lkjasd

hosts/nixos/bjarte/configuration.nix

@@ -39,7 +39,8 @@
 
     #../../../profiles/mounts/freon-nfs.nix
     #../../../profiles/mounts/reidun-nfs.nix
-    #../../../profiles/mounts/meconium-nfs.nix
+    # ../../../profiles/mounts/meconium-nfs.nix
+    # ../../../profiles/mounts/panorama-nfs.nix
 
     ../../../profiles/shell.nix
     # ../../../profiles/earlyoom # TODO
@@ -61,6 +62,8 @@
     ../../../profiles/known-hosts
   ];
 
+  pbsds.nfs-lazy-mount.enable = true;
+
   environment.systemPackages = [
     pkgs.krita
     pkgs.chromium

profiles/mounts/common-nfs.nix

@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, ... }:
+{ config, lib, ... }:
 
 # https://wiki.nixos.org/wiki/NFS
 
@@ -11,12 +11,16 @@ let
   cfg = config.pbsds.nfs-lazy-mount;
 in
 {
+  options.pbsds = {
+
+    nfs-lazy-mount.enable = lib.mkEnableOption "nfs-lazy-mount";
+
+    nfs-lazy-mount.nfsOptions = lib.mkOption {
+      type = with lib.types; listOf str;
+      default = [];
+      internal = true;
+    };
 
-  options.pbsds.nfs-lazy-mount.enable = lib.mkEnableOption "nfs-lazy-mount";
-  options.pbsds.nfs-lazy-mount.nfsOptions = lib.mkOption {
-    type = with lib.types; listOf str;
-    default = [];
-    internal = true;
   };
 
   # same default as `fileSystems.<name>.options`
@@ -24,9 +28,17 @@ in
   # https://man.archlinux.org/man/core/util-linux/mount.8.en
   config.pbsds.nfs-lazy-mount.nfsOptions = lib.mkMerge [
 
-    # nixos default
-    [ "defaults" ]
+    [
+      # nixos default
+      "defaults"
+      # retry attempts before major timeout occurs. default is 3
+      "retrans=2"
+      "timeo=5" # wait time during boot in seconds?
+      # time before systemd gives up
+      "x-systemd.mount-timeout=5s"
+    ]
 
+    # https://wiki.nixos.org/wiki/NFS#Lazy-mounting
     (lib.mkIf cfg.enable [
       # lazy mount
       "x-systemd.automount"

profiles/mounts/common-zfs.nix

@@ -38,26 +38,44 @@
   # # sudo zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Reidun/shared
   # # sudo zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Freon
   # https://man.archlinux.org/man/core/nfs-utils/exports.5.en
+
   # # sudo zfs set sharenfs="rw=100.64.0.0/10,rw=192.168.1.0/24" Meconium
-
-  # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Reidun/shared
-  # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Freon
-  # # sudo zfs set sharenfs="rw=100.64.0.0/10" Meconium
-  services.nfs.server.enable = lib.mkDefault true;
-
   # https://wiki.nixos.org/wiki/NFS
   # TODO: move to common-nfs-server.nix
-  services.nfs.server = {
+  services.nfs = {
+
+    # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Reidun/shared
+    # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Freon
+    # # sudo zfs set sharenfs="rw=100.64.0.0/10" Meconium
+    server.enable = lib.mkDefault true;
+
     # fixed rpc.statd port; for firewall
-    lockdPort = 4001;
-    mountdPort = 4002;
-    statdPort = 4000;
-    extraNfsdConfig = '''';
+    server.lockdPort = 4001;
+    server.mountdPort = 4002;
+    server.statdPort = 4000;
+    settings = {
+      # https://man.archlinux.org/man/core/nfs-utils/nfs.conf.5.en
+      # TODO: move the config in panorama-zfs.nix here
+    };
   };
-  networking.firewall = lib.mkIf config.services.nfs.server.enable {
+  networking.firewall = let
+    ports = [
+      # for NFSv3; view with `rpcinfo -p`
+      111
+      2049
+      config.services.nfs.server.lockdPort
+      config.services.nfs.server.mountdPort
+      config.services.nfs.server.statdPort
+      # 20048
+    ];
+  in
+  lib.mkIf config.services.nfs.server.enable {
     # for NFSv3; view with `rpcinfo -p`
-    allowedTCPPorts = [ 111 2049 4000 4001 4002 ]; # 20048
-    allowedUDPPorts = [ 111 2049 4000 4001 4002 ]; # 20048
+    allowedTCPPorts = ports;
+    allowedUDPPorts = ports;
+    # for NFSv4
+    # allowedTCPPorts = [ 2049 ];
+    # allowedUDPPorts = [ 2049 ];
   };
 
 }

profiles/mounts/panorama-nfs.nix

@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  # in base.nix: imports = [ ./common-nfs.nix ];
+
+  # TODO: wireguard
+  #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
+
+  # https://wiki.nixos.org/wiki/NFS
+
+  # don't mount if local VM
+  config = lib.mkIf (!config.virtualisation.isVmVariant) {
+    fileSystems =
+      let
+        mkMount = mountpoint: server: subdir: {
+          "${mountpoint}${subdir}" = {
+            device = "${server}${subdir}";
+            fsType = "nfs";
+            options = [ "nfsvers=4.2" ] ++ config.pbsds.nfs-lazy-mount.nfsOptions;
+            depends = lib.mkIf (subdir != "") [
+              (builtins.dirOf "${mountpoint}${subdir}")
+            ];
+          };
+        };
+      in
+      lib.mkMerge (
+        # map (mkMount "/mnt/panorama" "eple.pbsds.net:/mnt/panorama" ) [
+        # map (mkMount "/mnt/panorama" "100.82.36.23:/mnt/panorama" ) [
+        map (mkMount "/mnt/panorama" "eple.tail9aac63.ts.net:/mnt/panorama") [
+          # TODO: spaces in dirname is not supported
+          ""
+          "/Backups"
+          "/Bart"
+          "/Datasets"
+          "/Public"
+          "/Syncthing"
+        ]
+      );
+
+  };
+
+}

profiles/mounts/panorama-zfs.nix

@@ -1,24 +1,63 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 {
   # https://search.nixos.org/options?query=services.zfs
 
   imports = [ ./common-zfs.nix ];
 
-  config = lib.mkIf (!config.virtualisation.isVmVariant) {
+  config = lib.mkIf (!config.virtualisation.isVmVariant) (
+    lib.mkMerge [
+      {
+        # non legacy-mount
+        systemd.services.zfs-mount.enable = true;
+        boot.zfs.extraPools = [ "Panorama" ]; # import on boot
 
-    # non legacy-mount
-    systemd.services.zfs-mount.enable = true;
-    boot.zfs.extraPools = [ "Panorama" ]; # import on boot
+        services.syncthing.dataDir = "/mnt/panorama/Syncthing/pbsds";
 
-    services.syncthing.dataDir = "/mnt/panorama/Syncthing/pbsds";
+        # todo: tailscale nfs mount
 
-    # todo: tailscale nfs mount
+        # TODO: zrepl pull
+        # https://search.nixos.org/options?channel=unstable&query=services.zrepl
+        # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20
 
-    # TODO: zrepl pull
-    # https://search.nixos.org/options?channel=unstable&query=services.zrepl
-    # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20
+        # TODO: rsync pull + snapshot?
+      }
 
-    # TODO: rsync pull + snapshot?
-  };
+      (lib.mkIf config.services.nfs.server.enable {
+
+        # TODO: make default in common-zfs.nix
+        services.nfs.settings = {
+          # https://man.archlinux.org/man/core/nfs-utils/nfs.conf.5.en
+          nfsd = {
+            TCP = true;
+            UDP = false;
+            "rdma" = true; # Remote Direct Memory Access
+            "vers2" = false;
+            "vers3" = false;
+            "vers4" = true;
+            "vers4.0" = false;
+            "vers4.1" = false;
+            "vers4.2" = true;
+          };
+          mountd = {
+            # TODO: what dis?
+            # manage-gids = true;
+          };
+        };
+
+        # We do not need any of these for nfs4
+        systemd.sockets.rpcbind.enable = false;
+        systemd.services.rpcbind.enable = false;
+        systemd.services."rpc-statd".enable = false;
+        systemd.services."rpc-statd-notify".enable = false;
+        systemd.services."rpc-gssd".enable = false;
+        systemd.services."rpc-svcgssd".enable = false;
+
+      })
+    ]
+  );
 
 }