From ba6c1c82059decd5fd3766256f823c50eaa10757 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Thu, 22 Jan 2026 17:10:04 +0900
Subject: [PATCH] temmie/nfs-mounts: generate systemd units ourselves

---
 hosts/temmie/services/nfs-mounts.nix | 71 +++++++++++++++++++++-------
 values.nix                           |  4 ++
 2 files changed, 59 insertions(+), 16 deletions(-)

diff --git a/hosts/temmie/services/nfs-mounts.nix b/hosts/temmie/services/nfs-mounts.nix
index 125cc20..3718a21 100644
--- a/hosts/temmie/services/nfs-mounts.nix
+++ b/hosts/temmie/services/nfs-mounts.nix
@@ -1,21 +1,60 @@
-{ pkgs, lib, ... }:
+{ lib, values, ... }:
+let
+  # See microbel:/etc/exports
+  letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
+in
 {
-  fileSystems = let
-    # See microbel:/etc/exports
-    shorthandAreas = lib.listToAttrs (map
-      (l: lib.nameValuePair "/run/pvv-home-mounts/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
-      [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ]);
-  in { }
-  //
-  (lib.mapAttrs (_: device: {
-    inherit device;
-    fsType = "nfs";
-    options = [
+  systemd.targets."pvv-homedirs" = {
+    description = "PVV Homedir Partitions";
+  };
+
+  systemd.mounts = map (l: {
+    description = "PVV Homedir Partition ${l}";
+
+    before = [ "remote-fs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    requiredBy = [ "pvv-homedirs.target" ];
+
+    type = "nfs";
+    what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
+    where = "/run/pvv-home-mounts/${l}";
+
+    options = lib.concatStringsSep "," [
       "nfsvers=3"
-      "noauto"
+
+      # NOTE: this is a bit unfortunate. The address above seems to resolve to IPv6 sometimes,
+      #       and it doesn't seem possible to specify proto=tcp,tcp6, meaning we have to tell
+      #       NFS which exact address to use here, despite it being specified in the `what` attr :\
       "proto=tcp"
-      "x-systemd.automount"
-      "x-systemd.idle-timeout=300"
+      "addr=${values.hosts.microbel.ipv4}"
+      "mountproto=tcp"
+      "mounthost=${values.hosts.microbel.ipv4}"
+      "port=2049"
+
+      # NOTE: this is yet more unfortunate. When enabling locking, it will sometimes complain about connection failed.
+      #       dmesg(1) reveals that it has something to do with registering the lockdv1 RPC service (errno: 111), not
+      #       quite sure how to fix it. Living life on dangerous mode for now.
+      "nolock"
+
+      # Don't wait on every read/write
+      "async"
+
+      # Always keep mounted
+      "noauto"
+
+      # We don't want to update access time constantly
+      "noatime"
+
+      # No SUID/SGID, no special devices
+      "nosuid"
+      "nodev"
+
+      # TODO: are there cgi scripts that modify stuff in peoples homedirs?
+      # "ro"
+      "rw"
+
+      # TODO: can we enable this and still run cgi stuff?
+      # "noexec"
     ];
-  }) shorthandAreas);
+  }) letters;
 }
diff --git a/values.nix b/values.nix
index 5f7a9f8..5d48d62 100644
--- a/values.nix
+++ b/values.nix
@@ -69,6 +69,10 @@ in rec {
       ipv4 = pvv-ipv4 223;
       ipv6 = pvv-ipv6 223;
     };
+    microbel = {
+      ipv4 = pvv-ipv4 179;
+      ipv6 = pvv-ipv6 "1:2";
+    };
     ustetind = {
       ipv4 = pvv-ipv4 234;
       ipv6 = pvv-ipv6 234;