security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

nix: configure sharefs as a mount unit
Some checks failed
Test / Sandbox (push) Successful in 46s
Details
Test / Create distribution (push) Successful in 43s
Details
Test / Sandbox (race detector) (push) Successful in 46s
Details
Test / Hpkg (push) Successful in 49s
Details
Test / Hakurei (push) Successful in 54s
Details
Test / Hakurei (race detector) (push) Successful in 54s
Details
Test / ShareFS (push) Failing after 1m11s
Details
Test / Flake checks (push) Has been skipped
Details

Browse Source 
This should have been configured via fileSystem instead, but that somehow has no effect, it is not even being evaluated, and I am not wasting any more time on nix. This change aims to keep everything working until all nix/systemd tooling is replaced.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-12-27 20:57:10 +09:00
parent ef1ebf12d9
commit 4862e8b74d
4 changed files with 50 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/sharefs/test/test.py
View File

@@ -5,7 +5,8 @@ machine.wait_for_unit("multi-user.target")
print(machine.succeed("/etc/sharefs -V")) print(machine.succeed("/etc/sharefs -V"))
# Make sure sharefs did not terminate: # Make sure sharefs did not terminate:
machine.wait_for_unit("sharefs.service") machine.wait_for_unit("sdcard.mount")
machine.wait_for_unit("sharefs-setup.service")
machine.succeed("mkdir /mnt") machine.succeed("mkdir /mnt")
def check_bad_opts_output(opts, want, source="/etc", privileged=False): def check_bad_opts_output(opts, want, source="/etc", privileged=False):

4
flake.nix
View File

@@ -138,6 +138,10 @@
; ;
}; };
hsu = pkgs.callPackage ./cmd/hsu/package.nix { inherit (self.packages.${system}) hakurei; }; hsu = pkgs.callPackage ./cmd/hsu/package.nix { inherit (self.packages.${system}) hakurei; };
sharefs = pkgs.linkFarm "sharefs" {
"bin/sharefs" = "${hakurei}/libexec/sharefs";
"bin/mount.fuse.sharefs" = "${hakurei}/libexec/sharefs";
};
dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } ''
# go requires XDG_CACHE_HOME for the build cache # go requires XDG_CACHE_HOME for the build cache

62
nixos.nix
View File

@@ -66,42 +66,56 @@ in
) "" cfg.users; ) "" cfg.users;
}; };
environment.systemPackages = optional (cfg.sharefs.source != null) cfg.sharefs.package;
systemd.services = { systemd.services = {
sharefs = mkIf (cfg.sharefs.source != null) { sharefs-setup = mkIf (cfg.sharefs.source != null) {
unitConfig.RequiresMountsFor = cfg.sharefs.source; unitConfig.RequiresMountsFor = dirOf cfg.sharefs.source;
serviceConfig = { serviceConfig = {
NoNewPrivileges = true; Type = "oneshot";
RemainAfterExit = true;
}; };
script = '' script = ''
${pkgs.coreutils}/bin/install \ ${pkgs.coreutils}/bin/install \
-dm0700 \ -dm0700 \
-o ${cfg.sharefs.user} \ -o ${cfg.sharefs.user} \
-g ${cfg.sharefs.group} \ -g ${cfg.sharefs.group} \
${cfg.sharefs.source} ${cfg.sharefs.name} ${cfg.sharefs.source}
exec ${cfg.package}/libexec/sharefs -f \
-o ${
lib.join "," [
"noexec"
"nosuid"
"nodev"
"noatime"
"auto_unmount"
"allow_other"
"setuid=$(id -u ${cfg.sharefs.user})"
"setgid=$(id -g ${cfg.sharefs.group})"
"source=${cfg.sharefs.source}"
]
} ${cfg.sharefs.name}
''; '';
wantedBy = [ "local-fs.target" ];
# do not unmount on configuration changes
restartIfChanged = false;
wantedBy = [ "multi-user.target" ];
}; };
}; };
systemd.mounts = optional (cfg.sharefs.source != null) {
unitConfig.RequiresMountsFor = cfg.sharefs.source;
where = cfg.sharefs.name;
what = "sharefs";
type = "fuse.sharefs";
options = lib.join "," [
"noexec"
"nosuid"
"nodev"
"noatime"
"auto_unmount"
"allow_other"
"setuid=${toString config.users.users.${cfg.sharefs.user}.uid}"
"setgid=${toString config.users.groups.${cfg.sharefs.group}.gid}"
"source=${cfg.sharefs.source}"
];
wants = [ "sharefs-setup.service" ];
after = [ "sharefs-setup.service" ];
before = [
"local-fs.target"
"multi-user.target"
"nix-daemon.socket"
];
wantedBy = [
"local-fs.target"
"multi-user.target"
"nix-daemon.socket"
];
};
home-manager = home-manager =
let let
privPackages = mapAttrs (_: userid: { privPackages = mapAttrs (_: userid: {

6
options.nix
View File

@@ -41,6 +41,12 @@ in
}; };
sharefs = { sharefs = {
package = mkOption {
type = types.package;
default = packages.${pkgs.stdenv.hostPlatform.system}.sharefs;
description = "The sharefs package to use.";
};
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "sharefs"; default = "sharefs";