sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove nfs setup

Browse source
This commit is contained in:
sonny 2021-11-21 17:09:57 +01:00
parent 4ab9d88755
commit 9102d564f0
5 changed files with 5 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

38
tasks/nfs.yml
View file

@ -1,40 +1,6 @@
- name: copy nfs configuration files
become: true
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
loop:
- {
src: 'templates/nfs/exports.j2',
dest: '/etc/exports',
mode: '0644'
}
- {
src: 'templates/nfs/nfs-common.j2',
dest: '/etc/default/nfs-common',
mode: '0644'
}
- {
src: 'templates/nfs/nfs-kernel-server.j2',
dest: '/etc/default/nfs-kernel-server',
mode: '0644'
}
- name: mask rpcbind services
become: true
systemd:
name: '{{ item }}'
state: stopped
enabled: false
masked: true
loop:
- rpcbind.socket
- rpcbind.service
- name: restart nfs service - name: restart nfs service
become: true become: true
systemd: systemd:
name: nfs-server name: nfs-server
state: restarted state: stopped
enabled: true enabled: false

13
templates/nfs/exports.j2
View file

@ -1,13 +0,0 @@
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
#
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/srv/nfs4/music {{ vpn_listen_address }}/24(rw,no_subtree_check)

21
templates/nfs/nfs-common.j2
View file

@ -1,21 +0,0 @@
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
#
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=no
# Options for rpc.statd.
# Should rpc.statd listen on a specific port? This is especially useful
# when you have a port-based firewall. To use a fixed port, set this
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
STATDOPTS=
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=yes
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=

22
templates/nfs/nfs-kernel-server.j2
View file

@ -1,22 +0,0 @@
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
#
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
RPCNFSDOPTS="-N 2 -N 3"
RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=""
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS=""

6
templates/nftables.j2
View file

@ -1,6 +1,7 @@
#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
# vim:set ts=2 sw=2 et:
flush ruleset
table ip filter { table ip filter {
chain input { chain input {
@ -30,6 +31,5 @@ table ip filter {
iifname { "tun0", "tun1" } tcp dport {{ transmission_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Transmission" iifname { "tun0", "tun1" } tcp dport {{ transmission_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Transmission"
iifname { "tun0", "tun1" } tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Syncthing" iifname { "tun0", "tun1" } tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Syncthing"
iifname { "tun0", "tun1" } tcp dport {{ mpd_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "MPD" iifname { "tun0", "tun1" } tcp dport {{ mpd_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "MPD"
iifname { "tun0", "tun1" } tcp dport {{ nfs_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "NFS"
} }
} }