-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.nix
128 lines (119 loc) · 3.33 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{
config,
lib,
...
}: let
inherit (lib) mkOption mkIf types mkEnableOption;
cfg = config.phil.fileshare;
net = config.phil.network;
inherit (config.phil) wireguard;
inherit (config.phil) nebula;
mkSharesForIps = ips: shares:
("/export\t" + (lib.concatMapStrings (ip: "${ip}(rw,fsid=0,no_subtree_check,crossmnt,fsid=0) ") ips))
+ "\n"
+ (lib.concatMapStrings (share: "/export${share}\t" + (lib.concatMapStrings (ip: "${ip}(rw,nohide,insecure,no_subtree_check) ") ips) + "\n") shares);
mkMountsForBinds = binds:
builtins.listToAttrs (builtins.concatLists (builtins.map
(bind:
builtins.map
(bindcfg: {
name = bindcfg.local;
value = let
ip =
if bind.host == null
then bind.ip
else net.nodes.${bind.host}.network_ip."milkyway";
in {
device = "${ip}:${bindcfg.remote}";
fsType = "nfs4";
# mount on first access instead of boot, unmount after 10 mins
options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
};
})
bind.dirs)
binds));
mkBindsForDirs = dirs:
builtins.listToAttrs (builtins.map
(dir: {
name = "/export${dir}";
value = {
device = dir;
options = ["bind"];
};
})
dirs);
in {
options.phil.fileshare = {
mount = {
enable = mkEnableOption "mounting shares";
binds = mkOption {
description = "list of binds";
type = types.listOf (types.submodule {
options = {
ip = mkOption {
description = "ip of the sharing server";
type = types.nullOr types.str;
default = null;
};
host = mkOption {
description = "hostname of the sharing server";
type = types.nullOr types.str;
default = null;
};
dirs = mkOption {
description = "shares to mount";
type = types.listOf (types.submodule {
options = {
local = mkOption {type = types.str;};
remote = mkOption {type = types.str;};
};
});
default = {};
};
};
});
default = [];
};
};
shares = {
dirs = mkOption {
description = "directories to share";
type = types.listOf types.str;
default = [];
};
ips = mkOption {
description = "ips to share to";
type = types.listOf types.str;
default = lib.mapAttrsToList (_n: v: v.netmask) net.networks;
};
};
};
config = let
enableMount = cfg.mount.binds != [];
enableShare = cfg.shares.dirs != [];
in
mkIf (enableMount || enableShare) {
services.nfs.server = {
enable = enableShare;
exports = mkSharesForIps cfg.shares.ips cfg.shares.dirs;
};
networking.firewall.allowedTCPPorts =
[]
++ (
if enableShare
then [2049]
else []
);
fileSystems =
(
if enableMount
then mkMountsForBinds cfg.mount.binds
else {}
)
// (
if enableShare
then mkBindsForDirs cfg.shares.dirs
else {}
);
};
}