desktops: nfs mount /services, /remote, ~/remote

24apricots · 24apricots · commit 9edff5ce3ceb · 2026-04-10T02:11:59.000-07:00
- /services and /remote are mounted with nfs
- ~/remote is bind mounted to the remote home directory in /remote on
  login with pam_mount

ocf.nfs:
- new ocf.nfs.mountRemote
- fix incorrect "lib.mkIf cfg.mountHome" -&gt; "lib.mkIf cfg.mountServices"
  for filesystems."/services"
diff --git a/modules/nfs.nix b/modules/nfs.nix
@@ -18,6 +18,12 @@ in
       default = false;
     };
 
+    mountRemote = lib.mkOption {
+      type = lib.types.bool;
+      description = "Mount NFS homes to /remote (for desktops which create home directory in tmpfs on login).";
+      default = false;
+    };
+
     mountServices = lib.mkOption {
       type = lib.types.bool;
       description = "Mount /services from NFS.";
@@ -40,7 +46,19 @@ in
       ];
     };
 
-    fileSystems."/services" = lib.mkIf cfg.mountHome {
+    fileSystems."/remote" = lib.mkIf cfg.mountRemote {
+      device = "homes:/home";
+      fsType = "nfs4";
+      options = [
+        "rw"
+        "bg"
+        "noatime"
+        "nodev"
+        "nosuid"
+      ];
+    };
+
+    fileSystems."/services" = lib.mkIf cfg.mountServices {
       device = "services:/services";
       fsType = "nfs4";
       options = [
diff --git a/profiles/desktop.nix b/profiles/desktop.nix
@@ -35,7 +35,15 @@ in
     tmpfsHome.enable = true;
     network.wakeOnLan.enable = true;
     logged-in-users-exporter.enable = true;
-    nfs.enable = true;
+
+    nfs = {
+      enable = true;
+      mountServices = true;
+
+      # we keep a single nfs mount and then bind mount to it instead of having
+      # many nfs mounts (each logged in user would need a mount)
+      mountRemote = true;
+    };
 
     graphical.enable = true;
     graphical.extra = true;
@@ -63,7 +71,7 @@ in
     services.login.rules.session.mount.order =
       config.security.pam.services.login.rules.session.krb5.order + 50;
     mount.extraVolumes = [
-      ''<volume fstype="fuse" path="${lib.getExe sshfs}#%(USER)@tsunami:" mountpoint="~/remote/" options="follow_symlinks,UserKnownHostsFile=/dev/null,StrictHostKeyChecking=no" pgrp="ocf" />''
+      ''<volume fstype="bind" path="/remote/$(USER:0:1)/$(USER:0:2)/$(USER)" mountpoint="$(HOME)/remote/" />''
     ];
 
     # Trim spaces from username
