diff --git a/hosts/nixos/bjarte/configuration.nix b/hosts/nixos/bjarte/configuration.nix index 1c35ef2..40dacbe 100644 --- a/hosts/nixos/bjarte/configuration.nix +++ b/hosts/nixos/bjarte/configuration.nix @@ -39,7 +39,8 @@ #../../../profiles/mounts/freon-nfs.nix #../../../profiles/mounts/reidun-nfs.nix - #../../../profiles/mounts/meconium-nfs.nix + # ../../../profiles/mounts/meconium-nfs.nix + # ../../../profiles/mounts/panorama-nfs.nix ../../../profiles/shell.nix # ../../../profiles/earlyoom # TODO @@ -61,6 +62,8 @@ ../../../profiles/known-hosts ]; + pbsds.nfs-lazy-mount.enable = true; + environment.systemPackages = [ pkgs.krita pkgs.chromium diff --git a/profiles/mounts/common-nfs.nix b/profiles/mounts/common-nfs.nix index e349046..b699b3e 100644 --- a/profiles/mounts/common-nfs.nix +++ b/profiles/mounts/common-nfs.nix @@ -1,4 +1,4 @@ -{ config, options, pkgs, lib, ... }: +{ config, lib, ... }: # https://wiki.nixos.org/wiki/NFS @@ -11,12 +11,16 @@ let cfg = config.pbsds.nfs-lazy-mount; in { + options.pbsds = { + + nfs-lazy-mount.enable = lib.mkEnableOption "nfs-lazy-mount"; + + nfs-lazy-mount.nfsOptions = lib.mkOption { + type = with lib.types; listOf str; + default = []; + internal = true; + }; - options.pbsds.nfs-lazy-mount.enable = lib.mkEnableOption "nfs-lazy-mount"; - options.pbsds.nfs-lazy-mount.nfsOptions = lib.mkOption { - type = with lib.types; listOf str; - default = []; - internal = true; }; # same default as `fileSystems..options` @@ -24,9 +28,17 @@ in # https://man.archlinux.org/man/core/util-linux/mount.8.en config.pbsds.nfs-lazy-mount.nfsOptions = lib.mkMerge [ - # nixos default - [ "defaults" ] + [ + # nixos default + "defaults" + # retry attempts before major timeout occurs. default is 3 + "retrans=2" + "timeo=5" # wait time during boot in seconds? + # time before systemd gives up + "x-systemd.mount-timeout=5s" + ] + # https://wiki.nixos.org/wiki/NFS#Lazy-mounting (lib.mkIf cfg.enable [ # lazy mount "x-systemd.automount" diff --git a/profiles/mounts/common-zfs.nix b/profiles/mounts/common-zfs.nix index 171c34e..0857ecc 100644 --- a/profiles/mounts/common-zfs.nix +++ b/profiles/mounts/common-zfs.nix @@ -38,26 +38,44 @@ # # sudo zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Reidun/shared # # sudo zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Freon # https://man.archlinux.org/man/core/nfs-utils/exports.5.en + # # sudo zfs set sharenfs="rw=100.64.0.0/10,rw=192.168.1.0/24" Meconium - - # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Reidun/shared - # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Freon - # # sudo zfs set sharenfs="rw=100.64.0.0/10" Meconium - services.nfs.server.enable = lib.mkDefault true; - # https://wiki.nixos.org/wiki/NFS # TODO: move to common-nfs-server.nix - services.nfs.server = { + services.nfs = { + + # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Reidun/shared + # # sudo zfs set sharenfs="-maproot=0:0 -network=100.64.0.0/10" Freon + # # sudo zfs set sharenfs="rw=100.64.0.0/10" Meconium + server.enable = lib.mkDefault true; + # fixed rpc.statd port; for firewall - lockdPort = 4001; - mountdPort = 4002; - statdPort = 4000; - extraNfsdConfig = ''''; + server.lockdPort = 4001; + server.mountdPort = 4002; + server.statdPort = 4000; + settings = { + # https://man.archlinux.org/man/core/nfs-utils/nfs.conf.5.en + # TODO: move the config in panorama-zfs.nix here + }; }; - networking.firewall = lib.mkIf config.services.nfs.server.enable { + networking.firewall = let + ports = [ + # for NFSv3; view with `rpcinfo -p` + 111 + 2049 + config.services.nfs.server.lockdPort + config.services.nfs.server.mountdPort + config.services.nfs.server.statdPort + # 20048 + ]; + in + lib.mkIf config.services.nfs.server.enable { # for NFSv3; view with `rpcinfo -p` - allowedTCPPorts = [ 111 2049 4000 4001 4002 ]; # 20048 - allowedUDPPorts = [ 111 2049 4000 4001 4002 ]; # 20048 + allowedTCPPorts = ports; + allowedUDPPorts = ports; + # for NFSv4 + # allowedTCPPorts = [ 2049 ]; + # allowedUDPPorts = [ 2049 ]; }; } diff --git a/profiles/mounts/panorama-nfs.nix b/profiles/mounts/panorama-nfs.nix new file mode 100644 index 0000000..7761aa6 --- /dev/null +++ b/profiles/mounts/panorama-nfs.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + # in base.nix: imports = [ ./common-nfs.nix ]; + + # TODO: wireguard + #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ]; + + # https://wiki.nixos.org/wiki/NFS + + # don't mount if local VM + config = lib.mkIf (!config.virtualisation.isVmVariant) { + fileSystems = + let + mkMount = mountpoint: server: subdir: { + "${mountpoint}${subdir}" = { + device = "${server}${subdir}"; + fsType = "nfs"; + options = [ "nfsvers=4.2" ] ++ config.pbsds.nfs-lazy-mount.nfsOptions; + depends = lib.mkIf (subdir != "") [ + (builtins.dirOf "${mountpoint}${subdir}") + ]; + }; + }; + in + lib.mkMerge ( + # map (mkMount "/mnt/panorama" "eple.pbsds.net:/mnt/panorama" ) [ + # map (mkMount "/mnt/panorama" "100.82.36.23:/mnt/panorama" ) [ + map (mkMount "/mnt/panorama" "eple.tail9aac63.ts.net:/mnt/panorama") [ + # TODO: spaces in dirname is not supported + "" + "/Backups" + "/Bart" + "/Datasets" + "/Public" + "/Syncthing" + ] + ); + + }; + +} diff --git a/profiles/mounts/panorama-zfs.nix b/profiles/mounts/panorama-zfs.nix index b190c64..293331d 100644 --- a/profiles/mounts/panorama-zfs.nix +++ b/profiles/mounts/panorama-zfs.nix @@ -1,24 +1,63 @@ -{ config, pkgs, lib, ... }: +{ + config, + lib, + ... +}: { # https://search.nixos.org/options?query=services.zfs imports = [ ./common-zfs.nix ]; - config = lib.mkIf (!config.virtualisation.isVmVariant) { + config = lib.mkIf (!config.virtualisation.isVmVariant) ( + lib.mkMerge [ + { + # non legacy-mount + systemd.services.zfs-mount.enable = true; + boot.zfs.extraPools = [ "Panorama" ]; # import on boot - # non legacy-mount - systemd.services.zfs-mount.enable = true; - boot.zfs.extraPools = [ "Panorama" ]; # import on boot + services.syncthing.dataDir = "/mnt/panorama/Syncthing/pbsds"; - services.syncthing.dataDir = "/mnt/panorama/Syncthing/pbsds"; + # todo: tailscale nfs mount - # todo: tailscale nfs mount + # TODO: zrepl pull + # https://search.nixos.org/options?channel=unstable&query=services.zrepl + # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20 - # TODO: zrepl pull - # https://search.nixos.org/options?channel=unstable&query=services.zrepl - # https://github.com/NixOS/infra/blob/8be4953d68ce81455787cd60e82086022855a3c2/build/haumea/zrepl.nix#L20 + # TODO: rsync pull + snapshot? + } - # TODO: rsync pull + snapshot? - }; + (lib.mkIf config.services.nfs.server.enable { + + # TODO: make default in common-zfs.nix + services.nfs.settings = { + # https://man.archlinux.org/man/core/nfs-utils/nfs.conf.5.en + nfsd = { + TCP = true; + UDP = false; + "rdma" = true; # Remote Direct Memory Access + "vers2" = false; + "vers3" = false; + "vers4" = true; + "vers4.0" = false; + "vers4.1" = false; + "vers4.2" = true; + }; + mountd = { + # TODO: what dis? + # manage-gids = true; + }; + }; + + # We do not need any of these for nfs4 + systemd.sockets.rpcbind.enable = false; + systemd.services.rpcbind.enable = false; + systemd.services."rpc-statd".enable = false; + systemd.services."rpc-statd-notify".enable = false; + systemd.services."rpc-gssd".enable = false; + systemd.services."rpc-svcgssd".enable = false; + + }) + ] + ); }