Fix UGent samba share mounting

2022-02-24 12:20:14 +01:00 · 2022-02-24 12:20:14 +01:00 · 3f4756e19e
parent 2473bbb90b
commit 3f4756e19e
2 changed files with 38 additions and 11 deletions
--- a/modules/datasync.nix
+++ b/modules/datasync.nix
@ -75,14 +75,6 @@
    };
  };

-  # Samba configuration
-  fileSystems."/ugent" = {
-    device = "//files.ugent.be/akasroua";
-    fsType = "cifs";
-    options = let
-      automount_opts =
-        "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-      credentials = config.age.secrets.samba-ugent.path;
  # Automount external storage
  systemd.mounts = [
    # USB
@ -97,6 +89,15 @@
      where = "/sdcard";
      mountConfig = { TimeoutSec = "5"; };
    }
+    # UGent Samba
+    {
+      what = "//files.ugent.be/akasroua/home";
+      type = "cifs";
+      where = "/ugent";
+      options =
+        "credentials=${config.age.secrets.samba-ugent.path},noperm,vers=3.0,sec=ntlmv2i";
+      mountConfig = { TimeoutSec = "5"; };
+    }
  ];
  systemd.automounts = [
    # USB
@ -111,11 +112,35 @@
      automountConfig = { TimeoutIdleSec = "5"; };
      wantedBy = [ "default.target" ];
    }
+    # UGent Samba
+    {
+      where = "/ugent";
+      automountConfig = { TimeoutIdleSec = "5"; };
+      wantedBy = [ "default.target" ];
+    }
  ];

-    in [
-      "${automount_opts},credentials=${credentials},noperm,vers=3.0,sec=ntlmv2i"
-    ];
+  # HACK Workaround to change the configuration of keyutils in order to get CIFS working
+  environment.etc."request-key.conf" = {
+    text = let
+      upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
+      keyctl = "${pkgs.keyutils}/bin/keyctl";
+    in ''
+      #OP     TYPE          DESCRIPTION  CALLOUT_INFO  PROGRAM
+      # -t is required for DFS share servers...
+      create  cifs.spnego   *            *             ${upcall} -t %k
+      create  dns_resolver  *            *             ${upcall} %k
+      # Everything below this point is essentially the default configuration,
+      # modified minimally to work under NixOS. Notably, it provides debug
+      # logging.
+      create  user          debug:*      negate        ${keyctl} negate %k 30 %S
+      create  user          debug:*      rejected      ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      expired       ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      revoked       ${keyctl} reject %k 30 %c %S
+      create  user          debug:loop:* *             |${pkgs.coreutils}/bin/cat
+      create  user          debug:*      *             ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
+      negate  *             *            *             ${keyctl} negate %k 30 %S
+    '';
  };

 }
--- a/modules/software.nix
+++ b/modules/software.nix
@ -86,6 +86,8 @@ in {
    zip
    unzip
    unar
+    cifs-utils
+    keyutils
    # Overlays
    cachix
    # Videoconference