2021-03-21 10:24:21 +00:00
|
|
|
from bundlewrap.metadata import atomic
|
|
|
|
|
2020-11-12 18:59:02 +00:00
|
|
|
defaults = {
|
|
|
|
'apt': {
|
|
|
|
'packages': {
|
2022-02-19 19:09:53 +00:00
|
|
|
'nfs-kernel-server': {
|
2022-02-18 21:37:07 +00:00
|
|
|
'needed_by': {
|
2022-02-18 21:18:44 +00:00
|
|
|
'action:nfs_reload_shares',
|
2022-02-19 16:47:49 +00:00
|
|
|
'svc_systemd:nfs-server',
|
2022-02-18 21:37:07 +00:00
|
|
|
},
|
2022-02-18 21:18:44 +00:00
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
},
|
|
|
|
},
|
2022-02-20 07:24:38 +00:00
|
|
|
'sysctl': {
|
|
|
|
'options': {
|
|
|
|
'fs.nfs.nlm_udpport': 4045,
|
|
|
|
'fs.nfs.nlm_tcpport': 4045,
|
|
|
|
},
|
|
|
|
'reload_triggers': {
|
|
|
|
'svc_systemd:nfs-server:restart',
|
|
|
|
},
|
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
}
|
2021-03-21 10:24:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
@metadata_reactor.provides(
|
2021-06-03 11:59:15 +00:00
|
|
|
'firewall/port_rules',
|
2021-03-21 10:24:21 +00:00
|
|
|
)
|
2021-06-03 11:59:15 +00:00
|
|
|
def firewall(metadata):
|
2021-03-21 10:24:21 +00:00
|
|
|
ips = set()
|
|
|
|
for share_items in metadata.get('nfs-server/shares', {}).values():
|
|
|
|
for share_target in share_items:
|
2021-06-03 05:45:56 +00:00
|
|
|
ips.add(share_target)
|
2021-03-21 10:24:21 +00:00
|
|
|
|
2022-02-20 07:24:38 +00:00
|
|
|
rules = {}
|
|
|
|
for port in ('111', '2049', '1110', '4045', '35295'): # TODO find out if we need more ports
|
|
|
|
for proto in ('', '/udp'):
|
|
|
|
rules[port + proto] = atomic(ips)
|
|
|
|
|
2021-03-21 10:24:21 +00:00
|
|
|
return {
|
2021-06-03 11:59:15 +00:00
|
|
|
'firewall': {
|
2022-02-20 07:24:38 +00:00
|
|
|
'port_rules': rules,
|
2021-03-21 10:24:21 +00:00
|
|
|
},
|
|
|
|
}
|