From 1da40078a816c924fec98380ae201a1f03f8ef69 Mon Sep 17 00:00:00 2001 From: laksith19 Date: Tue, 5 Nov 2024 17:28:27 -0800 Subject: [PATCH 1/4] Use nfs mounts and use home-manager instead of .desktopc --- modules/ocf/graphical.nix | 51 +++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/modules/ocf/graphical.nix b/modules/ocf/graphical.nix index 3fb8c23..be9e1fb 100644 --- a/modules/ocf/graphical.nix +++ b/modules/ocf/graphical.nix @@ -5,16 +5,6 @@ let cfg = config.ocf.graphical; - - # Default openssh doesn't include GSSAPI support, so we need to override sshfs - # to use the openssh_gssapi package instead. This is annoying because the - # sshfs package's openssh argument is nested in another layer of callPackage, - # so we override callPackage instead to override openssh. - sshfs = pkgs.sshfs.override { - callPackage = fn: args: (pkgs.callPackage fn args).override { - openssh = pkgs.openssh_gssapi; - }; - }; in { options.ocf.graphical = { @@ -23,11 +13,6 @@ in config = lib.mkIf cfg.enable { security.pam = { - # Mount ~/remote - services.login.pamMount = true; - services.login.rules.session.mount.order = config.security.pam.services.login.rules.session.krb5.order + 50; - mount.extraVolumes = [ '''' ]; - # Trim spaces from username services.login.rules.auth.trimspaces = { control = "requisite"; @@ -42,6 +27,8 @@ in boot = { loader.timeout = 0; initrd.systemd.enable = true; + initrd.supportedFilesystems = [ "nfs" ]; + kernelModules = [ "nfs" ]; }; environment.etc = { @@ -195,6 +182,14 @@ in }; }; }; + # NOTE: This will need you to export the desktops on dataloss for it to work. + # Will need to have a discussion to see if it's worth it. + fileSystems."/remote" = { + device = "homes:/opt/homes"; + fsType = "nfs"; + # Don't automatically mount, mount when accessed, umount after 10min idle + options = [ "noauto" "x-systemd.automount" "x-systemd.idle-timeout=600" ]; + }; # KDE 6.0.3 has a bug that breaks logging out within the first 60 seconds. # This is caused by the DrKonqi service's ExecStartPre command, which sleeps @@ -214,13 +209,27 @@ in }; }; - systemd.user.services.desktoprc = { - description = "Source custom rc shared across desktops"; - after = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - wantedBy = [ "graphical-session.target" ]; + + systemd.user.services.link-user-remote = { + description = "SymLink ~/remote from NFS mount"; + script = '' + if [[ ! -h "$HOME/remote" ]]; then + ln -s "/remote$HOME" "$HOME/remote" + fi + ''; + }; + + systemd.user.services.home-manager = { + description = "load custom home manager config if present"; + requires = [ "link-user-remote.service" ]; + after = [ "link-user-remote.service" ]; + wantedBy = [ "default.target" ]; + path = [ pkgs.nix pkgs.git ]; script = '' - [ -f ~/remote/.desktoprc ] && . ~/remote/.desktoprc + # Will create a template directory if it doesn't exist. Maybe look into creating + # our own template repo as currently users will need to edit nix files to get + # custom packages etc... + nix run home-manager -- init --switch ~/remote/.home-manager ''; }; From 4640ac867784966261f7edd6e91a7a6e52ea46d9 Mon Sep 17 00:00:00 2001 From: laksith19 Date: Wed, 6 Nov 2024 11:58:39 -0800 Subject: [PATCH 2/4] only mount homes and not service files --- modules/ocf/graphical.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ocf/graphical.nix b/modules/ocf/graphical.nix index be9e1fb..a3b9157 100644 --- a/modules/ocf/graphical.nix +++ b/modules/ocf/graphical.nix @@ -184,8 +184,8 @@ in }; # NOTE: This will need you to export the desktops on dataloss for it to work. # Will need to have a discussion to see if it's worth it. - fileSystems."/remote" = { - device = "homes:/opt/homes"; + fileSystems."/remote/home" = { + device = "homes:/home"; fsType = "nfs"; # Don't automatically mount, mount when accessed, umount after 10min idle options = [ "noauto" "x-systemd.automount" "x-systemd.idle-timeout=600" ]; From 7c7d397030969ca2aeb3030fd4cd0dfdfdf21637 Mon Sep 17 00:00:00 2001 From: laksith19 Date: Wed, 6 Nov 2024 13:48:21 -0800 Subject: [PATCH 3/4] bring back desktoprc --- modules/ocf/graphical.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/ocf/graphical.nix b/modules/ocf/graphical.nix index a3b9157..aaef099 100644 --- a/modules/ocf/graphical.nix +++ b/modules/ocf/graphical.nix @@ -209,6 +209,15 @@ in }; }; + systemd.user.services.desktoprc = { + description = "Source custom rc shared across desktops"; + after = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + wantedBy = [ "graphical-session.target" ]; + script = '' + [ -f ~/remote/.desktoprc ] && . ~/remote/.desktoprc + ''; + }; systemd.user.services.link-user-remote = { description = "SymLink ~/remote from NFS mount"; From 3d22631ffa6d856604677f63edc012e893e1e231 Mon Sep 17 00:00:00 2001 From: laksith19 Date: Wed, 6 Nov 2024 13:53:37 -0800 Subject: [PATCH 4/4] remove note about changing puppet configs --- modules/ocf/graphical.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ocf/graphical.nix b/modules/ocf/graphical.nix index aaef099..e500421 100644 --- a/modules/ocf/graphical.nix +++ b/modules/ocf/graphical.nix @@ -182,8 +182,8 @@ in }; }; }; - # NOTE: This will need you to export the desktops on dataloss for it to work. - # Will need to have a discussion to see if it's worth it. + + # Mount user homes from NFS fileSystems."/remote/home" = { device = "homes:/home"; fsType = "nfs";