This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=soju IRC bouncer service | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| DynamicUser=yes | |
| StateDirectory=soju | |
| LogsDirectory=soju | |
| ConfigurationDirectory=soju | |
| Restart=always | |
| ExecStart=/usr/bin/soju --config /etc/soju/config | |
| ExecReload=/bin/kill -HUP $MAINPID | |
| # TLS | |
| RuntimeDirectory=soju | |
| LoadCredential=key.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/privkey.pem | |
| LoadCredential=cert.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/fullchain.pem | |
| ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem | |
| ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/cert.pem /run/soju/cert.pem | |
| # in the soju config file, you can then have: | |
| # | |
| # tls /run/soju/cert.pem /run/soju/key.pem | |
| # | |
| [Install] | |
| WantedBy=multi-user.target |
systemctl --version
systemd 247 (247.3-6)
Process: 871978 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem ${RUNTIME_DIRECTORY}/key.pem (code=exited, status=226/NAMESPACE)
I'd guess it's a systemd bug in that version
systemd/systemd#19604 (comment)
I see, solution would be to not use a dynamic user and make a user for the service?
don't think I can upgrade systemd w/o reboot
or, if it's a Selinux based distribution, try disabling it. People have reported selinux stopping the Credentials= support
I get this
× soju.service - soju IRC bouncer service
Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-02-21 21:14:50 UTC; 1s ago
Process: 2808 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem (code=exited, status=238/STATE_DIRECTORY)
CPU: 2ms
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Scheduled restart job, restart counter is at 5.
Feb 21 21:14:50 goblinbeach systemd[1]: Stopped soju IRC bouncer service.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Start request repeated too quickly.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 21 21:14:50 goblinbeach systemd[1]: Failed to start soju IRC bouncer service.
db@goblinbeach:~$ systemd --version
systemd 250 (250.3-2)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
what is the systemd version?
also
${$RUNTIME_DIRECTORY}doesn't look correct