desktops: nfs mount /services, /remote, ~/remote

24apricots · 24apricots · commit 2a6a9bacbf21 · 2026-04-10T02:02:10.000-07:00
- /services and /remote are mounted with nfs
- ~/remote is bind mounted to the remote home directory in /remote on
  login with pam_mount
diff --git a/modules/nfs.nix b/modules/nfs.nix
@@ -7,6 +7,9 @@
 
 let
   cfg = config.ocf.nfs;
+
+  # nix lazy evals so it should be fine to put it here
+  homePath = if cfg.mountHome.asRemote then "/remote" else "/home";
 in
 {
   options.ocf.nfs = {
@@ -18,6 +21,12 @@ in
       default = false;
     };
 
+    mountHome.asRemote = lib.mkOption {
+      type = lib.types.bool;
+      description = "Mount homes from NFS to /remote instead of /home (for desktops which create home directory in tmpfs on login).";
+      default = false;
+    };
+
     mountServices = lib.mkOption {
       type = lib.types.bool;
       description = "Mount /services from NFS.";
@@ -28,7 +37,7 @@ in
   config = lib.mkIf cfg.enable {
     boot.supportedFilesystems = [ "nfs" ];
 
-    fileSystems."/home" = lib.mkIf cfg.mountHome {
+    fileSystems."${homePath}" = lib.mkIf cfg.mountHome {
       device = "homes:/home";
       fsType = "nfs4";
       options = [
diff --git a/profiles/desktop.nix b/profiles/desktop.nix
@@ -35,7 +35,16 @@ in
     tmpfsHome.enable = true;
     network.wakeOnLan.enable = true;
     logged-in-users-exporter.enable = true;
-    nfs.enable = true;
+
+    nfs = {
+      enable = true;
+      mountServices = true;
+
+      # we keep a single nfs mount and then bind mount to it instead of having
+      # many nfs mounts (each logged in user would need a mount)
+      mountHome = true;
+      mountHome.asRemote = true;
+    };
 
     graphical.enable = true;
     graphical.extra = true;
@@ -63,7 +72,7 @@ in
     services.login.rules.session.mount.order =
       config.security.pam.services.login.rules.session.krb5.order + 50;
     mount.extraVolumes = [
-      ''<volume fstype="fuse" path="${lib.getExe sshfs}#%(USER)@tsunami:" mountpoint="~/remote/" options="follow_symlinks,UserKnownHostsFile=/dev/null,StrictHostKeyChecking=no" pgrp="ocf" />''
+      ''<volume fstype="bind" path="/remote/$(USER:0:1)/$(USER:0:2)/$(USER)" mountpoint="$(HOME)/remote/" />''
     ];
 
     # Trim spaces from username
