Commit ba866c76a681

Vincent Demeester <vincent@sbr.pm>
2025-12-05 17:09:15
feat: Configure NFS media sharing between rhea and kyushu
- Enable seamless access to music, pictures, and videos from laptop - Optimize resource usage with automount and 10-minute idle timeout - Establish network storage foundation with NFSv4.2 protocol Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent a19b08f
Changed files (3)
systems
kyushu
extra.nix
hardware.nix
rhea
extra.nix
systems/kyushu/extra.nix
@@ -30,6 +30,8 @@
     ];
   };
 
+  boot.supportedFilesystems = [ "nfs" ];
+
   services = {
     getty = {
       autologinOnce = true;
systems/kyushu/hardware.nix
@@ -13,4 +13,50 @@
   hardware = {
     # opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
   };
+
+  # NFS mounts from rhea
+  fileSystems."/net/rhea/music" = {
+    device = "rhea.sbr.pm:/music"; # NFSv4: path relative to fsid=0 (/neo)
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.2" # Use NFSv4.2 for best performance
+      "x-systemd.automount" # Lazy-mount on first access
+      "noauto" # Don't mount at boot
+      "x-systemd.idle-timeout=600" # Auto-unmount after 10 min idle
+      "soft" # Don't hang if server unavailable
+      "timeo=14" # Timeout after 1.4s (14 * 0.1s)
+      "retrans=2" # Retry twice before timing out
+      "_netdev" # Wait for network before mounting
+    ];
+  };
+
+  fileSystems."/net/rhea/pictures" = {
+    device = "rhea.sbr.pm:/pictures";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.2"
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=600"
+      "soft"
+      "timeo=14"
+      "retrans=2"
+      "_netdev"
+    ];
+  };
+
+  fileSystems."/net/rhea/videos" = {
+    device = "rhea.sbr.pm:/videos";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.2"
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=600"
+      "soft"
+      "timeo=14"
+      "retrans=2"
+      "_netdev"
+    ];
+  };
 }
systems/rhea/extra.nix
@@ -360,6 +360,10 @@
     };
     nfs.server = {
       enable = true;
+      # Fixed ports for firewall configuration
+      lockdPort = 4001;
+      mountdPort = 4002;
+      statdPort = 4000;
       exports = ''
                 /neo                      192.168.1.0/24(rw,fsid=0,no_subtree_check) 10.100.0.0/24(rw,fsid=0,no_subtree_check)
                 /neo/backup               192.168.1.0/24(rw,fsid=1,no_subtree_check) 10.100.0.0/24(rw,fsid=1,no_subtree_check)
@@ -524,13 +528,31 @@
 
   networking.useDHCP = lib.mkDefault true;
 
-  # Open firewall for Traefik
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-    1883 # MQTT
-    8883 # MQTTS
-  ];
+  # Open firewall for Traefik and NFS
+  networking.firewall = {
+    allowedTCPPorts = [
+      80
+      443
+      1883 # MQTT
+      8883 # MQTTS
+      # NFS ports
+      111 # rpcbind
+      2049 # NFS daemon
+      4000 # statd
+      4001 # lockd
+      4002 # mountd
+      20048 # mountd (NFSv4)
+    ];
+    allowedUDPPorts = [
+      # NFS ports
+      111 # rpcbind
+      2049 # NFS daemon
+      4000 # statd
+      4001 # lockd
+      4002 # mountd
+      20048 # mountd (NFSv4)
+    ];
+  };
 
   # Environment file for Gandi API key (managed by agenix)
   systemd.services.traefik.serviceConfig = {