#!/bin/bash

# 配置变量
NFS_ROOT="/data/k3s_storage"
SUBNET="192.168.1.0/24" # 允许访问的网段

echo "🚀 开始配置 NFS 服务器..."

# 1. 检测操作系统并安装依赖
if [ -f /etc/debian_version ]; then
    # Ubuntu/Debian
    apt-get update
    apt-get install -y nfs-kernel-server
elif [ -f /etc/redhat-release ]; then
    # CentOS/RHEL
    yum install -y nfs-utils rpcbind
else
    echo "❌ 未识别的操作系统，请手动安装 nfs-utils"
    exit 1
fi

# 2. 创建共享目录
echo "📂 创建共享目录: $NFS_ROOT"
mkdir -p $NFS_ROOT
chmod 777 $NFS_ROOT # 为了 K8s 兼容性，简单粗暴给 777，生产环境建议配合 fsGroup

# 3. 配置 exports
echo "⚙️ 配置 /etc/exports..."
# 备份原有配置
cp /etc/exports /etc/exports.bak 2>/dev/null
# 写入新配置 (rw:读写, sync:同步写入, no_root_squash:不压缩root权限)
echo "$NFS_ROOT $SUBNET(rw,sync,no_root_squash,no_subtree_check)" > /etc/exports

# 4. 启动服务
echo "🔥 启动并启用 NFS 服务..."
if [ -f /etc/debian_version ]; then
    systemctl restart nfs-kernel-server
    systemctl enable nfs-kernel-server
else
    systemctl restart nfs-server
    systemctl enable nfs-server
fi

# 5. 配置防火墙 (如果开启了防火墙)
echo "🛡️ 配置防火墙放行..."
if command -v ufw &> /dev/null; then
    # Ubuntu UFW
    ufw allow from $SUBNET to any port 2049
elif command -v firewall-cmd &> /dev/null; then
    # CentOS Firewalld
    firewall-cmd --permanent --zone=public --add-service=nfs
    firewall-cmd --permanent --zone=public --add-service=mountd
    firewall-cmd --permanent --zone=public --add-service=rpc-bind
    firewall-cmd --reload
fi

echo "✅ NFS 服务器配置完成！"
echo "📝 共享目录: $NFS_ROOT"
echo "🔗 允许网段: $SUBNET"