pyrox.dev / nixpkgs
lol
fork atom

nixos/nfs: add idmapd.settings option

Co-authored-by: Aaron Andersen <aaron@fosslib.net>

Justin Lovinger 1168e13b a920bf43

options
unified split
Changed files
+35 -13
nixos
modules
tasks
filesystems
nfs.nix
+35 -13
nixos/modules/tasks/filesystems/nfs.nix 
···

       
10

       
10

       
 

       



     

       
11

       
11

       
 

       
  rpcMountpoint = "${nfsStateDir}/rpc_pipefs";


     

       
12

       
12

       
 

       



     

       
13

       

       
-

       
  idmapdConfFile = pkgs.writeText "idmapd.conf" ''


     

       
14

       

       
-

       
    [General]


     

       
15

       

       
-

       
    Pipefs-Directory = ${rpcMountpoint}


     

       
16

       

       
-

       
    ${optionalString (config.networking.domain != null)


     

       
17

       

       
-

       
      "Domain = ${config.networking.domain}"}


     

       

       
13

       
+

       
  format = pkgs.formats.ini {};


     

       
18

       
14

       
 

       



     

       
19

       

       
-

       
    [Mapping]


     

       
20

       

       
-

       
    Nobody-User = nobody


     

       
21

       

       
-

       
    Nobody-Group = nogroup


     

       
22

       

       
-

       



     

       
23

       

       
-

       
    [Translation]


     

       
24

       

       
-

       
    Method = nsswitch


     

       
25

       

       
-

       
  '';


     

       
26

       

       
-

       



     

       

       
15

       
+

       
  idmapdConfFile = format.generate "idmapd.conf" cfg.idmapd.settings;


     

       
27

       
16

       
 

       
  nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig;


     

       
28

       
17

       
 

       
  requestKeyConfFile = pkgs.writeText "request-key.conf" ''


     

       
29

       
18

       
 

       
    create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d


     
···

       
38

       
27

       
 

       



     

       
39

       
28

       
 

       
  options = {


     

       
40

       
29

       
 

       
    services.nfs = {


     

       

       
30

       
+

       
      idmapd.settings = mkOption {


     

       

       
31

       
+

       
        type = format.type;


     

       

       
32

       
+

       
        default = {};


     

       

       
33

       
+

       
        description = ''


     

       

       
34

       
+

       
          libnfsidmap configuration. Refer to


     

       

       
35

       
+

       
          <link xlink:href="https://linux.die.net/man/5/idmapd.conf"/>


     

       

       
36

       
+

       
          for details.


     

       

       
37

       
+

       
        '';


     

       

       
38

       
+

       
        example = literalExample ''


     

       

       
39

       
+

       
          {


     

       

       
40

       
+

       
            Translation = {


     

       

       
41

       
+

       
              GSS-Methods = "static,nsswitch";


     

       

       
42

       
+

       
            };


     

       

       
43

       
+

       
            Static = {


     

       

       
44

       
+

       
              "root/hostname.domain.com@REALM.COM" = "root";


     

       

       
45

       
+

       
            };


     

       

       
46

       
+

       
          }


     

       

       
47

       
+

       
        '';


     

       

       
48

       
+

       
      };


     

       
41

       
49

       
 

       
      extraConfig = mkOption {


     

       
42

       
50

       
 

       
        type = types.lines;


     

       
43

       
51

       
 

       
        default = "";


     
···

       
53

       
61

       
 

       
  config = mkIf (any (fs: fs == "nfs" || fs == "nfs4") config.boot.supportedFilesystems) {


     

       
54

       
62

       
 

       



     

       
55

       
63

       
 

       
    services.rpcbind.enable = true;


     

       

       
64

       
+

       



     

       

       
65

       
+

       
    services.nfs.idmapd.settings = {


     

       

       
66

       
+

       
      General = mkMerge [


     

       

       
67

       
+

       
        { Pipefs-Directory = rpcMountpoint; }


     

       

       
68

       
+

       
        (mkIf (config.networking.domain != null) { Domain = config.networking.domain; })


     

       

       
69

       
+

       
      ];


     

       

       
70

       
+

       
      Mapping = {


     

       

       
71

       
+

       
        Nobody-User = "nobody";


     

       

       
72

       
+

       
        Nobody-Group = "nogroup";


     

       

       
73

       
+

       
      };


     

       

       
74

       
+

       
      Translation = {


     

       

       
75

       
+

       
        Method = "nsswitch";


     

       

       
76

       
+

       
      };


     

       

       
77

       
+

       
    };


     

       
56

       
78

       
 

       



     

       
57

       
79

       
 

       
    system.fsPackages = [ pkgs.nfs-utils ];


     

       
58

       
80