From e37878c544eb5ad25cf26465e38b37222993da6f Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sun, 24 Apr 2022 21:56:28 -0400
Subject: [PATCH] Automount samba shares

---
 common/default.nix             |   1 +
 common/hosts.nix               |   5 +++++
 common/pc/default.nix          |   1 +
 common/pc/mount-samba.nix      |  36 +++++++++++++++++++++++++++++++++
 machines/ray/configuration.nix |   2 ++
 secrets/secrets.nix            |   1 +
 secrets/smb-secrets.age        | Bin 0 -> 1867 bytes
 7 files changed, 46 insertions(+)
 create mode 100644 common/pc/mount-samba.nix
 create mode 100644 secrets/smb-secrets.age

diff --git a/common/default.nix b/common/default.nix
index b192f8f..6048752 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -57,6 +57,7 @@
     shell = pkgs.fish;
     openssh.authorizedKeys.keys = (import ./ssh.nix).users;
     hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
+    uid = 1000;
   };
   nix.trustedUsers = [ "root" "googlebot" ];
 
diff --git a/common/hosts.nix b/common/hosts.nix
index 52e39f8..87ab730 100644
--- a/common/hosts.nix
+++ b/common/hosts.nix
@@ -3,6 +3,11 @@
 let
   system = (import ./ssh.nix).system;
 in {
+  networking.hosts = {
+    # some DNS providers filter local ip results from DNS request
+    "172.30.145.180" = [ "s0.zt.neet.dev" ];
+  };
+
   programs.ssh.knownHosts = {
     liza = {
       hostNames = [ "liza" "liza.neet.dev" ];
diff --git a/common/pc/default.nix b/common/pc/default.nix
index 99918ab..259856f 100644
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@@ -17,6 +17,7 @@ in {
     ./discord.nix
     ./steam.nix
     ./touchpad.nix
+    ./mount-samba.nix
   ];
 
   options.de = {
diff --git a/common/pc/mount-samba.nix b/common/pc/mount-samba.nix
new file mode 100644
index 0000000..e84c88a
--- /dev/null
+++ b/common/pc/mount-samba.nix
@@ -0,0 +1,36 @@
+# mounts the samba share on s0 over zeroteir
+
+{ config, lib, ... }:
+
+let
+  cfg = config.services.mount-samba;
+
+  # prevents hanging on network split
+  network_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+  user_opts = "uid=${toString config.users.users.googlebot.uid},file_mode=0660,dir_mode=0770,user";
+  auth_opts = "credentials=/run/agenix/smb-secrets";
+  version_opts = "vers=2.1";
+
+  opts = "${network_opts},${user_opts},${version_opts}";
+in {
+  options.services.mount-samba = {
+    enable = lib.mkEnableOption "enable mounting samba shares";
+  };
+
+  config = lib.mkIf (cfg.enable && config.services.zerotierone.enable) {
+    fileSystems."/mnt/public" = {
+        device = "//s0.zt.neet.dev/public";
+        fsType = "cifs";
+        options = ["guest,${opts}"];
+    };
+
+    fileSystems."/mnt/private" = {
+        device = "//s0.zt.neet.dev/googlebot";
+        fsType = "cifs";
+        options = ["${auth_opts},${opts}"];
+    };
+
+    age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;
+  };
+}
\ No newline at end of file
diff --git a/machines/ray/configuration.nix b/machines/ray/configuration.nix
index fbd523c..d5e4b5f 100644
--- a/machines/ray/configuration.nix
+++ b/machines/ray/configuration.nix
@@ -49,6 +49,8 @@
 
   services.zerotierone.enable = true;
 
+  services.mount-samba.enable = true;
+
   de.enable = true;
   de.touchpad.enable = true;
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fb0905b..a0d3e7f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,4 +17,5 @@ in
   "spotifyd.age".publicKeys = all;
   "wolframalpha.age".publicKeys = all;
   "cloudflared-navidrome.json.age".publicKeys = all;
+  "smb-secrets.age".publicKeys = all;
 }
diff --git a/secrets/smb-secrets.age b/secrets/smb-secrets.age
new file mode 100644
index 0000000000000000000000000000000000000000..b4e0ac21574b4780a0f76017adc2a6baee0648d4
GIT binary patch
literal 1867
zcmZY9yX)+D83u4guoyWAiwMdVsbn$yHpygiD-^!DOeUF0Cb!8XX(W?ma=#~&i&$tO
z{sF?;s_YiKB38nw6m2ZG5W!9mY_|{#6~%+)oWI}$@AEvbA4e}y6?988q;>Uv-NncQ
z+q`@m>igs+3bzD-G0<FtlA0ie0k;q??r2)KjS}H7xajzmyAKaWRl{5m`%d1U+VqwS
z8}+eGS2&gY?0jgHGlw2ev5mr|x34Xq*zH$Pw{q~vW4?dZ%G*TG04j2XRNBToTnWdh
zkjaoL>%d*8<E3W9U31o{WWFg6AC2pcF_lsW4~~jrSHxBJk*rUi^(d^P>(CufQA+?~
zpZDNl_pGVg9csl8q4_cf+?cyHwYcnHt2Ho~XzmJ{=98sk^{lC(v<^3i-uN~JIC<Dp
zq_2d-y&DXqJ2YpUI+yIeky<Z|ya9_$1(}|;t-p1X34%jJw3^$l6pc1s=G%E)<HW$I
z91A+WGb;dFM>BauP6jqqz|Qx}<zNC*I^fe35SEvfwozYivPQ;rMp~T4!sMdT&swPH
zZXHA7G%Xp(SgRcDwZrU-TX;y*8TJ}8M6%Z?(`n|~paFi_D7-6g$+%Kujni(eA1XFx
zv$rtLanFxoqC_g(?bE7`@@GxlMkc324?xu;VYYVG(rLTxlcs?KhoV3%pN*wOTgKyQ
zkdG_qH*7oS)jh}yCP6q5fJs0buF~#3B_OJGRF}26A6)`)-CNpn;DJ6tXT+Q4#HoB7
z2~Of_pH8J_x@XdvRi`-1k=^j?QW?&!syCi(G*~-yYo?Jv>kI!dU2Z@Wmie4DHs2JE
z>@M0#^{KaWgZHx?LkjD&bH~dDZ&Ny-j*lR00S-)7JOqA1Xk*ilaO5D{?6TQ$>{&Vo
z+8Jpi28A<f3|-oh+^s-Z*+Fehl41u<p?ybrz9eVdvmQV=o%$EW6FS~M%~BUcfq*ew
zDc&ti0bRi*cY}(&VvhIdW;~7wAtfzt$oeT-^ima&QH!|YdU7mhTaGtsWh=a5*UPi^
zm~82xLq1(Nw$-==<(>*kU@(?{nEN`!ytF*zH-WL)*o?OxQskSMyBhi|9-0}^7}!u0
z-HLc2Wb*S?mxZE8=YcKJTPa)mvvy~@36CL{<|Jos5Sb#{{>1FEixSSe>Sn+BH%O6r
zJkgR9uaU?7v^iQ;LbqDk?e-mp7vU*^cW!a%qRCG|n?!9t0+m*?y9}N+lbH2;44I)3
z4x)=NeIp3Ra78Cpj#BX<bDoZ(K0v21qKQL!xq{6EXmP)&RV<xGomfS67N^Vz>%_GT
z>QOS(ymG~AP_-^RYmWA2sXDX_umJ|O-~~j+dl@9-RzB=JH9B$`37B0Kt0$(FtI`ZM
z3d@fxer7W~Jm^;k70jK7M%TOt#|&OF{H7IkNuik-OV66w@I)Cyq&JR%DqQN!9;?$h
z-mm6aF2Js+(1Sv-YEL^<nS}ma2%DYjBz64IcePYJ0LN2|BwL=QGirg<s?J!_<)H12
zqm#d-9do*`Vo2+6_lnXp+Pxy=$WgAdPWax1gY9+Tva5TBV{&eboqp{%+%oH&gcChJ
zRNNk!FBS86vy@p*>4}O|Yp?-JQssp3|IbaT()9Wgcah&m(07sd^o@6UOnMB8g=IYT
zO_N?;Ad$Rzs3N8~j#}7wWu1je*Q{gcSd5*#$rBnKu(TGzKG@vfd6)UltB<??eDcYM
z_pg}mD}OXT{{5fo=~w1|-|K$<`pflizxpkm>HFWAzxef!-u>5Kn!kP8|M~SlKKtjt
zKluAcU-%mJ>Z1es`36_N`Td`L{fFQ9W%`Hw2VeY&?vBl0gP*qM^@Gp-_?5|PzxnK)
M?|u5E*B@U02dZvjtN;K2

literal 0
HcmV?d00001