NFS: Difference between revisions

← Older edit

VisualWikitext

@@ Line 9: / Line 9: @@
 $ mkdir /export
 </syntaxhighlight>
+You may need to change ownership of the <code>/export</code> directory to <code>nobody:nogroup</code>
 Then we have to either move our already-existing directories inside <code>/export</code> (using <code>mv</code> from the command line) or bind-mount them there:
@@ Line 52: / Line 54: @@
 Other options are available on the [https://search.nixos.org/options?query=nfs NixOS option page] or via the <code>nixos-option</code> command.
+=== Firewall ===
 If your server-machine has a firewall turned on (as NixOS does by default, for instance), don't forget to open appropriate ports; e.g. for NFSv4:
 <syntaxhighlight lang="nix">
 networking.firewall.allowedTCPPorts = [ 2049 ];
+</syntaxhighlight>
+Many clients only support NFSv3, which requires the server to have fixed ports:
+<syntaxhighlight lang="nix">
+  services.nfs.server = {
+    enable = true;
+    # fixed rpc.statd port; for firewall
+    lockdPort = 4001;
+    mountdPort = 4002;
+    statdPort = 4000;
+    extraNfsdConfig = '''';
+  };
+  networking.firewall = {
+    enable = true;
+      # for NFSv3; view with `rpcinfo -p`
+    allowedTCPPorts = [ 111  2049 4000 4001 4002 20048 ];
+    allowedUDPPorts = [ 111 2049 4000 4001  4002 20048 ];
+  };
 </syntaxhighlight>
 == Client ==
+To ensure the client has the necessary utilities installed, add
+<syntaxhighlight lang="nix">
+  boot.supportedFilesystems = [ "nfs" ];
+</syntaxhighlight>
+to your Nix configuration (e.g. <code>configuration.nix</code>) file.
 Continuing the server example, mounting the now-exposed ''tomoyo'' share on another box (on a client) is as simple as:
@@ Line 69: / Line 97: @@
 }
 </syntaxhighlight>
-Note that clients see exposed shares as if they were exposed at the root level - i.e. <code>/export/foo</code> becomes <code>/foo</code> (in the <code>device</code> option). Other, regular '''fileSystems''' options apply.
+Replace "server" in the above device attribute with the IP address or DNS entry of the NFS server. Note that clients see exposed shares as if they were exposed at the root level - i.e. <code>/export/foo</code> becomes <code>/foo</code> (in the <code>device</code> option). Other, regular '''fileSystems''' options apply.
 === Specifying NFS version ===
@@ Line 106: / Line 134: @@
      options = [ "x-systemd.idle-timeout=600" ]; # disconnects after 10 minutes (i.e. 600 seconds)
    };
+}
+</syntaxhighlight>
+=== Using systemd.mounts and systemd.automounts ===
+Here is an example with auto-disconnecting and lazy-mounting implemented, and the <code>noatime</code> mount option added.
+Note that <code>wantedBy = [ "multi-user.target" ];</code> is required for the automount unit to start at boot.
+Also note that <code>x-systemd</code> mount options are unneeded, as they are a representation of systemd options in <code>fstab(5)</code> format. They get parsed and converted to unit files by <code>systemd-fstab-generator(8)</code> as mentioned in <code>systemd.mount(5)</code>.
+<syntaxhighlight lang="nix">
+{
+  services.rpcbind.enable = true; # needed for NFS
+  systemd.mounts = [{
+    type = "nfs";
+    mountConfig = {
+      Options = "noatime";
+    };
+    what = "server:/tomoyo";
+    where = "/mnt/tomoyo";
+  }];
+  systemd.automounts = [{
+    wantedBy = [ "multi-user.target" ];
+    automountConfig = {
+      TimeoutIdleSec = "600";
+    };
+    where = "/mnt/tomoyo";
+  }];
+}
+</syntaxhighlight>
+Multiple mounts with the exact same options can benefit from abstraction.
+<syntaxhighlight lang="nix">
+{
+  services.rpcbind.enable = true; # needed for NFS
+  systemd.mounts = let commonMountOptions = {
+    type = "nfs";
+    mountConfig = {
+      Options = "noatime";
+    };
+  };
+  in
+  [
+    (commonMountOptions // {
+      what = "server:/tomoyo";
+      where = "/mnt/tomoyo";
+    })
+    (commonMountOptions // {
+      what = "server:/oyomot";
+      where = "/mnt/oyomot";
+    })
+  ];
+  systemd.automounts = let commonAutoMountOptions = {
+    wantedBy = [ "multi-user.target" ];
+    automountConfig = {
+      TimeoutIdleSec = "600";
+    };
+  };
+  in
+  [
+    (commonAutoMountOptions // { where = "/mnt/tomoyo"; })
+    (commonAutoMountOptions // { where = "/mnt/oyomot"; })
+  ];
 }
 </syntaxhighlight>
@@ Line 113: / Line 213: @@
 In a single-user setup ('''not on Nixos''') the Nix store can be also exported over NFS (common in HPC clusters) to share package over the networks. The only requirement is to also pass <code>local_lock=flock</code> or <code>local_lock=all</code> as mount option to allow the nix packages to take locks on modifications. Example entry in <code>fstab</code>:
-<syntaxhighlight lang="console"><host_or_ip>/nix /nix nfs nofail,x-systemd.device-timeout=4,local_lock=all 0 0</syntaxhighlight>
+<syntaxhighlight lang="console"><host_or_ip>/nix /nix nfs nofail,x-systemd.device-timeout=4,local_lock=all 0 0</syntaxhighlight>'''TODO:''' Why this? That seems extremely unsafe. This disables NFS locks (which apply to all NFS clients), and makes locks ''local'', meaning a lock taken by one NFS client isn't seen by another, and both can take their locks. So this removes protection against concurrent writes, which Nix assumes.
+[[Category:Filesystem]]