geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add NFS server and Transmission service to sleeper-service

Browse source 
- Created modules/services/nfs.nix for network file sharing
- Updated sleeper-service configuration with NFS and Transmission
- Fixed SSH key management to use direct key configuration
- Updated hardware-configuration to use sleeper-service hostname
- Added firewall ports for Transmission RPC (9091)
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-05 16:31:09 +02:00
parent 77e6b9a501
commit 6fe8cdb790
7 changed files with 47 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/congenital-optimist/hardware-configuration.nix
View file

@ -47,7 +47,7 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/storage/media" = fileSystems."/mnt/storage/media" =
{ device = "files:/mnt/storage"; { device = "sleeper-service:/mnt/storage";
fsType = "nfs"; fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
}; };

16
machines/sleeper-service/configuration.nix
View file

@ -6,6 +6,10 @@
# Security modules # Security modules
../../modules/security/ssh-keys.nix ../../modules/security/ssh-keys.nix
# Services
../../modules/services/nfs.nix
../../modules/system/transmission.nix
# User modules # User modules
../../modules/users/geir.nix ../../modules/users/geir.nix
../../modules/users/sma.nix ../../modules/users/sma.nix
@ -47,20 +51,10 @@
tree tree
]; ];
# Users
users.users.geir = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# Add SSH public keys here
];
};
programs.zsh.enable = true; programs.zsh.enable = true;
# Firewall configuration # Firewall configuration
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 9091 ]; # SSH and Transmission RPC
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

18
modules/security/ssh-keys.nix
View file

@ -22,25 +22,9 @@
''; '';
}; };
# Centralized SSH key management
security.ssh-keys = {
# Admin keys for sma user (server administration)
admin = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgzKS1N7+7+N1/8U8++1pl4hapDm6TOy0QhrfrYA8mz geir@geokkjer.eu-admin"
];
# Development keys for geir user (git, daily use)
development = [
# Current key (keep for continuity during transition)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com"
# New development key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHukJK0Kc1YexvzF8PdqaqWNZdVffGoM6ePPMecrU6dM geir@geokkjer.eu-dev"
];
};
# SSH client configuration # SSH client configuration
programs.ssh = { programs.ssh = {
enable = true; startAgent = true;
extraConfig = '' extraConfig = ''
# Default to development key for daily use # Default to development key for daily use
Host * Host *

31
modules/services/nfs.nix Normal file
View file

@ -0,0 +1,31 @@
# NFS Server Configuration
# Network File System server for home lab storage
{ config, pkgs, ... }:
{
# NFS server configuration
services.nfs.server = {
enable = true;
# Export the storage directory
exports = ''
/mnt/storage 10.0.0.0/24(rw,sync,no_subtree_check,no_root_squash)
'';
# Create exports on startup
createMountPoints = true;
};
# Ensure the storage directory exists
systemd.tmpfiles.rules = [
"d /mnt/storage 0755 geir users -"
"d /mnt/storage/media 0755 geir users -"
"d /mnt/storage/downloads 0755 geir users -"
"d /mnt/storage/backups 0755 geir users -"
];
# Required packages for NFS
environment.systemPackages = with pkgs; [
nfs-utils
];
# Firewall rules are already configured in network module
}

7
modules/system/transmission.nix
View file

@ -5,16 +5,13 @@
enable = true; enable = true;
user = "geir"; user = "geir";
group = "users"; group = "users";
#home = "/mnt/storage/";
settings.rpc-port = 9091; settings.rpc-port = 9091;
settings.rpc-bind-address = "0.0.0.0"; settings.rpc-bind-address = "0.0.0.0";
#openRPCPort = true;
downloadDirPermissions = "770"; downloadDirPermissions = "770";
settings = { settings = {
download-dir = "/mnt/storage"; download-dir = "/mnt/storage/downloads";
#rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*"; rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*";
rpc-host-whitelist = "congenital-optimist,localhost"; rpc-host-whitelist = "sleeper-service,localhost";
}; };
}; };
} }

6
modules/users/geir.nix
View file

@ -22,9 +22,11 @@
shell = pkgs.zsh; shell = pkgs.zsh;
# SSH access with development keys # SSH access with development keys
openssh.authorizedKeys.keys = config.security.ssh-keys.development or [ openssh.authorizedKeys.keys = [
# Fallback to current key during transition # Current key (keep for continuity during transition)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com"
# New development key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHukJK0Kc1YexvzF8PdqaqWNZdVffGoM6ePPMecrU6dM geir@geokkjer.eu-dev"
]; ];
# User-specific packages # User-specific packages

5
modules/users/sma.nix
View file

@ -22,8 +22,9 @@
shell = pkgs.zsh; shell = pkgs.zsh;
# SSH key-based authentication only (no password login) # SSH key-based authentication only (no password login)
openssh.authorizedKeys.keys = config.security.ssh-keys.admin or [ openssh.authorizedKeys.keys = [
# Admin keys will be populated from security module # Admin key for server administration
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgzKS1N7+7+N1/8U8++1pl4hapDm6TOy0QhrfrYA8mz geir@geokkjer.eu-admin"
]; ];
# Essential admin packages # Essential admin packages