diff options
| -rw-r--r-- | flake.lock | 55 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/nas.nix | 84 | ||||
| -rw-r--r-- | modules/nixos/tailscale.nix | 25 |
4 files changed, 113 insertions, 52 deletions
@@ -65,11 +65,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -85,11 +85,11 @@ ] }, "locked": { - "lastModified": 1768366276, - "narHash": "sha256-NUdsaB6H1wvbOC7oh1UZ7Ojg1I+mYBQv8ovlMB6FbHk=", + "lastModified": 1768434960, + "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e235a8746b195e335306d898f0cc93ad6c4564c", + "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "mnw": { "locked": { - "lastModified": 1758834834, - "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=", + "lastModified": 1767030222, + "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001", + "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", "type": "github" }, "original": { @@ -142,15 +142,16 @@ ] }, "locked": { - "lastModified": 1765720983, - "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", + "lastModified": 1768214250, + "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", "owner": "feel-co", "repo": "ndg", - "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", + "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", "type": "github" }, "original": { "owner": "feel-co", + "ref": "refs/tags/v2.6.0", "repo": "ndg", "type": "github" } @@ -173,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1767185284, - "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "lastModified": 1768397375, + "narHash": "sha256-7QqbFi3ERvKjEdAzEYPv7iSGwpUKSrQW5wPLMFq45AQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "rev": "efe2094529d69a3f54892771b6be8ee4a0ebef0f", "type": "github" }, "original": { @@ -189,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1768305791, + "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", "type": "github" }, "original": { @@ -261,11 +262,11 @@ ] }, "locked": { - "lastModified": 1768368328, - "narHash": "sha256-YKKk8oHnVvyBr1AFh6zvqYsmfqaOZpObHoGJR2wBBjs=", + "lastModified": 1768469403, + "narHash": "sha256-kU9UKtzjTt0LOtoU8WW+hFZMWKoylR1lHkm7WBfT3qQ=", "owner": "nix-community", "repo": "NUR", - "rev": "a22fe18a52560314d741a0d37565548926ca1104", + "rev": "204ea07b6c1467a2fd55aef446d6a4843893f00f", "type": "github" }, "original": { @@ -286,11 +287,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1768307761, - "narHash": "sha256-Y4Y5wa75ft5Ix7ydiZc5aMzfQdAuxOsC2mSQ+qWWOHU=", + "lastModified": 1768464392, + "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", "owner": "NotAShelf", "repo": "nvf", - "rev": "b985468159a02513773b3f9256bde9c85c5d8626", + "rev": "007f14a2c8d67568f4655654b401871920d73011", "type": "github" }, "original": { @@ -370,11 +371,11 @@ ] }, "locked": { - "lastModified": 1768329214, - "narHash": "sha256-ASI9j+Fgj7TzB4mj+IBIBrV5mH9P/D/vjKLyVDZWZOw=", + "lastModified": 1768379550, + "narHash": "sha256-z94S29l5V86h11LZbPIMbHTJyksDG63aqISsZkTTuJY=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "2357b84ef617772c012397a7e8b4542bd5e4bab8", + "rev": "06f61b4e4f4f6ba8027c96a5611c63dc0db12b90", "type": "github" }, "original": { diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 8647dcf..ec1e0a9 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -12,6 +12,7 @@ ./nix-ld.nix # ./nordvpn.nix # ./ly.nix + ./nas.nix ]; users.users.jck.packages = with pkgs; [ diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix new file mode 100644 index 0000000..46bcb13 --- /dev/null +++ b/modules/nixos/nas.nix @@ -0,0 +1,84 @@ +{ config, pkgs, lib, ... }: + +{ + options = { + client.nas.enable = lib.mkEnableOption "enables nas"; + }; + + config = lib.mkIf config.client.nas.enable { + services.tailscale.enable = true; + networking.nftables.enable = true; + networking.firewall = { + enable = true; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + + systemd.services.tailscaled.serviceConfig.Environment = [ + "TS_DEBUG_FIREWALL_MODE=nftables" + ]; + + systemd.network.wait-online.enable = false; + boot.initrd.systemd.network.wait-online.enable = false; + + boot.supportedFilesystems = [ "nfs" ]; + + environment.systemPackages = with pkgs; [ + nfs-utils + ]; + + fileSystems."/mnt/data" = { + device = "100.106.156.106:/tank/data"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + + fileSystems."/mnt/backups" = { + device = "100.106.156.106:/tank/backups"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + + fileSystems."/mnt/media" = { + device = "100.106.156.106:/tank/media"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + }; +} diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix deleted file mode 100644 index 9cba982..0000000 --- a/modules/nixos/tailscale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: - -{ - # 1. Enable the service and the firewall - services.tailscale.enable = true; - networking.nftables.enable = true; - networking.firewall = { - enable = true; - # Always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - # Allow the Tailscale UDP port through the firewall - allowedUDPPorts = [ config.services.tailscale.port ]; - }; - - # 2. Force tailscaled to use nftables (Critical for clean nftables-only systems) - # This avoids the "iptables-compat" translation layer issues. - systemd.services.tailscaled.serviceConfig.Environment = [ - "TS_DEBUG_FIREWALL_MODE=nftables" - ]; - - # 3. Optimization: Prevent systemd from waiting for network online - # (Optional but recommended for faster boot with VPNs) - systemd.network.wait-online.enable = false; - boot.initrd.systemd.network.wait-online.enable = false; - } |