@elitak, thanks for your PR! By analyzing the history of the files in this pull request, we identified @kamilchm, @mguentner and @zimbatm to be potential reviewers.

cc @mguentner

LGTM, besides the issue with fuse that @fpletz mentioned

We already have quite some repetition in the service module. This should be replaced with one abstract ipfs service from which the concrete services derive their character (systemd.services.ipfs-offline systemd.services.ipfs-norouting systemd.services.ipfs etc.)

Edit: ⏫ at some point, not necessarily in this PR

The service is now execing /run/wrappers/bin/fusermount (which has the setuid root bit set), but it's still having some kind of privilege error. I'm having a real hard time figuring out what it is. Can someone have a look? I refactored as suggested.

Please see #28746 for an updated IPFS test. The current test is mostly useless \o/

Remove the # to test the autoMount feature: https://github.com/NixOS/nixpkgs/pull/28746/files#diff-5b094f3f9b39431503bfe48522a2adfdR27

please also check out this updated patch. However fusermount within ipfs still fails.

diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix
index 34bb6770ef..31aa7d475a 100644
--- a/nixos/modules/services/network-filesystems/ipfs.nix
+++ b/nixos/modules/services/network-filesystems/ipfs.nix
@@ -41,8 +41,8 @@ let
       ipfs --local config Addresses.Gateway ${cfg.gatewayAddress}
     '' + optionalString cfg.autoMount ''
       ipfs --local config Mounts.FuseAllowOther --json true
-      mkdir -p $(ipfs --local config Mounts.IPFS)
-      mkdir -p $(ipfs --local config Mounts.IPNS)
+      ipfs --local config Mounts.IPFS ${cfg.ipfsMountDir}
+      ipfs --local config Mounts.IPNS ${cfg.ipnsMountDir}
     '' + concatStringsSep "\n" (collect
           isString
           (mapAttrsRecursive
@@ -110,6 +110,18 @@ in {
         description = "Whether IPFS should try to mount /ipfs and /ipns at startup.";
       };
 
+      ipfsMountDir = mkOption {
+        type = types.str;
+        default = "/ipfs";
+        description = "Where to mount the IPFS namespace to";
+      };
+
+      ipnsMountDir = mkOption {
+        type = types.str;
+        default = "/ipns";
+        description = "Where to mount the IPNS namespace to";
+      };
+
       gatewayAddress = mkOption {
         type = types.str;
         default = "/ip4/127.0.0.1/tcp/8080";
@@ -203,6 +215,9 @@ in {
 
       preStart = ''
         install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
+      '' + optionalString cfg.autoMount ''
+        install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.ipfsMountDir}
+        install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.ipnsMountDir}
       '';
       script = ''
         if [[ ! -f ${cfg.dataDir}/config ]]; then

I realize the autoMount is still broken for non-root users. I've straced both invocations and can't figure out why, even though the setuid root wrapper is being used. I'm just going to remove it if nobody else wants to help me figure out how to get it to work. I'll incorporate the 2 mountpoint options you suggest but leave them commented out, for the time being.

We'll merge this in the current state to get it into 17.09. You can always PR fixes to enable the autoMount option. Thanks!

Okay, thanks.

@mguentner, please mention me if you manage to figure out why the wrapped fusermount isn't working.

Sure thing. I tried it until I figured out that unless I actually start debugging IPFS, I won't find out.
Maybe insert some debug output into the go(o)? code^^

FYI, from the strace(1) man page:

Programs that use the setuid bit do not have effective user ID privileges while being traced.

Oh I hadn't thought of the setuid/strace interaction, but it makes sense.

The problem with adding debug code is that I have to redownload the entire set of dependencies for all of ipfs every time, because the way the build works is the hash is computed over the entire set (and the fuse mount code is a dep) and there's no opportunity during the build for patching, unless I'm overlooking that feature in gx. On top of that, for each change of a dep, I need to patch the code, then replace the old ipfs hash with the newly computed one. It's totally maladapted to Nix.

You can see what I mean here: elitak@04b0200

That sed command needs to be adjusted to find and replace the new hash of the patched dep each time I make a change. Am I missing an obviously better way?

Not only does this make debugging extremely tedious, but it's pretty important we have a simpler way to patch things build with gx downstream for compatibility purposes.

After writing all that, I realize I should just be debugging from a nix-shell environment, probably. Anyway, I'm just venting so as to explain why I likely won't be trying to fix the fuse mount permissions problem for a while.

Turns out I needed just 1 line in /etc/fuse.conf, which is not ideal, but probably clean enough for now. I'm still not sure why the setuid wrapper isn't working, since needing user_allow_other is evidence that fusermount is not running as root.

@mguentner can you try #29133 and the tests you wrote for it?