Last active
February 21, 2022 21:15
-
-
Save gdamjan/099ce9df5f0f2ef0a4faab6f8018b038 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=soju IRC bouncer service | |
After=network.target | |
[Service] | |
Type=simple | |
DynamicUser=yes | |
StateDirectory=soju | |
LogsDirectory=soju | |
ConfigurationDirectory=soju | |
Restart=always | |
ExecStart=/usr/bin/soju --config /etc/soju/config | |
ExecReload=/bin/kill -HUP $MAINPID | |
# TLS | |
RuntimeDirectory=soju | |
LoadCredential=key.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/privkey.pem | |
LoadCredential=cert.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/fullchain.pem | |
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem | |
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/cert.pem /run/soju/cert.pem | |
# in the soju config file, you can then have: | |
# | |
# tls /run/soju/cert.pem /run/soju/key.pem | |
# | |
[Install] | |
WantedBy=multi-user.target |
lfaoro
commented
Feb 10, 2022
I'd guess it's a systemd bug in that version
systemd/systemd#19604 (comment)
I see, solution would be to not use a dynamic user and make a user for the service?
don't think I can upgrade systemd w/o reboot
or, if it's a Selinux based distribution, try disabling it. People have reported selinux stopping the Credentials= support
I get this
× soju.service - soju IRC bouncer service
Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-02-21 21:14:50 UTC; 1s ago
Process: 2808 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem (code=exited, status=238/STATE_DIRECTORY)
CPU: 2ms
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Scheduled restart job, restart counter is at 5.
Feb 21 21:14:50 goblinbeach systemd[1]: Stopped soju IRC bouncer service.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Start request repeated too quickly.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 21 21:14:50 goblinbeach systemd[1]: Failed to start soju IRC bouncer service.
db@goblinbeach:~$ systemd --version
systemd 250 (250.3-2)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment