{ config, pkgs, lib, ... }: { # Boot drives are defined in ./hardware-configuration.nix environment.systemPackages = with pkgs; [ cifs-utils ]; # Local zfs boot = { zfs.extraPools = [ "tank" ]; supportedFilesystems = [ "zfs" ]; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; }; services.zfs.autoScrub.enable = true; services.prometheus.exporters.zfs = { enable = true; # "ip46" is cursed, do it manually below # openFirewall = true; # firewallFilter = "-p tcp -m tcp --source 192.168.10.175/32 --dport 9134"; }; networking.firewall = { allowedTCPPorts = [ 9134 ]; extraCommands = '' iptables -A INPUT -p tcp -m tcp --source 192.168.10.175/32 --dport 9134 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 9134 -j DROP ''; }; # Network mounts (import) fileSystems = { "/mnt/feal-syn1/media" = { device = "feal-syn1.home.feal.no:/volume2/media"; fsType = "nfs"; options = [ "vers=3" ]; #options = [ "x-systemd.automount" "noauto" ]; }; "/mnt/feal-syn1/nfs_proxmox" = { device = "//feal-syn1.home.feal.no/nfs_proxmox"; fsType = "cifs"; options = let # this line prevents hanging on network split automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; in ["${automount_opts},credentials=/etc/feal-syn1-credentials"]; }; "/var/backup" = { device = "/tank/backup/voyager"; options = [ "bind "]; }; }; }