diff options
author | Vincent Ambo <mail@tazj.in> | 2023-09-30T19·24+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2023-09-30T21·47+0000 |
commit | 5df59d2c7f5b256abc1013e58cf04c9b0362ac5d (patch) | |
tree | 5d6f641a7fdd83ca02557e36830ae3f41a1d5270 | |
parent | d3a59662ca5c6b7aed0e8235a0a7e3267afd1f3a (diff) |
feat(tazjin/nixos): add geesefs mount unit for koptevo ... r/6679
... this will make sense soon! Change-Id: I1f8f32d655afdf868fff4bd09e1fea2943fd7558 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9496 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r-- | users/tazjin/nixos/koptevo/default.nix | 1 | ||||
-rw-r--r-- | users/tazjin/nixos/modules/geesefs.nix | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix index dba8550da051..11bbfde138aa 100644 --- a/users/tazjin/nixos/koptevo/default.nix +++ b/users/tazjin/nixos/koptevo/default.nix @@ -15,6 +15,7 @@ in (usermod "monica.nix") (usermod "predlozhnik.nix") (usermod "tgsa.nix") + (usermod "geesefs.nix") (depot.third_party.agenix.src + "/modules/age.nix") ]; diff --git a/users/tazjin/nixos/modules/geesefs.nix b/users/tazjin/nixos/modules/geesefs.nix new file mode 100644 index 000000000000..1d4273f7fc59 --- /dev/null +++ b/users/tazjin/nixos/modules/geesefs.nix @@ -0,0 +1,37 @@ +{ depot, pkgs, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age"; + programs.fuse.userAllowOther = true; + + systemd.services.geesefs = { + description = "geesefs @ tazjins-files"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.fuse ]; + + serviceConfig = { + # TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why? + + Restart = "always"; + LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files"; + StateDirectory = "geesefs"; + }; + + script = '' + set -u # bail out if systemd is misconfigured ... + set -x + + mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache + + ${depot.third_party.geesefs}/bin/geesefs \ + -f -o allow_other \ + --cache $STATE_DIRECTORY/cache \ + --shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \ + tazjins-files $STATE_DIRECTORY/tazjins-files + ''; + }; +} |