--- /dev/null
+class role::file_store (
+ Optional[Hash] $nfs_mounts = {},
+ Optional[String] $mountpoint = "/fichiers1",
+) {
+ include "base_installation"
+
+ include "profile::fstab"
+ include "profile::tools"
+ include "profile::monitoring"
+ include "profile::wireguard"
+
+ unless empty($mountpoint) {
+ class { "::nfs":
+ server_enabled => true,
+ nfs_v4 => true,
+ nfs_v4_export_root => '/exports',
+ nfs_v4_export_root_clients => 'localhost(rw)',
+ require => Mount[$mountpoint],
+ }
+
+ $nfs_mounts.each |$nfs_mount, $hosts| {
+ file { "$mountpoint/$nfs_mount":
+ ensure => "directory",
+ mode => "0755",
+ owner => "nobody",
+ group => "nobody",
+ require => Mount[$mountpoint],
+ }
+
+ $hosts.each |$host_cn| {
+ $host = find_host($facts["ldapvar"]["other"], $host_cn)
+ if empty($host) {
+ fail("No host found for nfs")
+ } elsif has_key($host["vars"], "wireguard_ip") {
+ $clients = sprintf("%s%s",
+ join($host["vars"]["wireguard_ip"], "(rw,secure,sync,all_squash) "),
+ "(rw,secure,sync,all_squash)")
+ nfs::server::export { "$mountpoint/$nfs_mount":
+ owner => "nobody",
+ group => "nobody",
+ ensure => "present",
+ clients => $clients,
+ }
+ } elsif has_key($host["vars"], "host") {
+ nfs::server::export { "$mountpoint/$nfs_mount":
+ owner => "nobody",
+ group => "nobody",
+ ensure => "present",
+ clients => "${host[vars][host][0]}(rw,secure,sync,all_squash)",
+ }
+ } else {
+ nfs::server::export { "$mountpoint/$nfs_mount":
+ owner => "nobody",
+ group => "nobody",
+ ensure => "present",
+ clients => "${host[vars][real_hostname][0]}(rw,secure,sync,all_squash)",
+ }
+ }
+ }
+ }
+ }
+}