created nfs exports

configurations/nixos/defiant/configuration.nix

@@ -38,6 +38,35 @@
         # };
       };
     };
+    network_storage = {
+      enable = true;
+      directories = [
+        {
+          folder = "leyla";
+          user = "leyla";
+          group = "leyla";
+        }
+        {
+          folder = "eve";
+          user = "eve";
+          group = "eve";
+        }
+        {
+          folder = "ester";
+          user = "ester";
+          group = "ester";
+        }
+        {
+          folder = "users";
+          user = "users";
+          group = "users";
+        }
+      ];
+      nfs = {
+        enable = true;
+        directories = ["leyla" "eve"];
+      };
+    };
   };
   networking = {
     hostId = "c51763d6";

modules/nixos-modules/default.nix

@@ -10,5 +10,6 @@
     ./i18n.nix
     ./impermanence.nix
     ./disko.nix
+    ./server
   ];
 }

modules/nixos-modules/server/default.nix

@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./network_storage
+  ];
+}

modules/nixos-modules/server/network_storage/default.nix

@@ -0,0 +1,90 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  export_directory = config.host.network_storage.export_directory;
+in {
+  imports = [
+    ./nfs.nix
+  ];
+
+  options = {
+    host.network_storage = {
+      enable = lib.mkEnableOption "is this machine going to export network storage";
+      export_directory = lib.mkOption {
+        type = lib.types.path;
+        description = "what are exports going to be stored in";
+        default = "/exports";
+      };
+      directories = lib.mkOption {
+        type = lib.types.listOf (lib.types.submodule ({config, ...}: {
+          options = {
+            folder = lib.mkOption {
+              type = lib.types.string;
+              description = "what is the name of this export directory";
+            };
+            bind = lib.mkOption {
+              type = lib.types.nullOr lib.types.path;
+              description = "is this directory bound to anywhere";
+              default = null;
+            };
+            user = lib.mkOption {
+              type = lib.types.string;
+              description = "what user owns this directory";
+              default = "nouser";
+            };
+            group = lib.mkOption {
+              type = lib.types.string;
+              description = "what group owns this directory";
+              default = "nogroup";
+            };
+            _directory = lib.mkOption {
+              internal = true;
+              readOnly = true;
+              type = lib.types.path;
+              default = "${export_directory}/${config.folder}";
+            };
+          };
+        }));
+        description = "list of directory names to export";
+      };
+    };
+  };
+
+  config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [
+    {
+      # create any folders that we need to have for our exports
+      systemd.tmpfiles.rules =
+        [
+          "d ${config.host.network_storage.export_directory} 2775 root root -"
+        ]
+        ++ (
+          builtins.map (
+            directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}"
+          )
+          config.host.network_storage.directories
+        );
+
+      # set up any bind mounts that we need for our exports
+      fileSystems = builtins.listToAttrs (
+        builtins.map (directory:
+          lib.attrsets.nameValuePair directory._directory {
+            device = directory.bind;
+            options = ["bind"];
+          }) (
+          builtins.filter (directory: directory.bind != null) config.host.network_storage.directories
+        )
+      );
+    }
+    (lib.mkIf config.host.impermanence.enable {
+      environment.persistence."/persist/system/root" = {
+        enable = true;
+        hideMounts = true;
+        directories = [
+          config.host.network_storage.export_directory
+        ];
+      };
+    })
+  ]);
+}

modules/nixos-modules/server/network_storage/nfs.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options = {
+    host.network_storage.nfs = {
+      enable = lib.mkEnableOption "is this server going to export network storage as nfs shares";
+      directories = lib.mkOption {
+        type = lib.types.listOf (
+          lib.types.enum (
+            builtins.map (
+              directory: directory.folder
+            )
+            config.host.network_storage.directories
+          )
+        );
+        description = "list of exported directories to be exported via nfs";
+      };
+    };
+  };
+  config = lib.mkMerge [
+    {
+      assertions = [
+        {
+          assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable);
+          message = "nfs cant be enabled with network storage disabled";
+        }
+      ];
+    }
+    (
+      lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) {
+        services.nfs.server = {
+          enable = true;
+          exports = lib.strings.concatLines (
+            builtins.map (
+              directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)"
+            )
+            (
+              builtins.filter (
+                directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
+              )
+              config.host.network_storage.directories
+            )
+          );
+        };
+      }
+    )
+  ];
+}

modules/nixos-modules/users.nix

@@ -255,9 +255,7 @@ in {
     }
     (lib.mkIf config.host.impermanence.enable {
       boot.initrd.postResumeCommands = lib.mkAfter (
-        lib.strings.concatStrings (builtins.map (user: ''
+        lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank")
-            zfs rollback -r rpool/local/home/${user.name}@blank
-          '')
           normalUsers)
       );