3 files changed, 85 insertions, 25 deletions

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 8647dcf..ec1e0a9 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -12,6 +12,7 @@
     ./nix-ld.nix
     # ./nordvpn.nix
     # ./ly.nix
+    ./nas.nix
   ];
 
   users.users.jck.packages = with pkgs; [
diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix
new file mode 100644
index 0000000..46bcb13
--- /dev/null
+++ b/modules/nixos/nas.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options = {
+    client.nas.enable = lib.mkEnableOption "enables nas";
+  };
+
+  config = lib.mkIf config.client.nas.enable {
+    services.tailscale.enable = true;
+    networking.nftables.enable = true;
+    networking.firewall = {
+      enable = true;
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+
+    systemd.services.tailscaled.serviceConfig.Environment = [ 
+      "TS_DEBUG_FIREWALL_MODE=nftables" 
+    ];
+
+    systemd.network.wait-online.enable = false; 
+    boot.initrd.systemd.network.wait-online.enable = false;
+
+    boot.supportedFilesystems = [ "nfs" ];
+
+    environment.systemPackages = with pkgs; [
+      nfs-utils
+    ];
+
+    fileSystems."/mnt/data" = {
+      device = "100.106.156.106:/tank/data";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+
+    fileSystems."/mnt/backups" = {
+      device = "100.106.156.106:/tank/backups";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+
+    fileSystems."/mnt/media" = {
+      device = "100.106.156.106:/tank/media";
+      fsType = "nfs4";
+
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "nofail"
+        "_netdev"
+
+        "hard"
+        "noatime"
+
+        "x-systemd.mount-timeout=10"
+        "x-systemd.idle-timeout=600"
+      ];
+    };
+  };
+}
diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix
deleted file mode 100644
index 9cba982..0000000
--- a/modules/nixos/tailscale.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, ... }:
-
-{
-  # 1. Enable the service and the firewall
-    services.tailscale.enable = true;
-    networking.nftables.enable = true;
-    networking.firewall = {
-      enable = true;
-      # Always allow traffic from your Tailscale network
-      trustedInterfaces = [ "tailscale0" ];
-      # Allow the Tailscale UDP port through the firewall
-      allowedUDPPorts = [ config.services.tailscale.port ];
-    };
-
-    # 2. Force tailscaled to use nftables (Critical for clean nftables-only systems)
-    # This avoids the "iptables-compat" translation layer issues.
-    systemd.services.tailscaled.serviceConfig.Environment = [ 
-      "TS_DEBUG_FIREWALL_MODE=nftables" 
-    ];
-
-    # 3. Optimization: Prevent systemd from waiting for network online 
-    # (Optional but recommended for faster boot with VPNs)
-    systemd.network.wait-online.enable = false; 
-    boot.initrd.systemd.network.wait-online.enable = false;
-  }