diff --git a/cmd/sharefs/test/configuration.nix b/cmd/sharefs/test/configuration.nix index 388071b..9cfd609 100644 --- a/cmd/sharefs/test/configuration.nix +++ b/cmd/sharefs/test/configuration.nix @@ -17,9 +17,6 @@ environment = { # For benchmarking sharefs: systemPackages = [ pkgs.fsmark ]; - - # For sharefs option checks without adding to PATH: - etc.sharefs.source = "${config.environment.hakurei.package}/libexec/sharefs"; }; virtualisation = { diff --git a/cmd/sharefs/test/test.py b/cmd/sharefs/test/test.py index 666feb5..4b925c9 100644 --- a/cmd/sharefs/test/test.py +++ b/cmd/sharefs/test/test.py @@ -2,14 +2,14 @@ start_all() machine.wait_for_unit("multi-user.target") # To check sharefs version: -print(machine.succeed("/etc/sharefs -V")) +print(machine.succeed("sharefs -V")) -# Make sure sharefs did not terminate: -machine.wait_for_unit("sharefs.service") +# Make sure sharefs started: +machine.wait_for_unit("sdcard.mount") machine.succeed("mkdir /mnt") def check_bad_opts_output(opts, want, source="/etc", privileged=False): - output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"/etc/sharefs -f -o source={source},{opts} /mnt 2>&1") + output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"sharefs -f -o source={source},{opts} /mnt 2>&1") if output != want: raise Exception(f"unexpected output: {output}") @@ -40,7 +40,7 @@ machine.succeed("rmdir /mnt") # Unprivileged mount/unmount: machine.succeed("sudo -u alice -i mkdir /home/alice/{sdcard,persistent}") -machine.succeed("sudo -u alice -i /etc/sharefs -o source=/home/alice/persistent /home/alice/sdcard") +machine.succeed("sudo -u alice -i sharefs -o source=/home/alice/persistent /home/alice/sdcard") machine.succeed("sudo -u alice -i touch /home/alice/sdcard/check") machine.succeed("sudo -u alice -i umount /home/alice/sdcard") machine.succeed("sudo -u alice -i rm /home/alice/persistent/check") diff --git a/flake.nix b/flake.nix index fff1df3..9e09c61 100644 --- a/flake.nix +++ b/flake.nix @@ -138,6 +138,10 @@ ; }; hsu = pkgs.callPackage ./cmd/hsu/package.nix { inherit (self.packages.${system}) hakurei; }; + sharefs = pkgs.linkFarm "sharefs" { + "bin/sharefs" = "${hakurei}/libexec/sharefs"; + "bin/mount.fuse.sharefs" = "${hakurei}/libexec/sharefs"; + }; dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' # go requires XDG_CACHE_HOME for the build cache diff --git a/nixos.nix b/nixos.nix index 3548667..800c81e 100644 --- a/nixos.nix +++ b/nixos.nix @@ -24,11 +24,38 @@ let getsubuid = userid: appid: userid * 100000 + 10000 + appid; getsubname = userid: appid: "u${toString userid}_a${toString appid}"; getsubhome = userid: appid: "${cfg.stateDir}/u${toString userid}/a${toString appid}"; + + mountpoints = { + ${cfg.sharefs.name} = mkIf (cfg.sharefs.source != null) { + depends = [ cfg.sharefs.source ]; + device = "sharefs"; + fsType = "fuse.sharefs"; + noCheck = true; + options = [ + "rw" + "noexec" + "nosuid" + "nodev" + "noatime" + "allow_other" + "mkdir" + "source=${cfg.sharefs.source}" + "setuid=${toString config.users.users.${cfg.sharefs.user}.uid}" + "setgid=${toString config.users.groups.${cfg.sharefs.group}.gid}" + ]; + }; + }; in { imports = [ (import ./options.nix packages) ]; + options = { + # Forward declare a dummy option for VM filesystems since the real one won't exist + # unless the VM module is actually imported. + virtualisation.fileSystems = lib.mkOption { }; + }; + config = mkIf cfg.enable { assertions = [ ( @@ -66,38 +93,9 @@ in ) "" cfg.users; }; - systemd.services = { - sharefs = mkIf (cfg.sharefs.source != null) { - unitConfig.RequiresMountsFor = cfg.sharefs.source; - serviceConfig = { - NoNewPrivileges = true; - }; - script = '' - ${pkgs.coreutils}/bin/install -dm0 ${cfg.sharefs.name} - - exec ${cfg.package}/libexec/sharefs -f \ - -o ${ - lib.join "," [ - "noexec" - "nosuid" - "nodev" - "noatime" - "auto_unmount" - "allow_other" - "setuid=$(id -u ${cfg.sharefs.user})" - "setgid=$(id -g ${cfg.sharefs.group})" - "source=${cfg.sharefs.source}" - "mkdir" - ] - } ${cfg.sharefs.name} - ''; - - # do not unmount on configuration changes - restartIfChanged = false; - - wantedBy = [ "multi-user.target" ]; - }; - }; + environment.systemPackages = optional (cfg.sharefs.source != null) cfg.sharefs.package; + fileSystems = mountpoints; + virtualisation.fileSystems = mountpoints; home-manager = let diff --git a/options.md b/options.md index fe3b187..a87a8ac 100644 --- a/options.md +++ b/options.md @@ -809,6 +809,96 @@ package +## environment\.hakurei\.sharefs\.package + + + +The sharefs package to use\. + + + +*Type:* +package + + + +*Default:* +` ` + + + +## environment\.hakurei\.sharefs\.group + + + +Name of the group to run the sharefs daemon as\. + + + +*Type:* +string + + + +*Default:* +` "sharefs" ` + + + +## environment\.hakurei\.sharefs\.name + + + +Host path to mount sharefs on\. + + + +*Type:* +string + + + +*Default:* +` "/sdcard" ` + + + +## environment\.hakurei\.sharefs\.source + + + +Writable backing directory\. Setting this to null disables sharefs\. + + + +*Type:* +null or string + + + +*Default:* +` null ` + + + +## environment\.hakurei\.sharefs\.user + + + +Name of the user to run the sharefs daemon as\. + + + +*Type:* +string + + + +*Default:* +` "sharefs" ` + + + ## environment\.hakurei\.shell diff --git a/options.nix b/options.nix index 15e6f9f..02d69f5 100644 --- a/options.nix +++ b/options.nix @@ -41,6 +41,12 @@ in }; sharefs = { + package = mkOption { + type = types.package; + default = packages.${pkgs.stdenv.hostPlatform.system}.sharefs; + description = "The sharefs package to use."; + }; + user = mkOption { type = types.str; default = "sharefs";