From b1c10bc8b225beec0752f1b96acfa38a5f95cc92 Mon Sep 17 00:00:00 2001 From: Kai Wohlfahrt Date: Wed, 27 Nov 2019 21:01:34 +0000 Subject: [PATCH] nfs: set up request-key for id mapping A patch is necessary upstream to support multiple configs via symlinks in /etc/request-key.d Once that is done, we can add support for CIFS as well --- nixos/modules/tasks/filesystems/nfs.nix | 6 ++++++ nixos/tests/nfs/kerberos.nix | 11 ++--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index e0e8bb1f03d..ddcc0ed8f5a 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -25,6 +25,9 @@ let ''; nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig; + requestKeyConfFile = pkgs.writeText "request-key.conf" '' + create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d + ''; cfg = config.services.nfs; @@ -57,9 +60,12 @@ in systemd.packages = [ pkgs.nfs-utils ]; + environment.systemPackages = [ pkgs.keyutils ]; + environment.etc = { "idmapd.conf".source = idmapdConfFile; "nfs.conf".source = nfsConfFile; + "request-key.conf".source = requestKeyConfFile; }; systemd.services.nfs-blkmap = diff --git a/nixos/tests/nfs/kerberos.nix b/nixos/tests/nfs/kerberos.nix index 1c45b6542fd..1f2d0d453ea 100644 --- a/nixos/tests/nfs/kerberos.nix +++ b/nixos/tests/nfs/kerberos.nix @@ -27,13 +27,6 @@ let }; }; - environment = { - etc."request-key.conf".text = '' - create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d - ''; - systemPackages = with pkgs; [ keyutils ]; - }; - in { @@ -41,7 +34,7 @@ in nodes = { client = { lib, ... }: - { inherit krb5 users environment; + { inherit krb5 users; networking.extraHosts = hosts; networking.domain = "nfs.test"; @@ -57,7 +50,7 @@ in }; server = { lib, ...}: - { inherit krb5 users environment; + { inherit krb5 users; networking.extraHosts = hosts; networking.domain = "nfs.test";