2.5 KiB
2.5 KiB
thealmightydrawingtablet/nfs-krb
it's an NFS server with kerberos integrated out of the box !
why?
because nobody else has made one for some reason ¯\_(ツ)_/¯
usage
sharing directory via env var
# works for both ubuntu and alpine images
docker run -d --privileged -v /path/on/host:/container/srv \
-e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
bring your own /etc/exports
# ubuntu
docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \
-e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
# alpine
docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \
-e PERMITTED=10.0.0.0/8 \
-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
recognized configuration environment variables
| Variable | Default | Required | Alpine | Ubuntu | Description |
|---|---|---|---|---|---|
NFS_KRB_REALM |
- | yes | ✅ | ✅ | Kerberos realm to authenticate with. |
NFS_KRB_PRINC |
- | yes | ✅ | ✅ | the service principal which will be added to the keytab. |
NFS_KRB_PWD |
- | yes | ✅ | ✅ | kerberos database master password, as well as the password for NFS_KRB_PRINC. |
RW_MODE |
rw |
no | ✅ | ✅ | controls NFS export read/write mode and the per-share option string. |
SRV_TZ |
America/New_York |
no | ✅ | ❌ | overrides the system timezone. |
SHARED_DIRECTORY |
- | no | ✅ | ✅ | determines whether to configure a singular export. |
PERMITTED |
* |
no | ✅ | ✅ | provides the allowed client list for a single exported directory. |