{ ... }: let # ports nfs3 = [ 111 4000 4001 4002 20048 ]; nfs4 = [ 2049 ]; iscsi = [ 3260 ]; tcpPorts = nfs3 ++ nfs4 ++ iscsi; udpPorts = nfs3; # --- # iscsi info nasBase = "iqn.2026-01.dev.nyxerinys:poseidon"; initiators = map ( name: { node_wwn = "iqn.2026-01.dev.nyxerinys:${name}"; mapped_luns = [ { index = 0; tpg_lun = 0; write_protect = false; } ]; }) [ "gamma" "delta" "epsilon" ]; # initiators = [ # { node_wwn = "iqn.2026-01.dev.nyxerinys:gamma"; } # { node_wwn = "iqn.2026-01.dev.nyxerinys:delta"; } # { node_wwn = "iqn.2026-01.dev.nyxerinys:epsilon"; } # ]; targets = [ { name = "authentik"; zvol = "Velaris/Containers/Authentik"; lun = 0; } ]; in { networking.firewall.allowedTCPPorts = tcpPorts; networking.firewall.allowedUDPPorts = udpPorts; fileSystems."/export/containers" = { device = "/Velaris/Containers"; options = [ "bind" ]; }; services = { nfs.server = { enable = true; createMountPoints = true; lockdPort = 4001; mountdPort = 4002; statdPort = 4000; exports = '' /export 10.5.0.0/24(rw,fsid=0,no_subtree_check,no_root_squash) /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash) ''; }; target = { enable = true; config = { storage_objects = map (t: { dev = "/dev/zvol/${t.zvol}"; name = t.name; plugin = "block"; wwn = "${nasBase}.${t.name}"; }) targets; targets = map (t: { fabric = "iscsi"; wwn = "${nasBase}.${t.name}"; tpgs = [{ enable = true; attributes = { authentication = 0; generate_node_acls = 0; }; portals = [ { ip_address = "0.0.0.0"; port = 3260; } ]; luns = [ { index = t.lun; plugin = "block"; name = t.name; } ]; node_acls = initiators; }]; }) targets; }; }; }; }