nixos-config/hosts/voyager/filesystems.nix

{ config, pkgs, lib, ... }:
{
  # Boot drives are defined in ./hardware-configuration.nix

  environment.systemPackages = with pkgs; [ cifs-utils ];

  # Local zfs
  boot = {
    zfs.extraPools = [ "tank" ];
    supportedFilesystems = [ "zfs" ];
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  };
  services.zfs.autoScrub.enable = true;
  services.prometheus.exporters.zfs = {
    enable = true;
    # "ip46" is cursed, do it manually below
    # openFirewall = true;
    # firewallFilter = "-p tcp -m tcp --source 192.168.10.175/32 --dport 9134";
  };
  networking.firewall = {
    allowedTCPPorts = [ 9134 ];
    extraCommands = ''
      iptables -A INPUT -p tcp -m tcp --source 192.168.10.175/32 --dport 9134 -j ACCEPT
      iptables -A INPUT -p tcp -m tcp --dport 9134 -j DROP
    '';
  };

  # Network mounts (import)
  fileSystems = {
    "/mnt/feal-syn1/media" = {
      device = "feal-syn1.home.feal.no:/volume2/media";
      fsType = "nfs";
      options = [ "vers=3" ];
      #options = [ "x-systemd.automount" "noauto" ];
    };
    "/mnt/feal-syn1/nfs_proxmox" = {
      device = "//feal-syn1.home.feal.no/nfs_proxmox";
      fsType = "cifs";
      options = let
        # this line prevents hanging on network split
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

      in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
    };

    "/var/backup" = {
      device = "/tank/backup/voyager";
      options = [ "bind "];
    };
  };

}