{ pkgs, lib, config, ... }: let cfg = config.lab.data-sharing; nfsShares = [ "/nextcloud/data" "/radicale" "/freshrss/data" "/freshrss/extensions" "/pihole/data" "/pihole/dnsmasq" "/hedgedoc/uploads" "/traefik/acme" "/forgejo" "/kitchenowl/data" "/syncthing/config" "/paperless-ngx/data" "/paperless-ngx/redisdata" "/media" "/jellyfin/config" ]; nfsExports = lib.strings.concatLines ( builtins.map (share: "${cfg.nfsRoot}${share} 192.168.30.0/${config.lab.networking.dmz.ipv4.prefixLength}(rw,sync,no_subtree_check,no_root_squash)" ) nfsShares ); in { options.lab.data-sharing = { enable = lib.mkOption { default = false; type = lib.types.bool; description = '' Configure this server to serve our data using NFS and PostgreSQL. ''; }; nfsRoot = lib.mkOption { default = "/mnt/data/nfs"; type = lib.types.str; description = '' Root directory of NFS data. ''; }; postgresDir = lib.mkOption { default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}"; type = lib.types.str; description = '' Postgresql data directory. ''; }; }; config = lib.mkIf cfg.enable { networking.firewall.interfaces.${config.lab.networking.dmz.bridgeName}.allowedTCPPorts = [ 2049 # NFS 5432 # PostgeSQL 111 # NFS 20048 # NFS ]; services = { nfs.server = { enable = true; exports = nfsExports; }; postgresql = { enable = true; package = pkgs.postgresql_15; enableTCPIP = true; dataDir = cfg.postgresDir; authentication = '' host nextcloud nextcloud all md5 host hedgedoc hedgedoc all md5 host paperless paperless all md5 ''; }; }; }; }