From 8c9c8310b305db97f47a9baca8d3d2ec8265e93d Mon Sep 17 00:00:00 2001
From: Maxiem Geldhof <author@maxiemgeldhof.com>
Date: Mon, 3 Nov 2025 20:01:39 +0100
Subject: [PATCH] Add smb mount instead

---
 keys/mullvad               | Bin 723 -> 729 bytes
 keys/secrets.nix           |   1 +
 keys/smbshare              |  13 +++++++++++++
 systems/ren/volumes.nix    |  24 +++++++++++++++---------
 systems/selene/volumes.nix |  37 ++++++++++++++++++++-----------------
 5 files changed, 49 insertions(+), 26 deletions(-)
 create mode 100644 keys/smbshare

diff --git a/keys/mullvad b/keys/mullvad
index da57b94226774909629747eb6daa280d68968ce4..6f4873b8173a7ef0a3ad881069d291926c36812a 100644
GIT binary patch
delta 677
zcmcc2dXsg6PJMu}Taj~7s(wgSRz;?7R))53U`B3~d3scKwtsecidVj;ML=;uN|;la
zBUg}#Z-j4pidl+#T2`WVp`UwBv4^XpSyYu@U`B~?M5K{^zIJd%zKeHWF_*5LLUD11
zZfc5=si~o*LaAR=q(z`Yabih?iCI*(L7BcsX=IUcu$!rGc6w!GaAjy=WL{NOUZH7`
zf2L!KQ$d&oSE+?XW|)VMer}kBM`clPx=X50NVcn+k+WlZa8X#WSyiQRZf;<SOQ=Wk
z#E;_jNy%jq9tM>bmJvlM=@C_yzTw7BE+&<JK_*d=j@j9+<@tqG`Obx@Iboh$>1NKw
z;hsT0spUcb!Tx!M*<n?#*(IjN#Rl%q5h;d2kwv+_!QmyD#Xf;ty1KdwS-yVS8E#cM
zCLx}_CFK?Y=1$HjIVt6SDdl<Q!Oj6W7NPp}g^orRrj8l;Tu;hFe<dVJhy8EaFqwH(
zk--zo@@O^JeB&I}pXX~z!e33ksV!o{IQ6Aw{=Bp)r#-l2uQRwhOXwN?Osh_94Rh7l
zbz?!}mm}R8_R-0&cCl^sYWV9{{vmkzpBL-w7BVJVUoq6#zRv1NVv1rwy`0|DLIZgL
z5$9R5_1UcMi()kzdsw!Xz1jZxeZnfU1HQ{QUsy2vz^ijd>hAvQ&(yH=3OTmgI=Lw8
z!Obj5&v)J@ZPHy8+kH3r>F@ox{>$&e#SxQ#ez?0>B{XERARkv{Gt({w4gafdPWPHQ
z0v60{+2!!<+UI``x?H~u4>m3Ran}2#n94I(KIddE&S_pD7xbA_8BQy!>iHKO(~FEL
zJCQooWL{KX%i4)IGK??1KCk?#L1?<6e{ifp)y@42l+NzRb`<SOz5D9nhUKBfm##GX
Z_4lue2tSrJf99>k{~wN7*yOI84*+6!6Kwzh

delta 671
zcmcb~dYN^CPJLyXk4K7mYDAPphEZ`=c2=5cNn(DXpT1L7hEYmzW<iosNrk(MQBiP3
zIaj7(fvKapb5fa8N?KA#zIRZLTZn!|Ms|T&iFvU}y1%}=p;LB7WmUM3Czr0BLUD11
zZfc5=si~o*LaAR=q(z{DwxwrgL}6w|u%Cyqeo2Xbu$yVRQAAa6l3`V3P*7D+YMMof
zTS=u`Mp&Q;mqA5hUZ!WTzGYZIy1Acwa(0nRetMckczU^Mh*^qjh*MQjK#EILs(x|$
z#E;_jMv(<sxmoEEPA1_2VdWtvB_X-~NnY+QZk9<!6$PP1Zf<VorA|I+Zf@yZ##OH2
z$=-$)IaR@?>8XiP!6AmBMxm*Wo*@OnhH1VLX{A0sdCorhc|nm}y1KdwnZ~Y0g^mXP
zM#*{JMTW+Pe&LqsUO`!*8HE+je!-UhY35G#uGuLrL8*E9T=zCjX5Pf{HT7bo)w<cA
zl`Suv2^5T*{$X98z31z0hNXY*AC-3d(6)~?F8+M2{xpu8AIqFARwO@+pXhs8(W!8+
z{0(Pkjf=Xud~qMyGj2?{p~pJ)#C-i}4-&7fI&=B#r?(U9)|F@e$XK=Io#@tsOVqOs
zem1Y)F?UV98M|V~q{OLO^K<q0Ia!6?6kDCLK*?6>rQqe=<$uCoGPdh|H1f(zxx6^v
zuraIbe$K@+W?fyai~)y)H10^u*jFuc_tNa6;d_}DC+<IO9`<a9<ZUUI?$^JL*E9cc
zQ9aW>Y0u1KT}(B#%`d)9*!s;`oqzh9Eyk-4u~+PIJ@fG4*<3$+F|P7ixfQoA7&`W9
z-j4tA<BM>)%)YO+%(E2scq~38J2OV&!}9a4=Z|(BR{Qn6@yEl^??0JbkM4QtQ(?7e
W)1#03G~#yHx}3T5=R)F9J~aUN@f?r<

diff --git a/keys/secrets.nix b/keys/secrets.nix
index 48e931b..631260a 100644
--- a/keys/secrets.nix
+++ b/keys/secrets.nix
@@ -15,4 +15,5 @@ in
   "wg-ren.priv".publicKeys = macbook++master++ren;
   "ren.priv".publicKeys = master ++ ren;
   "mullvad".publicKeys = master ++ ren ++ macbook;
+  "smbshare".publicKeys = master ++ macbook ++ ren ++ selene;
 }
\ No newline at end of file
diff --git a/keys/smbshare b/keys/smbshare
new file mode 100644
index 0000000..7e69903
--- /dev/null
+++ b/keys/smbshare
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 CJLJQg iKSC2yZMoiMcQ/uphfV9KSPaMZDujTJ8RF9iNj2cwl0
+naZwmb0c73GsZmLnoOLFjPFLahIvJ9uNPm9eKn9wuk4
+-> ssh-ed25519 M7OTMg OzqVt888r84ORO8K+sGPUktLe0Hlex5mH6tveRE+Nmo
+hB69RP7R9mAPOtnYF27c+vs3lJfmo2HLygpUPCdg4o4
+-> ssh-ed25519 uNZY8Q rSg+s2zyvi+pc8f+2+jpoV2d4QnSK6bc5FlUJYUvKn0
+vQ4DrQjuU+6SMF74qYIljm47DiwgFRTe0jOHgRhZhP8
+-> ssh-ed25519 gSqcWw tb4ZOplFZCXerynrFIRjTJ6s/itwRmsVeJSxDpf7NmE
+n8dmh88E/gSr8TGUxNGEYz5JoAczN/PeCXEEAPzATh0
+-> ssh-ed25519 lFtjmQ hILkY+TxULWVfFsm7iF+W5lARxBl3MdWEerO6JHYIhQ
+Q7xEwwZ3RM73a0lLs63TKKfHKrK7+YWKYpW27brwlOQ
+--- fjttmh2HNROYUIMYVu1Yxft9diCU4tx+DIFYBeEUelc
+ൊ0�̚�H����Xg�lgIѭ��n��^]��Gx�B�p1�K*��(�mC�u^V�_h"K���i)�����}�7�Û���]��ϩЉ��j���R��� xݿ=�
��Ɍ�q�����׳
\ No newline at end of file
diff --git a/systems/ren/volumes.nix b/systems/ren/volumes.nix
index 4c3cb3d..1a255ac 100644
--- a/systems/ren/volumes.nix
+++ b/systems/ren/volumes.nix
@@ -3,6 +3,7 @@
   environment.systemPackages = [
     pkgs.rclone
     pkgs.samba
+    pkgs.cifs-utils
   ];
   environment.etc."rclone-mnt.conf".text = ''
     [myremote]
@@ -12,16 +13,21 @@
     key_file = ${config.age.secrets.hetzner-key.path}
   '';
 
+  age.secrets.smbsecret = {
+    file = ../../keys/smbshare;
+    owner = "ren";
+  };
+
   fileSystems."/mnt/sbox" = {
-    device = "myremote:/";
-    fsType = "rclone";
-    options = [
-      "nodev"
-      "nofail"
-      "allow_other"
-      "args2env"
-      "config=/etc/rclone-mnt.conf"
-    ];
+    device = "//u504615.your-storagebox.de/backup";
+    fsType = "cifs";
+    options =
+      let
+        # this line prevents hanging on network split
+        automount_opts = "rw,x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,dir_mode=0777";
+
+      in
+      [ "${automount_opts},credentials=${config.age.secrets.smbsecret.path}" ];
   };
 
   fileSystems."/mnt/scratch" = {
diff --git a/systems/selene/volumes.nix b/systems/selene/volumes.nix
index b3180e4..97645d3 100644
--- a/systems/selene/volumes.nix
+++ b/systems/selene/volumes.nix
@@ -20,24 +20,27 @@
     ];
   };
 
-  environment.systemPackages = [ pkgs.rclone ];
-  environment.etc."rclone-mnt.conf".text = ''
-    [myremote]
-    type = sftp
-    host = u504615.your-storagebox.de
-    user = u504615
-    key_file = ${config.age.secrets.hetzner-key.path}
-  '';
+
+  environment.systemPackages = [
+    pkgs.rclone
+    pkgs.samba
+    pkgs.cifs-utils
+  ];
+
+  age.secrets.smbsecret = {
+    file = ../../keys/smbshare;
+    owner = "selene";
+  };
 
   fileSystems."/mnt/sbox" = {
-    device = "myremote:/";
-    fsType = "rclone";
-    options = [
-      "nodev"
-      "nofail"
-      "allow_other"
-      "args2env"
-      "config=/etc/rclone-mnt.conf"
-    ];
+    device = "//u504615.your-storagebox.de/backup";
+    fsType = "cifs";
+    options =
+      let
+        # this line prevents hanging on network split
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+      in
+      [ "${automount_opts},credentials=${config.age.secrets.smbsecret.path}" ];
   };
 }