feat(exports): service access

2026-02-09 12:29:19 -08:00 · 2024-02-19 17:34:39 -08:00 · 2024-02-19 17:34:39 -08:00 · 871b1c5b2d
commit 871b1c5b2d
parent 91918b8061
69 changed files with 1317 additions and 509 deletions
--- a/modules/system/exports/nfs.nix
+++ b/modules/system/exports/nfs.nix
@ -0,0 +1,77 @@
+{lib, gensokyo-zone, ...}: let
+  inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  config.exports.services.nfs = { config, ... }: let
+    mkAssertion = f: nixosConfig: let
+      cfg = nixosConfig.services.nfs;
+    in f nixosConfig cfg;
+    mkAssertionPort = portName: mkAssertion (nixosConfig: cfg: let
+      portAttr = "${portName}Port";
+    in {
+      assertion = mkAssertPort config.ports.${portName} cfg.server.${portAttr};
+      message = "${portAttr} mismatch";
+    });
+    mkAssertPort = port: cfgPort: let
+      cmpPort = if port.enable then port.port else null;
+    in cfgPort == cmpPort;
+  in {
+    nixos = {
+      serviceAttrPath = [ "services" "nfs" "server" ];
+      assertions = mkIf config.enable [
+        (mkAssertionPort "statd")
+        (mkAssertionPort "lockd")
+        (mkAssertionPort "mountd")
+        (mkAssertion (nixosConfig: cfg: {
+          assertion = nixosConfig.services.rpcbind.enable == config.ports.rpcbind.enable;
+          message = "rpcbind enable mismatch";
+        }))
+      ];
+    };
+    # TODO: expose over wan
+    defaults.port.listen = mkAlmostOptionDefault "lan";
+    ports = mapAttrs (_: mapAlmostOptionDefaults) {
+      default = {
+        port = 2049;
+        transport = "tcp";
+      };
+      udp = {
+        port = config.ports.default.port;
+        transport = "udp";
+      };
+      rpcbind = {
+        port = 111;
+        transport = "tcp";
+      };
+      rpcbind-udp = {
+        port = config.ports.rpcbind.port;
+        transport = "udp";
+      };
+      statd = {
+        port = 4000;
+        transport = "tcp";
+      };
+      statd-udp = {
+        port = config.ports.statd.port;
+        transport = "udp";
+      };
+      lockd = {
+        port = 4001;
+        transport = "tcp";
+      };
+      lockd-udp = {
+        port = config.ports.lockd.port;
+        transport = "udp";
+      };
+      mountd = {
+        port = 4002;
+        transport = "tcp";
+      };
+      mountd-udp = {
+        port = config.ports.mountd.port;
+        transport = "udp";
+      };
+    };
+  };
+}