nixos/nfs: add idmapd.settings option

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
author: Justin Lovinger <git@justinlovinger.com> 2020-10-20 21:21:37 -0400
committer: Justin Lovinger <git@justinlovinger.com> 2020-10-20 22:10:02 -0400
commit: 1168e13bb0f38c06f09b1431b741179d067cc659 (patch)
tree: d1b1a9e10e82e76e05ebe4e7e938855efe2ec6db
parent: a920bf43082e35faad01a5cc43d5212dfc3c9f26 (diff)
download: nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.gz
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.bz2
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.lz
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.xz
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.zst
nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.zip
1 files changed, 35 insertions, 13 deletions
diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix
index ddcc0ed8f5a..fd35c35d32a 100644
--- a/nixos/modules/tasks/filesystems/nfs.nix
+++ b/nixos/modules/tasks/filesystems/nfs.nix
@@ -10,20 +10,9 @@ let
 
   rpcMountpoint = "${nfsStateDir}/rpc_pipefs";
 
-  idmapdConfFile = pkgs.writeText "idmapd.conf" ''
-    [General]
-    Pipefs-Directory = ${rpcMountpoint}
-    ${optionalString (config.networking.domain != null)
-      "Domain = ${config.networking.domain}"}
-
-    [Mapping]
-    Nobody-User = nobody
-    Nobody-Group = nogroup
-
-    [Translation]
-    Method = nsswitch
-  '';
+  format = pkgs.formats.ini {};
 
+  idmapdConfFile = format.generate "idmapd.conf" cfg.idmapd.settings;
   nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig;
   requestKeyConfFile = pkgs.writeText "request-key.conf" ''
     create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d
@@ -38,6 +27,25 @@ in
 
   options = {
     services.nfs = {
+      idmapd.settings = mkOption {
+        type = format.type;
+        default = {};
+        description = ''
+          libnfsidmap configuration. Refer to
+          <link xlink:href="https://linux.die.net/man/5/idmapd.conf"/>
+          for details.
+        '';
+        example = literalExample ''
+          {
+            Translation = {
+              GSS-Methods = "static,nsswitch";
+            };
+            Static = {
+              "root/hostname.domain.com@REALM.COM" = "root";
+            };
+          }
+        '';
+      };
       extraConfig = mkOption {
         type = types.lines;
         default = "";
@@ -54,6 +62,20 @@ in
 
     services.rpcbind.enable = true;
 
+    services.nfs.idmapd.settings = {
+      General = mkMerge [
+        { Pipefs-Directory = rpcMountpoint; }
+        (mkIf (config.networking.domain != null) { Domain = config.networking.domain; })
+      ];
+      Mapping = {
+        Nobody-User = "nobody";
+        Nobody-Group = "nogroup";
+      };
+      Translation = {
+        Method = "nsswitch";
+      };
+    };
+
     system.fsPackages = [ pkgs.nfs-utils ];
 
     boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ];
author	Justin Lovinger <git@justinlovinger.com>	2020-10-20 21:21:37 -0400
committer	Justin Lovinger <git@justinlovinger.com>	2020-10-20 22:10:02 -0400
commit	1168e13bb0f38c06f09b1431b741179d067cc659 (patch)
tree	d1b1a9e10e82e76e05ebe4e7e938855efe2ec6db
parent	a920bf43082e35faad01a5cc43d5212dfc3c9f26 (diff)
download	nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.gz nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.bz2 nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.lz nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.xz nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.tar.zst nixpkgs-1168e13bb0f38c06f09b1431b741179d067cc659.zip