Luke Granger-Brown
57725ef3ec
git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
195 lines
5.4 KiB
Nix
195 lines
5.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
|
|
inInitrd = config.boot.initrd.supportedFilesystems.nfs or false;
|
|
|
|
nfsStateDir = "/var/lib/nfs";
|
|
|
|
rpcMountpoint = "${nfsStateDir}/rpc_pipefs";
|
|
|
|
format = pkgs.formats.ini {};
|
|
|
|
idmapdConfFile = format.generate "idmapd.conf" cfg.idmapd.settings;
|
|
|
|
# merge parameters from services.nfs.server
|
|
nfsConfSettings =
|
|
lib.optionalAttrs (cfg.server.nproc != null) {
|
|
nfsd.threads = cfg.server.nproc;
|
|
} // lib.optionalAttrs (cfg.server.hostName != null) {
|
|
nfsd.host = cfg.server.hostName;
|
|
} // lib.optionalAttrs (cfg.server.mountdPort != null) {
|
|
mountd.port = cfg.server.mountdPort;
|
|
} // lib.optionalAttrs (cfg.server.statdPort != null) {
|
|
statd.port = cfg.server.statdPort;
|
|
} // lib.optionalAttrs (cfg.server.lockdPort != null) {
|
|
lockd.port = cfg.server.lockdPort;
|
|
lockd.udp-port = cfg.server.lockdPort;
|
|
};
|
|
|
|
nfsConfDeprecated = cfg.extraConfig + ''
|
|
[nfsd]
|
|
threads=${toString cfg.server.nproc}
|
|
${lib.optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"}
|
|
${cfg.server.extraNfsdConfig}
|
|
|
|
[mountd]
|
|
${lib.optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"}
|
|
|
|
[statd]
|
|
${lib.optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"}
|
|
|
|
[lockd]
|
|
${lib.optionalString (cfg.server.lockdPort != null) ''
|
|
port=${toString cfg.server.lockdPort}
|
|
udp-port=${toString cfg.server.lockdPort}
|
|
''}
|
|
'';
|
|
|
|
nfsConfFile =
|
|
if cfg.settings != {}
|
|
then format.generate "nfs.conf" (lib.recursiveUpdate nfsConfSettings cfg.settings)
|
|
else pkgs.writeText "nfs.conf" nfsConfDeprecated;
|
|
|
|
requestKeyConfFile = pkgs.writeText "request-key.conf" ''
|
|
create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d
|
|
'';
|
|
|
|
cfg = config.services.nfs;
|
|
|
|
in
|
|
|
|
{
|
|
###### interface
|
|
|
|
options = {
|
|
services.nfs = {
|
|
idmapd.settings = lib.mkOption {
|
|
type = format.type;
|
|
default = {};
|
|
description = ''
|
|
libnfsidmap configuration. Refer to
|
|
<https://linux.die.net/man/5/idmapd.conf>
|
|
for details.
|
|
'';
|
|
example = lib.literalExpression ''
|
|
{
|
|
Translation = {
|
|
GSS-Methods = "static,nsswitch";
|
|
};
|
|
Static = {
|
|
"root/hostname.domain.com@REALM.COM" = "root";
|
|
};
|
|
}
|
|
'';
|
|
};
|
|
settings = lib.mkOption {
|
|
type = format.type;
|
|
default = {};
|
|
description = ''
|
|
General configuration for NFS daemons and tools.
|
|
See nfs.conf(5) and related man pages for details.
|
|
'';
|
|
example = lib.literalExpression ''
|
|
{
|
|
mountd.manage-gids = true;
|
|
}
|
|
'';
|
|
};
|
|
extraConfig = lib.mkOption {
|
|
type = lib.types.lines;
|
|
default = "";
|
|
description = ''
|
|
Extra nfs-utils configuration.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = lib.mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) {
|
|
|
|
warnings =
|
|
(lib.optional (cfg.extraConfig != "") ''
|
|
`services.nfs.extraConfig` is deprecated. Use `services.nfs.settings` instead.
|
|
'') ++ (lib.optional (cfg.server.extraNfsdConfig != "") ''
|
|
`services.nfs.server.extraNfsdConfig` is deprecated. Use `services.nfs.settings` instead.
|
|
'');
|
|
assertions = [{
|
|
assertion = cfg.settings != {} -> cfg.extraConfig == "" && cfg.server.extraNfsdConfig == "";
|
|
message = "`services.nfs.settings` cannot be used together with `services.nfs.extraConfig` and `services.nfs.server.extraNfsdConfig`.";
|
|
}];
|
|
|
|
services.rpcbind.enable = true;
|
|
|
|
services.nfs.idmapd.settings = {
|
|
General = lib.mkMerge [
|
|
{ Pipefs-Directory = rpcMountpoint; }
|
|
(lib.mkIf (config.networking.domain != null) { Domain = config.networking.domain; })
|
|
];
|
|
Mapping = {
|
|
Nobody-User = "nobody";
|
|
Nobody-Group = "nogroup";
|
|
};
|
|
Translation = {
|
|
Method = "nsswitch";
|
|
};
|
|
};
|
|
|
|
system.fsPackages = [ pkgs.nfs-utils ];
|
|
|
|
boot.initrd.kernelModules = lib.mkIf inInitrd [ "nfs" ];
|
|
|
|
systemd.packages = [ pkgs.nfs-utils ];
|
|
|
|
environment.systemPackages = [ pkgs.keyutils ];
|
|
|
|
environment.etc = {
|
|
"idmapd.conf".source = idmapdConfFile;
|
|
"nfs.conf".source = nfsConfFile;
|
|
"request-key.conf".source = requestKeyConfFile;
|
|
};
|
|
|
|
systemd.services.nfs-blkmap =
|
|
{ restartTriggers = [ nfsConfFile ];
|
|
};
|
|
|
|
systemd.targets.nfs-client =
|
|
{ wantedBy = [ "multi-user.target" "remote-fs.target" ];
|
|
};
|
|
|
|
systemd.services.nfs-idmapd =
|
|
{ restartTriggers = [ idmapdConfFile ];
|
|
};
|
|
|
|
systemd.services.nfs-mountd =
|
|
{ restartTriggers = [ nfsConfFile ];
|
|
enable = lib.mkDefault false;
|
|
};
|
|
|
|
systemd.services.nfs-server =
|
|
{ restartTriggers = [ nfsConfFile ];
|
|
enable = lib.mkDefault false;
|
|
};
|
|
|
|
systemd.services.auth-rpcgss-module =
|
|
{
|
|
unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
|
|
};
|
|
|
|
systemd.services.rpc-gssd =
|
|
{ restartTriggers = [ nfsConfFile ];
|
|
unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
|
|
};
|
|
|
|
systemd.services.rpc-statd =
|
|
{ restartTriggers = [ nfsConfFile ];
|
|
|
|
preStart =
|
|
''
|
|
mkdir -p /var/lib/nfs/{sm,sm.bak}
|
|
'';
|
|
};
|
|
|
|
};
|
|
}
|