From eae4943afa0f5cb15a7d68d046c67de9c463fde5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 30 Oct 2023 12:12:59 +0100
Subject: [PATCH] man: add docs for new storagetm service

---
 man/rules/meson.build             |   1 +
 man/systemd-storagetm.service.xml | 104 ++++++++++++++++++++++++++++++
 man/systemd.special.xml           |  13 ++++
 3 files changed, 118 insertions(+)
 create mode 100644 man/systemd-storagetm.service.xml

diff --git a/man/rules/meson.build b/man/rules/meson.build
index 525bea94fd4..45a1780fb2c 100644
--- a/man/rules/meson.build
+++ b/man/rules/meson.build
@@ -1045,6 +1045,7 @@ manpages = [
  ['systemd-socket-proxyd', '8', [], ''],
  ['systemd-soft-reboot.service', '8', [], ''],
  ['systemd-stdio-bridge', '1', [], ''],
+ ['systemd-storagetm.service', '8', ['systemd-storagetm'], 'ENABLE_STORAGETM'],
  ['systemd-stub',
   '7',
   ['linuxaa64.efi.stub', 'linuxia32.efi.stub', 'linuxx64.efi.stub', 'sd-stub'],
diff --git a/man/systemd-storagetm.service.xml b/man/systemd-storagetm.service.xml
new file mode 100644
index 00000000000..4fa79587370
--- /dev/null
+++ b/man/systemd-storagetm.service.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+<refentry id="systemd-storagetm.service" conditional='ENABLE_STORAGETM'
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>systemd-storagetm.service</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-storagetm.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-storagetm.service</refname>
+    <refname>systemd-storagetm</refname>
+    <refpurpose>Exposes all local block devices as NVMe-TCP mass storage devices</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>systemd-storagetm.service</filename></para>
+
+    <cmdsynopsis>
+      <command>/usr/lib/systemd/systemd-storagetm</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
+      <arg choice="opt"><replaceable>DEVICE</replaceable></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><filename>systemd-storagetm.service</filename> is a service that exposes all local block devices as
+    NVMe-TCP mass storage devices. Its primary use-case is to be invoked by the
+    <filename>storage-target-mode.target</filename> unit that can be booted into.</para>
+
+    <para>Warning: the NVMe disks are currently exposed without authentication or encryption, in read/write
+    mode. This means network peers may read from and write to the device without any restrictions. This
+    functionality should hence only be used in a local setup.</para>
+
+    <para>Note that to function properly networking must be configured too. The recommended mechanism to boot
+    into a storage target mode is by adding <literal>rd.systemd.unit=storage-target-mode.target
+    ip=link-local</literal> on the kernel command line. Note that <literal>ip=link-local</literal> only
+    configures link-local IP, i.e. IPv4LL and IPv6LL, which means non-routable addresses. This is done for
+    security reasons, so that only systems on the local link can access the devices. Use
+    <literal>ip=dhcp</literal> to assign routable addresses too. For further details see
+    <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+    <para>Unless the <option>--all</option> switch is used expects one or more block devices or regular files to expose
+    via NVMe-TCP as argument.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Options</title>
+
+    <para>The following options are understood:</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><option>--nqn=</option></term>
+        <listitem><para>Takes a string. If specified configures the NVMe Qualified Name to use for the
+        exposed NVMe-TCP mass storage devices. The NQN should follow the syntax described in <ulink
+        url="https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0c-2022.10.04-Ratified.pdf">NVM
+        Express Base Specification 2.0c</ulink>, section 4.5 "NVMe Qualified Names". Note that the NQN
+        specified here will be suffixed with a dot and the the block device name before it is exposed on the
+        NVMe target. If not specified defaults to
+        <literal>nqn.2023-10.io.systemd:storagetm.<replaceable>ID</replaceable></literal>, where ID is
+        replaced by a 128bit ID derived from
+        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--all</option></term>
+        <term><option>-a</option></term>
+
+        <listitem><para>If specified exposes all local block devices via NVMe-TCP, current and future
+        (i.e. it watches block devices come and go and updates the NVMe-TCP list as needed). Note that by
+        default any block devices that originate on the same block device as the block device backing the
+        current root file system are excluded. If the switch is specified twice this safety mechanism is
+        disabled.</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+      <xi:include href="standard-options.xml" xpointer="help" />
+      <xi:include href="standard-options.xml" xpointer="version" />
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 1d1796154ed..8acad5c83ef 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -83,6 +83,7 @@
     <filename>sockets.target</filename>,
     <filename>soft-reboot.target</filename>,
     <filename>sound.target</filename>,
+    <filename>storage-target-mode.target</filename>,
     <filename>suspend.target</filename>,
     <filename>swap.target</filename>,
     <filename>sysinit.target</filename>,
@@ -767,6 +768,18 @@
             <xi:include href="version-info.xml" xpointer="v254"/>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term><filename>storage-target-mode.target</filename></term>
+          <listitem>
+            <para>A special target unit that can be booted into that selects the "Storage Target Mode" for
+            the OS. In this mode all local storage disks are exposed to external systems as block
+            devices. This invokes
+            <citerefentry><refentrytitle>systemd-storagetm.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+            which exposes all local disks as NVMe-TCP devices for access over the network. It might as well
+            invoke other services too that make local disks available via other mechanisms.</para>
+            <xi:include href="version-info.xml" xpointer="v255"/>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term><filename>suspend.target</filename></term>
           <listitem>
-- 
2.47.3