f1aa5edb55
This now exists in nixpkgs, and a more recent version of it. Change-Id: I51fe038ba9459587952028f77e97b48212d13e74 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11762 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
38 lines
1.1 KiB
Nix
38 lines
1.1 KiB
Nix
{ depot, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
(depot.third_party.agenix.src + "/modules/age.nix")
|
|
];
|
|
|
|
age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age";
|
|
programs.fuse.userAllowOther = true;
|
|
|
|
systemd.services.geesefs = {
|
|
description = "geesefs @ tazjins-files";
|
|
wantedBy = [ "multi-user.target" ];
|
|
path = [ pkgs.fuse ];
|
|
|
|
serviceConfig = {
|
|
# TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why?
|
|
|
|
Restart = "always";
|
|
LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files";
|
|
StateDirectory = "geesefs";
|
|
ExecStartPre = "/run/wrappers/bin/umount -a -t fuse.geesefs";
|
|
};
|
|
|
|
script = ''
|
|
set -u # bail out if systemd is misconfigured ...
|
|
set -x
|
|
|
|
mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache
|
|
|
|
${pkgs.geesefs}/bin/geesefs \
|
|
-f -o allow_other \
|
|
--cache $STATE_DIRECTORY/cache \
|
|
--shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \
|
|
tazjins-files $STATE_DIRECTORY/tazjins-files
|
|
'';
|
|
};
|
|
}
|