{
config,
lib,
...
}: {
options = {
host.network_storage.nfs = {
enable = lib.mkEnableOption "is this server going to export network storage as nfs shares";
port = lib.mkOption {
type = lib.types.int;
default = 2049;
description = "port that nfs will run on";
};
directories = lib.mkOption {
type = lib.types.listOf (
lib.types.enum (
builtins.map (
directory: directory.folder
)
config.host.network_storage.directories
)
);
description = "list of exported directories to be exported via nfs";
};
};
};
config = lib.mkMerge [
{
assertions = [
{
assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable);
message = "nfs cant be enabled with network storage disabled";
}
];
}
(
lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) {
services.nfs = {
settings = {
nfsd = {
threads = 32;
port = config.host.network_storage.nfs.port;
};
};
server = {
enable = true;
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
exports = lib.strings.concatLines (
[
"${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)"
]
++ (
lib.lists.imap1 (
i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"
)
(
builtins.filter (
directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories
)
config.host.network_storage.directories
)
)
);
};
};
networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let
ports = [
111
config.host.network_storage.nfs.port
config.services.nfs.server.lockdPort
config.services.nfs.server.mountdPort
config.services.nfs.server.statdPort
20048
];
in {
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
}
)
];
}