mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-14 06:00:33 +03:00
Merge pull request #96844 from peterhoeg/m/nfs
nixos/nfsd: run rpc-statd as a normal user
This commit is contained in:
Peter Hoeg
GitHub
commit
42eebd7ade
2 changed files with 35 additions and 36 deletions
|
|
@ -8,6 +8,8 @@ let
|
||||||
|
|
||||||
exports = pkgs.writeText "exports" cfg.exports;
|
exports = pkgs.writeText "exports" cfg.exports;
|
||||||
|
|
||||||
|
rpcUser = "statd";
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
@ -140,36 +142,40 @@ in
|
||||||
|
|
||||||
environment.etc.exports.source = exports;
|
environment.etc.exports.source = exports;
|
||||||
|
|
||||||
systemd.services.nfs-server =
|
systemd.services.nfs-server = {
|
||||||
{ enable = true;
|
enable = true;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
preStart =
|
|
||||||
''
|
|
||||||
mkdir -p /var/lib/nfs/v4recovery
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.nfs-mountd =
|
systemd.services.nfs-mountd = {
|
||||||
{ enable = true;
|
enable = true;
|
||||||
restartTriggers = [ exports ];
|
restartTriggers = [ exports ];
|
||||||
|
|
||||||
preStart =
|
preStart = optionalString cfg.createMountPoints ''
|
||||||
''
|
|
||||||
mkdir -p /var/lib/nfs
|
|
||||||
|
|
||||||
${optionalString cfg.createMountPoints
|
|
||||||
''
|
|
||||||
# create export directories:
|
# create export directories:
|
||||||
# skip comments, take first col which may either be a quoted
|
# skip comments, take first col which may either be a quoted
|
||||||
# "foo bar" or just foo (-> man export)
|
# "foo bar" or just foo (-> man export)
|
||||||
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
|
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
|
||||||
| xargs -d '\n' mkdir -p
|
| xargs -d '\n' mkdir -p
|
||||||
''
|
|
||||||
}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# rpc-statd will drop privileges by changing user from root to the owner of
|
||||||
|
# /var/lib/nfs
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -"
|
||||||
|
] ++ map (e:
|
||||||
|
"d /var/lib/nfs/${e} 0755 root root - -"
|
||||||
|
) [ "recovery" "v4recovery" "sm" "sm.bak" ];
|
||||||
|
|
||||||
|
users = {
|
||||||
|
groups."${rpcUser}" = {};
|
||||||
|
users."${rpcUser}" = {
|
||||||
|
description = "NFS RPC user";
|
||||||
|
group = rpcUser;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -101,13 +101,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.rpc-statd =
|
systemd.services.rpc-statd =
|
||||||
{ restartTriggers = [ nfsConfFile ];
|
{ restartTriggers = [ nfsConfFile ]; };
|
||||||
|
|
||||||
preStart =
|
|
||||||
''
|
|
||||||
mkdir -p /var/lib/nfs/{sm,sm.bak}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue