chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/modules/work/mounts/default.nix
Charlotte Van Petegem 2b9f1e7d1f
Fix ugent mount
2022-08-18 13:26:55 +02:00

58 lines
2.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
options.chvp.work.mounts.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.work.mounts.enable {
fileSystems =
let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
{
"/mnt/ugent/files" = {
device = "//files.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.11,noperm,domain=UGENT,sec=ntlmv2i" ];
noCheck = true;
};
"/mnt/ugent/webhost" = {
device = "//webhost.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.0" ];
noCheck = true;
};
};
age.secrets."passwords/ugent-mount-credentials".file = ../../../secrets/passwords/ugent-mount-credentials.age;
environment.systemPackages = [ pkgs.keyutils ];
# Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved
# request-key expects a configuration file under /etc
environment.etc."request-key.conf" = {
text =
let
upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
keyctl = "${pkgs.keyutils}/bin/keyctl";
in
''
#OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM
# -t is required for DFS share servers...
create cifs.spnego * * ${upcall} -t %k
create dns_resolver * * ${upcall} %k
# Everything below this point is essentially the default configuration,
# modified minimally to work under NixOS. Notably, it provides debug
# logging.
create user debug:* negate ${keyctl} negate %k 30 %S
create user debug:* rejected ${keyctl} reject %k 30 %c %S
create user debug:* expired ${keyctl} reject %k 30 %c %S
create user debug:* revoked ${keyctl} reject %k 30 %c %S
create user debug:loop:* * |${pkgs.coreutils}/bin/cat
create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * ${keyctl} negate %k 30 %S
'';
};
};
}
Reference in a new issue View git blame Copy permalink