Revert "Merge #96844: nixos/nfsd: run rpc-statd as a normal user"
This reverts commit42eebd7ade
, reversing changes made tob169bfc9e2
. This breaks nfs3.simple test and even current PR #97656 wouldn't fix it. Therefore let's revert for now to unblock the channels.
This commit is contained in:
parent
ee55841b22
commit
538e558f48
|
@ -8,8 +8,6 @@ let
|
||||||
|
|
||||||
exports = pkgs.writeText "exports" cfg.exports;
|
exports = pkgs.writeText "exports" cfg.exports;
|
||||||
|
|
||||||
rpcUser = "statd";
|
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -142,40 +140,36 @@ in
|
||||||
|
|
||||||
environment.etc.exports.source = exports;
|
environment.etc.exports.source = exports;
|
||||||
|
|
||||||
systemd.services.nfs-server = {
|
systemd.services.nfs-server =
|
||||||
enable = true;
|
{ enable = true;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.nfs-mountd = {
|
preStart =
|
||||||
enable = true;
|
''
|
||||||
restartTriggers = [ exports ];
|
mkdir -p /var/lib/nfs/v4recovery
|
||||||
|
'';
|
||||||
preStart = optionalString cfg.createMountPoints ''
|
|
||||||
# create export directories:
|
|
||||||
# skip comments, take first col which may either be a quoted
|
|
||||||
# "foo bar" or just foo (-> man export)
|
|
||||||
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
|
|
||||||
| xargs -d '\n' mkdir -p
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# rpc-statd will drop privileges by changing user from root to the owner of
|
|
||||||
# /var/lib/nfs
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -"
|
|
||||||
] ++ map (e:
|
|
||||||
"d /var/lib/nfs/${e} 0755 root root - -"
|
|
||||||
) [ "recovery" "v4recovery" "sm" "sm.bak" ];
|
|
||||||
|
|
||||||
users = {
|
|
||||||
groups."${rpcUser}" = {};
|
|
||||||
users."${rpcUser}" = {
|
|
||||||
description = "NFS RPC user";
|
|
||||||
group = rpcUser;
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
systemd.services.nfs-mountd =
|
||||||
|
{ enable = true;
|
||||||
|
restartTriggers = [ exports ];
|
||||||
|
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
|
mkdir -p /var/lib/nfs
|
||||||
|
|
||||||
|
${optionalString cfg.createMountPoints
|
||||||
|
''
|
||||||
|
# create export directories:
|
||||||
|
# skip comments, take first col which may either be a quoted
|
||||||
|
# "foo bar" or just foo (-> man export)
|
||||||
|
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
|
||||||
|
| xargs -d '\n' mkdir -p
|
||||||
|
''
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -101,6 +101,13 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.rpc-statd =
|
systemd.services.rpc-statd =
|
||||||
{ restartTriggers = [ nfsConfFile ]; };
|
{ restartTriggers = [ nfsConfFile ];
|
||||||
|
|
||||||
|
preStart =
|
||||||
|
''
|
||||||
|
mkdir -p /var/lib/nfs/{sm,sm.bak}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue