NFS: Difference between revisions

From NixOS Wiki
imported>Makefu
initial batch of nixos-users
 
imported>Fadenb
Syntax highlighting
Line 7: Line 7:
First I created a separate directory for NFS shares:
First I created a separate directory for NFS shares:


<pre class="console">$ mkdir /export</pre>
<syntaxhighlight lang="console">$ mkdir /export</syntaxhighlight>
Then I mount (bind) the locations inside of /export from my config. Normally one would put it in /etc/fstab but nix generates that for us:
Then I mount (bind) the locations inside of /export from my config. Normally one would put it in /etc/fstab but nix generates that for us:


<pre class="nix">{
<syntaxhighlight lang="nix">
    fileSystems.&quot;/export/mafuyu&quot; = {
{
      device = &quot;/mnt/mafuyu&quot;;
  fileSystems."/export/mafuyu" = {
      options = &quot;bind&quot;;
    device = "/mnt/mafuyu";
    };
    options = "bind";
  };


    fileSystems.&quot;/export/sen&quot; = {
  fileSystems."/export/sen" = {
      device = &quot;/mnt/sen&quot;;
    device = "/mnt/sen";
      options = &quot;bind&quot;;
    options = "bind";
    };
  };


    fileSystems.&quot;/export/tomoyo&quot; = {
  fileSystems."/export/tomoyo" = {
      device = &quot;/mnt/tomoyo&quot;;
    device = "/mnt/tomoyo";
      options = &quot;bind&quot;;
    options = "bind";
    };
  };


    fileSystems.&quot;/export/kotomi&quot; = {
  fileSystems."/export/kotomi" = {
      device = &quot;/mnt/kotomi&quot;;
    device = "/mnt/kotomi";
      options = &quot;bind&quot;;
    options = "bind";
    };
  };
}</pre>
}
</syntaxhighlight>
Next we have to tell nix how we want to export these and to whom:
Next we have to tell nix how we want to export these and to whom:


<pre class="nix">{
<syntaxhighlight lang="nix">{
    services.nfs.server.enable = true;
  services.nfs.server.enable = true;
    services.nfs.server.exports = ''
  services.nfs.server.exports = ''
      /export                192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
    /export                192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
      /export/kotomi          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/kotomi          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
      /export/mafuyu          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/mafuyu          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
      /export/sen            192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/sen            192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
      /export/tomoyo          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/tomoyo          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    '';
  '';
}</pre>
}</syntaxhighlight>
Here I export all my bound shares to 2 local IPs. For various flags, you can check the [https://wiki.gentoo.org/wiki/NFSv4#Server Gentoo wiki NFSv4 article] which has a nice coverage.
Here I export all my bound shares to 2 local IPs. For various flags, you can check the [https://wiki.gentoo.org/wiki/NFSv4#Server Gentoo wiki NFSv4 article] which has a nice coverage.


Line 55: Line 57:
All I have to do is to put
All I have to do is to put


<pre class="nix">{
<syntaxhighlight lang="nix">{
    fileSystems.&quot;/mnt/tomoyo&quot; = {
  fileSystems."/mnt/tomoyo" = {
      device = &quot;server:/tomoyo&quot;;
    device = "server:/tomoyo";
      fsType = &quot;nfs&quot;;
    fsType = "nfs";
    };
  };
}</pre>
}</syntaxhighlight>
Note that clients see the exposed shares as if they were exposed at the root level: ''/export/foo'' becomes ''/foo'' when client is concerned with mounting it. Regular '''fileSystems''' options apply.
Note that clients see the exposed shares as if they were exposed at the root level: ''/export/foo'' becomes ''/foo'' when client is concerned with mounting it. Regular '''fileSystems''' options apply.


If you experience trouble with NFS mounts failing on boot because the network is not ready, try adding the following line in your fileSystems mount definition:
If you experience trouble with NFS mounts failing on boot because the network is not ready, try adding the following line in your fileSystems mount definition:


<pre class="nix">{
<syntaxhighlight lang="nix">
{
   # ...
   # ...
   options = &quot;x-systemd.automount,noauto&quot;;
   options = "x-systemd.automount,noauto";
}</pre>
}
</syntaxhighlight>
That way, the NFS mount action won't actually be performed until the first time the mountpoint is accessed.
That way, the NFS mount action won't actually be performed until the first time the mountpoint is accessed.


Line 75: Line 79:
In a single-user setup ('''not on Nixos''') the nix store can be also exported over NFS (common in HPC clusters) to share package over the networks. The only requirement is to also pass <code>local_lock=flock</code> or <code>local_lock=all</code> as mount option to allow the nix packages to take locks on modifications. Example entry in <code>fstab</code>:
In a single-user setup ('''not on Nixos''') the nix store can be also exported over NFS (common in HPC clusters) to share package over the networks. The only requirement is to also pass <code>local_lock=flock</code> or <code>local_lock=all</code> as mount option to allow the nix packages to take locks on modifications. Example entry in <code>fstab</code>:


<pre>&lt;host_or_ip&gt;/nix /nix nfs nofail,x-systemd.device-timeout=4,local_lock=all 0 0</pre>
<syntaxhighlight><host_or_ip>/nix /nix nfs nofail,x-systemd.device-timeout=4,local_lock=all 0 0</syntaxhighlight>

Revision as of 20:47, 26 August 2017

Server

The setup is very similar as it would be done in regular config file. I will use my setup as an example.

I wish to share 4 mount-points (/mnt/kotomi, /mnt/mafuyu, /mnt/sen, /mnt/tomoyo) with my other computers which will run NFS clients.

First I created a separate directory for NFS shares:

$ mkdir /export

Then I mount (bind) the locations inside of /export from my config. Normally one would put it in /etc/fstab but nix generates that for us:

{
  fileSystems."/export/mafuyu" = {
    device = "/mnt/mafuyu";
    options = "bind";
  };

  fileSystems."/export/sen" = {
    device = "/mnt/sen";
    options = "bind";
  };

  fileSystems."/export/tomoyo" = {
    device = "/mnt/tomoyo";
    options = "bind";
  };

  fileSystems."/export/kotomi" = {
    device = "/mnt/kotomi";
    options = "bind";
  };
}

Next we have to tell nix how we want to export these and to whom:

{
  services.nfs.server.enable = true;
  services.nfs.server.exports = ''
    /export                 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
    /export/kotomi          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/mafuyu          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/sen             192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
    /export/tomoyo          192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
  '';
}

Here I export all my bound shares to 2 local IPs. For various flags, you can check the Gentoo wiki NFSv4 article which has a nice coverage.

Other options are available on the NixOS option page or via the nixos-option command

Please remember that NixOS by default has a firewall turned on! Add rules to allow NFS traffic or switch it off if you don't need it.

Client

Setting up the client is very easy. To follow from the server example, say I want to mount the now exposed tomoyo share on another box, call it server, to /mnt/tomoyo.

All I have to do is to put

{
  fileSystems."/mnt/tomoyo" = {
    device = "server:/tomoyo";
    fsType = "nfs";
  };
}

Note that clients see the exposed shares as if they were exposed at the root level: /export/foo becomes /foo when client is concerned with mounting it. Regular fileSystems options apply.

If you experience trouble with NFS mounts failing on boot because the network is not ready, try adding the following line in your fileSystems mount definition:

{
  # ...
  options = "x-systemd.automount,noauto";
}

That way, the NFS mount action won't actually be performed until the first time the mountpoint is accessed.

Nix store on NFS

In a single-user setup (not on Nixos) the nix store can be also exported over NFS (common in HPC clusters) to share package over the networks. The only requirement is to also pass local_lock=flock or local_lock=all as mount option to allow the nix packages to take locks on modifications. Example entry in fstab:

<host_or_ip>/nix /nix nfs nofail,x-systemd.device-timeout=4,local_lock=all 0 0