l prism: add wiregrill nfs export

author: lassulus <lassulus@lassul.us> 2018-12-24 15:50:05 +0100
committer: lassulus <lassulus@lassul.us> 2018-12-24 15:58:36 +0100
commit: d5db3117b570e2afaa9133e44b7f04fd10bb0ad1 (patch)
tree: 50e97ee8300f5bb997fd4e28b978b530b512b4cf /lass/1systems/prism/config.nix
parent: e8f21e098edb2c3af5fc36f5df616e8f76f7f7b3 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6c454b4ac..034721660 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -390,6 +390,28 @@ with import <stockholm/lib>;
         ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
         chown download: /var/download/finished
       '';
+
+      fileSystems."/export/download" = {
+        device = "/var/lib/containers/yellow/var/download";
+        options = [ "bind" ];
+      };
+      services.nfs.server = {
+        enable = true;
+        exports = ''
+          /export 42::/16(insecure,ro,crossmnt)
+        '';
+        lockdPort = 4001;
+        mountdPort = 4002;
+        statdPort = 4000;
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+      ];
     }
   ];
author	lassulus <lassulus@lassul.us>	2018-12-24 15:50:05 +0100
committer	lassulus <lassulus@lassul.us>	2018-12-24 15:58:36 +0100
commit	d5db3117b570e2afaa9133e44b7f04fd10bb0ad1 (patch)
tree	50e97ee8300f5bb997fd4e28b978b530b512b4cf /lass/1systems/prism/config.nix
parent	e8f21e098edb2c3af5fc36f5df616e8f76f7f7b3 (diff)