Uses zfs bind mounts for nfs.

Had to hardcode anon uid and gid because /etc/exports needs a fixed uid/gid.
2024-02-28 04:55:37 +00:00 · 2024-02-28 04:55:37 +00:00 · 963a1859c7
parent 6e2a4eca03
commit 963a1859c7
1 changed files with 48 additions and 4 deletions
--- a/systems/x86_64-linux/pegasi/default.nix
+++ b/systems/x86_64-linux/pegasi/default.nix
@ -1,4 +1,7 @@
-{...}:
+{
+  config,
+  ...
+}:

 {
  imports = [
@ -17,15 +20,25 @@
  };
  programs.mosh.enable = true;

+  # NFS config
+  users.users.anon = {
+    isSystemUser = true;
+    group = "anon";
+    uid = 469;
+  };
+  users.groups.anon = {
+    gid = 469;
+  };
+
  services.nfs.server = {
    enable = true;
    lockdPort = 4001;
    mountdPort = 4002;
    statdPort = 4000;
    exports = ''
-      /pub          10.142.0.0/24(rw,fsid=0,crossmnt,no_subtree_check) 10.142.2.0/24(ro,fsid=0,crossmnt,no_subtree_check)
-      /pub/hassio   10.142.0.112(rw,insecure,all_squash)
-      /pub/media    10.142.0.0/16(ro,insecure,all_squash)
+      /pub          -ro,insecure,fsid=0,crossmnt,no_subtree_check *.gg.lan *.bbs.lan
+      /pub/hassio   home.is.geeky.gay(rw,insecure,all_squash,subtree_check,anonuid=469,anongid=469)
+      /pub/media    -ro,insecure,all_squash,no_subtree_check *.gg.lan *.bbs.lan
    '';
    createMountPoints = true;
  };
@ -35,6 +48,37 @@
    allowedUDPPorts = [ 111 2049 4000 4001  4002 20048 ];
  };

+  # Sets up ZFS mounts for homedirs and nfs mounts.
+  systemd.mounts = [
+    {
+      description = "Mount ZFS homedirs";
+      what = "/storage/home";
+      where = "/home";
+      type = "none";
+      options = "bind,x-gvfs-hide";
+      after = [ "zfs-mount.service" ];
+      wantedBy = [ "multi-user.target" ];
+    }
+    {
+      description = "Mount ZFS media share";
+      what = "/storage/media";
+      where = "/pub/media";
+      type = "none";
+      options = "bind,x-gvfs-hide";
+      after = [ "zfs-mount.service" ];
+      wantedBy = [ "multi-user.target" ];
+    }
+    {
+      description = "Mount ZFS HAIO backups";
+      what = "/storage/backup/hassio";
+      where = "/pub/hassio";
+      type = "none";
+      options = "bind,x-gvfs-hide";
+      after = [ "zfs-mount.service" ];
+      wantedBy = [ "multi-user.target" ];
+    }
+  ];
+
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?