tablet/nfs-krb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add readme.md

Browse Source
This commit is contained in:
☙◦ The Tablet ❀ GamerGirlandCo ◦❧ 2025-10-30 00:17:49 -04:00
parent 6f0b01aeca
commit e12b8dc9a0
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
README.md Normal file
View File

@ -0,0 +1,45 @@
# thealmightydrawingtablet/nfs-krb
it's an NFS server with kerberos integrated out of the box !
## why?
because nobody else has made one for some reason ¯\\\_(ツ)\_/¯
# usage
### sharing directory via env var
```bash
# works for both ubuntu and alpine images
docker run -d --privileged -v /path/on/host:/container/srv \
-e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
```
### bring your own `/etc/exports`
```bash
# ubuntu
docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \
-e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
# alpine
docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \
-e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
```
## recognized configuration environment variables
| Variable | Default | Required | Alpine | Ubuntu | Description |
| ------------------ | ------------------ | -------- | ------ | ------ | ------------------------------------------------------------------------------- |
| `NFS_KRB_REALM` | - | yes | ✅ | ✅ | Kerberos realm to authenticate with. |
| `NFS_KRB_PRINC` | - | yes | ✅ | ✅ | the service principal which will be added to the keytab. |
| `NFS_KRB_PWD` | - | yes | ✅ | ✅ | kerberos database master password, as well as the password for `NFS_KRB_PRINC`. |
| `RW_MODE` | `rw` | no | ✅ | ✅ | controls NFS export read/write mode and the per-share option string. |
| `SRV_TZ` | `America/New_York` | no | ✅ | ❌ | overrides the system timezone. |
| `SHARED_DIRECTORY` | - | no | ✅ | ✅ | determines whether to configure a singular export. |
| `PERMITTED` | `*` | no | ✅ | ✅ | provides the allowed client list for a single exported directory. |