From c905b7dc132f87565440461f06dbcb7db2a6aa5c Mon Sep 17 00:00:00 2001
From: Sophie Schiller <sophie.schiller01@gmail.com>
Date: Sat, 5 Apr 2025 20:15:50 +0200
Subject: [PATCH] bw/nfs close ports no longer needed for nfs4

---
 bundles/nfs-server/metadata.py | 5 ++++-
 nodes/sophie/vmhost.py         | 6 ++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/bundles/nfs-server/metadata.py b/bundles/nfs-server/metadata.py
index 73dc68a..d2f833c 100644
--- a/bundles/nfs-server/metadata.py
+++ b/bundles/nfs-server/metadata.py
@@ -33,7 +33,10 @@ def firewall(metadata):
             ips.add(share_target)
 
     rules = {}
-    for port in ('111', '2049', '1110', '4045', '35295'):
+    ports = ('111', '2049', '1110', '4045', '35295')
+    if metadata.get('nfs-server/version', 3) == 4:
+        ports = ('111', '2049')
+    for port in ports:
         for proto in ('/tcp', '/udp'):
             rules[port + proto] = atomic(ips)
 
diff --git a/nodes/sophie/vmhost.py b/nodes/sophie/vmhost.py
index 3fa02ec..aca520c 100644
--- a/nodes/sophie/vmhost.py
+++ b/nodes/sophie/vmhost.py
@@ -13,6 +13,11 @@ nodes['sophie.vmhost'] = {
         'debian-bookworm',
     },
     'metadata': {
+        'apt': {
+            'packages': {
+                'irqbalance': {},
+            },
+        },
         'groups': {
             'nas': {},
         },
@@ -54,6 +59,7 @@ nodes['sophie.vmhost'] = {
             },
         },
         'nfs-server': {
+            'version': 4,
             'shares': {
                 '/srv/nas': {
                     '172.19.164.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',