diff --git a/hosts/skydick/datapool.nix b/hosts/skydick/datapool.nix index 0d90092..b910287 100644 --- a/hosts/skydick/datapool.nix +++ b/hosts/skydick/datapool.nix @@ -155,6 +155,18 @@ # # File-backed VM images live under /srv/users/ye-lw21/vm/files. # # Block LUNs are zvol children of dick/users/ye-lw21/vm/. # +# # zhuyz24 (local+LDAP account, local UID 2200000020/GID 100 on skydick; +# # LDAP gidNumber is 10000 but local NSS wins and pins GID to 100) +# zfs create -o mountpoint=/srv/users/zhuyz24 -o quota=10T dick/users/zhuyz24 +# zfs create -o recordsize=128K -o mountpoint=/srv/users/zhuyz24/files dick/users/zhuyz24/files +# zfs create -o recordsize=16K -o mountpoint=/srv/users/zhuyz24/bt-state dick/users/zhuyz24/bt-state +# zfs create -o recordsize=64K -o mountpoint=/srv/users/zhuyz24/vm dick/users/zhuyz24/vm +# mkdir -p /srv/users/zhuyz24/vm/files +# chown zhuyz24:users /srv/users/zhuyz24 && chmod 0700 /srv/users/zhuyz24 +# for d in files bt-state vm vm/files; do chown zhuyz24:users /srv/users/zhuyz24/$d && chmod 0750 /srv/users/zhuyz24/$d; done +# # File-backed VM images live under /srv/users/zhuyz24/vm/files. +# # Block LUNs are zvol children of dick/users/zhuyz24/vm/. +# # System: # zfs create -o mountpoint=none -o canmount=off dick/system # zfs create -o recordsize=1M -o compression=zstd-3 -o mountpoint=/srv/system/backup dick/system/backup @@ -309,6 +321,11 @@ "d /srv/users/ye-lw21/bt-state 0750 ye-lw21 users -" "d /srv/users/ye-lw21/vm 0750 ye-lw21 users -" "d /srv/users/ye-lw21/vm/files 0750 ye-lw21 users -" + "d /srv/users/zhuyz24 0700 zhuyz24 users -" + "d /srv/users/zhuyz24/files 0750 zhuyz24 users -" + "d /srv/users/zhuyz24/bt-state 0750 zhuyz24 users -" + "d /srv/users/zhuyz24/vm 0750 zhuyz24 users -" + "d /srv/users/zhuyz24/vm/files 0750 zhuyz24 users -" # System "d /srv/system 0700 root root -" @@ -430,6 +447,7 @@ # the SMB-exposed `files` child). /srv/users/ldx 10.0.0.0/16(rw,sync,no_subtree_check,crossmnt,all_squash,anonuid=1000,anongid=100) /srv/users/ye-lw21 10.0.0.0/16(rw,sync,no_subtree_check,crossmnt,all_squash,anonuid=1002,anongid=100) + /srv/users/zhuyz24 10.0.0.0/16(rw,sync,no_subtree_check,crossmnt,all_squash,anonuid=2200000020,anongid=100) # System /srv/system/backup 10.0.0.0/16(rw,sync,no_subtree_check,no_root_squash) diff --git a/hosts/skydick/default.nix b/hosts/skydick/default.nix index 2dd64c8..594a843 100644 --- a/hosts/skydick/default.nix +++ b/hosts/skydick/default.nix @@ -268,6 +268,19 @@ hashedPassword = "$y$j9T$hia.9h7L/5q7G4QdKFHOA1$fAFFSpJRf57ZEvCVjDjwM1WH8UPR5E1Xy28KeJQ.gfD"; }; + # zhuyz24 (朱驭之) — LDAP-backed data-pool user. Local override pins the Unix + # UID to the LDAP uidNumber (2200000020) so on-disk ownership stays consistent + # whether resolved via local NSS or pure LDAP. SSH-key only, no wheel, no + # password. SMB password lives in LDAP after one-time `smbpasswd -a zhuyz24`. + users.users.zhuyz24 = { + isNormalUser = true; + uid = 2200000020; + extraGroups = [ "storage" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaHj2lCOktkU0MnUxQo9ElhBw7/iZ5C2e+GkHdwP38t edwardmashed@gmail.com" + ]; + }; + # ========================================================================== # LDAP IDENTITY # ==========================================================================