From 9e0ebbdafb478e167a057b806c446039e73d518a Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 19 Sep 2025 15:26:08 +0200 Subject: [PATCH] refactor: put storagebox code in module Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.nix | 45 +++---------------- lib/hetzner.nix | 1 + modules/nixos/default.nix | 1 + modules/nixos/storagebox.nix | 86 ++++++++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 38 deletions(-) create mode 100644 modules/nixos/storagebox.nix diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index 9965477..90359a5 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -1,6 +1,5 @@ { config, - pkgs, ... }: { @@ -26,43 +25,13 @@ privateKeyFile = config.sops.secrets.wireguardKey.path; }; - environment.systemPackages = with pkgs; [ - gocryptfs - sshfs - ]; - - programs.ssh.knownHosts.storageBox = { - hostNames = [ "u491729.your-storagebox.de" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; - }; - - fileSystems."/mnt/box" = { - device = "u491729@u491729.your-storagebox.de:/home"; - fsType = "fuse.sshfs"; - options = [ - "defaults" - "_netdev" - "allow_other" - "default_permissions" - "port=23" - "compression=no" - "reconnect" - "ServerAliveInterval=15" - "IdentityFile=${config.sops.secrets.storageboxKey.path}" - ]; - }; - - fileSystems."/data" = { - depends = [ - "/mnt/box" - ]; - device = "/mnt/box/crypt"; - fsType = "fuse.gocryptfs"; - options = [ - "rw" - "allow_other" - "passfile=${config.sops.secrets.storageboxCryptKey.path}" - ]; + services.storagebox = { + enable = true; + hostname = "u491729.your-storagebox.de"; + hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; + user = "u491729"; + sshKeyFile = config.sops.secrets.storageboxKey.path; + passFile = config.sops.secrets.storageboxCryptKey.path; }; sops = { diff --git a/lib/hetzner.nix b/lib/hetzner.nix index d8c33bc..e74f1c3 100644 --- a/lib/hetzner.nix +++ b/lib/hetzner.nix @@ -26,6 +26,7 @@ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops inputs.self.nixosModules.namespaced-vpn + inputs.self.nixosModules.storagebox diskConfig diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1e14928..9647026 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,4 +1,5 @@ { # my-module = import ./my-module.nix namespaced-vpn = import ./namespaced-vpn.nix; + storagebox = import ./storagebox.nix; } diff --git a/modules/nixos/storagebox.nix b/modules/nixos/storagebox.nix new file mode 100644 index 0000000..7ed47b5 --- /dev/null +++ b/modules/nixos/storagebox.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.services.storagebox; +in +{ + options.services.storagebox = { + enable = mkEnableOption "storagebox"; + + hostname = mkOption { + type = types.str; + }; + + hostKey = mkOption { + type = types.str; + }; + + user = mkOption { + type = types.str; + }; + + sshKeyFile = mkOption { + type = types.path; + }; + + plainMountPoint = mkOption { + type = types.str; + default = "/mnt/box"; + }; + + cryptMountPoint = mkOption { + type = types.str; + default = "/data"; + }; + + passFile = mkOption { + type = types.path; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + gocryptfs + sshfs + ]; + + programs.ssh.knownHosts.storageBox = { + hostNames = [ cfg.hostname ]; + publicKey = cfg.hostKey; + }; + + fileSystems."${cfg.plainMountPoint}" = { + device = "${cfg.user}@${cfg.hostname}:/home"; + fsType = "fuse.sshfs"; + options = [ + "defaults" + "_netdev" + "allow_other" + "default_permissions" + "port=23" + "compression=no" + "reconnect" + "ServerAliveInterval=15" + "IdentityFile=${cfg.sshKeyFile}" + ]; + }; + + fileSystems."${cfg.cryptMountPoint}" = { + depends = [ + "${cfg.plainMountPoint}" + ]; + device = "${cfg.plainMountPoint}/crypt"; + fsType = "fuse.gocryptfs"; + options = [ + "rw" + "allow_other" + "passfile=${cfg.passFile}" + ]; + }; + }; +}