1 files changed, 84 insertions, 0 deletions

diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix
new file mode 100644
index 0000000..46bcb13
--- /dev/null
+++ b/modules/nixos/nas.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options = {
+    client.nas.enable = lib.mkEnableOption "enables nas";
+  };
+
+  config = lib.mkIf config.client.nas.enable {
+    services.tailscale.enable = true;
+    networking.nftables.enable = true;
+    networking.firewall = {
+      enable = true;
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+
+    systemd.services.tailscaled.serviceConfig.Environment = [ 
+      "TS_DEBUG_FIREWALL_MODE=nftables" 
+    ];
+
+    systemd.network.wait-online.enable = false; 
+    boot.initrd.systemd.network.wait-online.enable = false;
+
+    boot.supportedFilesystems = [ "nfs" ];
+
+    environment.systemPackages = with pkgs; [
+      nfs-utils
+    ];
+
+    fileSystems."/mnt/data" = {
+      device = "100.106.156.106:/tank/data";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+
+    fileSystems."/mnt/backups" = {
+      device = "100.106.156.106:/tank/backups";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+
+    fileSystems."/mnt/media" = {
+      device = "100.106.156.106:/tank/media";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+  };
+}