5 files changed, 140 insertions, 0 deletions

diff --git a/chaos-at-home/ch-prometheus.yml b/chaos-at-home/ch-prometheus.yml
index 756722dd..1cfa59c1 100644
--- a/chaos-at-home/ch-prometheus.yml
+++ b/chaos-at-home/ch-prometheus.yml
@@ -11,6 +11,7 @@
   - role: zfs/base
   - role: apt-repo/spreadspace
   - role: zfs/sanoid
+  - role: chaos-at-home/fileserver
   - role: vm/host/base
   - role: vm/host/network
   - role: installer/debian/base
@@ -37,3 +38,4 @@
 
         sleep 2
         systemctl restart libvirtd.service
+        systemctl restart nfs-kernel-server
diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml
index 425411df..f06ecb85 100644
--- a/inventory/host_vars/ch-prometheus.yml
+++ b/inventory/host_vars/ch-prometheus.yml
@@ -86,3 +86,35 @@ zfs_sanoid_modules:
     use_template: production
     recursive: yes
     process_children_only: yes
+
+
+fileserver_zfs_default_pool: storage
+fileserver_zfs_filesystems:
+  archiv:
+    properties:
+      quota: 1T
+  buffer:
+    properties:
+      quota: 50G
+  home:
+    properties:
+      quota: 500G
+    export: no
+  movies:
+    properties:
+      quota: 1T
+  music:
+    properties:
+      quota: 500G
+  series:
+    properties:
+      quota: 4T
+
+fileserver_nfs_root: /srv/_nfs4_root_
+fileserver_nfs_default_options:
+  - rw
+  - sync
+  - root_squash
+  - no_subtree_check
+fileserver_nfs_default_destinations:
+  - dest: "{{ network_zones.lan.prefix }}"
diff --git a/roles/chaos-at-home/fileserver/defaults/main.yml b/roles/chaos-at-home/fileserver/defaults/main.yml
new file mode 100644
index 00000000..8a4452ce
--- /dev/null
+++ b/roles/chaos-at-home/fileserver/defaults/main.yml
@@ -0,0 +1,37 @@
+---
+# fileserver_zfs_default_pool: tank
+# fileserver_zfs_filesystems:
+#   foo:
+#     pool: bar
+#     properties:
+#       quota: 100G
+#     export_as: bar
+#     export_to:
+#     - dest: 192.0.2.3/32
+#       opts:
+#       - ro
+#       - async
+#   private:
+#     properties:
+#       quota: 100G
+#     export: no
+#   public:
+#     properties:
+#       quota: 100G
+
+fileserver_zfs_common_properties:
+  snapdir: visible
+  compression: lz4
+
+# fileserver_nfs_root: /srv/exports
+# fileserver_nfs_default_options:
+#   - ro
+#   - sync
+#   - root_squash
+# fileserver_nfs_default_destinations:
+#   - dest: 192.0.2.0/24
+#   - dest: 192.0.2.128/29
+#     opts:
+#     - rw
+#     - sync
+#     - root_squash
diff --git a/roles/chaos-at-home/fileserver/handlers/main.yml b/roles/chaos-at-home/fileserver/handlers/main.yml
new file mode 100644
index 00000000..3ec0aded
--- /dev/null
+++ b/roles/chaos-at-home/fileserver/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart nfs-server
+  service:
+    name: nfs-kernel-server
+    state: restarted
diff --git a/roles/chaos-at-home/fileserver/tasks/main.yml b/roles/chaos-at-home/fileserver/tasks/main.yml
new file mode 100644
index 00000000..9cc20853
--- /dev/null
+++ b/roles/chaos-at-home/fileserver/tasks/main.yml
@@ -0,0 +1,64 @@
+---
+- name: create zfs filesystems
+  loop: "{{ fileserver_zfs_filesystems | dict2items }}"
+  loop_control:
+    label: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}"
+  zfs:
+    name: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}"
+    state: present
+    extra_zfs_properties: "{{ fileserver_zfs_common_properties | combine(item.value.properties | default({})) }}"
+
+- name: install nfs-server
+  apt:
+    name: nfs-kernel-server
+    state: present
+
+  # rpc.statd is only needed for NFSv2 and NFSv3
+- name: disable rpc.statd
+  lineinfile:
+    path: /etc/default/nfs-common
+    regexp: '^NEED_STATD='
+    line: 'NEED_STATD=no'
+  notify: restart nfs-server
+
+- name: disable NFSv2 and NFSv3
+  lineinfile:
+    path: /etc/default/nfs-kernel-server
+    regexp: '^RPCMOUNTDOPTS="(.*?) ?(--no-nfs-version 2 --no-nfs-version 3)?"'
+    backrefs: yes
+    line: 'RPCMOUNTDOPTS="\1 --no-nfs-version 2 --no-nfs-version 3"'
+  notify: restart nfs-server
+
+- name: create export root directory
+  file:
+    path: "{{ fileserver_nfs_root }}"
+    state: directory
+
+- name: create bind mounts for all filesystems to be exported
+  loop: "{{ fileserver_zfs_filesystems | dict2items }}"
+  loop_control:
+    label: "{{ item.value.export_as | default(item.key) }}"
+  when: (item.value.export is not defined) or (item.value.export | bool)
+  mount:
+    src: "{{ zfs_zpools[(item.value.pool | default(fileserver_zfs_default_pool))].mountpoint }}/{{ item.key }}"
+    path: "{{ fileserver_nfs_root }}/{{ item.value.export_as | default(item.key) }}"
+    fstype: none
+    opts: defaults,bind,x-systemd.automount,nofail
+    state: mounted
+  notify: restart nfs-server
+
+- name: generate list of all export destinations
+  set_fact:
+    filesearver_nfs_all_destinations: "{{ fileserver_nfs_default_destinations | map(attribute='dest') | list | union(fileserver_zfs_filesystems | dict2items | selectattr('value.export_to', 'defined') | map(attribute='value.export_to') | flatten | map(attribute='dest') | list) | cidr_merge }}"
+
+- name: export filesystems
+  blockinfile:
+    path: /etc/exports
+    block: |
+      {{ fileserver_nfs_root }}  {% for dest in filesearver_nfs_all_destinations %} {{ dest }}(ro,fsid=0,sync){% endfor %}{{ '' }}
+      {% for fs in (fileserver_zfs_filesystems | dict2items) %}
+      {%   if (fs.value.export is not defined) or (fs.value.export | bool) %}
+      {{ fileserver_nfs_root }}/{{ fs.value.export_as | default(fs.key) }}  {% for d in fs.value.export_to | default(fileserver_nfs_default_destinations) %} {{ d.dest }}({{ d.opts | default(fileserver_nfs_default_options) | join(',') }}){% endfor %}{{ '' }}
+      {%   endif %}
+      {% endfor %}
+  notify: restart nfs-server