Refactor filesystem configurations: rename bcachefs to filesys.bcache…

…fs, add CIFS support, and include NAS credentials

modules/common/packages/default.nix

@@ -1,8 +1,6 @@
-{
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [
+    busybox
     coreutils-full
     curl
     eza

modules/nixos/system/bcachefs/default.nix → modules/nixos/system/filesys/bcachefs/default.nix

@@ -51,9 +51,9 @@
     };
   };
 
-  cfg = config.${namespace}.system.bcachefs;
+  cfg = config.${namespace}.system.filesys.bcachefs;
 in {
-  options.${namespace}.system.bcachefs = {
+  options.${namespace}.system.filesys.bcachefs = {
     enable = lib.mkEnableOption "Whether to enable bcachefs.";
 
     fileSystems = lib.mkOption {

modules/nixos/system/filesys/cifs/default.nix

@@ -0,0 +1,44 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}: let
+  mkCifs = _name: args: {
+    inherit (args) device;
+    fsType = "cifs";
+    options = [
+      "noauto"
+      "x-systemd.automount"
+      "x-systemd.idle-timeout=60"
+      "x-systemd.device-timeout=5s"
+      "x-systemd.mount-timeout=5s"
+      "noperm"
+      "credentials=${args.credentials}"
+    ];
+  };
+
+  cfg = config.${namespace}.system.filesys.cifs;
+in {
+  options.${namespace}.system.filesys.cifs = {
+    enable = lib.mkEnableOption "Whether to enable cifs.";
+
+    fileSystems = lib.mkOption {
+      default = {};
+      example = lib.literalExpression ''
+        {
+          "/mnt/share" = {
+            device = "example.com/share";
+            credentials = "/etc/credentials";
+          };
+        }
+      '';
+      type = lib.types.attrsOf (lib.types.attrsOf lib.types.string);
+      description = lib.mdDoc "The cifs file systems to mount.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    fileSystems = lib.mapAttrs mkCifs cfg.fileSystems;
+  };
+}

modules/nixos/system/secrets/default.nix

@@ -30,6 +30,11 @@ in {
           sopsFile = lib.snowfall.fs.get-file "secrets/clash.yaml";
           key = "";
         };
+        "nas-mck-credentials.env" = {
+          sopsFile = lib.snowfall.fs.get-file "secrets/nas-mck-credentials.env";
+          format = "dotenv";
+          key = "";
+        };
       };
     };
   };

secrets/nas-mck-credentials.env

@@ -0,0 +1,14 @@
+username=ENC[AES256_GCM,data:VRftQ9qM0Q==,iv:VggyyrtBvh3SN+nqq+geMyPv6BPfF++lIfPELhk91mo=,tag:0T+ujzKjcWf7GGkJJxbY3A==,type:str]
+password=ENC[AES256_GCM,data:u1kYZm7NOmjY7g==,iv:tyqcUMD538xDH9S7J5wTRinbqLsqvAtnFNVlClGpFLg=,tag:hlKvcc2ygSUY8OIN+OdWWw==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3VWa3E4Yk0wbXVtb0R3\nNUQ3MGZ4aVFWcHVwTjJZalRqdzhZTFFyckJ3CkQ2MEpiL0V2K0FyWFFFYUlUNWpv\nR3lOTHVxeVNEOTdtb2dvWEFJSDl4cncKLS0tIDl3NUJPblBRNVBvbS9yRUpUa2hN\nck4rTWVPWU1EcmMwV0lJKzVvRG5MWlkKVErs2XKHZchXydZjoe8RB707fpO/9RnC\n2yu03ieHROX7kLDRJgmYuJSoiRg+0sbxQNCnkGO67WMScXQOpqfL6Q==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1v2f38zx3fyn789lemwf8jm2wcx2d7krjc82z74t2qwcrk6hsjsqs8xsjhh
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTGJ6WGJta3llbFlzQXVa\ndWR6cXppaFhYU0dJU2VPK2RjRWE2RDEyTkhRClhrb01Xa0hVRFViZVpVc0JLY28r\nVUlxNEpPRUgzaHkyc3ZFcm9ZQURSNFEKLS0tIHlZUUE5K3lxNS9Sc3YzWmNMYU81\nTk9tNFZsNTZsTitrdVYva1RsNUpaYUUKiNudBkqPcdYXS7iptOU+zCZN4TvSaCiF\naU2mzD5p9IRT4kROy5SvUPmeU9jrXmZo7r1GlK+46TL7ZA5Jr7NtLw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1c8nt6m2vv9mcy50vgkvvgag2kl0x4fysdtjuevptxwh9gv54mgqqtzl8zn
+sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVllnM0ppZlVEakRTSlpL\nSGQ0dGhyVGxLWktxcVBjWlp5NGFldCtOVWxvCndud0dTeGxDM0JWWEZNNWlFeUR3\nOCtyMWdIdjR4M0ordnF3eExLcW1IT28KLS0tIDBLWGJTUUxpYkh1SVhoL1pMU1JG\nRC9wUE5RR25RSmpLemtoa2xjekJiZTQKVYWGuryugNFmJdD08Zxyi3e5MDwXJw0a\nAoh6Qtjj/F4JVDHSMMO28QMd+/St1Pe5TFkiSe1zBYSJujnGrga39Q==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_2__map_recipient=age1yznykzrsa65lg50rtku2yaqq4mln4lk2u8hkyz4r4hy28tlvug8s3p88uh
+sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUkJiVStPSzhUbDFtNFd3\nU0swZHc2eFMrY1JTNHU4aTVtOW1TZEljQngwCmVwcTZlZVY4WlRMNWtpYXdOWFcy\nQjkvZGFLOTl0ZE9TSndrS2pHM2p2WTAKLS0tIERycmtwV2ZsQUV3c0RHN0lHMU9Q\nTGtrYnVNTjZVWTZ1d2dRTHZFK2pTUzgKxZXyp5ZNN7f+KjW6b2L/Efz9aGnu1553\nRFkUcG9yrU845bFTjF84sWKBpDU3kiOFI0XClDM/oeOrgzNFqk9F3A==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_3__map_recipient=age13m8rakh7w2zkawjuqgd29sp7wtceqt4mkw38mcg9fsrurs5x2urq9dgqg0
+sops_lastmodified=2024-12-04T05:45:00Z
+sops_mac=ENC[AES256_GCM,data:swliV3T0Q074QL3c1NLuJQgnbnckfiLczVOjbr8ySn45UogIIOjD2TQcpJ6auAWxhE1J7dSLV8PrHlcH8xn2vT8bmFNk1aszgGll9JULtDLL4Qrw6mQo6pfUMjvym5KLOY4k9CR1Z4CSjWQtLqiZ0MpvPoip9ZJEeT+XTaslOwc=,iv:1tHHxQXtCjgOeRLqgQByReKmfetu9gyDa+eBKt2TZKo=,tag:oCJgQ0L+p+7GsXpNppoQgw==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.9.1

systems/x86_64-linux/hakase/default.nix

@@ -43,12 +43,26 @@
 
   nichijou = {
     system = {
-      bcachefs = {
-        enable = true;
-
-        fileSystems."/mnt/data" = {
-          devices = ["/dev/nvme0n1p3" "/dev/sda1" "/dev/sdb1"];
-          options = ["noatime"];
+      filesys = {
+        bcachefs = {
+          enable = true;
+          fileSystems."/mnt/data" = {
+            devices = ["/dev/nvme0n1p3" "/dev/sda1" "/dev/sdb1"];
+            options = ["noatime"];
+          };
+        };
+        cifs = {
+          enable = true;
+          fileSystems = {
+            "/mnt/mck/home" = {
+              device = "//nas-changping-4.ybh1998.space/home";
+              credentials = config.sops.secrets."nas-mck-credentials.env".path;
+            };
+            "/mnt/mck/share" = {
+              device = "//nas-changping-4.ybh1998.space/share";
+              credentials = config.sops.secrets."nas-mck-credentials.env".path;
+            };
+          };
         };
       };
       gpu.nvidia.enable = true;