Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b169bfc9e2c9
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 42eebd7adef5
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Sep 7, 2020

  1. nixos/nfsd: run rpc-statd as a normal user

    @peterhoeg
    peterhoeg committed Sep 7, 2020
    Copy the full SHA
    d626441 View commit details

Commits on Sep 9, 2020

  1. Merge pull request #96844 from peterhoeg/m/nfs 

    nixos/nfsd: run rpc-statd as a normal user
    @peterhoeg
    peterhoeg authored Sep 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    42eebd7 View commit details
Showing with 34 additions and 35 deletions.
  1. +33 −27 nixos/modules/services/network-filesystems/nfsd.nix
  2. +1 −8 nixos/modules/tasks/filesystems/nfs.nix
60 changes: 33 additions & 27 deletions nixos/modules/services/network-filesystems/nfsd.nix
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,8 @@ let

exports = pkgs.writeText "exports" cfg.exports;

rpcUser = "statd";

in

{
@@ -140,36 +142,40 @@ in

environment.etc.exports.source = exports;

systemd.services.nfs-server =
{ enable = true;
wantedBy = [ "multi-user.target" ];
systemd.services.nfs-server = {
enable = true;
wantedBy = [ "multi-user.target" ];
};

preStart =
''
mkdir -p /var/lib/nfs/v4recovery
'';
};
systemd.services.nfs-mountd = {
enable = true;
restartTriggers = [ exports ];

preStart = optionalString cfg.createMountPoints ''
# create export directories:
# skip comments, take first col which may either be a quoted
# "foo bar" or just foo (-> man export)
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
| xargs -d '\n' mkdir -p
'';
};

systemd.services.nfs-mountd =
{ enable = true;
restartTriggers = [ exports ];

preStart =
''
mkdir -p /var/lib/nfs
${optionalString cfg.createMountPoints
''
# create export directories:
# skip comments, take first col which may either be a quoted
# "foo bar" or just foo (-> man export)
sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
| xargs -d '\n' mkdir -p
''
}
'';
# rpc-statd will drop privileges by changing user from root to the owner of
# /var/lib/nfs
systemd.tmpfiles.rules = [
"d /var/lib/nfs 0700 ${rpcUser} ${rpcUser} - -"
] ++ map (e:
"d /var/lib/nfs/${e} 0755 root root - -"
) [ "recovery" "v4recovery" "sm" "sm.bak" ];

users = {
groups."${rpcUser}" = {};
users."${rpcUser}" = {
description = "NFS RPC user";
group = rpcUser;
isSystemUser = true;
};

};
};

}
9 changes: 1 addition & 8 deletions nixos/modules/tasks/filesystems/nfs.nix
View file
Original file line number Diff line number Diff line change
@@ -101,13 +101,6 @@ in
};

systemd.services.rpc-statd =
{ restartTriggers = [ nfsConfFile ];

preStart =
''
mkdir -p /var/lib/nfs/{sm,sm.bak}
'';
};

{ restartTriggers = [ nfsConfFile ]; };
};
}