From 9102d564f0605b7ee706ff3222791be38955a41a Mon Sep 17 00:00:00 2001 From: sonny Date: Sun, 21 Nov 2021 17:09:57 +0100 Subject: [PATCH] Remove nfs setup --- tasks/nfs.yml | 38 ++---------------------------- templates/nfs/exports.j2 | 13 ---------- templates/nfs/nfs-common.j2 | 21 ----------------- templates/nfs/nfs-kernel-server.j2 | 22 ----------------- templates/nftables.j2 | 6 ++--- 5 files changed, 5 insertions(+), 95 deletions(-) delete mode 100644 templates/nfs/exports.j2 delete mode 100644 templates/nfs/nfs-common.j2 delete mode 100644 templates/nfs/nfs-kernel-server.j2 diff --git a/tasks/nfs.yml b/tasks/nfs.yml index cd88fcb..aff80ac 100644 --- a/tasks/nfs.yml +++ b/tasks/nfs.yml @@ -1,40 +1,6 @@ -- name: copy nfs configuration files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '{{ item.mode }}' - loop: - - { - src: 'templates/nfs/exports.j2', - dest: '/etc/exports', - mode: '0644' - } - - { - src: 'templates/nfs/nfs-common.j2', - dest: '/etc/default/nfs-common', - mode: '0644' - } - - { - src: 'templates/nfs/nfs-kernel-server.j2', - dest: '/etc/default/nfs-kernel-server', - mode: '0644' - } - -- name: mask rpcbind services - become: true - systemd: - name: '{{ item }}' - state: stopped - enabled: false - masked: true - loop: - - rpcbind.socket - - rpcbind.service - - name: restart nfs service become: true systemd: name: nfs-server - state: restarted - enabled: true + state: stopped + enabled: false diff --git a/templates/nfs/exports.j2 b/templates/nfs/exports.j2 deleted file mode 100644 index c329a9f..0000000 --- a/templates/nfs/exports.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -# /etc/exports: the access control list for filesystems which may be exported -# to NFS clients. See exports(5). -# -# Example for NFSv2 and NFSv3: -# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) -# -# Example for NFSv4: -# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) -# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) -# -/srv/nfs4/music {{ vpn_listen_address }}/24(rw,no_subtree_check) diff --git a/templates/nfs/nfs-common.j2 b/templates/nfs/nfs-common.j2 deleted file mode 100644 index 3449219..0000000 --- a/templates/nfs/nfs-common.j2 +++ /dev/null @@ -1,21 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -# If you do not set values for the NEED_ options, they will be attempted -# autodetected; this should be sufficient for most people. Valid alternatives -# for the NEED_ options are "yes" and "no". - -# Do you want to start the statd daemon? It is not needed for NFSv4. -NEED_STATD=no - -# Options for rpc.statd. -# Should rpc.statd listen on a specific port? This is especially useful -# when you have a port-based firewall. To use a fixed port, set this -# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". -# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS -STATDOPTS= - -# Do you want to start the idmapd daemon? It is only needed for NFSv4. -NEED_IDMAPD=yes - -# Do you want to start the gssd daemon? It is required for Kerberos mounts. -NEED_GSSD= diff --git a/templates/nfs/nfs-kernel-server.j2 b/templates/nfs/nfs-kernel-server.j2 deleted file mode 100644 index 68bb20d..0000000 --- a/templates/nfs/nfs-kernel-server.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -# Number of servers to start up -RPCNFSDCOUNT=8 - -# Runtime priority of server (see nice(1)) -RPCNFSDPRIORITY=0 - -# Options for rpc.mountd. -# If you have a port-based firewall, you might want to set up -# a fixed port here using the --port option. For more information, -# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS -# To disable NFSv4 on the server, specify '--no-nfs-version 4' here -RPCNFSDOPTS="-N 2 -N 3" -RPCMOUNTDOPTS="--manage-gids -N 2 -N 3" - -# Do you want to start the svcgssd daemon? It is only required for Kerberos -# exports. Valid alternatives are "yes" and "no"; the default is "no". -NEED_SVCGSSD="" - -# Options for rpc.svcgssd. -RPCSVCGSSDOPTS="" diff --git a/templates/nftables.j2 b/templates/nftables.j2 index f4266e9..a18e536 100644 --- a/templates/nftables.j2 +++ b/templates/nftables.j2 @@ -1,6 +1,7 @@ -#!/usr/bin/nft -f -# vim:set ts=2 sw=2 et: # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# vim:set ts=2 sw=2 et: + +flush ruleset table ip filter { chain input { @@ -30,6 +31,5 @@ table ip filter { iifname { "tun0", "tun1" } tcp dport {{ transmission_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Transmission" iifname { "tun0", "tun1" } tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Syncthing" iifname { "tun0", "tun1" } tcp dport {{ mpd_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "MPD" - iifname { "tun0", "tun1" } tcp dport {{ nfs_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "NFS" } }