diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3f7bcdd..3a37cbb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -38,6 +38,35 @@ # }; }; }; + network_storage = { + enable = true; + directories = [ + { + folder = "leyla"; + user = "leyla"; + group = "leyla"; + } + { + folder = "eve"; + user = "eve"; + group = "eve"; + } + { + folder = "ester"; + user = "ester"; + group = "ester"; + } + { + folder = "users"; + user = "users"; + group = "users"; + } + ]; + nfs = { + enable = true; + directories = ["leyla" "eve"]; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 9461612..4ac744a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -10,5 +10,6 @@ ./i18n.nix ./impermanence.nix ./disko.nix + ./server ]; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix new file mode 100644 index 0000000..8fc94e5 --- /dev/null +++ b/modules/nixos-modules/server/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./network_storage + ]; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix new file mode 100644 index 0000000..11019cb --- /dev/null +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + imports = [ + ./nfs.nix + ]; + + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.string; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.string; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.string; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 root root -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + config.host.network_storage.export_directory + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix new file mode 100644 index 0000000..5ed217e --- /dev/null +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: { + options = { + host.network_storage.nfs = { + enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + directories = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum ( + builtins.map ( + directory: directory.folder + ) + config.host.network_storage.directories + ) + ); + description = "list of exported directories to be exported via nfs"; + }; + }; + }; + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable); + message = "nfs cant be enabled with network storage disabled"; + } + ]; + } + ( + lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { + services.nfs.server = { + enable = true; + exports = lib.strings.concatLines ( + builtins.map ( + directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) + ); + }; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 6fe37fd..0c1e1d6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -255,9 +255,7 @@ in { } (lib.mkIf config.host.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatStrings (builtins.map (user: '' - zfs rollback -r rpool/local/home/${user.name}@blank - '') + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") normalUsers) );