85 lines
1.6 KiB
Nix
85 lines
1.6 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.features.fs;
|
|
|
|
cert = cfg.cert;
|
|
|
|
pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; };
|
|
|
|
common = {
|
|
boot.kernelModules = [
|
|
"dm_snapshot"
|
|
"dm_mirror"
|
|
"dm_thin_pool"
|
|
];
|
|
|
|
boot.kernel.sysctl = {
|
|
"kernel.mm.transparent_hugepage.enabled" = "never";
|
|
"net.core.somaxconn" = "512";
|
|
};
|
|
|
|
networking = {
|
|
firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
|
|
firewall.allowedTCPPorts = [ 111 2049 ];
|
|
firewall.allowedUDPPorts = [ 111 2049 24007 24008 ];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
nfs-utils
|
|
lvm2
|
|
];
|
|
};
|
|
|
|
glusterfs = {
|
|
services.glusterfs = {
|
|
enable = true;
|
|
tlsSettings = {
|
|
caCert = pki.ca.cert;
|
|
tlsKeyPath = cert.key;
|
|
tlsPem = cert.cert;
|
|
};
|
|
};
|
|
};
|
|
|
|
nfs = {
|
|
services.nfs.server = {
|
|
enable = true;
|
|
exports = cfg.nfs.exports;
|
|
};
|
|
};
|
|
in {
|
|
options.features.fs = {
|
|
enable = mkEnableOption "Enable nfs fileserver";
|
|
|
|
nfs = {
|
|
enable = mkEnableOption "Enable nfs fileserver";
|
|
exports = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
};
|
|
};
|
|
|
|
initca = mkOption {
|
|
type = types.path;
|
|
default = null;
|
|
};
|
|
|
|
glusterfs = {
|
|
enable = mkEnableOption "Enable glusterfs fileserver";
|
|
cert = mkOption {
|
|
type = types.attrs;
|
|
default = {};
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable (
|
|
mkMerge [
|
|
common
|
|
(mkIf cfg.nfs.enable nfs)
|
|
(mkIf cfg.glusterfs.enable glusterfs)
|
|
]
|
|
);
|
|
}
|