Added roles nfs/server and nfs/export

roles/nfs/export/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+
+export_name: "{{ real_path | basename }}"
+# real_path: "/exported/path"
+export_path: "{{ root_directory }}/{{ export_name }}"
+export_config_name: "{{ export_name | regex_replace('/', '-') }}"
+mount_unit_name: "{{ export_path | regex_replace('^/') | regex_replace('/', '-') }}.mount"
+
+export_hosts:
+  - "*"
+squash_user: "nfs_exports" # If not empty, creates user and changes requests to it
+readonly: on # export is readonly

roles/nfs/export/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: mount export
+  systemd:
+    enabled: yes
+    name: "{{ mount_unit_name }}"
+    state: restarted

roles/nfs/export/meta/main.yml

@@ -0,0 +1,7 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - role: misc/handlers
+  - role: nfs/server

roles/nfs/export/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Create user account for export
+  user:
+    state: present
+    name: "{{ squash_user }}"
+    system: yes
+    shell: "/bin/false"
+    create_home: no
+  when: squash_user != ""
+  register: user_info
+
+- name: Create original export directory
+  file:
+    state: directory
+    path: "{{ real_path }}"
+    owner: "{{ squash_user | default('root') }}"
+    group: "{{ squash_user | default('root') }}"
+    mode: u=rwx,g=rx,o=rx
+
+- name: Create directory for bind mount
+  file:
+    state: directory
+    path: "{{ export_path }}"
+    owner: "{{ squash_user | default('root') }}"
+    group: "{{ squash_user | default('root') }}"
+    mode: u=rwx,g=rx,o=rx
+
+- name: Configure bind mount
+  template:
+    src: bind.mount
+    dest: "{{ global_systemd_configuration_directory }}/{{ mount_unit_name }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify:
+    - reload systemd
+    - mount export
+
+- name: Configure export
+  template:
+    src: export.exports
+    dest: "{{ exports_config_directory }}/{{ export_config_name }}.exports"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify: reload nfs exports

roles/nfs/export/templates/bind.mount

@@ -0,0 +1,10 @@
+[Unit]
+Description=Bind Mount for NFS of {{ export_name }}
+
+[Mount]
+What={{ real_path }}
+Where={{ export_path }}
+Options=bind
+
+[Install]
+WantedBy=multi-user.target

roles/nfs/export/templates/export.exports

@@ -0,0 +1,7 @@
+{{ root_directory }}/{{ export_name }} {% for host in export_hosts -%}
+  {{ host }}({{ readonly | ternary('ro', 'rw') }},sync
+  {%- if squash_user != "" -%}
+    ,all_squash,anonuid={{ user_info.uid }},anongid={{ user_info.group }}
+  {%- endif -%}
+  ,crossmnt,no_subtree_check)
+{%- endfor %}

roles/nfs/server/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+root_directory: "{{ global_webservers_directory }}/nfs"
+
+exports_config: "/etc/exports"
+exports_config_directory: "/etc/exports.d"

roles/nfs/server/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: reload nfs exports
+  # export all = read config files, reexport = disable removed entries, be verbose
+  command: exportfs -arv

roles/nfs/server/meta/main.yml

@@ -0,0 +1,3 @@
+---
+
+allow_duplicates: no

roles/nfs/server/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Install required packages
+  apt:
+    state:  present
+    name:
+      - nfs-kernel-server
+
+- name: Create exports root directory
+  file:
+    state: directory
+    path: "{{ root_directory }}"
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=rx
+
+- name: Configure exports root
+  template:
+    src: root.exports
+    dest: "{{ exports_config }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify:
+    - reload nfs exports
+
+- name: Create exports config directory
+  file:
+    state: directory
+    path: "{{ exports_config_directory }}"
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=rx
+
+- name: Allow ports in firewall
+  ufw:
+    rule: allow
+    port: "{{ global_nfs_port }}"
+    proto: tcp

roles/nfs/server/templates/root.exports

@@ -0,0 +1 @@
+{{ root_directory }} *(ro,sync,all_squash,no_subtree_check,fsid=root)