commit 5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge #152699: Revert "nixos/dhcpd: switch to DynamicUser"

A test got broken:
https://hydra.nixos.org/build/162575182
See GitHub discussion on the reverted PR.

Vladimír Čunát 4 years ago 5b091d4f c923ed07

+49 -44

1 changed file

expand all

unified split

nixos

modules

services

networking

dhcpd.nix

+49 -44

nixos/modules/services/networking/dhcpd.nix

··· 28 28 } 29 29 ''; 30 30 31 - dhcpdService = postfix: cfg: 32 - let 33 - configFile = 34 - if cfg.configFile != null 35 - then cfg.configFile 36 - else writeConfig cfg; 37 - leaseFile = "/var/lib/dhcpd${postfix}/dhcpd.leases"; 38 - args = [ 39 - "@${pkgs.dhcp}/sbin/dhcpd" "dhcpd${postfix}" "-${postfix}" 40 - "-pf" "/run/dhcpd${postfix}/dhcpd.pid" 41 - "-cf" configFile 42 - "-lf" leaseFile 43 - ] ++ cfg.extraFlags 44 - ++ cfg.interfaces; 45 - in 46 - optionalAttrs cfg.enable { 47 - "dhcpd${postfix}" = { 48 - description = "DHCPv${postfix} server"; 49 - wantedBy = [ "multi-user.target" ]; 50 - after = [ "network.target" ]; 31 + dhcpdService = postfix: cfg: optionalAttrs cfg.enable { 32 + "dhcpd${postfix}" = { 33 + description = "DHCPv${postfix} server"; 34 + wantedBy = [ "multi-user.target" ]; 35 + after = [ "network.target" ]; 36 + 37 + preStart = '' 38 + mkdir -m 755 -p ${cfg.stateDir} 39 + chown dhcpd:nogroup ${cfg.stateDir} 40 + touch ${cfg.stateDir}/dhcpd.leases 41 + ''; 42 + 43 + serviceConfig = 44 + let 45 + configFile = if cfg.configFile != null then cfg.configFile else writeConfig cfg; 46 + args = [ "@${pkgs.dhcp}/sbin/dhcpd" "dhcpd${postfix}" "-${postfix}" 47 + "-pf" "/run/dhcpd${postfix}/dhcpd.pid" 48 + "-cf" "${configFile}" 49 + "-lf" "${cfg.stateDir}/dhcpd.leases" 50 + "-user" "dhcpd" "-group" "nogroup" 51 + ] ++ cfg.extraFlags 52 + ++ cfg.interfaces; 51 53 52 - preStart = "touch ${leaseFile}"; 53 - serviceConfig = { 54 - ExecStart = concatMapStringsSep " " escapeShellArg args; 55 - Type = "forking"; 56 - Restart = "always"; 57 - DynamicUser = true; 58 - User = "dhcpd"; 59 - Group = "dhcpd"; 60 - AmbientCapabilities = [ 61 - "CAP_NET_RAW" # to send ICMP messages 62 - "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) 63 - ]; 64 - StateDirectory = "dhcpd${postfix}"; 65 - RuntimeDirectory = "dhcpd${postfix}"; 66 - PIDFile = "/run/dhcpd${postfix}/dhcpd.pid"; 67 - }; 54 + in { 55 + ExecStart = concatMapStringsSep " " escapeShellArg args; 56 + Type = "forking"; 57 + Restart = "always"; 58 + RuntimeDirectory = [ "dhcpd${postfix}" ]; 59 + PIDFile = "/run/dhcpd${postfix}/dhcpd.pid"; 68 60 }; 69 - }; 61 + }; 62 + }; 70 63 71 64 machineOpts = { ... }: { 72 65 ··· 106 99 default = false; 107 100 description = '' 108 101 Whether to enable the DHCPv${postfix} server. 102 + ''; 103 + }; 104 + 105 + stateDir = mkOption { 106 + type = types.path; 107 + # We use /var/lib/dhcp for DHCPv4 to save backwards compatibility. 108 + default = "/var/lib/dhcp${if postfix == "4" then "" else postfix}"; 109 + description = '' 110 + State directory for the DHCP server. 109 111 ''; 110 112 }; 111 113 ··· 192 194 193 195 imports = [ 194 196 (mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ]) 195 - ] ++ flip map [ "4" "6" ] (postfix: 196 - mkRemovedOptionModule [ "services" "dhcpd${postfix}" "stateDir" ] '' 197 - The DHCP server state directory is now managed with the systemd's DynamicUser mechanism. 198 - This means the directory is named after the service (dhcpd${postfix}), created under 199 - /var/lib/private/ and symlinked to /var/lib/. 200 - '' 201 - ); 197 + ]; 202 198 203 199 ###### interface 204 200 ··· 213 209 ###### implementation 214 210 215 211 config = mkIf (cfg4.enable || cfg6.enable) { 212 + 213 + users = { 214 + users.dhcpd = { 215 + isSystemUser = true; 216 + group = "dhcpd"; 217 + description = "DHCP daemon user"; 218 + }; 219 + groups.dhcpd = {}; 220 + }; 216 221 217 222 systemd.services = dhcpdService "4" cfg4 // dhcpdService "6" cfg6; 218 223