refactor: put storagebox code in module

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-09-19 15:26:08 +02:00 · 2025-09-19 15:26:08 +02:00 · 9e0ebbdafb
commit 9e0ebbdafb
parent fc2d98e503
4 changed files with 95 additions and 38 deletions
--- a/hosts/servers/hosting-02.nix
+++ b/hosts/servers/hosting-02.nix
@ -1,6 +1,5 @@
 {
  config,
-  pkgs,
  ...
 }:
 {
@ -26,43 +25,13 @@
    privateKeyFile = config.sops.secrets.wireguardKey.path;
  };

-  environment.systemPackages = with pkgs; [
-    gocryptfs
-    sshfs
-  ];
-
-  programs.ssh.knownHosts.storageBox = {
-    hostNames = [ "u491729.your-storagebox.de" ];
-    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
-  };
-
-  fileSystems."/mnt/box" = {
-    device = "u491729@u491729.your-storagebox.de:/home";
-    fsType = "fuse.sshfs";
-    options = [
-      "defaults"
-      "_netdev"
-      "allow_other"
-      "default_permissions"
-      "port=23"
-      "compression=no"
-      "reconnect"
-      "ServerAliveInterval=15"
-      "IdentityFile=${config.sops.secrets.storageboxKey.path}"
-    ];
-  };
-
-  fileSystems."/data" = {
-    depends = [
-      "/mnt/box"
-    ];
-    device = "/mnt/box/crypt";
-    fsType = "fuse.gocryptfs";
-    options = [
-      "rw"
-      "allow_other"
-      "passfile=${config.sops.secrets.storageboxCryptKey.path}"
-    ];
+  services.storagebox = {
+    enable = true;
+    hostname = "u491729.your-storagebox.de";
+    hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
+    user = "u491729";
+    sshKeyFile = config.sops.secrets.storageboxKey.path;
+    passFile = config.sops.secrets.storageboxCryptKey.path;
  };

  sops = {
--- a/lib/hetzner.nix
+++ b/lib/hetzner.nix
@ -26,6 +26,7 @@
        inputs.disko.nixosModules.disko
        inputs.sops-nix.nixosModules.sops
        inputs.self.nixosModules.namespaced-vpn
+        inputs.self.nixosModules.storagebox

        diskConfig

--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -1,4 +1,5 @@
 {
  # my-module = import ./my-module.nix
  namespaced-vpn = import ./namespaced-vpn.nix;
+  storagebox = import ./storagebox.nix;
 }
--- a/modules/nixos/storagebox.nix
+++ b/modules/nixos/storagebox.nix
@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  cfg = config.services.storagebox;
+in
+{
+  options.services.storagebox = {
+    enable = mkEnableOption "storagebox";
+
+    hostname = mkOption {
+      type = types.str;
+    };
+
+    hostKey = mkOption {
+      type = types.str;
+    };
+
+    user = mkOption {
+      type = types.str;
+    };
+
+    sshKeyFile = mkOption {
+      type = types.path;
+    };
+
+    plainMountPoint = mkOption {
+      type = types.str;
+      default = "/mnt/box";
+    };
+
+    cryptMountPoint = mkOption {
+      type = types.str;
+      default = "/data";
+    };
+
+    passFile = mkOption {
+      type = types.path;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      gocryptfs
+      sshfs
+    ];
+
+    programs.ssh.knownHosts.storageBox = {
+      hostNames = [ cfg.hostname ];
+      publicKey = cfg.hostKey;
+    };
+
+    fileSystems."${cfg.plainMountPoint}" = {
+      device = "${cfg.user}@${cfg.hostname}:/home";
+      fsType = "fuse.sshfs";
+      options = [
+        "defaults"
+        "_netdev"
+        "allow_other"
+        "default_permissions"
+        "port=23"
+        "compression=no"
+        "reconnect"
+        "ServerAliveInterval=15"
+        "IdentityFile=${cfg.sshKeyFile}"
+      ];
+    };
+
+    fileSystems."${cfg.cryptMountPoint}" = {
+      depends = [
+        "${cfg.plainMountPoint}"
+      ];
+      device = "${cfg.plainMountPoint}/crypt";
+      fsType = "fuse.gocryptfs";
+      options = [
+        "rw"
+        "allow_other"
+        "passfile=${cfg.passFile}"
+      ];
+    };
+  };
+}