2014-04-14 16:26:48 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
with lib;
|
2012-03-16 21:41:49 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
cfg = config.services.nfs.server;
|
|
|
|
|
|
|
|
exports = pkgs.writeText "exports" cfg.exports;
|
|
|
|
|
2020-08-31 18:01:30 +02:00
|
|
|
rpcUser = "statd";
|
|
|
|
|
2012-03-16 21:41:49 +01:00
|
|
|
in
|
|
|
|
|
|
|
|
{
|
2019-12-10 02:51:19 +01:00
|
|
|
imports = [
|
|
|
|
(mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ])
|
|
|
|
(mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ])
|
|
|
|
];
|
2012-03-16 21:41:49 +01:00
|
|
|
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
services.nfs = {
|
|
|
|
|
|
|
|
server = {
|
|
|
|
enable = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.bool;
|
2012-03-16 21:41:49 +01:00
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether to enable the kernel's NFS server.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2017-09-23 22:22:01 +02:00
|
|
|
extraNfsdConfig = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "";
|
|
|
|
description = ''
|
|
|
|
Extra configuration options for the [nfsd] section of /etc/nfs.conf.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2012-03-16 21:41:49 +01:00
|
|
|
exports = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.lines;
|
2012-03-16 21:41:49 +01:00
|
|
|
default = "";
|
|
|
|
description = ''
|
|
|
|
Contents of the /etc/exports file. See
|
|
|
|
<citerefentry><refentrytitle>exports</refentrytitle>
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for the format.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
hostName = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.nullOr types.str;
|
2012-03-16 21:41:49 +01:00
|
|
|
default = null;
|
|
|
|
description = ''
|
|
|
|
Hostname or address on which NFS requests will be accepted.
|
|
|
|
Default is all. See the <option>-H</option> option in
|
|
|
|
<citerefentry><refentrytitle>nfsd</refentrytitle>
|
|
|
|
<manvolnum>8</manvolnum></citerefentry>.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
nproc = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.int;
|
2012-03-16 21:41:49 +01:00
|
|
|
default = 8;
|
|
|
|
description = ''
|
|
|
|
Number of NFS server threads. Defaults to the recommended value of 8.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
createMountPoints = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.bool;
|
2012-03-16 21:41:49 +01:00
|
|
|
default = false;
|
|
|
|
description = "Whether to create the mount points in the exports file at startup time.";
|
|
|
|
};
|
2014-07-30 23:47:52 +02:00
|
|
|
|
|
|
|
mountdPort = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.nullOr types.int;
|
2014-07-30 23:47:52 +02:00
|
|
|
default = null;
|
|
|
|
example = 4002;
|
|
|
|
description = ''
|
2014-12-30 03:31:03 +01:00
|
|
|
Use fixed port for rpc.mountd, useful if server is behind firewall.
|
2014-07-30 23:47:52 +02:00
|
|
|
'';
|
2014-10-15 12:00:20 +02:00
|
|
|
};
|
2014-10-15 10:56:41 +02:00
|
|
|
|
|
|
|
lockdPort = mkOption {
|
2017-01-29 19:11:50 +01:00
|
|
|
type = types.nullOr types.int;
|
|
|
|
default = null;
|
|
|
|
example = 4001;
|
2014-10-15 10:56:41 +02:00
|
|
|
description = ''
|
2017-01-29 19:11:50 +01:00
|
|
|
Use a fixed port for the NFS lock manager kernel module
|
|
|
|
(<literal>lockd/nlockmgr</literal>). This is useful if the
|
|
|
|
NFS server is behind a firewall.
|
2014-10-15 10:56:41 +02:00
|
|
|
'';
|
2014-07-30 23:47:52 +02:00
|
|
|
};
|
2017-01-29 19:11:50 +01:00
|
|
|
|
|
|
|
statdPort = mkOption {
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
default = null;
|
|
|
|
example = 4000;
|
|
|
|
description = ''
|
|
|
|
Use a fixed port for <command>rpc.statd</command>. This is
|
|
|
|
useful if the NFS server is behind a firewall.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2012-03-16 21:41:49 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
services.nfs.extraConfig = ''
|
|
|
|
[nfsd]
|
|
|
|
threads=${toString cfg.nproc}
|
|
|
|
${optionalString (cfg.hostName != null) "host=${cfg.hostName}"}
|
2017-09-23 22:22:01 +02:00
|
|
|
${cfg.extraNfsdConfig}
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
[mountd]
|
|
|
|
${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"}
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
[statd]
|
|
|
|
${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"}
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
[lockd]
|
|
|
|
${optionalString (cfg.lockdPort != null) ''
|
|
|
|
port=${toString cfg.lockdPort}
|
|
|
|
udp-port=${toString cfg.lockdPort}
|
|
|
|
''}
|
|
|
|
'';
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
services.rpcbind.enable = true;
|
2014-10-15 10:56:41 +02:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2017-01-29 19:11:50 +01:00
|
|
|
environment.etc.exports.source = exports;
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2020-08-31 18:01:30 +02:00
|
|
|
systemd.services.nfs-server = {
|
|
|
|
enable = true;
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
};
|
2017-02-05 00:10:57 +01:00
|
|
|
|
2020-08-31 18:01:30 +02:00
|
|
|
systemd.services.nfs-mountd = {
|
|
|
|
enable = true;
|
|
|
|
restartTriggers = [ exports ];
|
|
|
|
|
|
|
|
preStart = optionalString cfg.createMountPoints ''
|
|
|
|
# create export directories:
|
|
|
|
# skip comments, take first col which may either be a quoted
|
|
|
|
# "foo bar" or just foo (-> man export)
|
|
|
|
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
|
|
|
|
| xargs -d '\n' mkdir -p
|
|
|
|
'';
|
|
|
|
};
|
2012-03-16 21:41:49 +01:00
|
|
|
|
2020-08-31 18:01:30 +02:00
|
|
|
# rpc-statd will drop privileges by changing user from root to the owner of
|
|
|
|
# /var/lib/nfs
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -"
|
|
|
|
] ++ map (e:
|
|
|
|
"d /var/lib/nfs/${e} 0755 root root - -"
|
|
|
|
) [ "recovery" "v4recovery" "sm" "sm.bak" ];
|
|
|
|
|
|
|
|
users = {
|
|
|
|
groups."${rpcUser}" = {};
|
|
|
|
users."${rpcUser}" = {
|
|
|
|
description = "NFS RPC user";
|
|
|
|
group = rpcUser;
|
|
|
|
isSystemUser = true;
|
2012-03-16 21:41:49 +01:00
|
|
|
};
|
2020-08-31 18:01:30 +02:00
|
|
|
};
|
2012-03-16 21:41:49 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
}
|