modules.services.nfs: init

2024-10-22 20:58:45 +08:00 · 2024-09-26 11:23:07 +08:00 · 2024-09-26 11:23:07 +08:00 · 8faa50a427
commit 8faa50a427
parent 72912c67cf
5 changed files with 47 additions and 54 deletions
--- a/devices/srv1/node0/default.nix
+++ b/devices/srv1/node0/default.nix
@ -6,7 +6,6 @@ inputs:
    {
      system =
      {
-        nix = { marches = [ "cascadelake" "broadwell" ]; remote.slave.enable = true; };
        nixpkgs.march = "cascadelake";
        networking.networkd.static =
        {
@ -17,11 +16,7 @@ inputs:
      };
      services =
      {
-        xray.client =
-        {
-          enable = true;
-          dnsmasq.extraInterfaces = [ "eno146" ];
-        };
+        xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
        wireguard =
        {
@ -30,33 +25,13 @@ inputs:
          publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
          wireguardIp = "192.168.83.9";
        };
+        nfs = { root = "/"; exports = "/home"; accessLimit = "192.168.178.0/24"; };
      };
      packages.packages._prebuildPackages =
        [ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
    };
-    services.nfs.server =
-    {
-      enable = true;
-      exports = 
-      ''
-        / 192.168.178.0/24(rw,no_root_squash,fsid=0,sync,crossmnt)
-        /home 192.168.178.0/24(rw,no_root_squash,sync,crossmnt)
-      '';
-    };
-    networking =
-    {
-      firewall.allowedTCPPorts = [ 2049 ];
-    };
+    # allow other machine access network by this machine
    systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
-    services.rpcbind.enable = true;
-    fileSystems =
-    {
-      "/nix/share/home" =
-      {
-        device = "/home";
-        options = [ "rbind" ];
-      };
-    };
    # without this, tproxy does not work
    # TODO: why?
    networking.firewall.trustedInterfaces = [ "eno146" ];
--- a/devices/srv1/node1/default.nix
+++ b/devices/srv1/node1/default.nix
@ -13,24 +13,19 @@ inputs:
          eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
        };
        cluster.nodeType = "worker";
-        initrd.sshd.enable = true;
-        nix.remote.slave.enable = true;
      };
      services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
      packages.packages._prebuildPackages =
        [ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
    };
-    specialisation =
+    specialisation.no-share-home.configuration =
    {
-      no-share-home.configuration =
+      nixos =
      {
-        nixos =
-        {
-          services.slurm.enable = inputs.lib.mkForce false;
-          system.cluster.nodeType = inputs.lib.mkForce "master";
-        };
-        system.nixos.tags = [ "no-share-home" ];
+        services.slurm.enable = inputs.lib.mkForce false;
+        system.cluster.nodeType = inputs.lib.mkForce "master";
      };
+      system.nixos.tags = [ "no-share-home" ];
    };
    fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
    {
--- a/devices/srv1/node2/default.nix
+++ b/devices/srv1/node2/default.nix
@ -17,17 +17,14 @@ inputs:
      packages.packages._prebuildPackages =
        [ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
    };
-    specialisation =
+    specialisation.no-share-home.configuration =
    {
-      no-share-home.configuration =
+      nixos =
      {
-        nixos =
-        {
-          services.slurm.enable = inputs.lib.mkForce false;
-          system.cluster.nodeType = inputs.lib.mkForce "master";
-        };
-        system.nixos.tags = [ "no-share-home" ];
+        services.slurm.enable = inputs.lib.mkForce false;
+        system.cluster.nodeType = inputs.lib.mkForce "master";
      };
+      system.nixos.tags = [ "no-share-home" ];
    };
    fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
    {
--- a/devices/srv1/node3/default.nix
+++ b/devices/srv1/node3/default.nix
@ -17,17 +17,14 @@ inputs:
      packages.packages._prebuildPackages =
        [ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
    };
-    specialisation =
+    specialisation.no-share-home.configuration =
    {
-      no-share-home.configuration =
+      nixos =
      {
-        nixos =
-        {
-          services.slurm.enable = inputs.lib.mkForce false;
-          system.cluster.nodeType = inputs.lib.mkForce "master";
-        };
-        system.nixos.tags = [ "no-share-home" ];
+        services.slurm.enable = inputs.lib.mkForce false;
+        system.cluster.nodeType = inputs.lib.mkForce "master";
      };
+      system.nixos.tags = [ "no-share-home" ];
    };
    fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
    {
--- a/modules/services/nfs.nix
+++ b/modules/services/nfs.nix
@ -0,0 +1,29 @@
+inputs:
+{
+  options.nixos.services.nfs = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule { options =
+    {
+      root = mkOption { type = types.nonEmptyStr; };
+      exports = mkOption { type = types.listOf types.nonEmptyStr; };
+      accessLimit = mkOption { type = types.nonEmptyStr; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) nfs; in inputs.lib.mkIf (nfs != null)
+  {
+    services =
+    {
+      rpcbind.enable = true;
+      nfs.server =
+      {
+        enable = true;
+        exports = "${nfs.root} ${nfs.accessLimit}(rw,no_root_squash,fsid=0,sync,crossmnt)"
+          + builtins.concatStringsSep "\n" (builtins.map
+            (export: "${export} ${nfs.accessLimit}(rw,no_root_squash,sync,crossmnt)")
+            nfs.exports);
+      };
+    };
+    networking.firewall.allowedTCPPorts = [ 2049 ];
+  };
+}