Read-only NFS on NixOS

Wanted to share my NFS configuration on NixOS for anyone interested in something similar – likely would be a helpful reference for /etc/exports on any Linux server running NFS:

{ pkgs, ... }:

{
  # Limit NFS access to Tailscale
  networking.firewall.interfaces.tailscale0 = {
    allowedTCPPorts = [ 111  2049 4000 4001 4002 20048 ];
    allowedUDPPorts = [ 111 2049 4000 4001  4002 20048 ];
  };

  services.nfs.server = {
    enable = true;
    exports = ''
      # Read-only access using UID 995 and GID 992 on the server
      /media/home-media      100.64.0.0/10(ro,crossmnt,sync,no_wdelay,no_root_squash,insecure,no_subtree_check,anonuid=995,anongid=992)
    '';
  };
}
1 Like