- Add NFSv4 ID mapping configuration using services.nfs.idmapd.settings
- Configure consistent domain 'home.lab' for ID mapping across all machines
- Update sleeper-service NFS server with proper security (root_squash, all_squash)
- Create reusable NFS client module (modules/services/nfs-client.nix)
- Deploy NFS client configuration to grey-area and congenital-optimist
- Maintain consistent media group GID (993) across all machines
- Support both local (10.0.0.0/24) and Tailscale (100.64.0.0/10) networks
- Test and verify NFS connectivity and ID mapping functionality
Resolves permission management issues and enables secure file sharing
across the home lab infrastructure.
- Remove /mnt/storage/media from systemd.tmpfiles.rules (it's a ZFS dataset mount point)
- Add ExecStartPost to set proper permissions on ZFS-mounted media directory
- Update NFS research documentation with ZFS integration best practices
- Add section explaining ZFS mount point vs tmpfiles.rules conflicts
This resolves the potential conflict where tmpfiles tries to create a directory
that ZFS wants to use as a mount point for the storage/media dataset.
- Create shared media-group.nix module with fixed GID (993)
- Add both geir and sma users to media group for shared NFS access
- Update NFS server configuration to use root:media ownership with 0775 permissions
- Convert all media services to use media group instead of users group:
- Jellyfin, Calibre-web, Audiobookshelf, Transmission
- Enable group write access to all NFS shares (/mnt/storage/*)
- Maintain security with root ownership while allowing group collaboration
This resolves NFS permission issues by providing consistent group-based access
control across all media services and storage directories.
