diff options
author | Nikolay Amiantov <ab@fmap.me> | 2017-02-03 20:04:25 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-03 20:04:25 +0300 |
commit | 230c97c944af8507128a18d58eb97e633ee561fe (patch) | |
tree | 98f2fb4498add4e03abdd60734173480cabce3b0 /nixos/modules/services | |
parent | 500d48f5475fdd46773f2073cf432053602f761f (diff) | |
parent | e0e9fddf566abcaa7c71cab9c8ee698142328e6b (diff) | |
download | nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.gz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.bz2 nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.lz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.xz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.zst nixlib-230c97c944af8507128a18d58eb97e633ee561fe.zip |
Merge pull request #22303 from abbradar/nfs4
NFS improvements
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/network-filesystems/nfsd.nix | 101 | ||||
-rw-r--r-- | nixos/modules/services/networking/rpcbind.nix | 52 |
2 files changed, 55 insertions, 98 deletions
diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index ddc7258ce0b4..4fafb7a1fdbb 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -20,6 +20,7 @@ in server = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the kernel's NFS server. @@ -27,6 +28,7 @@ in }; exports = mkOption { + type = types.lines; default = ""; description = '' Contents of the /etc/exports file. See @@ -36,6 +38,7 @@ in }; hostName = mkOption { + type = types.nullOr types.str; default = null; description = '' Hostname or address on which NFS requests will be accepted. @@ -46,6 +49,7 @@ in }; nproc = mkOption { + type = types.int; default = 8; description = '' Number of NFS server threads. Defaults to the recommended value of 8. @@ -53,11 +57,13 @@ in }; createMountPoints = mkOption { + type = types.bool; default = false; description = "Whether to create the mount points in the exports file at startup time."; }; mountdPort = mkOption { + type = types.nullOr types.int; default = null; example = 4002; description = '' @@ -66,11 +72,26 @@ in }; lockdPort = mkOption { - default = 0; + type = types.nullOr types.int; + default = null; + example = 4001; description = '' - Fix the lockd port number. This can help setting firewall rules for NFS. + Use a fixed port for the NFS lock manager kernel module + (<literal>lockd/nlockmgr</literal>). This is useful if the + NFS server is behind a firewall. ''; }; + + statdPort = mkOption { + type = types.nullOr types.int; + default = null; + example = 4000; + description = '' + Use a fixed port for <command>rpc.statd</command>. This is + useful if the NFS server is behind a firewall. + ''; + }; + }; }; @@ -82,61 +103,42 @@ in config = mkIf cfg.enable { - services.rpcbind.enable = true; + services.nfs.extraConfig = '' + [nfsd] + threads=${toString cfg.nproc} + ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} - boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd + [mountd] + ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} - environment.systemPackages = [ pkgs.nfs-utils ]; + [statd] + ${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"} - environment.etc.exports.source = exports; - - boot.kernelModules = [ "nfsd" ]; - - systemd.services.nfsd = - { description = "NFS Server"; - - wantedBy = [ "multi-user.target" ]; - - requires = [ "rpcbind.service" "mountd.service" ]; - after = [ "rpcbind.service" "mountd.service" "idmapd.service" ]; - before = [ "statd.service" ]; - - path = [ pkgs.nfs-utils ]; + [lockd] + ${optionalString (cfg.lockdPort != null) '' + port=${toString cfg.lockdPort} + udp-port=${toString cfg.lockdPort} + ''} + ''; - script = - '' - # Create a state directory required by NFSv4. - mkdir -p /var/lib/nfs/v4recovery - - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort} - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort} + services.rpcbind.enable = true; - rpc.nfsd \ - ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \ - ${builtins.toString cfg.nproc} - ''; + boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd - postStop = "rpc.nfsd 0"; + environment.etc.exports.source = exports; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; + systemd.services.nfs-server = + { enable = true; + wantedBy = [ "multi-user.target" ]; }; - systemd.services.mountd = - { description = "NFSv3 Mount Daemon"; - - requires = [ "rpcbind.service" ]; - after = [ "rpcbind.service" "local-fs.target" ]; - - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; + systemd.services.nfs-mountd = + { enable = true; + path = [ pkgs.nfs-utils ]; + restartTriggers = [ exports ]; preStart = '' - mkdir -p /var/lib/nfs - touch /var/lib/nfs/rmtab - - mountpoint -q /proc/fs/nfsd || mount -t nfsd none /proc/fs/nfsd - ${optionalString cfg.createMountPoints '' # create export directories: @@ -149,15 +151,6 @@ in exportfs -rav ''; - - restartTriggers = [ exports ]; - - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = '' - @${pkgs.nfs-utils}/sbin/rpc.mountd rpc.mountd \ - ${if cfg.mountdPort != null then "-p ${toString cfg.mountdPort}" else ""} - ''; - serviceConfig.Restart = "always"; }; }; diff --git a/nixos/modules/services/networking/rpcbind.nix b/nixos/modules/services/networking/rpcbind.nix index eef1e8e8cd88..cddcb09054e0 100644 --- a/nixos/modules/services/networking/rpcbind.nix +++ b/nixos/modules/services/networking/rpcbind.nix @@ -2,35 +2,6 @@ with lib; -let - - netconfigFile = { - target = "netconfig"; - source = pkgs.writeText "netconfig" '' - # - # The network configuration file. This file is currently only used in - # conjunction with the TI-RPC code in the libtirpc library. - # - # Entries consist of: - # - # <network_id> <semantics> <flags> <protofamily> <protoname> \ - # <device> <nametoaddr_libs> - # - # The <device> and <nametoaddr_libs> fields are always empty in this - # implementation. - # - udp tpi_clts v inet udp - - - tcp tpi_cots_ord v inet tcp - - - udp6 tpi_clts v inet6 udp - - - tcp6 tpi_cots_ord v inet6 tcp - - - rawip tpi_raw - inet - - - - local tpi_cots_ord - loopback - - - - unix tpi_cots_ord - loopback - - - - ''; - }; - -in - { ###### interface @@ -58,25 +29,18 @@ in ###### implementation config = mkIf config.services.rpcbind.enable { - environment.systemPackages = [ pkgs.rpcbind ]; - environment.etc = [ netconfigFile ]; - - systemd.services.rpcbind = - { description = "ONC RPC Directory Service"; + systemd.packages = [ pkgs.rpcbind ]; - wantedBy = [ "multi-user.target" ]; - - requires = [ "basic.target" ]; - after = [ "basic.target" ]; - - unitConfig.DefaultDependencies = false; # don't stop during shutdown - - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = "@${pkgs.rpcbind}/bin/rpcbind rpcbind"; - }; + systemd.services.rpcbind = { + wantedBy = [ "multi-user.target" ]; + }; + users.extraUsers.rpc = { + group = "nogroup"; + uid = config.ids.uids.rpc; + }; }; } |