homey/modules/storage.nix

{ config, lib, pkgs, ... }:

# External hard-drive storage module.
#
# Each host sets:
#   homey.storage.device   = "/dev/disk/by-id/usb-WD_...";  (by-id is stable across reboots)
#   homey.storage.mountPoint = "/mnt/data";                  (default)
#
# All service data lives under <mountPoint>/<service-name>/, so the whole
# dataset can be browsed, backed up, or restored with plain filesystem tools.
#
# Directory layout under mountPoint:
#   openldap/
#     etc-ldap-slapd.d/     ← /etc/ldap/slapd.d  in container
#     var-lib-ldap/         ← /var/lib/ldap       in container
#   authelia/
#     config/               ← /config             in container (sqlite db etc.)
#   gitea/
#     data/                 ← /data               in container
#   nextcloud/
#     html/                 ← /var/www/html        in container
#     db/                   ← /var/lib/postgresql/data in postgres container
#   jellyfin/
#     config/
#   media/
#     movies/
#     tvshows/
#     general/
#     complete/
#   transmission/
#     config/
#   uptime-kuma/            ← /app/data in uptime-kuma container (SQLite DB, config)
#   ntfy/
#     auth.db               ← user/token auth database
#     cache.db              ← message cache
#     attachments/          ← file attachments
#   restic-cache/           ← restic local cache (not the backup destination)

let
  cfg = config.homey.storage;
in
{
  options.homey.storage = {
    device = lib.mkOption {
      type        = lib.types.str;
      example     = "/dev/disk/by-id/usb-WD_Elements_12345-0:0";
      description = ''
        Block device for the external hard drive.
        Use /dev/disk/by-id/ paths for stable identification across reboots.
        Leave empty to skip automount (useful during initial setup).
      '';
      default = "";
    };

    mountPoint = lib.mkOption {
      type    = lib.types.str;
      default = "/mnt/data";
      description = "Where the external HD is mounted. All service data lives here.";
    };

    fsType = lib.mkOption {
      type    = lib.types.str;
      default = "ext4";
      description = "Filesystem type of the external drive.";
    };
  };

  config = lib.mkIf (cfg.device != "") {
    # Mount the external drive
    fileSystems."${cfg.mountPoint}" = {
      device  = cfg.device;
      fsType  = cfg.fsType;
      options = [
        "defaults"
        "nofail"      # Don't block boot if drive is absent
        "noatime"     # Better performance / less SD wear
        "x-systemd.automount"
        "x-systemd.idle-timeout=0"
      ];
    };

    # Ensure the mount point directory exists
    systemd.tmpfiles.rules = [
      "d ${cfg.mountPoint} 0755 root root -"

      # Service subdirectories — created on boot so containers can start
      # even before any data is restored into them.
      "d ${cfg.mountPoint}/openldap                     0750 root root -"
      "d ${cfg.mountPoint}/openldap/etc-ldap-slapd.d    0750 root root -"
      "d ${cfg.mountPoint}/openldap/var-lib-ldap         0750 root root -"
      "d ${cfg.mountPoint}/authelia                      0750 root root -"
      "d ${cfg.mountPoint}/authelia/config               0750 root root -"
      "d ${cfg.mountPoint}/gitea                         0750 1000 1000 -"
      "d ${cfg.mountPoint}/gitea/data                    0750 1000 1000 -"
      "d ${cfg.mountPoint}/nextcloud                     0750 root root -"
      # www-data in the Nextcloud container is UID 33; it needs rx on the
      # directory and rw on all files it creates inside.
      "d ${cfg.mountPoint}/nextcloud/html                0750 33   33   -"
      # Postgres (uid 999) must own this directory — it creates files directly in it
      "d ${cfg.mountPoint}/nextcloud/db                  0700 999  999  -"
      "d ${cfg.mountPoint}/jellyfin                      0750 root root -"
      "d ${cfg.mountPoint}/jellyfin/config               0750 root root -"
      "d ${cfg.mountPoint}/media                         0755 root root -"
      "d ${cfg.mountPoint}/media/movies                  0755 root root -"
      "d ${cfg.mountPoint}/media/tvshows                 0755 root root -"
      "d ${cfg.mountPoint}/media/general                 0755 root root -"
      "d ${cfg.mountPoint}/media/complete                0755 root root -"
      "d ${cfg.mountPoint}/transmission                  0750 root root -"
      "d ${cfg.mountPoint}/transmission/config           0750 root root -"
      "d ${cfg.mountPoint}/uptime-kuma                  0750 root    root    -"
      "d ${cfg.mountPoint}/ntfy                         0750 ntfy-sh ntfy-sh -"
      "d ${cfg.mountPoint}/ntfy/attachments             0750 ntfy-sh ntfy-sh -"
      "d ${cfg.mountPoint}/paperless                     0750 root root -"
      # Paperless runs as UID 1000 (configured via USERMAP_UID)
      "d ${cfg.mountPoint}/paperless/data               0750 1000 1000 -"
      "d ${cfg.mountPoint}/paperless/media              0750 1000 1000 -"
      "d ${cfg.mountPoint}/paperless/consume            0750 1000 1000 -"
      "d ${cfg.mountPoint}/paperless/export             0750 1000 1000 -"
      "d ${cfg.mountPoint}/mealie                       0750 root root -"
      "d ${cfg.mountPoint}/mealie/data                  0755 root root -"
      "d ${cfg.mountPoint}/restic-cache                  0700 root root -"
    ];
  };
}