temmie: combine homedirs in overlayfs

hosts/temmie/services/nfs-mounts.nix

@@ -8,53 +8,69 @@ in
     description = "PVV Homedir Partitions";
   };
 
-  systemd.mounts = map (l: {
+  systemd.mounts =
-    description = "PVV Homedir Partition ${l}";
+    (map (l: {
+      description = "PVV Homedir Partition ${l}";
 
-    before = [ "remote-fs.target" ];
+      before = [ "remote-fs.target" ];
-    wantedBy = [ "multi-user.target" ];
+      wantedBy = [ "multi-user.target" ];
-    requiredBy = [ "pvv-homedirs.target" ];
+      requiredBy = [ "pvv-homedirs.target" ];
 
-    type = "nfs";
+      type = "nfs";
-    what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
+      what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
-    where = "/run/pvv-home-mounts/${l}";
+      where = "/run/pvv-home-mounts/${l}";
 
-    options = lib.concatStringsSep "," [
+      options = lib.concatStringsSep "," [
-      "nfsvers=3"
+        "nfsvers=3"
 
-      # NOTE: this is a bit unfortunate. The address above seems to resolve to IPv6 sometimes,
+        # NOTE: this is a bit unfortunate. The address above seems to resolve to IPv6 sometimes,
-      #       and it doesn't seem possible to specify proto=tcp,tcp6, meaning we have to tell
+        #       and it doesn't seem possible to specify proto=tcp,tcp6, meaning we have to tell
-      #       NFS which exact address to use here, despite it being specified in the `what` attr :\
+        #       NFS which exact address to use here, despite it being specified in the `what` attr :\
-      "proto=tcp"
+        "proto=tcp"
-      "addr=${values.hosts.microbel.ipv4}"
+        "addr=${values.hosts.microbel.ipv4}"
-      "mountproto=tcp"
+        "mountproto=tcp"
-      "mounthost=${values.hosts.microbel.ipv4}"
+        "mounthost=${values.hosts.microbel.ipv4}"
-      "port=2049"
+        "port=2049"
 
-      # NOTE: this is yet more unfortunate. When enabling locking, it will sometimes complain about connection failed.
+        # NOTE: this is yet more unfortunate. When enabling locking, it will sometimes complain about connection failed.
-      #       dmesg(1) reveals that it has something to do with registering the lockdv1 RPC service (errno: 111), not
+        #       dmesg(1) reveals that it has something to do with registering the lockdv1 RPC service (errno: 111), not
-      #       quite sure how to fix it. Living life on dangerous mode for now.
+        #       quite sure how to fix it. Living life on dangerous mode for now.
-      "nolock"
+        "nolock"
 
-      # Don't wait on every read/write
+        # Don't wait on every read/write
-      "async"
+        "async"
 
-      # Always keep mounted
+        # Always keep mounted
-      "noauto"
+        "noauto"
 
-      # We don't want to update access time constantly
+        # We don't want to update access time constantly
-      "noatime"
+        "noatime"
 
-      # No SUID/SGID, no special devices
+        # No SUID/SGID, no special devices
-      "nosuid"
+        "nosuid"
-      "nodev"
+        "nodev"
 
-      # TODO: are there cgi scripts that modify stuff in peoples homedirs?
+        # TODO: are there cgi scripts that modify stuff in peoples homedirs?
-      # "ro"
+        # "ro"
-      "rw"
+        "rw"
 
-      # TODO: can we enable this and still run cgi stuff?
+        # TODO: can we enable this and still run cgi stuff?
-      # "noexec"
+        # "noexec"
-    ];
+      ];
-  }) letters;
+    }) letters)
+    ++ [{
+      description = "PVV Merged Homedir OverlayFS";
+
+      after = [ "remote-fs.target" ];
+      wantedBy = [ "multi-user.target" ];
+      requiredBy = [ "pvv-homedirs.target" ];
+
+      type = "overlay";
+      what = "overlay";
+      where = "/run/pvv-home-mounts-merged";
+
+      options = lib.concatStringsSep "," [
+        "lowerdir=${lib.concatMapStringsSep ":" (l: "/run/pvv-home-mounts/${l}") letters}"
+      ];
+    }];
 }