soju.service

[Unit]
Description=soju IRC bouncer service
After=network.target

[Service]
Type=simple
DynamicUser=yes
StateDirectory=soju
LogsDirectory=soju
ConfigurationDirectory=soju
Restart=always
ExecStart=/usr/bin/soju --config /etc/soju/config
ExecReload=/bin/kill -HUP $MAINPID

# TLS
RuntimeDirectory=soju
LoadCredential=key.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/privkey.pem
LoadCredential=cert.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/fullchain.pem
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/cert.pem /run/soju/cert.pem

# in the soju config file, you can then have:
#
# tls /run/soju/cert.pem /run/soju/key.pem
#

[Install]
WantedBy=multi-user.target

Hi, I'm the guest irc user who asked about soju tls config files.

● soju.service - soju IRC bouncer service
     Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-02-10 14:10:01 UTC; 1s ago
    Process: 870620 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem ${$RUNTIME_DIRECTORY}/key.pem (code=exited, status=226/NAMESPACE)
        CPU: 5ms

Feb 10 14:10:01 proxy.aog.link systemd[1]: Starting soju IRC bouncer service...
Feb 10 14:10:01 proxy.aog.link systemd[870620]: soju.service: Failed to set up mount namespacing: /run/systemd/unit-root/run/credentials/soju.service: No such file o>
Feb 10 14:10:01 proxy.aog.link systemd[870620]: soju.service: Failed at step NAMESPACE spawning ln: No such file or directory
Feb 10 14:10:01 proxy.aog.link systemd[1]: soju.service: Control process exited, code=exited, status=226/NAMESPACE
Feb 10 14:10:01 proxy.aog.link systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 10 14:10:01 proxy.aog.link systemd[1]: Failed to start soju IRC bouncer service.```

won't work for me, you have any idea?

what is the systemd version?

also ${$RUNTIME_DIRECTORY} doesn't look correct

systemctl --version

systemd 247 (247.3-6)

Process: 871978 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem ${RUNTIME_DIRECTORY}/key.pem (code=exited, status=226/NAMESPACE)

I'd guess it's a systemd bug in that version
systemd/systemd#19604 (comment)

I see, solution would be to not use a dynamic user and make a user for the service?

don't think I can upgrade systemd w/o reboot

or, if it's a Selinux based distribution, try disabling it. People have reported selinux stopping the Credentials= support

I get this

× soju.service - soju IRC bouncer service
     Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-02-21 21:14:50 UTC; 1s ago
    Process: 2808 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem (code=exited, status=238/STATE_DIRECTORY)
        CPU: 2ms

Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Scheduled restart job, restart counter is at 5.
Feb 21 21:14:50 goblinbeach systemd[1]: Stopped soju IRC bouncer service.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Start request repeated too quickly.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 21 21:14:50 goblinbeach systemd[1]: Failed to start soju IRC bouncer service.

db@goblinbeach:~$ systemd --version
systemd 250 (250.3-2)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified