l prism: add wiregrill nfs export

2018-12-24 15:50:05 +01:00 · 2018-12-24 15:50:05 +01:00 · d5db3117b5
commit d5db3117b5
parent e8f21e098e
1 changed files with 22 additions and 0 deletions
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -390,6 +390,28 @@ with import <stockholm/lib>;
        ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
        chown download: /var/download/finished
      '';
+
+      fileSystems."/export/download" = {
+        device = "/var/lib/containers/yellow/var/download";
+        options = [ "bind" ];
+      };
+      services.nfs.server = {
+        enable = true;
+        exports = ''
+          /export 42::/16(insecure,ro,crossmnt)
+        '';
+        lockdPort = 4001;
+        mountdPort = 4002;
+        statdPort = 4000;
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+      ];
    }
  ];