55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{ lib, zentralwerk, ... }:
|
|
{
|
|
# share /nix/store via NFS read-only
|
|
services.nfs.server = {
|
|
enable = true;
|
|
exports =
|
|
let
|
|
allowed = [
|
|
"172.22.99.0/24"
|
|
"172.20.72.0/21"
|
|
"30c:c3d2:b946:76d0::/64"
|
|
"2a00:8180:2c00:200::/56"
|
|
"2a0f:5382:acab:1400::/56"
|
|
"fd23:42:c3d2:500::/56"
|
|
];
|
|
opts = o: fsid:
|
|
lib.concatStringsSep "," [
|
|
o "async"
|
|
"no_subtree_check" "no_root_squash"
|
|
"fsid=${toString fsid}"
|
|
];
|
|
in ''
|
|
# ro-store for netbooting Pi4
|
|
/nix/store ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts "ro" 1})"
|
|
) allowed
|
|
}
|
|
# rootfs for 100% nfsroot
|
|
/var/lib/nfsroot/dacbert ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts "rw" 2})"
|
|
) [ "${zentralwerk.lib.config.site.net.c3d2.hosts4.dacbert}/32" ]
|
|
}
|
|
/var/lib/nfsroot/riscbert ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts "rw" 3})"
|
|
) allowed
|
|
}
|
|
# shared space for dump-dvb project
|
|
/var/lib/dump-dvb/whoopsie ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts "rw" 4})"
|
|
) allowed
|
|
}
|
|
'';
|
|
};
|
|
|
|
systemd.services.nfs-mountd.requires = [
|
|
"var-lib-nfsroot-riscbert.mount"
|
|
"var-lib-nfsroot-dacbert.mount"
|
|
''var-lib-dump\x2ddvb-whoopsie.mount''
|
|
];
|
|
}
|