nfs: set up request-key for id mapping

A patch is necessary upstream to support multiple configs via symlinks
in /etc/request-key.d

Once that is done, we can add support for CIFS as well

2 files changed, 8 insertions, 9 deletions

diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix
index e0e8bb1f03d..ddcc0ed8f5a 100644
--- a/nixos/modules/tasks/filesystems/nfs.nix
+++ b/nixos/modules/tasks/filesystems/nfs.nix
@@ -25,6 +25,9 @@ let
   '';
 
   nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig;
+  requestKeyConfFile = pkgs.writeText "request-key.conf" ''
+    create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d
+  '';
 
   cfg = config.services.nfs;
 
@@ -57,9 +60,12 @@ in
 
     systemd.packages = [ pkgs.nfs-utils ];
 
+    environment.systemPackages = [ pkgs.keyutils ];
+
     environment.etc = {
       "idmapd.conf".source = idmapdConfFile;
       "nfs.conf".source = nfsConfFile;
+      "request-key.conf".source = requestKeyConfFile;
     };
 
     systemd.services.nfs-blkmap =
diff --git a/nixos/tests/nfs/kerberos.nix b/nixos/tests/nfs/kerberos.nix
index 1c45b6542fd..1f2d0d453ea 100644
--- a/nixos/tests/nfs/kerberos.nix
+++ b/nixos/tests/nfs/kerberos.nix
@@ -27,13 +27,6 @@ let
       };
   };
 
-  environment = {
-    etc."request-key.conf".text = ''
-      create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d
-    '';
-    systemPackages = with pkgs; [ keyutils ];
-  };
-
 in
 
 {
@@ -41,7 +34,7 @@ in
  
   nodes = {
     client = { lib, ... }:
-      { inherit krb5 users environment;
+      { inherit krb5 users;
 
         networking.extraHosts = hosts;
         networking.domain = "nfs.test";
@@ -57,7 +50,7 @@ in
       };
 
     server = { lib, ...}:
-      { inherit krb5 users environment;
+      { inherit krb5 users;
 
         networking.extraHosts = hosts;
         networking.domain = "nfs.test";