feat: add NFS server and Transmission service to sleeper-service

- Created modules/services/nfs.nix for network file sharing - Updated sleeper-service configuration with NFS and Transmission - Fixed SSH key management to use direct key configuration - Updated hardware-configuration to use sleeper-service hostname - Added firewall ports for Transmission RPC (9091)
2025-06-05 16:31:09 +02:00 · 2025-06-05 16:31:09 +02:00 · 6fe8cdb790
commit 6fe8cdb790
parent 77e6b9a501
7 changed files with 47 additions and 38 deletions
--- a/machines/congenital-optimist/hardware-configuration.nix
+++ b/machines/congenital-optimist/hardware-configuration.nix
@ -47,7 +47,7 @@
      fsType = "zfs";
    };
  fileSystems."/mnt/storage/media" =
-    { device = "files:/mnt/storage";
+    { device = "sleeper-service:/mnt/storage";
      fsType = "nfs";
      options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
    };
--- a/machines/sleeper-service/configuration.nix
+++ b/machines/sleeper-service/configuration.nix
@ -6,6 +6,10 @@
    # Security modules
    ../../modules/security/ssh-keys.nix

+    # Services
+    ../../modules/services/nfs.nix
+    ../../modules/system/transmission.nix
+
    # User modules
    ../../modules/users/geir.nix
    ../../modules/users/sma.nix
@ -47,20 +51,10 @@
    tree
  ];

-  # Users
-  users.users.geir = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" ];
-    shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [
-      # Add SSH public keys here
-    ];
-  };
-
  programs.zsh.enable = true;

  # Firewall configuration
-  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedTCPPorts = [ 22 9091 ]; # SSH and Transmission RPC

  system.stateVersion = "25.05";
 }
--- a/modules/security/ssh-keys.nix
+++ b/modules/security/ssh-keys.nix
@ -22,25 +22,9 @@
    '';
  };

-  # Centralized SSH key management
-  security.ssh-keys = {
-    # Admin keys for sma user (server administration)
-    admin = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgzKS1N7+7+N1/8U8++1pl4hapDm6TOy0QhrfrYA8mz geir@geokkjer.eu-admin"
-    ];
-    
-    # Development keys for geir user (git, daily use)
-    development = [
-      # Current key (keep for continuity during transition)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com"
-      # New development key
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHukJK0Kc1YexvzF8PdqaqWNZdVffGoM6ePPMecrU6dM geir@geokkjer.eu-dev"
-    ];
-  };
-
  # SSH client configuration
  programs.ssh = {
-    enable = true;
+    startAgent = true;
    extraConfig = ''
      # Default to development key for daily use
      Host *
--- a/modules/services/nfs.nix
+++ b/modules/services/nfs.nix
@ -0,0 +1,31 @@
+# NFS Server Configuration
+# Network File System server for home lab storage
+{ config, pkgs, ... }:
+
+{
+  # NFS server configuration
+  services.nfs.server = {
+    enable = true;
+    # Export the storage directory
+    exports = ''
+      /mnt/storage    10.0.0.0/24(rw,sync,no_subtree_check,no_root_squash)
+    '';
+    # Create exports on startup
+    createMountPoints = true;
+  };
+
+  # Ensure the storage directory exists
+  systemd.tmpfiles.rules = [
+    "d /mnt/storage 0755 geir users -"
+    "d /mnt/storage/media 0755 geir users -"
+    "d /mnt/storage/downloads 0755 geir users -"
+    "d /mnt/storage/backups 0755 geir users -"
+  ];
+
+  # Required packages for NFS
+  environment.systemPackages = with pkgs; [
+    nfs-utils
+  ];
+
+  # Firewall rules are already configured in network module
+}
--- a/modules/system/transmission.nix
+++ b/modules/system/transmission.nix
@ -5,16 +5,13 @@
    enable = true;
    user = "geir";
    group = "users";
-    #home = "/mnt/storage/";
    settings.rpc-port = 9091;
    settings.rpc-bind-address = "0.0.0.0";
-    #openRPCPort = true;
    downloadDirPermissions = "770";
    settings = {
-      download-dir = "/mnt/storage";
-      #rpc-whitelist-enabled = true;
+      download-dir = "/mnt/storage/downloads";
      rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*";
-      rpc-host-whitelist = "congenital-optimist,localhost";
+      rpc-host-whitelist = "sleeper-service,localhost";
    };
  };
 }
--- a/modules/users/geir.nix
+++ b/modules/users/geir.nix
@ -22,9 +22,11 @@
    shell = pkgs.zsh;
    
    # SSH access with development keys
-    openssh.authorizedKeys.keys = config.security.ssh-keys.development or [
-      # Fallback to current key during transition
+    openssh.authorizedKeys.keys = [
+      # Current key (keep for continuity during transition)
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com"
+      # New development key
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHukJK0Kc1YexvzF8PdqaqWNZdVffGoM6ePPMecrU6dM geir@geokkjer.eu-dev"
    ];
    
    # User-specific packages
--- a/modules/users/sma.nix
+++ b/modules/users/sma.nix
@ -22,8 +22,9 @@
    shell = pkgs.zsh;
    
    # SSH key-based authentication only (no password login)
-    openssh.authorizedKeys.keys = config.security.ssh-keys.admin or [
-      # Admin keys will be populated from security module
+    openssh.authorizedKeys.keys = [
+      # Admin key for server administration
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgzKS1N7+7+N1/8U8++1pl4hapDm6TOy0QhrfrYA8mz geir@geokkjer.eu-admin"
    ];

    # Essential admin packages