I am struggling quite a while to mount my intranet (connected via VPN) samba share in a robust manner. When mounting it via fstab, it leads to hangs on the filesystem when the VPN connection is lost (e.g. when shuting down/rebooting).
Therefore I tried autofs, which should automatically unmount the share when inactive. Yet, this does not work either. While this CLI command works fine: sudo mount.cifs //msc-smb.hpc.meduniwien.ac.at/mschae83 /mnt/muwhpc/ --options credentials=/home/moritz/muwhpc_credentials.txt,cache=strict,_netdev
, my autofs config fails (I tried a lot already, starting from the example in the NixOS config reference. Current state below)
services.autofs = {
enable = true;
timeout = 30; # very low
autoMaster = let
mapConf = pkgs.writeText "mnt" ''
server -fstype=cifs,credentials=/home/moritz/muwhpc_credentials.txt,cache=strict,_netdev ://msc-smb.hpc.meduniwien.ac.at/mschae83'';
in ''
/mnt ${mapConf} --ghost
'';
};
}
Any suggestions on how to get autofs running, or on how to properly set up a CIFS mount behind VPN would be greatly appreciated!
Note: This is a cross post from r/NixOS, where I got 0 attention unfortunately.
journalctl -e /nix/store/0pph7qwdfqbljikzcvb2032wlkfc3xd6-autofs-5.1.6/bin/automount
Nov 15 19:02:43 mopad automount[36566]: failed to open config /etc/autofs.conf
Nov 15 19:02:43 mopad automount[36566]: failed to open old config /autofs
journalctl -u autofs.service
Nov 15 19:02:43 mopad systemd[1]: Starting Automounts filesystems on demand...
Nov 15 19:02:43 mopad automount[36566]: failed to open config /etc/autofs.conf
Nov 15 19:02:43 mopad automount[36566]: failed to open old config /autofs
Nov 15 19:02:43 mopad systemd[1]: Started Automounts filesystems on demand.
I am not sure whether the lack of /etc/autofs.conf is an issue here, as we explicitly configure it to use the automaster file we provide via mapConf.
Also, in response to your comment that this is uncharted territory: I am really surprised about this as it should be a quite common use case to access samba shares, e.g. from your company’s intranet when being in home office. Could you elaborate on your thoughts on this?
I get that, but I don’t think as many people as you think are accessing samba shares from their companies’ intranets. Usually when you don’t get responses and your question isn’t extremely specific with little context it’s an uncommon use case.
I think file sharing is done much more commonly with cloud services these days. That’s besides the point though, it’s a valid use case, let’s see if we can figure it out.
Your config doesn’t specify the file: prefix before the file, unlike the one in the module example. Maybe try:
services.autofs = {
enable = true;
timeout = 30; # very low
autoMaster = let
mapConf = pkgs.writeText "mnt" ''
server -fstype=cifs,credentials=/home/moritz/muwhpc_credentials.txt,cache=strict,_netdev ://msc-smb.hpc.meduniwien.ac.at/mschae8
'';
in ''
/mnt file:${mapConf} --ghost
'';
};
The man page is somewhat hard to grok, but that might be it? The NixOS module does not attempt to write anything to /etc, so assuming the module actually works that should not be the problem indeed.
That module has apparently been lying around unmaintained since 2012 2017 though, so who knows what bugs and behavior changes are lurking here.
If not, I’d personally do this with a systemd mount and make sure dependencies on the vpn are set correctly.
It’s actually not that rare. I am in a similar situation where i want to be able to connect to my companies vpn and access the network drives while connected. Did you have any success with your attempt?
EDIT:
The official samba documentation actually has a line in it to prevent ‘hanging on network split’
{
# For mount.cifs, required unless domain name resolution is not needed.
environment.systemPackages = [ pkgs.cifs-utils ];
fileSystems."/mnt/share" = {
device = "//<IP_OR_HOST>/path/to/share";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
};
}
I added my vpn configuration to the nixos configuration.
Since it is an openvpn configuration i could follow the openvpn documentation for nixos.
I could then use the options from the nixos documentation as well as the parameters from the openvpn documentation to create the following samba config.