temmie/nfs-mounts: generate systemd units ourselves

2026-02-20 08:57:53 +01:00 · 2026-01-22 17:34:35 +09:00
1 changed files with 46 additions and 16 deletions
--- a/hosts/temmie/services/nfs-mounts.nix
+++ b/hosts/temmie/services/nfs-mounts.nix
@@ -1,21 +1,51 @@
-{ pkgs, lib, ... }:
+{ lib, ... }:
+let
+  # See microbel:/etc/exports
+  letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
+in
 {
-  fileSystems = let
-    # See microbel:/etc/exports
-    shorthandAreas = lib.listToAttrs (map
-      (l: lib.nameValuePair "/run/pvv-home-mounts/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
-      [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ]);
-  in { }
-  //
-  (lib.mapAttrs (_: device: {
-    inherit device;
-    fsType = "nfs";
-    options = [
+  systemd.mounts = map (l: {
+    description = "PVV Homedirs Partition ${l}";
+
+    before = [ "remote-fs.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    type = "nfs";
+    what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
+    where = "/run/pvv-home-mounts/${l}";
+
+    options = lib.concatStringsSep "," [
      "nfsvers=3"
-      "noauto"
      "proto=tcp"
-      "x-systemd.automount"
-      "x-systemd.idle-timeout=300"
+      "auto"
+      "async"
+
+      # We don't want to update access time constantly
+      "noatime"
+
+      # No SUID/SGID, no special devices
+      "nosuid"
+      "nodev"
+
+      # TODO: are there cgi scripts that modify stuff in peoples homedirs?
+      # "ro"
+      "rw"
+
+      # TODO: can we enable this and still run cgi stuff?
+      # "noexec"
    ];
-  }) shorthandAreas);
+  }) letters;
+
+  systemd.automounts = map (l: {
+    description = "PVV Homedirs Partition ${l}";
+
+    wantedBy = [ "multi-user.target" ];
+
+    where = "/run/pvv-home-mounts/${l}";
+
+    automountConfig = {
+      # Unmount if not accessed in 5 mins
+      TimeoutIdleSec = "5min";
+    };
+  }) letters;
 }