Jack Moore

Email: jack(at)jmoore53.com
Project Updates

NFS Ansible

18 Jan 2021 » system configuration, homelab, storage

Been beating around the bush on permissions for NFS for way too long. Permisisons are hard.

The delay on getting nfs setup was due to permissions. I couldn’t decide how I wanted to allow NFS permissions to exist and who to grant them to. I didn’t know if I should get granular with group ids and user ids, or if I should manage it from the subnet level.

Long story short I ended up allowing read/write from the internal subnets in my network.

I also pretty much opened read/write to everyone on that network. I did disable openvpn read/write from the vlan subnet though. This means only internal servers have access.

/etc/exports looks something like:



Need this automated so I can run it across devices.

- name: Install NFS Tools
    name: nfs-common
    state: present
    update_cache: yes
  become: true
  become_method: sudo

- name: Make Directory
    path: /media/nfspoint
    state: directory
  become: true
  become_method: sudo

- name: Add NFS Block to /etc/fstab
    dest: /etc/fstab
    marker: "## {mark} added by ansible"
    block: |
      ## BEGIN added by ansible
      # NFS Mount /media/nfspoint nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0
      ## END added by ansible
  become: yes
  become_method: sudo

- name: Mount an NFS volume
    path: /media/nfspoint
    opts: rw,sync,hard,intr
    state: mounted
    fstype: nfs

© Jack Moore