ljkasdljkasdljk

2024-02-25 15:43:54 +01:00 · 2024-02-25 15:43:54 +01:00 · 0c5dbe2fd1
parent d73b1f10c4
commit 0c5dbe2fd1
5 changed files with 124 additions and 2 deletions
--- a/hosts/nord/default.nix
+++ b/hosts/nord/default.nix
@ -24,6 +24,7 @@
    ../../profiles/mounts/freon-nfs.nix
    ../../profiles/mounts/reidun-nfs.nix
    ../../profiles/mounts/meconium-nfs.nix
+    ../../profiles/mounts/fridge-nfs.nix

    ../../profiles/shell/base.nix
    ../../profiles/shell/archives.nix
--- a/hosts/noximilien/default.nix
+++ b/hosts/noximilien/default.nix
@ -19,6 +19,7 @@
    ../../profiles/mounts/freon-nfs.nix
    ../../profiles/mounts/reidun-nfs.nix
    ../../profiles/mounts/meconium-zfs.nix
+    ../../profiles/mounts/fridge-nfs.nix

    ../../profiles/shell/base.nix
    ../../profiles/shell/archives.nix
--- a/profiles/mounts/common-zfs.nix
+++ b/profiles/mounts/common-zfs.nix
@ -28,7 +28,8 @@
  #services.zfs.trim.enable = true;

  # the `sharenfs` property generates /etc/exports.d/zfs.exports file, automatically processed by NFS
-  # # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Meconium
+  # # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Reidun
  # # zfs set sharenfs="ro=192.168.1.0/24,all_squash,anonuid=70,anongid=70" Meconium
+  # # zfs set sharenfs="rw=192.168.1.0/24" Meconium
  services.nfs.server.enable = lib.mkDefault true;
 }
--- a/profiles/mounts/fridge-nfs.nix
+++ b/profiles/mounts/fridge-nfs.nix
@ -0,0 +1,119 @@
+{ config, pkgs, lib, ... }:
+{
+  #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
+
+  # TODO: wg-common.nix
+
+  #wireguard fyrkat client
+  # https://nixos.wiki/wiki/WireGuard
+  networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
+  networking.wireguard.interfaces."wg0" = {
+    ips = [ "172.22.48.3/24" ];
+    listenPort = 51820; # (random is default)
+    generatePrivateKeyFile = true;
+    privateKeyFile = "/var/lib/wg/wireguard_key";
+
+    peers = [
+      {
+        # get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
+        publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
+        endpoint = "fridge.fyrkat.no:51820";
+
+        # Forward all the traffic via VPN.
+        allowedIPs = [
+          "172.22.48.0/24" # fyrkat wg subnet
+          "10.48.0.0/16" # fyrkat subnet
+        ];
+
+        # Send keepalives every 25 seconds. Important to keep NAT tables alive.
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+  users.users.wireguard.group = "writeguard";
+  users.groups.writeguard = {};
+  users.users.wireguard.isSystemUser = true;
+  users.users.wireguard.createHome = true;
+  users.users.wireguard.home = "/var/lib/wg";
+
+  fileSystems = let
+    mkMount = mountpoint: server: subdir: {
+      "${mountpoint}${subdir}" = {
+        device = "${server}${subdir}";
+        fsType = "nfs";
+        #options = [ "nfsvers=4.2" ];
+      };
+    };
+    # TODO: combine nameValuePair and listToAttrs
+    joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
+  in joinSets (
+    # TODO: space in dirname is not supported
+    (map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
+      # zfs list -rHo mountpoint,sharenfs fridpool/pub  |  grep ro= | cut -f1
+      ""
+      "/ebook"
+      #"/games" # not mounted server side
+      "/games/3ds"
+      "/games/dos"
+      "/games/ds"
+      "/games/flash"
+      "/games/macos"
+      "/games/nes"
+      "/games/snes"
+      "/games/wii"
+      "/games/windows"
+      "/incoming"
+      "/manga"
+      #"/media" # not mounted server side
+      "/media/anime"
+      "/media/documentary"
+      #"/media/franchise" # not mounted server side
+      "/media/franchise/avatar"
+      "/media/franchise/doraemon"
+      "/media/franchise/lego"
+      "/media/franchise/masterclass"
+      "/media/franchise/star.trek"
+      "/media/movies"
+      "/media/movies-old"
+      "/media/music"
+      "/media/music-old"
+      #"/media/series" # not mounted server side
+      "/media/series-old"
+      "/media/series/cn"
+      "/media/series/en"
+      "/media/series/fr"
+      "/media/series/jp"
+      "/media/series/kr"
+      "/media/series/nl"
+      "/media/series/no"
+      "/media/shorts"
+      "/media/soundtrack"
+      #"/media/standup" # not mounted server side
+      "/media/standup/en"
+      "/media/standup/nl"
+      "/media/webvid"
+      #"/old"
+      #"/oses" # not mounted server side
+      "/oses/apple"
+      "/oses/diagnostic"
+      "/oses/freebsd"
+      "/oses/linux"
+      "/oses/netbsd"
+      "/oses/openindiana"
+      "/oses/philips-tv"
+      "/oses/reactos"
+      "/oses/smartos"
+      "/oses/vmware"
+      "/oses/windows"
+      "/password"
+      #"/software" # not mounted server side
+      "/software/esx"
+      "/software/jvm"
+      "/software/mac"
+      "/software/win"
+      "/wallpapers"
+      "/webcomics"
+    ])
+  );
+
+}
--- a/profiles/mounts/reidun-nfs.nix
+++ b/profiles/mounts/reidun-nfs.nix
@ -18,7 +18,7 @@
    (map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
      ""
      #"/Backups"
-      "/Comics"
+      #"/Comics"
      "/Downloads"
      #"/Games"
      #"/Games/Installable"