mount nas

2026-01-26 10:29:07 +01:00
parent 32f7993914
commit 949f8cf77a
3 changed files with 24 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+secrets/
--- a/drives.nix
+++ b/drives.nix
@@ -5,6 +5,10 @@
    #  device = "10.94.157.2:/mnt/Nethergarde/Windows";
    #  fsType = "nfs";
    #};
+    "/mnt/nethergarde/leonhome" = {
+      device = "10.46.32.2:/mnt/Nethergarde/Home";
+      fsType = "nfs";
+    };
    #"/mnt/nethergarde/bigdata" = {
    #  device = "10.94.157.2:/mnt/Nethergarde/Bigdata";
    #  fsType = "nfs";
@@ -24,6 +28,22 @@
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
+    #"/mnt/nethergarde/leonhome" = {
+    #  device = "//10.46.32.2/Leon\\040home\\040share";
+    #  fsType = "cifs";
+    #  options = [
+    #    "credentials=/etc/nixos/secrets/smb-secrets-leon-home"
+    #    "x-systemd.automount"
+    #    "noauto"
+    #    "x-systemd.idle-timeout=60"
+    #    "x-systemd.device-timeout=5s"
+    #    "x-systemd.mount-timeout=5s"
+    #    "uid=1000"
+    #    "gid=100"
+    #    "iocharset=utf8"
+    #    "vers=3.1.1"
+    #  ];
+    #};
  };
 }

--- a/networking.nix
+++ b/networking.nix
@@ -13,7 +13,6 @@
      trustedInterfaces = [ "incusbr0" ];
    };

-    # here’s the custom nftables filter ruleset for forwarded traffic:
    nftables.ruleset = ''
      table ip filter {
        chain forward {
@@ -25,6 +24,9 @@
          iifname "incusbr0" oifname "enp4s0" ct state new,established accept
          iifname "incusbr1" oifname "enp4s0" ct state new,established accept

+          # allow vm to vm communication 
+          iifname "tap*" oifname "tap*" accept
+
          # allow natted replies
          iifname "enp4s0" oifname "incusbr0" tcp dport 8123 ct state new,established accept
          iifname "enp4s0" oifname "incusbr0" tcp dport 80 ct state new,established accept