Skip to content

cntlm service: cleanup non working config options #26578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 15, 2017
Merged

cntlm service: cleanup non working config options #26578

merged 1 commit into from
Jun 15, 2017
+83 −71

Conversation

bachp
Copy link
Member

@bachp bachp commented Jun 14, 2017

Motivation for this change

The current module configs were not working correctly.

  • extraConfig was not working
  • add possibility to add cntlm.conf in verbatime form
  • correctly create the cntlm user with it's uid
  • add no proxy option
Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@mention-bot
Copy link

@bachp, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @qknight and @ehmry to be potential reviewers.

joachifm
joachifm reviewed Jun 14, 2017
View reviewed changes
nixos/modules/services/networking/cntlm.nix Outdated
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
uid = config.ids.uids.cntlm;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the alternative?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is it intended to accomplish?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no need to hard-code uids; if none is provided, the system allocates one upon activation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the goal of the uid list then? I always thought it was to make the system reproducible. But from a service point of view there is no need for a hard coded url.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It permits referring to a user before the uid/name mapping is established and helps improve data portability (between NixOS hosts). If the service doesn't generate any interesting data and you don't need to refer to its user by uid, a static mapping is just clutter.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation. I change the PR to create the user as system user without a fixed uid.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this is a generic comment; I don't know anything about cntlm in particular. It's not as if you can't use static uids, just that there should be a considered reason for it :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No the service really just runs as a proxy and doesn't produce any data. I can't think of a reason it needs a static uid. I was just not aware of the best practice.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the problem with automatically allocated UIDs/GIDs is that once they are freed they are instantly reused by other dynamically allocated services. there is no smart allocation strategy as round robin or similar yet which means that sometimes newly created users can access data from deceased users.

@bachp
cntlm service: cleanup non working config options

Unverified

The committer email address is not verified.
Learn about vigilant mode
fafb0c4 
- extraConfig was not working
- add possibility to add cntlm.conf in verbatime form
- create cntlm user as system user
- add no proxy option
@qknight qknight merged commit c980232 into NixOS:master Jun 15, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joachifm joachifm

@qknight qknight

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bachp @mention-bot @joachifm @qknight