expose NFS on local network as well

2025-12-29 14:44:06 -06:00 · 2025-12-29 14:44:06 -06:00 · 57b53fa3fd
commit 57b53fa3fd
parent d4f62bef18
3 changed files with 49 additions and 16 deletions
--- a/hosts/h002/flake.lock
+++ b/hosts/h002/flake.lock
@ -64,11 +64,11 @@
    "common": {
      "locked": {
        "dir": "flakes/common",
-        "lastModified": 1766101431,
-        "narHash": "sha256-96UMxqqZjI9L9SEBwL3yxbJBH5NC9Gq+kgAS4GQaWqE=",
+        "lastModified": 1767040959,
+        "narHash": "sha256-YZyIBq1N0iRMN+R/LGNLmmkSmimer6MMysP032xC3C8=",
        "ref": "refs/heads/master",
-        "rev": "a5fa2f1e63efc1111940bf2c636e4043381886cd",
-        "revCount": 959,
+        "rev": "d4f62bef186fd1a16510854754f5b328c3e4cab8",
+        "revCount": 993,
        "type": "git",
        "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
      },
--- a/hosts/h002/flake.nix
+++ b/hosts/h002/flake.nix
@ -66,7 +66,7 @@
                  token = "11714da6-fd2e-436a-8b83-e0e07ba33a95";
                };
                services.beszel.agent.environment = {
-                  EXTRA_FILESYSTEMS = "sdb__Data";
+                  EXTRA_FILESYSTEMS = "/data__Data";
                };
              })

--- a/hosts/h002/nfs-data.nix
+++ b/hosts/h002/nfs-data.nix
@ -1,13 +1,46 @@
-{ pkgs, ... }:
 {
-  services.nfs.server = {
-    enable = true;
-    exports = ''
-      /data 100.64.0.0/10(rw,sync,no_subtree_check,fsid=0,crossmnt)
-    '';
-  };
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+lib.mkMerge [
+  ({
+    services.nfs.server = {
+      enable = true;
+      exports = ''
+        /data 100.64.0.0/10(rw,sync,no_subtree_check,fsid=0,crossmnt)
+        /data 10.12.14.0/10(rw,sync,no_subtree_check,fsid=0,crossmnt)
+      '';
+    };

-  environment.systemPackages = [
-    pkgs.nfs-utils
-  ];
-}
+    environment.systemPackages = [
+      pkgs.nfs-utils
+    ];
+  })
+  # Open ports and expose so local network works
+  (lib.mkIf config.networking.firewall.enable {
+    services.rpcbind.enable = true;
+    services.nfs.server.lockdPort = 32803;
+    services.nfs.server.mountdPort = 892;
+    services.nfs.server.statdPort = 662;
+
+    networking.firewall = {
+      allowedTCPPorts = [
+        2049
+        111
+        892
+        32803
+        662
+      ];
+      allowedUDPPorts = [
+        2049
+        111
+        892
+        32803
+        662
+      ];
+    };
+
+  })
+]