nixos nfs: allow setting the lockd ports.

This helps in setting a fixed firewall open port for NFS lockd.

Based on:
http://rlworkman.net/howtos/NFS_Firewall_HOWTO

(cherry picked from commit b32ca0616ff70795f71995fa79ea508b82f30b3a)

Conflicts:
	nixos/modules/services/network-filesystems/nfsd.nix

1 files changed, 9 insertions, 0 deletions

diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix
index 57d56cd72877..cb703977bfc7 100644
--- a/nixos/modules/services/network-filesystems/nfsd.nix
+++ b/nixos/modules/services/network-filesystems/nfsd.nix
@@ -63,6 +63,12 @@ in
           description = ''
             Use fixed port for rpc.mountd, usefull if server is behind firewall.
           '';
+
+        lockdPort = mkOption {
+          default = 0;
+          description = ''
+            Fix the lockd port number. This can help setting firewall rules for NFS.
+          '';
         };
       };
 
@@ -104,6 +110,9 @@ in
             # Create a state directory required by NFSv4.
             mkdir -p /var/lib/nfs/v4recovery
 
+            ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort}
+            ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort}
+
             rpc.nfsd \
               ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \
               ${builtins.toString cfg.nproc}