summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/prism')
-rw-r--r--lass/1systems/prism/config.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6c454b4ac..034721660 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -390,6 +390,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
+
+ fileSystems."/export/download" = {
+ device = "/var/lib/containers/yellow/var/download";
+ options = [ "bind" ];
+ };
+ services.nfs.server = {
+ enable = true;
+ exports = ''
+ /export 42::/16(insecure,ro,crossmnt)
+ '';
+ lockdPort = 4001;
+ mountdPort = 4002;
+ statdPort = 4000;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+ ];
}
];