Secure NFS configuration

[0xABAB]

In order to secure NFS configuration files like /etc/hosts.{deny,allow} would have to be filled with correct configuration data. The current NFS NixOS module does not allow one to configure these, so how is one supposed to deploy NFS on NixOS?

One could argue that it is not responsible to even give the suggestion that NFS is supported in any fashion on NixOS today.

See https://help.ubuntu.com/community/SettingUpNFSHowTo for documentation for Ubuntu NFS setup.

[abbradar]

FWIW I'm pretty happy with current NixOS module for NFSv3 (non-secure) running in my home LAN.

For now you can fill those files by using configuration option environment.etc."hosts.allow".text = "foo". Of course, it would be nice to have the module support them instead. Probably we should highlight that we support only NFSv3 out of the box for now.

EDIT: sorry, I thought that these files are usable only with NFSv4 but after more reading my understanding looks incorrect.

[abbradar]

As part of https://github.com/NixOS/nixpkgs/pull/22303 I consider to disable tcp-wrappers and have users relying on NixOS firewall instead.

[Ekleog]

(triage) it looks like the environment.etc."hosts.allow".text solution has been given… maybe this issue can be closed? :)

[stale[bot]]

Thank you for your contributions.

This has been automatically marked as stale because it has had no activity for 180 days.

If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.

Here are suggestions that might help resolve this more quickly:

1. Search for maintainers and people that previously touched the related code and @ mention them in a comment.
2. Ask on the NixOS Discourse.
3. Ask on the #nixos channel on irc.freenode.net.