From e12b8dc9a031f1db4c58d29d493be108c9b7df62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=98=99=E2=97=A6=20The=20Tablet=20=E2=9D=80=20GamerGirla?=
 =?UTF-8?q?ndCo=20=E2=97=A6=E2=9D=A7?= <i.am.the.tablet@proton.me>
Date: Thu, 30 Oct 2025 00:17:49 -0400
Subject: [PATCH] add readme.md

---
 README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..29dc453
--- /dev/null
+++ b/README.md
@@ -0,0 +1,45 @@
+# thealmightydrawingtablet/nfs-krb
+
+it's an NFS server with kerberos integrated out of the box !
+
+## why?
+
+because nobody else has made one for some reason ¯\\\_(ツ)\_/¯
+
+# usage
+
+### sharing directory via env var
+
+```bash
+# works for both ubuntu and alpine images
+docker run -d --privileged -v /path/on/host:/container/srv \
+	-e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+```
+
+### bring your own `/etc/exports`
+
+```bash
+# ubuntu
+docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \
+	-e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+
+# alpine
+docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \
+	-e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+```
+
+## recognized configuration environment variables
+
+| Variable           | Default            | Required | Alpine | Ubuntu | Description                                                                     |
+| ------------------ | ------------------ | -------- | ------ | ------ | ------------------------------------------------------------------------------- |
+| `NFS_KRB_REALM`    | -                  | yes      | ✅     | ✅     | Kerberos realm to authenticate with.                                            |
+| `NFS_KRB_PRINC`    | -                  | yes      | ✅     | ✅     | the service principal which will be added to the keytab.                        |
+| `NFS_KRB_PWD`      | -                  | yes      | ✅     | ✅     | kerberos database master password, as well as the password for `NFS_KRB_PRINC`. |
+| `RW_MODE`          | `rw`               | no       | ✅     | ✅     | controls NFS export read/write mode and the per-share option string.            |
+| `SRV_TZ`           | `America/New_York` | no       | ✅     | ❌     | overrides the system timezone.                                                  |
+| `SHARED_DIRECTORY` | -                  | no       | ✅     | ✅     | determines whether to configure a singular export.                              |
+| `PERMITTED`        | `*`                | no       | ✅     | ✅     | provides the allowed client list for a single exported directory.               |
+