From 10895fd758ace94c68ecea1c66462144cf5b6cad Mon Sep 17 00:00:00 2001 From: scouckel Date: Fri, 16 Jan 2026 19:02:12 -0500 Subject: update + add nas w/ tailscale --- modules/nixos/default.nix | 1 + modules/nixos/nas.nix | 84 +++++++++++++++++++++++++++++++++++++++++++++ modules/nixos/tailscale.nix | 25 -------------- 3 files changed, 85 insertions(+), 25 deletions(-) create mode 100644 modules/nixos/nas.nix delete mode 100644 modules/nixos/tailscale.nix (limited to 'modules') diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 8647dcf..ec1e0a9 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -12,6 +12,7 @@ ./nix-ld.nix # ./nordvpn.nix # ./ly.nix + ./nas.nix ]; users.users.jck.packages = with pkgs; [ diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix new file mode 100644 index 0000000..46bcb13 --- /dev/null +++ b/modules/nixos/nas.nix @@ -0,0 +1,84 @@ +{ config, pkgs, lib, ... }: + +{ + options = { + client.nas.enable = lib.mkEnableOption "enables nas"; + }; + + config = lib.mkIf config.client.nas.enable { + services.tailscale.enable = true; + networking.nftables.enable = true; + networking.firewall = { + enable = true; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + + systemd.services.tailscaled.serviceConfig.Environment = [ + "TS_DEBUG_FIREWALL_MODE=nftables" + ]; + + systemd.network.wait-online.enable = false; + boot.initrd.systemd.network.wait-online.enable = false; + + boot.supportedFilesystems = [ "nfs" ]; + + environment.systemPackages = with pkgs; [ + nfs-utils + ]; + + fileSystems."/mnt/data" = { + device = "100.106.156.106:/tank/data"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + + fileSystems."/mnt/backups" = { + device = "100.106.156.106:/tank/backups"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + + fileSystems."/mnt/media" = { + device = "100.106.156.106:/tank/media"; + fsType = "nfs4"; + + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "_netdev" + + "hard" + "noatime" + + "x-systemd.mount-timeout=10" + "x-systemd.idle-timeout=600" + ]; + }; + }; +} diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix deleted file mode 100644 index 9cba982..0000000 --- a/modules/nixos/tailscale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: - -{ - # 1. Enable the service and the firewall - services.tailscale.enable = true; - networking.nftables.enable = true; - networking.firewall = { - enable = true; - # Always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - # Allow the Tailscale UDP port through the firewall - allowedUDPPorts = [ config.services.tailscale.port ]; - }; - - # 2. Force tailscaled to use nftables (Critical for clean nftables-only systems) - # This avoids the "iptables-compat" translation layer issues. - systemd.services.tailscaled.serviceConfig.Environment = [ - "TS_DEBUG_FIREWALL_MODE=nftables" - ]; - - # 3. Optimization: Prevent systemd from waiting for network online - # (Optional but recommended for faster boot with VPNs) - systemd.network.wait-online.enable = false; - boot.initrd.systemd.network.wait-online.enable = false; - } -- cgit v1.3