bw/nfs close ports no longer needed for nfs4

2025-04-05 20:15:50 +02:00 · 2025-04-05 20:15:50 +02:00 · c905b7dc13
commit c905b7dc13
parent d584fd88d7
2 changed files with 10 additions and 1 deletions
--- a/bundles/nfs-server/metadata.py
+++ b/bundles/nfs-server/metadata.py
@ -33,7 +33,10 @@ def firewall(metadata):
            ips.add(share_target)

    rules = {}
-    for port in ('111', '2049', '1110', '4045', '35295'):
+    ports = ('111', '2049', '1110', '4045', '35295')
+    if metadata.get('nfs-server/version', 3) == 4:
+        ports = ('111', '2049')
+    for port in ports:
        for proto in ('/tcp', '/udp'):
            rules[port + proto] = atomic(ips)

--- a/nodes/sophie/vmhost.py
+++ b/nodes/sophie/vmhost.py
@ -13,6 +13,11 @@ nodes['sophie.vmhost'] = {
        'debian-bookworm',
    },
    'metadata': {
+        'apt': {
+            'packages': {
+                'irqbalance': {},
+            },
+        },
        'groups': {
            'nas': {},
        },
@ -54,6 +59,7 @@ nodes['sophie.vmhost'] = {
            },
        },
        'nfs-server': {
+            'version': 4,
            'shares': {
                '/srv/nas': {
                    '172.19.164.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',