NFS config; switch from iptables-legacy to nftables

2024-11-25 22:13:55 +01:00 · 2024-06-16 00:39:47 +02:00 · 2024-06-16 00:39:47 +02:00 · 31b71ff6ac
parent 8a61160ee8
commit 31b71ff6ac
3 changed files with 47 additions and 9 deletions
--- a/hosts/x86_64-linux/beleth/default.nix
+++ b/hosts/x86_64-linux/beleth/default.nix
@ -135,6 +135,7 @@ with lib; {
  services.mullvad-vpn.enable = true;

  # Open ports in the firewall.
+  networking.firewall.package = pkgs.nftables;
  networking.firewall.allowedTCPPorts = [22 80 443];
  networking.firewall.allowedUDPPorts = [51820];

--- a/hosts/x86_64-linux/beleth/nfs.nix
+++ b/hosts/x86_64-linux/beleth/nfs.nix
@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+#            "2a0f:be01:0:100::/64"
+#            "2a0f:be01:0:200::/64"
+#            "2a0f:be01:fe:f00::/56"
+  services.nfs = {
+    server = {
+      enable = true;
+      exports = ''
+	/export 	2a0f:be01:0:100::/64(ro,async,fsid=0,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,fsid=0,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,fsid=0,no_subtree_check)
+	/export/shows 	2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
+	/export/movies 	2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
+	/export/music	2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+  networking.firewall.extraInputRules = ''
+    iifname wg0 ip6 saddr { 
+      2a0f:be01:0:100::/64,
+      2a0f:be01:0:200::/64,
+      2a0f:be01:fe:f00::/56,
+    } tcp dport 2049 accept
+  '';
+
+
+  fileSystems = {
+    "/export/shows" = {
+      device = "/home/xqtc/jellyfin/shows";
+      options = [ "bind" ];
+    };
+    "/export/movies" = {
+      device = "/home/xqtc/jellyfin/movies";
+      options = [ "bind" ];
+    };
+    "/export/music" = {
+      device = "/home/xqtc/jellyfin/music";
+      options = [ "bind" ];
+    };
+  };
+}
--- a/hosts/x86_64-linux/beleth/systemd-mount.nix
+++ b/hosts/x86_64-linux/beleth/systemd-mount.nix
@ -1,9 +0,0 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}: {
-  systemd.mounts."frotting" = {
-  };
-}