From 3f4756e19e70b62bc4603049e9e0d895770ddd35 Mon Sep 17 00:00:00 2001 From: coolneng Date: Thu, 24 Feb 2022 12:20:14 +0100 Subject: [PATCH] Fix UGent samba share mounting --- modules/datasync.nix | 47 +++++++++++++++++++++++++++++++++----------- modules/software.nix | 2 ++ 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/modules/datasync.nix b/modules/datasync.nix index dcd5110..a506c4b 100644 --- a/modules/datasync.nix +++ b/modules/datasync.nix @@ -75,14 +75,6 @@ }; }; - # Samba configuration - fileSystems."/ugent" = { - device = "//files.ugent.be/akasroua"; - fsType = "cifs"; - options = let - automount_opts = - "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - credentials = config.age.secrets.samba-ugent.path; # Automount external storage systemd.mounts = [ # USB @@ -97,6 +89,15 @@ where = "/sdcard"; mountConfig = { TimeoutSec = "5"; }; } + # UGent Samba + { + what = "//files.ugent.be/akasroua/home"; + type = "cifs"; + where = "/ugent"; + options = + "credentials=${config.age.secrets.samba-ugent.path},noperm,vers=3.0,sec=ntlmv2i"; + mountConfig = { TimeoutSec = "5"; }; + } ]; systemd.automounts = [ # USB @@ -111,11 +112,35 @@ automountConfig = { TimeoutIdleSec = "5"; }; wantedBy = [ "default.target" ]; } + # UGent Samba + { + where = "/ugent"; + automountConfig = { TimeoutIdleSec = "5"; }; + wantedBy = [ "default.target" ]; + } ]; - in [ - "${automount_opts},credentials=${credentials},noperm,vers=3.0,sec=ntlmv2i" - ]; + # HACK Workaround to change the configuration of keyutils in order to get CIFS working + environment.etc."request-key.conf" = { + text = let + upcall = "${pkgs.cifs-utils}/bin/cifs.upcall"; + keyctl = "${pkgs.keyutils}/bin/keyctl"; + in '' + #OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM + # -t is required for DFS share servers... + create cifs.spnego * * ${upcall} -t %k + create dns_resolver * * ${upcall} %k + # Everything below this point is essentially the default configuration, + # modified minimally to work under NixOS. Notably, it provides debug + # logging. + create user debug:* negate ${keyctl} negate %k 30 %S + create user debug:* rejected ${keyctl} reject %k 30 %c %S + create user debug:* expired ${keyctl} reject %k 30 %c %S + create user debug:* revoked ${keyctl} reject %k 30 %c %S + create user debug:loop:* * |${pkgs.coreutils}/bin/cat + create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S + negate * * * ${keyctl} negate %k 30 %S + ''; }; } diff --git a/modules/software.nix b/modules/software.nix index 4f4f0b8..9708eb5 100644 --- a/modules/software.nix +++ b/modules/software.nix @@ -86,6 +86,8 @@ in { zip unzip unar + cifs-utils + keyutils # Overlays cachix # Videoconference