2022-09-14 00:23:25 +02:00
|
|
|
{ hostRegistry, lib, ... }:
|
2022-08-22 22:14:16 +02:00
|
|
|
{
|
|
|
|
# share /nix/store via NFS read-only
|
|
|
|
services.nfs.server = {
|
|
|
|
enable = true;
|
|
|
|
exports =
|
|
|
|
let
|
|
|
|
allowed = [
|
|
|
|
"172.22.99.0/24"
|
|
|
|
"172.20.72.0/21"
|
|
|
|
"30c:c3d2:b946:76d0::/64"
|
|
|
|
"2a00:8180:2c00:200::/56"
|
2022-09-20 01:05:22 +02:00
|
|
|
"2a0f:5382:acab:1400::/56"
|
2022-08-22 22:14:16 +02:00
|
|
|
"fd23:42:c3d2:500::/56"
|
|
|
|
];
|
|
|
|
opts = o: fsid:
|
|
|
|
lib.concatStringsSep "," [
|
|
|
|
o "async"
|
|
|
|
"no_subtree_check" "no_root_squash"
|
|
|
|
"fsid=${toString fsid}"
|
|
|
|
];
|
|
|
|
in ''
|
|
|
|
# ro-store for netbooting Pi4
|
|
|
|
/nix/store ${
|
|
|
|
lib.concatMapStringsSep " " (subnet:
|
2022-09-14 21:34:44 +02:00
|
|
|
"${subnet}(${opts "ro" 1})"
|
2022-08-22 22:14:16 +02:00
|
|
|
) allowed
|
|
|
|
}
|
|
|
|
# rootfs for 100% nfsroot
|
|
|
|
/var/lib/nfsroot/dacbert ${
|
|
|
|
lib.concatMapStringsSep " " (subnet:
|
2022-09-14 21:34:44 +02:00
|
|
|
"${subnet}(${opts "rw" 2})"
|
2022-09-14 00:23:25 +02:00
|
|
|
) [ "${hostRegistry.hosts.dacbert.ip4}/32" ]
|
2022-08-22 22:14:16 +02:00
|
|
|
}
|
|
|
|
/var/lib/nfsroot/riscbert ${
|
|
|
|
lib.concatMapStringsSep " " (subnet:
|
2022-09-14 21:34:44 +02:00
|
|
|
"${subnet}(${opts "rw" 3})"
|
2022-08-22 22:14:16 +02:00
|
|
|
) allowed
|
|
|
|
}
|
|
|
|
# shared space for dump-dvb project
|
|
|
|
/var/lib/dump-dvb/whoopsie ${
|
|
|
|
lib.concatMapStringsSep " " (subnet:
|
2022-09-14 21:34:44 +02:00
|
|
|
"${subnet}(${opts "rw" 4})"
|
2022-08-22 22:14:16 +02:00
|
|
|
) allowed
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
}
|