added more config to nfs

2025-03-15 12:30:26 -05:00 · 2025-03-15 12:30:26 -05:00 · 6d4cfec975
commit 6d4cfec975
parent ade8d1ec83
2 changed files with 88 additions and 17 deletions
--- a/modules/nixos-modules/server/network_storage/nfs.nix
+++ b/modules/nixos-modules/server/network_storage/nfs.nix
@ -35,21 +35,51 @@
    }
    (
      lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) {
-        services.nfs.server = {
-          enable = true;
-          exports = lib.strings.concatLines (lib.lists.imap0 (
-              i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)"
-            )
-            (
-              builtins.filter (
-                directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
+        services.nfs = {
+          settings = {
+            nfsd = {
+              threads = 32;
+              port = config.host.network_storage.nfs.port;
+            };
+          };
+          server = {
+            enable = true;
+
+            lockdPort = 4001;
+            mountdPort = 4002;
+            statdPort = 4000;
+
+            exports = lib.strings.concatLines (
+              [
+                "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)"
+              ]
+              ++ (
+                lib.lists.imap1 (
+                  i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"
+                )
+                (
+                  builtins.filter (
+                    directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
+                  )
+                  config.host.network_storage.directories
+                )
              )
-              config.host.network_storage.directories
-            ));
+            );
+          };
+        };
+        networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let
+          ports = [
+            111
+            config.host.network_storage.nfs.port
+            config.services.nfs.server.lockdPort
+            config.services.nfs.server.mountdPort
+            config.services.nfs.server.statdPort
+            20048
+          ];
+        in {
+          allowedTCPPorts = ports;
+          allowedUDPPorts = ports;
        };
-        networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [
-          config.host.network_storage.nfs.port
-        ];
      }
    )
  ];