temmie/nfs-mounts: create by-uid bindmounts

2026-06-18 10:29:13 +02:00 · 2026-06-17 13:43:19 +09:00
parent 89921b533b
commit aa2712005a
3 changed files with 63 additions and 4 deletions
@@ -1,4 +1,4 @@
-{ lib, values, ... }:
+{ lib, pkgs, values, ... }:
 let
  # See microbel:/etc/exports
  letters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
@@ -6,6 +6,20 @@ in
 {
  systemd.targets."pvv-homedirs" = {
    description = "PVV Homedir Partitions";
+    requires = map (l: "pvv-homedir-create-uidmapped-bindmounts@${l}.service") letters;
+  };
+
+  systemd.tmpfiles.settings."10-pvv-homedirs" = {
+    "/run/pvvhome".d = {
+      user = "root";
+      group = "root";
+      mode = "0755";
+    };
+    "/run/pvvhome/by-uid".d = {
+      user = "root";
+      group = "root";
+      mode = "0755";
+    };
  };

  systemd.mounts = map (l: {
@@ -17,7 +31,7 @@ in

    type = "nfs";
    what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
-    where = "/run/pvv-home-mounts/${l}";
+    where = "/run/pvvhome/${l}";

    options = lib.concatStringsSep "," [
      "nfsvers=3"
@@ -54,4 +68,49 @@ in
      "rw"
    ];
  }) letters;
+
+  systemd.services."pvv-homedir-create-uidmapped-bindmounts@" = {
+    bindsTo = [ "run-pvvhome-%i.mount" ];
+    after = [ "run-pvvhome-%i.mount" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+    };
+
+    path = with pkgs; [
+      coreutils
+      systemdMinimal
+    ];
+
+    scriptArgs = "%i";
+    script = ''
+      for dir in "/run/pvvhome/$1"/*/; do
+          [[ -d "$dir" ]] || continue
+
+          uid="$(stat -c '%u' "$dir")"
+
+          mountpoint="/run/pvvhome/by-uid/$uid"
+          mkdir -p "$mountpoint"
+
+          unit_name=$(systemd-escape --path --suffix=mount "$mountpoint")
+
+          if systemctl --quiet is-active "$unit_name" ||
+             systemctl --quiet is-failed "$unit_name"; then
+              echo "Skipping existing mount unit: $unit_name"
+              continue
+          fi
+
+          systemd-mount \
+              --collect \
+              --fsck=no \
+              --type=none \
+              --options=bind \
+              --property=BindsTo=$(systemd-escape --path --suffix=mount "/run/pvvhome/$1") \
+              --property=After=$(systemd-escape --path --suffix=mount "/run/pvvhome/$1") \
+              "$dir" \
+              "$mountpoint" \
+         || echo "Failed mounting for uid $uid"
+      done
+    '';
+  };
 }
@@ -301,7 +301,7 @@ in
          "/share"
        ];
      });
-      BindPaths = (lib.mapCartesianProduct ({ directoryFn, letter }: "/run/pvv-home-mounts/${letter}:${directoryFn letter}${letter}") {
+      BindPaths = (lib.mapCartesianProduct ({ directoryFn, letter }: "/run/pvvhome/${letter}:${directoryFn letter}${letter}") {
        directoryFn = [
          (_: "/home/pvv/")
          (l: "/amd/homepvv${l}/")
@@ -105,7 +105,7 @@ in
      ] ++ lib.optionals mcfg.debugMode [
        "/bin"
      ];
-      BindPaths = map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") mcfg.homeLetters ++ [
+      BindPaths = map (l: "/run/pvvhome/${l}:/home/pvv/${l}") mcfg.homeLetters ++ [
        "/var/log/httpd"
      ];
    };