-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnfs.nix
57 lines (52 loc) · 1.25 KB
/
nfs.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{ config, ... }:
let
ports = import ./misc/service-ports.nix;
addresses = import ../../misc/wireguard-addresses.nix;
in
{
services.rpcbind.enable = true;
services.nfs.server = {
enable = true;
statdPort = ports.statd;
lockdPort = ports.lockd;
mountdPort = ports.mountd;
createMountPoints = true;
exports = let
mediarrConfig = "${addresses.gradientnet.gradientnet}/24(rw,all_squash,anonuid=${toString config.users.users.mediarr.uid},anongid=${toString config.users.groups.mediarr.gid})";
in
''
/export/downloads ${mediarrConfig}
/export/mediarr ${mediarrConfig}
'';
};
services.nfs.settings = {
nfsd.udp = false;
nfsd.vers3 = false;
nfsd.vers4 = true;
nfsd."vers4.0" = false;
nfsd."vers4.1" = false;
nfsd."vers4.2" = true;
};
fileSystems."/export/downloads" = {
device = "/data/downloads";
options = [ "bind" ];
};
fileSystems."/export/mediarr" = {
device = "/var/lib/mediarr";
options = [ "bind" ];
};
networking.firewall.interfaces.gradientnet = {
allowedTCPPorts = [
ports.nfsd
ports.statd
ports.lockd
ports.mountd
];
allowedUDPPorts = [
ports.nfsd
ports.statd
ports.lockd
ports.mountd
];
};
}