add felia mount

top-level-nix
Pegasust 2022-12-23 15:51:04 -07:00
parent 1e218c9269
commit 7122cf0cf8
4 changed files with 43 additions and 7 deletions

View File

@ -43,7 +43,8 @@ in
stateVersion = myHome.stateVersion or "22.05";
};
home.packages = pkgs.lib.unique ([
pkgs.ncdu
# pkgs.ncdu
pkgs.rclone
pkgs.htop
pkgs.ripgrep
pkgs.unzip

View File

@ -12,4 +12,5 @@ let
c_ = builtins;
in {
"system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
"system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
}

View File

@ -12,7 +12,6 @@
lib = nixpkgs.lib;
proj_root = ./../..;
# TODO: Change respectively to the system or make a nix shell to alias `nix run github:ryantm/agenix -- `
additionalPackages = [agenix.defaultPackage.x86_64-linux];
base_modules = [
agenix.nixosModule
{
@ -22,7 +21,10 @@
# owner = "hungtr";
# group = "users";
};
environment.systemPackages = additionalPackages;
age.secrets._nhitrl_cred = {
file = ./secrets/_nhitrl.age;
};
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
}
];
in {
@ -206,12 +208,17 @@
./configuration.nix
# automount using s3fs
({config, pkgs, lib, ...}: {
environment.systemPackages = [pkgs.s3fs]; # s3fs-fuse
environment.systemPackages = [pkgs.s3fs pkgs.cifs-utils]; # s3fs-fuse
# Sadly, autofs uses systemd, so we can't put it in home-manager
# HACK: need to store secret somewhere so that root can access this
# because autofs may run as root for now, we enforce putting the secret in this monorepo
# services.rpcbind.enable = true;
services.autofs = let
# confToBackendArg {lol="what"; empty=""; name_only=null;} -> "lol=what,empty=,name_only"
# TODO: change null -> true/false. This allows overriding & better self-documentation
confToBackendArg = conf: (lib.concatStringsSep ","
(lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf));
# mount_dest: path ("wow")
# backend_args: nix attrs representing the arguments to be passed to s3fs
# ({"-fstype" = "fuse"; "use_cache" = "/tmp";})
@ -226,9 +233,6 @@
bucket
}@inputs: let
s3fs-exec = "${pkgs.s3fs}/bin/s3fs";
# confToBackendArg {lol="what"; empty=""; name_only=null;} -> "lol=what,empty=,name_only"
confToBackendArg = conf: (lib.concatStringsSep ","
(lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf));
in "${mount_dest} ${confToBackendArg backend_args} :${s3fs-exec}\#${bucket}";
personalStorage = [
(autofs-s3fs_entry {
@ -245,6 +249,26 @@
};
bucket = "hungtr-hot";
})
(let args = {
"-fstype" = "cifs";
credentials = config.age.secrets._nhitrl_cred.path;
user = null;
uid = "1001";
gid = "100";
dir_mode = "0777";
file_mode = "0777";
};
in "felia_d ${confToBackendArg args} ://felia.coati-celsius.ts.net/d")
(let args = {
"-fstype" = "cifs";
credentials = config.age.secrets._nhitrl_cred.path;
user = null;
uid = "1001";
gid = "100";
dir_mode = "0777";
file_mode = "0777";
};
in "felia_f ${confToBackendArg args} ://felia.coati-celsius.ts.net/f")
];
persoConf = pkgs.writeText "auto.personal" (builtins.concatStringsSep "\n" personalStorage);
in {

View File

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 ahbzMg QEQ0gfV00KEZFXSUMAnITVG2vAhS0IrnbbEXVsQRjXA
/iXv++nOsRRmWAu4dFTmxxC7qlCjMuTYuTa6GsYgsX0
-> ssh-ed25519 glsjZQ Lob1uedpMxsDygT/i6Pnuwi6BzdgZPAeemISakcncVM
UddBD1YezLMeCUn4UuHGIrK68AwCIwuHAobpkJdi/3U
-> Tx+>#u-grease ;A%8 W
m11Fw6roG6feroJ/o5Ro8Dv1C3Piq3bGbdV78TH9Z0URPru+srdINovMvoVqjkuZ
eHiRwb1fN0ymLRD6/WxT4ZLKbT6J5yNPCrc+
--- 88hy3b76RX3PAc0Lfms//lhuqsi2tsqmL9gFQqUMBKM
>%frPåúéÚó€+÷JY`•îŽð',„ë~<7E><>ÄôʼfÝÄ_Q2A59N/ÄV·þ ºÝ[ˆSgË3ü ß4Y(´cä}N[ Ò•ëJ¡ò6Uµ¯pvf/i§Ò+tÒTÞ^–Ø)<1A>