nfs-krb/README.md

# thealmightydrawingtablet/nfs-krb

it's an NFS server with kerberos integrated out of the box !

## why?

because nobody else has made one for some reason ¯\\\_(ツ)\_/¯

# usage

### sharing directory via env var

```bash
# works for both ubuntu and alpine images
docker run -d --privileged -v /path/on/host:/container/srv \
	-e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \
	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
```

### bring your own `/etc/exports`

```bash
# ubuntu
docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \
	-e PERMITTED=10.0.0.0/8 \
	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'

# alpine
docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \
	-e PERMITTED=10.0.0.0/8 \
	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
```

## recognized configuration environment variables

| Variable           | Default            | Required | Alpine | Ubuntu | Description                                                                     |
| ------------------ | ------------------ | -------- | ------ | ------ | ------------------------------------------------------------------------------- |
| `NFS_KRB_REALM`    | -                  | yes      | ✅     | ✅     | Kerberos realm to authenticate with.                                            |
| `NFS_KRB_PRINC`    | -                  | yes      | ✅     | ✅     | the service principal which will be added to the keytab.                        |
| `NFS_KRB_PWD`      | -                  | yes      | ✅     | ✅     | kerberos database master password, as well as the password for `NFS_KRB_PRINC`. |
| `RW_MODE`          | `rw`               | no       | ✅     | ✅     | controls NFS export read/write mode and the per-share option string.            |
| `SRV_TZ`           | `America/New_York` | no       | ✅     | ❌     | overrides the system timezone.                                                  |
| `SHARED_DIRECTORY` | -                  | no       | ✅     | ✅     | determines whether to configure a singular export.                              |
| `PERMITTED`        | `*`                | no       | ✅     | ✅     | provides the allowed client list for a single exported directory.               |