Feat: add network share to nas

home.yml

@@ -12,31 +12,31 @@
         update_cache: true
         upgrade: true
 
-    - name: Install core admin tools
-      include_role:
-        name: core
+          # - name: Install core admin tools
+          #   include_role:
+          #     name: core
 
-    - name: Include user
-      include_role:
-        name: "user"
-      loop:
-        - "{{ admin }}"
-      loop_control:
-        loop_var: user
+          # - name: Include user
+          #   include_role:
+          #     name: "user"
+          #   loop:
+          #     - "{{ admin }}"
+          #   loop_control:
+          #     loop_var: user
 
-    - name: Remove firstboot user
-      ansible.builtin.user:
-        name: foo
-        state: absent
-        remove: yes
+          # - name: Remove firstboot user
+          #   ansible.builtin.user:
+          #     name: foo
+          #     state: absent
+          #     remove: yes
 
-    - name: Secure ssh
-      include_role:
-        name: ssh
+          # - name: Secure ssh
+          #   include_role:
+          #     name: ssh
 
     - name: Set up nfs network shares server
-      debug:
-        msg: Todo
+      include_role:
+        name: nfs_server
 
     - name: Set up samba network shares
       debug:
@@ -81,4 +81,3 @@
     - name: Set up collectd
       include_role:
         name: collectd
-

roles/nfs_server/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# defaults file for nfs_server
+shares:
+  - mount_point: /media/nfs/default
+    server: test.lan
+    export: /test
+    options: defaults

roles/nfs_server/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for nfs_server
+- name: reload nfs
+  command: 'exportfs -ra'

roles/nfs_server/tasks/debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Debian - Install nfs
+  apt:
+    name:
+      - nfs-common
+      - nfs-kernel-server
+    state: present

roles/nfs_server/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+# tasks file for nfs_server
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Ensure directories to export exist
+  file:  # noqa 208
+    path: "{{ item.src }}"
+    state: directory
+  with_items: "{{ nfs_exports }}"
+
+- name: Copy exports file.
+  template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nfs
+
+- name: Ensure nfs is running.
+  service: "name=nfs-kernel-server state=started enabled=yes"
+  when: nfs_exports|length

roles/nfs_server/templates/exports.j2

@@ -0,0 +1,13 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+{% for export in nfs_exports %}
+{{ export.src }} {{ export.allowedIP }}({{ export.options }})
+{% endfor %}

roles/nfs_server/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/nfs_server/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - nfs_server

roles/nfs_server/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for nfs_server

vars/backup.yml

@@ -12,11 +12,6 @@ nfs_shares:
     server: nas.lan
     export: /mnt/DocNas/Commun
     options: defaults,_netdev,rsize=8192,wsize=8192
-  - mount_point: /mnt/jails
-    server: nas.lan
-    export: /mnt/DocNas/iocage/jails
-    options: defaults,_netdev,rsize=8192,wsize=8192
-
 
 borgmatic_name: on_start
 borg_source_directories: "{{ nfs_shares | map(attribute='mount_point') }}"

vars/home.yml

@@ -3,3 +3,16 @@ collectd_network_server: 192.168.2.240
 collectd_network_port: 25826
 
 ssh_publickey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7aeBuq7TC8bRATkXa3QY4icPSz9apd2ZSVfnMZD+ta waha@Combava-2022-03-23"
+
+  #ansible_become_pass: "{{ lookup('passwordstore', 'home/nas/admin')}}"
+
+nfs_exports:
+  - src: '/mnt/DocNas/Benjamin'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,no_root_squash'
+  - src: '/mnt/DocNas/Commun'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,no_root_squash'
+  - src: '/mnt/DocNas/Margot'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,no_root_squash'

vars/nas.yml

@@ -1,5 +1 @@
 ---
-nfs_exports:
-  - "/media/docNas/commun *(rw,sync,no_root_squash)"
-  - "/media/docNas/benjamin *(rw,sync,no_root_squash)"
-  - "/media/docNas/margot *(rw,sync,no_root_squash)"