felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-06-18 10:29:13 +02:00
Code Issues Projects Releases Wiki Activity

temmie/nfs-mounts: create by-uid bindmounts

Browse Source
This commit is contained in:
h7x4
2026-06-17 13:43:19 +09:00
parent 89921b533b
commit aa2712005a
3 changed files with 63 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/temmie/services/nfs-mounts.nix
+61 -2
View File
@@ -1,4 +1,4 @@
{ lib, values, ... }: { lib, pkgs, values, ... }:
let let
# See microbel:/etc/exports # See microbel:/etc/exports
letters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ]; letters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
@@ -6,6 +6,20 @@ in
{ {
systemd.targets."pvv-homedirs" = { systemd.targets."pvv-homedirs" = {
description = "PVV Homedir Partitions"; description = "PVV Homedir Partitions";
requires = map (l: "pvv-homedir-create-uidmapped-bindmounts@${l}.service") letters;
};
systemd.tmpfiles.settings."10-pvv-homedirs" = {
"/run/pvvhome".d = {
user = "root";
group = "root";
mode = "0755";
};
"/run/pvvhome/by-uid".d = {
user = "root";
group = "root";
mode = "0755";
};
}; };
systemd.mounts = map (l: { systemd.mounts = map (l: {
@@ -17,7 +31,7 @@ in
type = "nfs"; type = "nfs";
what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}"; what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
where = "/run/pvv-home-mounts/${l}"; where = "/run/pvvhome/${l}";
options = lib.concatStringsSep "," [ options = lib.concatStringsSep "," [
"nfsvers=3" "nfsvers=3"
@@ -54,4 +68,49 @@ in
"rw" "rw"
]; ];
}) letters; }) letters;
systemd.services."pvv-homedir-create-uidmapped-bindmounts@" = {
bindsTo = [ "run-pvvhome-%i.mount" ];
after = [ "run-pvvhome-%i.mount" ];
serviceConfig = {
Type = "oneshot";
};
path = with pkgs; [
coreutils
systemdMinimal
];
scriptArgs = "%i";
script = ''
for dir in "/run/pvvhome/$1"/*/; do
[[ -d "$dir" ]] || continue
uid="$(stat -c '%u' "$dir")"
mountpoint="/run/pvvhome/by-uid/$uid"
mkdir -p "$mountpoint"
unit_name=$(systemd-escape --path --suffix=mount "$mountpoint")
if systemctl --quiet is-active "$unit_name" ||
systemctl --quiet is-failed "$unit_name"; then
echo "Skipping existing mount unit: $unit_name"
continue
fi
systemd-mount \
--collect \
--fsck=no \
--type=none \
--options=bind \
--property=BindsTo=$(systemd-escape --path --suffix=mount "/run/pvvhome/$1") \
--property=After=$(systemd-escape --path --suffix=mount "/run/pvvhome/$1") \
"$dir" \
"$mountpoint" \
|| echo "Failed mounting for uid $uid"
done
'';
};
} }
hosts/temmie/services/userweb/httpd.nix
+1 -1
View File
@@ -301,7 +301,7 @@ in
"/share" "/share"
]; ];
}); });
BindPaths = (lib.mapCartesianProduct ({ directoryFn, letter }: "/run/pvv-home-mounts/${letter}:${directoryFn letter}${letter}") { BindPaths = (lib.mapCartesianProduct ({ directoryFn, letter }: "/run/pvvhome/${letter}:${directoryFn letter}${letter}") {
directoryFn = [ directoryFn = [
(_: "/home/pvv/") (_: "/home/pvv/")
(l: "/amd/homepvv${l}/") (l: "/amd/homepvv${l}/")
hosts/temmie/services/userweb/log-processor.nix
+1 -1
View File
@@ -105,7 +105,7 @@ in
] ++ lib.optionals mcfg.debugMode [ ] ++ lib.optionals mcfg.debugMode [
"/bin" "/bin"
]; ];
BindPaths = map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") mcfg.homeLetters ++ [ BindPaths = map (l: "/run/pvvhome/${l}:/home/pvv/${l}") mcfg.homeLetters ++ [
"/var/log/httpd" "/var/log/httpd"
]; ];
}; };