Skip to content

Instantly share code, notes, and snippets.

@gdamjan
Last active February 21, 2022 21:15
Show Gist options
  • Save gdamjan/099ce9df5f0f2ef0a4faab6f8018b038 to your computer and use it in GitHub Desktop.
Save gdamjan/099ce9df5f0f2ef0a4faab6f8018b038 to your computer and use it in GitHub Desktop.
[Unit]
Description=soju IRC bouncer service
After=network.target
[Service]
Type=simple
DynamicUser=yes
StateDirectory=soju
LogsDirectory=soju
ConfigurationDirectory=soju
Restart=always
ExecStart=/usr/bin/soju --config /etc/soju/config
ExecReload=/bin/kill -HUP $MAINPID
# TLS
RuntimeDirectory=soju
LoadCredential=key.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/privkey.pem
LoadCredential=cert.pem:/etc/letsencrypt/live/irc.damjan.ie.mk/fullchain.pem
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem
ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/cert.pem /run/soju/cert.pem
# in the soju config file, you can then have:
#
# tls /run/soju/cert.pem /run/soju/key.pem
#
[Install]
WantedBy=multi-user.target
@gdamjan
Copy link
Author

gdamjan commented Feb 10, 2022

I'd guess it's a systemd bug in that version
systemd/systemd#19604 (comment)

@lfaoro
Copy link

lfaoro commented Feb 10, 2022

I see, solution would be to not use a dynamic user and make a user for the service?

@lfaoro
Copy link

lfaoro commented Feb 10, 2022

don't think I can upgrade systemd w/o reboot

@gdamjan
Copy link
Author

gdamjan commented Feb 10, 2022

or, if it's a Selinux based distribution, try disabling it. People have reported selinux stopping the Credentials= support

@minikN
Copy link

minikN commented Feb 21, 2022

I get this

× soju.service - soju IRC bouncer service
     Loaded: loaded (/etc/systemd/system/soju.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-02-21 21:14:50 UTC; 1s ago
    Process: 2808 ExecStartPre=ln -s ${CREDENTIALS_DIRECTORY}/key.pem /run/soju/key.pem (code=exited, status=238/STATE_DIRECTORY)
        CPU: 2ms

Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Scheduled restart job, restart counter is at 5.
Feb 21 21:14:50 goblinbeach systemd[1]: Stopped soju IRC bouncer service.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Start request repeated too quickly.
Feb 21 21:14:50 goblinbeach systemd[1]: soju.service: Failed with result 'exit-code'.
Feb 21 21:14:50 goblinbeach systemd[1]: Failed to start soju IRC bouncer service.
db@goblinbeach:~$ systemd --version
systemd 250 (250.3-2)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment