# thealmightydrawingtablet/nfs-krb it's an NFS server with kerberos integrated out of the box ! ## why? because nobody else has made one for some reason ¯\\\_(ツ)\_/¯ # usage ### sharing directory via env var ```bash # works for both ubuntu and alpine images docker run -d --privileged -v /path/on/host:/container/srv \ -e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \ -e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!' ``` ### bring your own `/etc/exports` ```bash # ubuntu docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \ -e PERMITTED=10.0.0.0/8 \ -e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!' # alpine docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \ -e PERMITTED=10.0.0.0/8 \ -e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!' ``` ## recognized configuration environment variables | Variable | Default | Required | Alpine | Ubuntu | Description | | ------------------ | ------------------ | -------- | ------ | ------ | ------------------------------------------------------------------------------- | | `NFS_KRB_REALM` | - | yes | ✅ | ✅ | Kerberos realm to authenticate with. | | `NFS_KRB_PRINC` | - | yes | ✅ | ✅ | the service principal which will be added to the keytab. | | `NFS_KRB_PWD` | - | yes | ✅ | ✅ | kerberos database master password, as well as the password for `NFS_KRB_PRINC`. | | `RW_MODE` | `rw` | no | ✅ | ✅ | controls NFS export read/write mode and the per-share option string. | | `SRV_TZ` | `America/New_York` | no | ✅ | ❌ | overrides the system timezone. | | `SHARED_DIRECTORY` | - | no | ✅ | ✅ | determines whether to configure a singular export. | | `PERMITTED` | `*` | no | ✅ | ✅ | provides the allowed client list for a single exported directory. |