hosts/kazuki: connect a storage box

hosts/kazuki/default.nix

@@ -12,6 +12,7 @@
       ./conduit.nix
       ./mail.nix
       ./vault.nix
+      ./storage.nix
     ];
 
     nixpkgs.hostPlatform = "aarch64-linux";

hosts/kazuki/storage.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets = {
+    storage-box-creds.file = ../../secrets/storage-box-creds.age;
+  };
+
+  environment.systemPackages = with pkgs; [cifs-utils];
+  fileSystems."/storage-box" = {
+    fsType = "cifs";
+    device = "//u389358.your-storagebox.de/backup";
+    options = [
+      "iocharset=utf8"
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=60"
+      "x-systemd.device-timeout=5s"
+      "x-systemd.mount-timeout=5s"
+      "credentials=${config.age.secrets.storage-box-creds.path}"
+    ];
+  };
+
+  networking.firewall.extraCommands = ''
+    iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
+  '';
+}

secrets/secrets.nix

@@ -43,4 +43,8 @@ in {
     keys.system.legion
     keys.other.bootstrap
   ];
+  "storage-box-creds.age".publicKeys = [
+    keys.system.kazuki
+    keys.other.bootstrap
+  ];
 }

secrets/storage-box-creds.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 84j9mw Ne+o6QDh4zL7sYize81+CsErRJqFPVPvqgKof1NaGXE
+cxgH4T1TL1QNebEpJjbhtNzsruScnfiJmooyu1H1hqA
+-> ssh-ed25519 GKhvwg D7vjyGI59njgGefZ0siA84egRuXDBJKHMykAfejvbiE
+F6g9/HZYUGvH8fwXvn0jUbBpouloFbyD6cSYyj6efcY
+--- 6wPtAFTNJYMqW26PpAHohjNjryx/XL7UIo7+91CFjZY
+ÖO··ô>àeNê<4E>×2<C397>Ë—]¢C4»lÖ#ómoŸ ’›â‚õ `™%0XX)C:ó[è[<5B><>ü ŠùÏʵè+äÈ*tèm