From d8ff83529c79ee8a23c6fc3504172f9acd190101 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Tue, 6 Feb 2024 13:18:07 +0100
Subject: [PATCH] hosts/kazuki: connect a storage box

---
 hosts/kazuki/default.nix      |  1 +
 hosts/kazuki/storage.nix      | 28 ++++++++++++++++++++++++++++
 secrets/secrets.nix           |  4 ++++
 secrets/storage-box-creds.age |  7 +++++++
 4 files changed, 40 insertions(+)
 create mode 100644 hosts/kazuki/storage.nix
 create mode 100644 secrets/storage-box-creds.age

diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix
index 3d76e55..6a199ae 100644
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@@ -12,6 +12,7 @@
       ./conduit.nix
       ./mail.nix
       ./vault.nix
+      ./storage.nix
     ];
 
     nixpkgs.hostPlatform = "aarch64-linux";
diff --git a/hosts/kazuki/storage.nix b/hosts/kazuki/storage.nix
new file mode 100644
index 0000000..05d187f
--- /dev/null
+++ b/hosts/kazuki/storage.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets = {
+    storage-box-creds.file = ../../secrets/storage-box-creds.age;
+  };
+
+  environment.systemPackages = with pkgs; [cifs-utils];
+  fileSystems."/storage-box" = {
+    fsType = "cifs";
+    device = "//u389358.your-storagebox.de/backup";
+    options = [
+      "iocharset=utf8"
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=60"
+      "x-systemd.device-timeout=5s"
+      "x-systemd.mount-timeout=5s"
+      "credentials=${config.age.secrets.storage-box-creds.path}"
+    ];
+  };
+
+  networking.firewall.extraCommands = ''
+    iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
+  '';
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1cc5bef..f68a627 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -43,4 +43,8 @@ in {
     keys.system.legion
     keys.other.bootstrap
   ];
+  "storage-box-creds.age".publicKeys = [
+    keys.system.kazuki
+    keys.other.bootstrap
+  ];
 }
diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age
new file mode 100644
index 0000000..20a50c1
--- /dev/null
+++ b/secrets/storage-box-creds.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 84j9mw Ne+o6QDh4zL7sYize81+CsErRJqFPVPvqgKof1NaGXE
+cxgH4T1TL1QNebEpJjbhtNzsruScnfiJmooyu1H1hqA
+-> ssh-ed25519 GKhvwg D7vjyGI59njgGefZ0siA84egRuXDBJKHMykAfejvbiE
+F6g9/HZYUGvH8fwXvn0jUbBpouloFbyD6cSYyj6efcY
+--- 6wPtAFTNJYMqW26PpAHohjNjryx/XL7UIo7+91CFjZY
+�O���>�eN��2�˗]�C4�l�#�mo� ����� `�%0XX)C:�[�[��� ���ʵ�+��*t�m
\ No newline at end of file