feat: implement NFS with NFSv4 ID mapping across home lab

- Add NFSv4 ID mapping configuration using services.nfs.idmapd.settings
- Configure consistent domain 'home.lab' for ID mapping across all machines
- Update sleeper-service NFS server with proper security (root_squash, all_squash)
- Create reusable NFS client module (modules/services/nfs-client.nix)
- Deploy NFS client configuration to grey-area and congenital-optimist
- Maintain consistent media group GID (993) across all machines
- Support both local (10.0.0.0/24) and Tailscale (100.64.0.0/10) networks
- Test and verify NFS connectivity and ID mapping functionality

Resolves permission management issues and enables secure file sharing
across the home lab infrastructure.

machines/congenital-optimist/configuration.nix

@@ -15,6 +15,9 @@
     # Network modules
     ../../modules/network/extraHosts.nix
 
+    # Services
+    ../../modules/services/nfs-client.nix
+
     # Hardware modules
     ../../modules/hardware/amd-workstation.nix
 

machines/grey-area/configuration.nix

@@ -1,10 +1,12 @@
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     # Hardware configuration
     ./hardware-configuration.nix
-    
+
     # Shared modules
     ../../modules/common/base.nix
     ../../modules/network/common.nix
@@ -13,7 +15,10 @@
     ../../modules/virtualization/libvirt.nix
     ../../modules/virtualization/incus.nix
     ../../modules/users/sma.nix
-    
+
+    # NFS client with ID mapping
+    ../../modules/services/nfs-client.nix
+
     # Services
     ./services/jellyfin.nix
     ./services/calibre-web.nix
@@ -32,7 +37,7 @@
   boot.loader.grub.efiSupport = true;
   boot.loader.grub.efiInstallAsRemovable = true;
   boot.loader.efi.efiSysMountPoint = "/boot/";
-  boot.loader.grub.device = "nodev"; 
+  boot.loader.grub.device = "nodev";
 
   # Disks and Updates
   services.fstrim.enable = true;
@@ -41,7 +46,7 @@
   fileSystems."/mnt/remote/media" = {
     device = "sleeper-service:/mnt/storage/media";
     fsType = "nfs";
-    options = [ 
+    options = [
       "x-systemd.automount"
       "x-systemd.idle-timeout=60"
       "x-systemd.device-timeout=10"
@@ -56,14 +61,14 @@
   };
 
   # Enable all unfree hardware support.
-  hardware.firmware = with pkgs; [ firmwareLinuxNonfree ];
+  hardware.firmware = with pkgs; [firmwareLinuxNonfree];
   hardware.enableAllFirmware = true;
   hardware.enableRedistributableFirmware = true;
   nixpkgs.config.allowUnfree = true;
   services.fwupd.enable = true;
 
   # Networking
-  networking.hostName = "grey-area"; 
+  networking.hostName = "grey-area";
   networking.networkmanager.enable = true;
 
   # Set your time zone.
@@ -72,7 +77,7 @@
   # Text mode configuration (headless server)
   services.xserver.enable = false;
   services.displayManager.defaultSession = "none";
-  boot.kernelParams = [ "systemd.unit=multi-user.target" ];
+  boot.kernelParams = ["systemd.unit=multi-user.target"];
   systemd.targets.graphical.enable = false;
 
   i18n.defaultLocale = "en_US.UTF-8";
@@ -82,20 +87,17 @@
   };
 
   environment.systemPackages = with pkgs; [
-    
   ];
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
   services.openssh.settings.PermitRootLogin = "no";
-  services.openssh.settings.PasswordAuthentication = true; 
+  services.openssh.settings.PasswordAuthentication = true;
-
 
   # Firewall
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 3000 23231];
+  networking.firewall.allowedTCPPorts = [22 3000 23231];
-  networking.firewall.allowedUDPPorts = [ 22 23231 ];
+  networking.firewall.allowedUDPPorts = [22 23231];
   networking.nftables.enable = true;
   system.stateVersion = "23.05"; # Do not change this, it maintains data compatibility.
-
 }

machines/sleeper-service/nfs.nix

@@ -12,18 +12,15 @@
   # Enable RPC services for NFS
   services.rpcbind.enable = true;
 
-  # NFSv4 ID mapping service
+  # NFSv4 ID mapping configuration
-  services.nfs.idmapd = {
+  services.nfs.idmapd.settings = {
-    enable = true;
+    General = {
-    settings = {
+      Domain = "home.lab"; # Same domain on all machines
-      General = {
+      Verbosity = 0;
-        Domain = "home.lab"; # Same domain on all machines
+    };
-        Verbosity = 0;
+    Mapping = {
-      };
+      Nobody-User = "nobody";
-      Mapping = {
+      Nobody-Group = "nogroup";
-        Nobody-User = "nobody";
-        Nobody-Group = "nogroup";
-      };
     };
   };
 

modules/services/nfs-client.nix

@@ -13,23 +13,18 @@ with lib; {
 
   config = {
     # Enable NFS filesystem support
-    boot.supportedFilesystems = ["nfs"];
+    boot.supportedFilesystems = ["nfs"]; # Enable RPC services required for NFS
-
-    # Enable RPC services required for NFS
     services.rpcbind.enable = true;
 
     # NFSv4 ID mapping service - must match server configuration
-    services.nfs.idmapd = {
+    services.nfs.idmapd.settings = {
-      enable = true;
+      General = {
-      settings = {
+        Domain = "home.lab"; # Must match server domain
-        General = {
+        Verbosity = 0;
-          Domain = "home.lab"; # Must match server domain
+      };
-          Verbosity = 0;
+      Mapping = {
-        };
+        Nobody-User = "nobody";
-        Mapping = {
+        Nobody-Group = "nogroup";
-          Nobody-User = "nobody";
-          Nobody-Group = "nogroup";
-        };
       };
     };