diff options
| author | Vladimír Čunát <v@cunat.cz> | 2020-09-10 21:22:01 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2020-09-10 21:31:35 +0200 |
| commit | 538e558f48d111f46c86489eed87aff2791c0226 (patch) | |
| tree | dacf3370755f4531a8181c255a8badf77ed08fb5 /nixos/modules/services/network-filesystems | |
| parent | ee55841b22aa6ac5454f27d1a9be71afe2b70fc7 (diff) | |
| download | nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar.gz nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar.bz2 nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar.lz nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar.xz nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.tar.zst nixpkgs-538e558f48d111f46c86489eed87aff2791c0226.zip | |
Revert "Merge #96844: nixos/nfsd: run rpc-statd as a normal user"
This reverts commit 42eebd7adef51b36c597753b3aaf6347864d176e, reversing changes made to b169bfc9e2c981a46680c53343258d90be6f6d9f. This breaks nfs3.simple test and even current PR #97656 wouldn't fix it. Therefore let's revert for now to unblock the channels.
Diffstat (limited to 'nixos/modules/services/network-filesystems')
| -rw-r--r-- | nixos/modules/services/network-filesystems/nfsd.nix | 60 |
1 files changed, 27 insertions, 33 deletions
diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index 398ef73449f..1b62bfa8203 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -8,8 +8,6 @@ let exports = pkgs.writeText "exports" cfg.exports; - rpcUser = "statd"; - in { @@ -142,40 +140,36 @@ in environment.etc.exports.source = exports; - systemd.services.nfs-server = { - enable = true; - wantedBy = [ "multi-user.target" ]; - }; + systemd.services.nfs-server = + { enable = true; + wantedBy = [ "multi-user.target" ]; - systemd.services.nfs-mountd = { - enable = true; - restartTriggers = [ exports ]; - - preStart = optionalString cfg.createMountPoints '' - # create export directories: - # skip comments, take first col which may either be a quoted - # "foo bar" or just foo (-> man export) - sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \ - | xargs -d '\n' mkdir -p - ''; - }; + preStart = + '' + mkdir -p /var/lib/nfs/v4recovery + ''; + }; - # rpc-statd will drop privileges by changing user from root to the owner of - # /var/lib/nfs - systemd.tmpfiles.rules = [ - "d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -" - ] ++ map (e: - "d /var/lib/nfs/${e} 0755 root root - -" - ) [ "recovery" "v4recovery" "sm" "sm.bak" ]; - - users = { - groups."${rpcUser}" = {}; - users."${rpcUser}" = { - description = "NFS RPC user"; - group = rpcUser; - isSystemUser = true; + systemd.services.nfs-mountd = + { enable = true; + restartTriggers = [ exports ]; + + preStart = + '' + mkdir -p /var/lib/nfs + + ${optionalString cfg.createMountPoints + '' + # create export directories: + # skip comments, take first col which may either be a quoted + # "foo bar" or just foo (-> man export) + sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \ + | xargs -d '\n' mkdir -p + '' + } + ''; }; - }; + }; } |