| 8 Jul 2025 |
 hexa | diff --git a/nixos/modules/services/networking/kea.nix b/nixos/modules/services/networking/kea.nix
index 6e0af62425a4..e55e7aa101c0 100644
--- a/nixos/modules/services/networking/kea.nix
+++ b/nixos/modules/services/networking/kea.nix
@@ -277,7 +277,7 @@ in
User = "kea";
ConfigurationDirectory = "kea";
RuntimeDirectory = "kea";
- RuntimeDirectoryMode = "750";
+ RuntimeDirectoryMode = "0750";
RuntimeDirectoryPreserve = true;
StateDirectory = "kea";
UMask = "0077";
| 23:51:46 |
| hexa | * diff --git a/nixos/modules/services/networking/kea.nix b/nixos/modules/services/networking/kea.nix
index 6e0af62425a4..e55e7aa101c0 100644
--- a/nixos/modules/services/networking/kea.nix
+++ b/nixos/modules/services/networking/kea.nix
@@ -277,7 +277,7 @@ in
User = "kea";
ConfigurationDirectory = "kea";
RuntimeDirectory = "kea";
- RuntimeDirectoryMode = "750";
+ RuntimeDirectoryMode = "0750";
RuntimeDirectoryPreserve = true;
StateDirectory = "kea";
UMask = "0077";
| 23:51:50 |
 Zhaofeng Li | I tried this, same thing | 23:51:54 |
| hexa | Zhaofeng Li: does this work for you? | 23:51:57 |
| Zhaofeng Li | * I tried adding a preceding 0, same thing | 23:52:01 |
| hexa | lol, the test did complete here | 23:52:05 |
| hexa | shoot me | 23:52:06 |
| Zhaofeng Li | how?? | 23:52:31 |
| hexa | let me rebase and retry | 23:52:55 |
| Zhaofeng Li | stashed everything and only added the preceding 0, did not succeed (permission error) | 23:55:30 |
| Zhaofeng Li | maybe it's some race and it will sometimes succeed | 23:55:44 |
| Zhaofeng Li | looks like this really isn't a good idea after all: https://github.com/systemd/systemd/issues/5394 | 23:57:45 |
| Zhaofeng Li | maybe let's just give kea a UID and call it a day 🫠| 23:58:20 |
| Zhaofeng Li | * looks like having multiple DynamicUser= services sharing the same RuntimeDirectory= isn't a good idea after all: https://github.com/systemd/systemd/issues/5394 | 23:58:43 |
| 9 Jul 2025 |
| Zhaofeng Li | * looks like having multiple ~~DynamicUser=~~ services sharing the same RuntimeDirectory= isn't a good idea after all: https://github.com/systemd/systemd/issues/5394
Edit: I think sharing RuntimeDirectory just isn't supported, even with static User=s
| 00:11:59 |
| hexa | ok yeah, right | 00:26:22 |
| hexa | can't repro the sucess anymore | 00:26:28 |
| hexa | wild | 00:26:32 |
| Zhaofeng Li | maybe we can just... uh, chmod before starting the actual daemon 🫠| 00:27:01 |
| Zhaofeng Li | but a more fundamental issue is that what we are doing isn't really supported, looking at the systemd issues | 00:28:02 |
| hexa | it's funny that it used to work and now only the ownership is off | 00:28:32 |
| hexa | * it's funny that it used to work and now only the permissions are off | 00:28:41 |
| hexa | what even? | 00:28:43 |
| hexa | the issue with moving creating non-shared runtime dirs is that its breaking for the socket-path option | 00:37:49 |
| hexa | well, I can probably keep /run/kea alive with a static user | 00:38:23 |
| hexa | with tmpfiles, right? | 00:38:49 |
| Zhaofeng Li | actually it's not that easy | 00:39:09 |
| Zhaofeng Li | because there is state in /var/lib/private/kea | 00:39:22 |
| hexa | i remember systemd migrating state between dynamicuser=true/false | 00:39:47 |
| Zhaofeng Li | oh really? | 00:40:06 |
