Last active
February 21, 2022 21:15
-
-
Save gdamjan/099ce9df5f0f2ef0a4faab6f8018b038 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=soju IRC bouncer service | |
After=network.target | |
[Service] | |
Type=simple | |
DynamicUser=yes | |
StateDirectory=soju | |
LogsDirectory=soju | |
ConfigurationDirectory=soju | |
Restart=always | |
ExecStart=/usr/bin/soju --config /etc/soju/config | |
ExecReload=/bin/kill -HUP $MAINPID | |
# TLS | |
RuntimeDirectory=soju | |
LoadCredential=key.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/privkey.pem | |
LoadCredential=cert.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/fullchain.pem | |
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem | |
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/cert.pem /run/soju/cert.pem | |
# in the soju config file, you can then have: | |
# | |
# tls /run/soju/cert.pem /run/soju/key.pem | |
# | |
[Install] | |
WantedBy=multi-user.target |
● soju.service - soju IRC bouncer service
Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2022-02-10 14:10:01 UTC; 1s ago
Process: 870620 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem ${$RUNTIME_DIRECTORY}/key.pem (code=exited, status=226/NAMESPACE)
CPU: 5ms
Feb 10 14:10:01 proxy.aog.link systemd[1]: Starting soju IRC bouncer service...
Feb 10 14:10:01 proxy.aog.link systemd[870620]: soju.service: Failed to set up mount namespacing: /run/systemd/unit-root/run/credentials/soju.service: No such file o>
Feb 10 14:10:01 proxy.aog.link systemd[870620]: soju.service: Failed at step NAMESPACE spawning ln: No such file or directory
Feb 10 14:10:01 proxy.aog.link systemd[1]: soju.service: Control process exited, code=exited, status=226/NAMESPACE
Feb 10 14:10:01 proxy.aog.link systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 10 14:10:01 proxy.aog.link systemd[1]: Failed to start soju IRC bouncer service.```
won't work for me, you have any idea?
what is the systemd version?
also ${$RUNTIME_DIRECTORY}
doesn't look correct
systemctl --version
systemd 247 (247.3-6)
Process: 871978 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem ${RUNTIME_DIRECTORY}/key.pem (code=exited, status=226/NAMESPACE)
I'd guess it's a systemd bug in that version
systemd/systemd#19604 (comment)
I see, solution would be to not use a dynamic user and make a user for the service?
don't think I can upgrade systemd w/o reboot
or, if it's a Selinux based distribution, try disabling it. People have reported selinux stopping the Credentials= support
I get this
× soju.service - soju IRC bouncer service
Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-02-21 21:14:50 UTC; 1s ago
Process: 2808 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem (code=exited, status=238/STATE_DIRECTORY)
CPU: 2ms
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Scheduled restart job, restart counter is at 5.
Feb 21 21:14:50 goblinbeach systemd[1]: Stopped soju IRC bouncer service.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Start request repeated too quickly.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 21 21:14:50 goblinbeach systemd[1]: Failed to start soju IRC bouncer service.
db@goblinbeach:~$ systemd --version
systemd 250 (250.3-2)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm the guest irc user who asked about soju tls config files.