From 57ca3e67b3ffa0ab5c3698d3d2b7c3db7ddbc823 Mon Sep 17 00:00:00 2001 From: Colin Date: Thu, 15 Jun 2023 01:52:15 +0000 Subject: [PATCH] servo/nfs: export rw if the source is wireguard --- hosts/by-name/servo/services/nfs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/by-name/servo/services/nfs.nix b/hosts/by-name/servo/services/nfs.nix index 4a3eb79a..e9cd5e6f 100644 --- a/hosts/by-name/servo/services/nfs.nix +++ b/hosts/by-name/servo/services/nfs.nix @@ -49,14 +49,14 @@ # - async, sync (default) # - no_subtree_check (default), subtree_check: verify not just that files requested by the client live # in the expected fs, but also that they live under whatever subdirectory of that fs is exported. + # - no_root_squash, root_squash (default): map requests from uid 0 to user `nobody`. # - crossmnt: reveal filesystems that are mounted under this endpoint # - fsid: must be zero for the root export # - mountpoint[=/path]: only export the directory if it's a mountpoint. used to avoid exporting failed mounts. # # 10.0.0.0/8 to export (readonly) both to LAN (unencrypted) and wg vpn (encrypted) services.nfs.server.exports = '' - /var/nfs/export 10.0.0.0/8(crossmnt,fsid=0,subtree_check) - /var/nfs/export/media 10.0.0.0/8(crossmnt,subtree_check) + /var/nfs/export 10.78.79.0/10(crossmnt,fsid=0,subtree_check) 10.0.10.0/24(rw,no_root_squash,crossmnt,fsid=0,subtree_check) ''; fileSystems."/var/nfs/export/media" = {