From 538e558f48d111f46c86489eed87aff2791c0226 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <v@cunat.cz>
Date: Thu, 10 Sep 2020 21:22:01 +0200
Subject: Revert "Merge #96844: nixos/nfsd: run rpc-statd as a normal user"

This reverts commit 42eebd7adef51b36c597753b3aaf6347864d176e, reversing
changes made to b169bfc9e2c981a46680c53343258d90be6f6d9f.

This breaks nfs3.simple test and even current PR #97656 wouldn't fix it.
Therefore let's revert for now to unblock the channels.
---
 .../modules/services/network-filesystems/nfsd.nix  | 60 ++++++++++------------
 1 file changed, 27 insertions(+), 33 deletions(-)

(limited to 'nixos/modules/services/network-filesystems')

diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix
index 398ef73449f..1b62bfa8203 100644
--- a/nixos/modules/services/network-filesystems/nfsd.nix
+++ b/nixos/modules/services/network-filesystems/nfsd.nix
@@ -8,8 +8,6 @@ let
 
   exports = pkgs.writeText "exports" cfg.exports;
 
-  rpcUser = "statd";
-
 in
 
 {
@@ -142,40 +140,36 @@ in
 
     environment.etc.exports.source = exports;
 
-    systemd.services.nfs-server = {
-      enable = true;
-      wantedBy = [ "multi-user.target" ];
-    };
+    systemd.services.nfs-server =
+      { enable = true;
+        wantedBy = [ "multi-user.target" ];
 
-    systemd.services.nfs-mountd = {
-      enable = true;
-      restartTriggers = [ exports ];
-
-      preStart = optionalString cfg.createMountPoints ''
-        # create export directories:
-        # skip comments, take first col which may either be a quoted
-        # "foo bar" or just foo (-> man export)
-        sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
-        | xargs -d '\n' mkdir -p
-      '';
-    };
+        preStart =
+          ''
+            mkdir -p /var/lib/nfs/v4recovery
+          '';
+      };
 
-    # rpc-statd will drop privileges by changing user from root to the owner of
-    # /var/lib/nfs
-    systemd.tmpfiles.rules = [
-      "d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -"
-    ] ++ map (e:
-      "d /var/lib/nfs/${e} 0755 root root - -"
-    ) [ "recovery" "v4recovery" "sm" "sm.bak" ];
-
-    users = {
-      groups."${rpcUser}" = {};
-      users."${rpcUser}" = {
-        description = "NFS RPC user";
-        group = rpcUser;
-        isSystemUser = true;
+    systemd.services.nfs-mountd =
+      { enable = true;
+        restartTriggers = [ exports ];
+
+        preStart =
+          ''
+            mkdir -p /var/lib/nfs
+
+            ${optionalString cfg.createMountPoints
+              ''
+                # create export directories:
+                # skip comments, take first col which may either be a quoted
+                # "foo bar" or just foo (-> man export)
+                sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
+                | xargs -d '\n' mkdir -p
+              ''
+            }
+          '';
       };
-    };
+
   };
 
 }
-- 
cgit 1.4.1