Add nfs tasks

playbook.yml

@@ -9,6 +9,7 @@
   tasks:
     - import_tasks: 'tasks/setup.yml'
     - import_tasks: 'tasks/openvpn.yml'
+    - import_tasks: 'tasks/nfs.yml'
     - import_tasks: 'tasks/radicale.yml'
     - import_tasks: 'tasks/syncthing.yml'
     - import_tasks: 'tasks/transmission.yml'

tasks/nfs.yml

@@ -0,0 +1,40 @@
+- name: copy nfs configuration files
+  become: true
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/nfs/exports.j2',
+        dest: '/etc/exports',
+        mode: '0644'
+      }
+    - {
+        src: 'templates/nfs/nfs-common.j2',
+        dest: '/etc/defaults/nfs-common',
+        mode: '0644'
+      }
+    - {
+        src: 'templates/nfs/nfs-kernel-server.j2',
+        dest: '/etc/defaults/nfs-kernel-server',
+        mode: '0644'
+      }
+
+- name: mask rpcbind services
+  become: true
+  systemd:
+    name: '{{ item }}'
+    state: stopped
+    enabled: false
+    masked: true
+  loop:
+    - rpcbind.socket
+    - rpcbind.service
+
+- name: restart nfs service
+  become: true
+  systemd:
+    name: nfs-server
+    state: restarted
+    enabled: true

templates/nfs/exports.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+#
+# /etc/exports: the access control list for filesystems which may be exported
+#		to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+/srv/nfs4/music      	{{ vpn_listen_address }}/24(rw,no_subtree_check)

templates/nfs/nfs-common.j2

@@ -0,0 +1,21 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+#
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=no
+
+# Options for rpc.statd.
+#   Should rpc.statd listen on a specific port? This is especially useful
+#   when you have a port-based firewall. To use a fixed port, set this
+#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
+#   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
+STATDOPTS=
+
+# Do you want to start the idmapd daemon? It is only needed for NFSv4.
+NEED_IDMAPD=yes
+
+# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+NEED_GSSD=

templates/nfs/nfs-kernel-server.j2

@@ -0,0 +1,22 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+#
+# Number of servers to start up
+RPCNFSDCOUNT=8
+
+# Runtime priority of server (see nice(1))
+RPCNFSDPRIORITY=0
+
+# Options for rpc.mountd.
+# If you have a port-based firewall, you might want to set up
+# a fixed port here using the --port option. For more information, 
+# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
+# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
+RPCNFSDOPTS="-N 2 -N 3"
+RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"
+
+# Do you want to start the svcgssd daemon? It is only required for Kerberos
+# exports. Valid alternatives are "yes" and "no"; the default is "no".
+NEED_SVCGSSD=""
+
+# Options for rpc.svcgssd.
+RPCSVCGSSDOPTS=""