Remove nfs setup

2021-11-21 17:09:57 +01:00 · 2021-11-21 17:09:57 +01:00 · 9102d564f0
commit 9102d564f0
parent 4ab9d88755
5 changed files with 5 additions and 95 deletions
--- a/tasks/nfs.yml
+++ b/tasks/nfs.yml
@ -1,40 +1,6 @@
- name: copy nfs configuration files
-  become: true
-  template:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
-    mode: '{{ item.mode }}'
-  loop:
-    - {
-        src: 'templates/nfs/exports.j2',
-        dest: '/etc/exports',
-        mode: '0644'
-      }
-    - {
-        src: 'templates/nfs/nfs-common.j2',
-        dest: '/etc/default/nfs-common',
-        mode: '0644'
-      }
-    - {
-        src: 'templates/nfs/nfs-kernel-server.j2',
-        dest: '/etc/default/nfs-kernel-server',
-        mode: '0644'
-      }
-
- name: mask rpcbind services
-  become: true
-  systemd:
-    name: '{{ item }}'
-    state: stopped
-    enabled: false
-    masked: true
-  loop:
-    - rpcbind.socket
-    - rpcbind.service
-
 - name: restart nfs service
  become: true
  systemd:
    name: nfs-server
-    state: restarted
-    enabled: true
+    state: stopped
+    enabled: false
--- a/templates/nfs/exports.j2
+++ b/templates/nfs/exports.j2
@ -1,13 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# /etc/exports: the access control list for filesystems which may be exported
-#		to NFS clients.  See exports(5).
-#
-# Example for NFSv2 and NFSv3:
-# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
-#
-# Example for NFSv4:
-# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
-# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
-#
-/srv/nfs4/music      	{{ vpn_listen_address }}/24(rw,no_subtree_check)
--- a/templates/nfs/nfs-common.j2
+++ b/templates/nfs/nfs-common.j2
@ -1,21 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# If you do not set values for the NEED_ options, they will be attempted
-# autodetected; this should be sufficient for most people. Valid alternatives
-# for the NEED_ options are "yes" and "no".
-
-# Do you want to start the statd daemon? It is not needed for NFSv4.
-NEED_STATD=no
-
-# Options for rpc.statd.
-#   Should rpc.statd listen on a specific port? This is especially useful
-#   when you have a port-based firewall. To use a fixed port, set this
-#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
-#   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
-STATDOPTS=
-
-# Do you want to start the idmapd daemon? It is only needed for NFSv4.
-NEED_IDMAPD=yes
-
-# Do you want to start the gssd daemon? It is required for Kerberos mounts.
-NEED_GSSD=
--- a/templates/nfs/nfs-kernel-server.j2
+++ b/templates/nfs/nfs-kernel-server.j2
@ -1,22 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# Number of servers to start up
-RPCNFSDCOUNT=8
-
-# Runtime priority of server (see nice(1))
-RPCNFSDPRIORITY=0
-
-# Options for rpc.mountd.
-# If you have a port-based firewall, you might want to set up
-# a fixed port here using the --port option. For more information, 
-# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
-# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
-RPCNFSDOPTS="-N 2 -N 3"
-RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"
-
-# Do you want to start the svcgssd daemon? It is only required for Kerberos
-# exports. Valid alternatives are "yes" and "no"; the default is "no".
-NEED_SVCGSSD=""
-
-# Options for rpc.svcgssd.
-RPCSVCGSSDOPTS=""
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@ -1,6 +1,7 @@
-#!/usr/bin/nft -f
-# vim:set ts=2 sw=2 et:
 # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# vim:set ts=2 sw=2 et:
+
+flush ruleset

 table ip filter {
  chain input {
@ -30,6 +31,5 @@ table ip filter {
    iifname { "tun0", "tun1" } tcp dport {{ transmission_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Transmission"
    iifname { "tun0", "tun1" } tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "Syncthing"
    iifname { "tun0", "tun1" } tcp dport {{ mpd_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "MPD"
-    iifname { "tun0", "tun1" } tcp dport {{ nfs_port }} ip saddr { 10.8.0.0/24, 10.8.1.0/24 } ip daddr 10.8.0.1/32 accept comment "NFS"
  }
 }