server = {
enable = true;
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
exports = lib.strings.concatLines (
[
"${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)"
]
++ (
lib.lists.imap0 (
i: directory: let
createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)";
addresses = [
# loopback
"127.0.0.1"
"::1"
# tailscale
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
options = lib.strings.concatStrings (
lib.strings.intersperse " " (
lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses
)
);
in "${directory._directory} ${options}"
)
(
builtins.filter (
directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
)
config.host.network_storage.directories
)
)
);
};
};
networking.firewall = let
ports = [
111
config.host.network_storage.nfs.port
config.services.nfs.server.lockdPort
config.services.nfs.server.mountdPort
config.services.nfs.server.statdPort
20048
];
in {
# Allow NFS on Tailscale interface
interfaces.${config.services.tailscale.interfaceName} = {
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
# Allow NFS on local network (assuming default interface)
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
}
)
];
};
}