net/nats-server: improve rc.d

- Add nats to UIDs and GIDs
- Add extra commands for logrotate and 'lame duck mode'.

From the docs:

    In production we recommend that a server is shut down with "lame duck mode"
    as a graceful way to slowly evict clients. With large deployments this
    mitigates the "thundering herd" situation that will place CPU pressure on
    servers as TLS enabled clients reconnect.

    After entering lame duck mode, the server will stop accepting new
    connections, wait for a 10 second grace period, then begin to evict clients
    over a period of time configurable by the configuration option. This
    period defaults to 2 minutes.

GIDs

@@ -244,7 +244,7 @@ openvpn:*:301:
 netdata:*:302:
 onlyoffice:*:303:www
 glewlwyd:*:304:
-# free: 305
+nats:*:305:
 # free: 306
 # free: 307
 # free: 308

UIDs

@@ -249,7 +249,7 @@ openvpn:*:301:301::0:0:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin
 netdata:*:302:302::0:0:NetData Daemon:/var/cache/netdata:/usr/sbin/nologin
 onlyoffice:*:303:303::0:0:Onlyoffice pseudo-user:/usr/local/www/onlyoffice/documentserver:/usr/sbin/nologin
 glewlwyd:*:304:304::0:0:Glewlwyd SSO server:/nonexistent:/usr/sbin/nologin
-# free: 305
+nats:*:305:305::0:0:NATS Daemon:/nonexistent:/usr/sbin/nologin
 # free: 306
 # free: 307
 # free: 308

UPDATING

@@ -5,6 +5,14 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20220311:
+  AFFECTS: users of net/nats-server
+  AUTHOR: olgeni@FreeBSD.org
+
+  A dedicated 'nats' user was added, replacing 'nobody' in the startup script.
+  You should check your configuration and assign updated ownership to your data
+  files.
+
 20220227:
   AFFECTS: users of graphics/bmeps
   AUTHOR: takefu@airport.fm

net/nats-server/Makefile

@@ -1,6 +1,7 @@
 PORTNAME=	nats-server
 PORTVERSION=	2.7.3
 DISTVERSIONPREFIX=	v
+PORTREVISION=	1
 CATEGORIES=	net
 
 MAINTAINER=	olgeni@FreeBSD.org
@@ -26,6 +27,8 @@ GH_TUPLE=	golang:crypto:5e0467b6c7ce:golang_crypto/vendor/golang.org/x/crypto \
 		protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf
 
 USE_RC_SUBR=	nats.sh
+USERS=		nats
+GROUPS=		nats
 
 OPTIONS_DEFINE=	DOCS
 

net/nats-server/files/nats.sh.in

@@ -8,7 +8,8 @@
 #
 # nats_enable (bool):		Set it to "YES" to enable nats server.
 #				Default is "NO".
-# nats_user:			User name to run as. default "nobody"
+# nats_user:			User name to run as. default "nats"
+# nats_group:			Group name to run as. default "nats"
 # nats_options:			Options to pass nats server
 #
 
@@ -18,12 +19,26 @@ name=nats
 rcvar=`set_rcvar`
 
 load_rc_config ${name}
+
 : ${nats_enable:=NO}
-: ${nats_user:=nobody}
+: ${nats_user:=nats}
+: ${nats_group:=nats}
 : ${nats_options="-c %%PREFIX%%/etc/nats.conf"}
 
-command=/usr/sbin/daemon
+start_precmd=nats_start_precmd
+
+pidfile="/var/run/${name}.pid"
 procname=%%PREFIX%%/bin/nats-server
-command_args="${procname} ${nats_options}"
+command=/usr/sbin/daemon
+command_args="-p ${pidfile} ${procname} ${nats_options}"
+
+extra_commands="logrotate ldm"
+logrotate_cmd="${procname} --signal reopen=${pidfile}"
+ldm_cmd="${procname} --signal ldm=${pidfile}"
+
+nats_start_precmd()
+{
+    install -o ${nats_user} -g ${nats_group} /dev/null ${pidfile}
+}
 
 run_rc_command "$1"