added more config to nfs

2025-03-15 12:30:26 -05:00 · 2025-03-15 12:30:26 -05:00 · 6d4cfec975
commit 6d4cfec975
parent ade8d1ec83
2 changed files with 88 additions and 17 deletions
--- a/configurations/nixos/horizon/hardware-configuration.nix
+++ b/configurations/nixos/horizon/hardware-configuration.nix
@ -25,6 +25,8 @@
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
+
+    supportedFilesystems = ["nfs"];
  };

  fileSystems = {
@ -41,25 +43,64 @@
    "/mnt/leyla_documents" = {
      device = "defiant:/exports/leyla_documents";
      fsType = "nfs";
-      options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "noatime"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "fsc"
+      ];
    };

    "/mnt/eve_documents" = {
      device = "defiant:/exports/eve_documents";
      fsType = "nfs";
-      options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "fsc"
+      ];
    };

    "/mnt/users_documents" = {
      device = "defiant:/exports/users_documents";
      fsType = "nfs";
-      options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "fsc"
+      ];
    };

    "/mnt/media" = {
      device = "defiant:/exports/media";
      fsType = "nfs";
-      options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "noatime"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "noatime"
+        "nodiratime"
+        "relatime"
+        "rsize=32768"
+        "wsize=32768"
+        "fsc"
+      ];
    };
  };

--- a/modules/nixos-modules/server/network_storage/nfs.nix
+++ b/modules/nixos-modules/server/network_storage/nfs.nix
@ -35,21 +35,51 @@
    }
    (
      lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) {
-        services.nfs.server = {
-          enable = true;
-          exports = lib.strings.concatLines (lib.lists.imap0 (
-              i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)"
-            )
-            (
-              builtins.filter (
-                directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
+        services.nfs = {
+          settings = {
+            nfsd = {
+              threads = 32;
+              port = config.host.network_storage.nfs.port;
+            };
+          };
+          server = {
+            enable = true;
+
+            lockdPort = 4001;
+            mountdPort = 4002;
+            statdPort = 4000;
+
+            exports = lib.strings.concatLines (
+              [
+                "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)"
+              ]
+              ++ (
+                lib.lists.imap1 (
+                  i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"
+                )
+                (
+                  builtins.filter (
+                    directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
+                  )
+                  config.host.network_storage.directories
+                )
              )
-              config.host.network_storage.directories
-            ));
+            );
+          };
+        };
+        networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let
+          ports = [
+            111
+            config.host.network_storage.nfs.port
+            config.services.nfs.server.lockdPort
+            config.services.nfs.server.mountdPort
+            config.services.nfs.server.statdPort
+            20048
+          ];
+        in {
+          allowedTCPPorts = ports;
+          allowedUDPPorts = ports;
        };
-        networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [
-          config.host.network_storage.nfs.port
-        ];
      }
    )
  ];