config/profiles/mounts/fridge-nfs.nix

123 lines
3.4 KiB
Nix
Raw Normal View History

2024-02-25 15:43:54 +01:00
{ config, pkgs, lib, ... }:
2024-12-26 01:18:01 +01:00
# don't mount if local VM
lib.mkIf (!config.virtualisation.isVmVariant)
2024-02-25 15:43:54 +01:00
{
#boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
# TODO: wg-common.nix
#wireguard fyrkat client
# https://nixos.wiki/wiki/WireGuard
networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
networking.wireguard.interfaces."wg0" = {
2024-02-25 16:04:18 +01:00
#ips = [ "172.22.48.3/24" ]; # set per host!
2024-02-25 15:43:54 +01:00
listenPort = 51820; # (random is default)
generatePrivateKeyFile = true;
privateKeyFile = "/var/lib/wg/wireguard_key";
peers = [
{
# get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
endpoint = "fridge.fyrkat.no:51820";
2024-02-25 16:04:18 +01:00
publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
2024-02-25 15:43:54 +01:00
# Forward all the traffic via VPN.
2024-02-25 16:04:18 +01:00
# (ips you're allow to claim?)
2024-02-25 15:43:54 +01:00
allowedIPs = [
"172.22.48.0/24" # fyrkat wg subnet
2024-03-04 21:35:38 +01:00
"10.48.100.0/22" # fyrkat subnet
2024-02-25 15:43:54 +01:00
];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
users.users.wireguard.group = "writeguard";
users.groups.writeguard = {};
users.users.wireguard.isSystemUser = true;
users.users.wireguard.createHome = true;
users.users.wireguard.home = "/var/lib/wg";
fileSystems = let
mkMount = mountpoint: server: subdir: {
"${mountpoint}${subdir}" = {
device = "${server}${subdir}";
fsType = "nfs";
#options = [ "nfsvers=4.2" ];
};
};
# TODO: combine nameValuePair and listToAttrs
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
2024-08-13 16:26:58 +02:00
# TODO: space in dirname is not supported
in joinSets (map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
2024-02-25 15:43:54 +01:00
# zfs list -rHo mountpoint,sharenfs fridpool/pub | grep ro= | cut -f1
""
"/ebook"
#"/games" # not mounted server side
"/games/3ds"
"/games/dos"
"/games/ds"
"/games/flash"
"/games/macos"
"/games/nes"
"/games/snes"
"/games/wii"
"/games/windows"
"/incoming"
"/manga"
#"/media" # not mounted server side
"/media/anime"
"/media/documentary"
#"/media/franchise" # not mounted server side
"/media/franchise/avatar"
"/media/franchise/doraemon"
"/media/franchise/lego"
"/media/franchise/masterclass"
"/media/franchise/star.trek"
"/media/movies"
"/media/movies-old"
"/media/music"
"/media/music-old"
#"/media/series" # not mounted server side
"/media/series-old"
"/media/series/cn"
"/media/series/en"
"/media/series/fr"
"/media/series/jp"
"/media/series/kr"
"/media/series/nl"
"/media/series/no"
"/media/shorts"
"/media/soundtrack"
#"/media/standup" # not mounted server side
"/media/standup/en"
"/media/standup/nl"
"/media/webvid"
#"/old"
#"/oses" # not mounted server side
"/oses/apple"
"/oses/diagnostic"
"/oses/freebsd"
"/oses/linux"
"/oses/netbsd"
"/oses/openindiana"
"/oses/philips-tv"
"/oses/reactos"
"/oses/smartos"
"/oses/vmware"
"/oses/windows"
"/password"
#"/software" # not mounted server side
"/software/esx"
"/software/jvm"
"/software/mac"
"/software/win"
"/wallpapers"
"/webcomics"
2024-08-13 16:26:58 +02:00
]);
2024-02-25 15:43:54 +01:00
}