kenjim/appa-net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zet.home.arpa: document all services and SSL/nginx setup

Browse Source 
- Server overview (README.md) with services, storage, and network summary
- Storage layout with disk/fstab/mount details (storage.md)
- Service docs: Samba, NFS, Squid, Pi-hole (with DHCP/split-DNS notes)
- Let's Encrypt cert via acme.sh + GoDaddy DNS-01 (ssl/)
- nginx SSL reverse proxy config and virtual host guide (nginx/)
- Pi-hole moved to port 8081; split DNS overrides documented for both
  Pi-hole and pfSense Unbound to avoid hairpin NAT issues

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Kenji M
2026-06-19 14:37:04 +00:00
parent 060219d161
commit 7c4c786e7b
10 changed files with 948 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
zet.home.arpa/nfs/README.md Normal file
View File

@@ -0,0 +1,61 @@
# NFS — zet.home.arpa
NFSv4 file server exporting bulk storage to LAN clients.
## Overview
| Field | Value |
|-------|-------|
| **Package** | `nfs-kernel-server` (Ubuntu) |
| **Config** | `/etc/exports` |
| **Services** | `nfs-server`, `nfs-mountd`, `nfs-idmapd`, `rpcbind`, `rpc-statd` |
| **Port** | 2049/tcp+udp |
## Exports
| Path | Clients | Options |
|------|---------|---------|
| `/data/hsgt10a` | `172.27.0.0/24` | `rw,sync,no_subtree_check` |
### `/etc/exports`
```
/data/hsgt10a 172.27.0.0/24(rw,sync,no_subtree_check)
```
> **Warning**: The current `/etc/exports` on the server has a space between `172.27.0.0/24` and `(rw,sync,...)`.
> A space causes the options to apply to `*` (world) rather than the specified subnet — this is a security misconfiguration.
> The correct syntax has **no space** before the parenthesis:
> ```
> /data/hsgt10a 172.27.0.0/24(rw,sync,no_subtree_check)
> ```
> Fix and reload: `sudo exportfs -ra`
## Service Management
```bash
sudo systemctl status nfs-server
sudo systemctl restart nfs-server
sudo exportfs -v # show active exports
sudo exportfs -ra # reload /etc/exports without restarting
showmount -e 172.27.0.35 # list exports (run from client)
```
## Mounting from a Client
```bash
# Temporary mount
sudo mount -t nfs 172.27.0.35:/data/hsgt10a /mnt/hsgt10a
# Permanent — add to client's /etc/fstab:
172.27.0.35:/data/hsgt10a /mnt/hsgt10a nfs defaults,_netdev 0 0
```
## Migration Notes
To move NFS to a new server:
1. Install: `sudo apt install nfs-kernel-server`
2. Copy `/etc/exports` (fix the space issue above before copying)
3. Ensure `/data/hsgt10a` is mounted on the new host
4. Enable and start: `sudo systemctl enable --now nfs-server`
5. Update any client `/etc/fstab` entries to point to the new server IP