kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Revert "nixos/dhcpd: switch to DynamicUser"

Browse Source
main
Vladimír Čunát 3 years ago committed by GitHub
parent c1792db42d
commit 0e5dab9db7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 50 additions and 45 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 95
      nixos/modules/services/networking/dhcpd.nix

95
nixos/modules/services/networking/dhcpd.nix
Unescape View File

@ -28,45 +28,38 @@ let
}
'';
dhcpdService = postfix: cfg:
let
configFile =
if cfg.configFile != null
then cfg.configFile
else writeConfig cfg;
leaseFile = "/var/lib/dhcpd${postfix}/dhcpd.leases";
args = [
"@${pkgs.dhcp}/sbin/dhcpd" "dhcpd${postfix}" "-${postfix}"
"-pf" "/run/dhcpd${postfix}/dhcpd.pid"
"-cf" configFile
"-lf" leaseFile
] ++ cfg.extraFlags
++ cfg.interfaces;
in
optionalAttrs cfg.enable {
"dhcpd${postfix}" = {
description = "DHCPv${postfix} server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = "touch ${leaseFile}";
serviceConfig = {
ExecStart = concatMapStringsSep " " escapeShellArg args;
Type = "forking";
Restart = "always";
DynamicUser = true;
User = "dhcpd";
Group = "dhcpd";
AmbientCapabilities = [
"CAP_NET_RAW" # to send ICMP messages
"CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
];
StateDirectory = "dhcpd${postfix}";
RuntimeDirectory = "dhcpd${postfix}";
PIDFile = "/run/dhcpd${postfix}/dhcpd.pid";
};
dhcpdService = postfix: cfg: optionalAttrs cfg.enable {
"dhcpd${postfix}" = {
description = "DHCPv${postfix} server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -m 755 -p ${cfg.stateDir}
chown dhcpd:nogroup ${cfg.stateDir}
touch ${cfg.stateDir}/dhcpd.leases
'';
serviceConfig =
let
configFile = if cfg.configFile != null then cfg.configFile else writeConfig cfg;
args = [ "@${pkgs.dhcp}/sbin/dhcpd" "dhcpd${postfix}" "-${postfix}"
"-pf" "/run/dhcpd${postfix}/dhcpd.pid"
"-cf" "${configFile}"
"-lf" "${cfg.stateDir}/dhcpd.leases"
"-user" "dhcpd" "-group" "nogroup"
] ++ cfg.extraFlags
++ cfg.interfaces;
in {
ExecStart = concatMapStringsSep " " escapeShellArg args;
Type = "forking";
Restart = "always";
RuntimeDirectory = [ "dhcpd${postfix}" ];
PIDFile = "/run/dhcpd${postfix}/dhcpd.pid";
};
};
};
};
machineOpts = { ... }: {
@ -109,6 +102,15 @@ let
'';
};
stateDir = mkOption {
type = types.path;
# We use /var/lib/dhcp for DHCPv4 to save backwards compatibility.
default = "/var/lib/dhcp${if postfix == "4" then "" else postfix}";
description = ''
State directory for the DHCP server.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -192,13 +194,7 @@ in
imports = [
(mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ])
] ++ flip map [ "4" "6" ] (postfix:
mkRemovedOptionModule [ "services" "dhcpd${postfix}" "stateDir" ] ''
The DHCP server state directory is now managed with the systemd's DynamicUser mechanism.
This means the directory is named after the service (dhcpd${postfix}), created under
/var/lib/private/ and symlinked to /var/lib/.
''
);
];
###### interface
@ -214,6 +210,15 @@ in
config = mkIf (cfg4.enable || cfg6.enable) {
users = {
users.dhcpd = {
isSystemUser = true;
group = "dhcpd";
description = "DHCP daemon user";
};
groups.dhcpd = {};
};
systemd.services = dhcpdService "4" cfg4 // dhcpdService "6" cfg6;
};

Write Preview
Loading…
Cancel
Save