From 9fd303c4adaa537f80e4ca2b84f32ed8ff450047 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 17 Dec 2024 20:16:02 +0000
Subject: [PATCH] nfs_server: Move exports file under roles

---
 playbooks/nas.yml               | 18 ------------------
 roles/nfs_server/files/exports  |  6 ++++++
 roles/nfs_server/tasks/main.yml |  9 +++++++++
 3 files changed, 15 insertions(+), 18 deletions(-)
 create mode 100644 roles/nfs_server/files/exports

diff --git a/playbooks/nas.yml b/playbooks/nas.yml
index f7372ae..cb65fe3 100644
--- a/playbooks/nas.yml
+++ b/playbooks/nas.yml
@@ -39,21 +39,3 @@
     - nfs_server
     - role: keytab
       keytab_principals: "nfs/{{ inventory_hostname }}@FOO.SH"
-
-  tasks:
-    - name: Copy exports file
-      ansible.builtin.copy:
-        dest: /etc/exports
-        content: |
-          /export/home   172.20.20.0/22(rw,root_squash,secure,sec=krb5p) \
-                         172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
-                         @nfsclients-rw(rw,root_squash,secure) \
-                         @nfsclients-ro(ro,root_squash,secure)
-          /export/roles  172.20.20.0/22(rw,root_squash,secure,sec=krb5p) \
-                         172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
-                         @nfsclients-rw(rw,root_squash,secure) \
-                         @nfsclients-ro(ro,root_squash,secure)
-        mode: "0644"
-        owner: root
-        group: "{{ ansible_wheel }}"
-      notify: Restart nfs-server
diff --git a/roles/nfs_server/files/exports b/roles/nfs_server/files/exports
new file mode 100644
index 0000000..51916e7
--- /dev/null
+++ b/roles/nfs_server/files/exports
@@ -0,0 +1,6 @@
+/export/home   @nfsclients-rw(rw,root_squash,secure,xprtsec=mtls,sec=sys) \
+               @nfsclients-ro(ro,root_squash,secure,xprtsec=mtls,sec=sys) \
+               @nfsclients-krb(rw,root_squash,secure,xprtsec=mtls,sec=krb5p)
+/export/roles  @nfsclients-rw(rw,root_squash,secure,xprtsec=mtls,sec=sys) \
+               @nfsclients-ro(ro,root_squash,secure,xprtsec=mtls,sec=sys) \
+               @nfsclients-krb(rw,root_squash,secure,xprtsec=mtls,sec=krb5p)
diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml
index c2ca5fd..8ac57b1 100644
--- a/roles/nfs_server/tasks/main.yml
+++ b/roles/nfs_server/tasks/main.yml
@@ -15,6 +15,15 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: Create exports
+  ansible.builtin.copy:
+    dest: /etc/exports
+    src: exports
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nfs-server
+
 - name: Install home/role autocreate scripts
   ansible.builtin.copy:
     dest: "/usr/local/sbin/{{ item }}"