feat: implement NFS with NFSv4 ID mapping across home lab

- Add NFSv4 ID mapping configuration using services.nfs.idmapd.settings
- Configure consistent domain 'home.lab' for ID mapping across all machines
- Update sleeper-service NFS server with proper security (root_squash, all_squash)
- Create reusable NFS client module (modules/services/nfs-client.nix)
- Deploy NFS client configuration to grey-area and congenital-optimist
- Maintain consistent media group GID (993) across all machines
- Support both local (10.0.0.0/24) and Tailscale (100.64.0.0/10) networks
- Test and verify NFS connectivity and ID mapping functionality

Resolves permission management issues and enables secure file sharing
across the home lab infrastructure.

machines/congenital-optimist/configuration.nix

@@ -15,6 +15,9 @@
     # Network modules
     ../../modules/network/extraHosts.nix
 
+    # Services
+    ../../modules/services/nfs-client.nix
+
     # Hardware modules
     ../../modules/hardware/amd-workstation.nix
 

machines/grey-area/configuration.nix

@@ -1,6 +1,8 @@
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     # Hardware configuration
     ./hardware-configuration.nix
@@ -14,6 +16,9 @@
     ../../modules/virtualization/incus.nix
     ../../modules/users/sma.nix
 
+    # NFS client with ID mapping
+    ../../modules/services/nfs-client.nix
+
     # Services
     ./services/jellyfin.nix
     ./services/calibre-web.nix
@@ -82,7 +87,6 @@
   };
 
   environment.systemPackages = with pkgs; [
-    
   ];
 
   # Enable the OpenSSH daemon.
@@ -90,12 +94,10 @@
   services.openssh.settings.PermitRootLogin = "no";
   services.openssh.settings.PasswordAuthentication = true;
 
-
   # Firewall
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [22 3000 23231];
   networking.firewall.allowedUDPPorts = [22 23231];
   networking.nftables.enable = true;
   system.stateVersion = "23.05"; # Do not change this, it maintains data compatibility.
-
 }

machines/sleeper-service/nfs.nix

@@ -12,10 +12,8 @@
   # Enable RPC services for NFS
   services.rpcbind.enable = true;
 
-  # NFSv4 ID mapping service
-  services.nfs.idmapd = {
-    enable = true;
-    settings = {
+  # NFSv4 ID mapping configuration
+  services.nfs.idmapd.settings = {
     General = {
       Domain = "home.lab"; # Same domain on all machines
       Verbosity = 0;
@@ -25,7 +23,6 @@
       Nobody-Group = "nogroup";
     };
   };
-  };
 
   # NFS server configuration
   services.nfs.server = {

modules/services/nfs-client.nix

@@ -13,15 +13,11 @@ with lib; {
 
   config = {
     # Enable NFS filesystem support
-    boot.supportedFilesystems = ["nfs"];
-
-    # Enable RPC services required for NFS
+    boot.supportedFilesystems = ["nfs"]; # Enable RPC services required for NFS
     services.rpcbind.enable = true;
 
     # NFSv4 ID mapping service - must match server configuration
-    services.nfs.idmapd = {
-      enable = true;
-      settings = {
+    services.nfs.idmapd.settings = {
       General = {
         Domain = "home.lab"; # Must match server domain
         Verbosity = 0;
@@ -31,7 +27,6 @@ with lib; {
         Nobody-Group = "nogroup";
       };
     };
-    };
 
     # NFS utilities for client operations
     environment.systemPackages = with pkgs; [