| 9 Jul 2025 |
 hexa (clat on linux when) | * so we hack around with chmod in prestart for now | 00:44:09 |
 Zhaofeng Li | yeah, looks like the least dramatic option, though not ideal | 00:45:06 |
| Zhaofeng Li | maybe we can migrate to a static user, but force everyone with stateVersion <= 25.11 to explicitly set stateDir to acknowledge the migration | 00:46:41 |
| Zhaofeng Li | * maybe we can migrate to a static user in unstable, but force everyone with stateVersion <= 25.11 to explicitly set stateDir to acknowledge the migration | 00:47:13 |
| hexa (clat on linux when) | diff --git a/nixos/modules/services/networking/kea.nix b/nixos/modules/services/networking/kea.nix
index 6e0af62425a4..6f815659f567 100644
--- a/nixos/modules/services/networking/kea.nix
+++ b/nixos/modules/services/networking/kea.nix
@@ -272,12 +272,13 @@ in
};
commonServiceConfig = {
- ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+ ExecStartPre = "${lib.getExe' pkgs.coreutils "chmod"} 0750 /run/kea";
+ ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
DynamicUser = true;
User = "kea";
ConfigurationDirectory = "kea";
RuntimeDirectory = "kea";
- RuntimeDirectoryMode = "750";
+ RuntimeDirectoryMode = "0750";
RuntimeDirectoryPreserve = true;
StateDirectory = "kea";
UMask = "0077";
| 00:47:46 |
| hexa (clat on linux when) | this change nothing | 00:47:56 |
| hexa (clat on linux when) | * this changes nothing | 00:48:38 |
| Zhaofeng Li | it seems racy... I added the chmod to script (not ExecStartPre) and it failed once but worked the next two tries? | 00:52:03 |
| Zhaofeng Li | what even is going on | 00:52:11 |
| hexa (clat on linux when) | can only be systemd doing this | 00:52:45 |
| Zhaofeng Li | this is beyond cursed | 00:54:40 |
| Zhaofeng Li | how about we patch kea to skip the permission check if NIXPKGS_HACK_ASSUME_THAT_THE_SOCKET_DIR_IS_PROTECTED_BY_SYSTEMD is set | 00:55:22 |
| hexa (clat on linux when) | but it isn't protected, it is 0755 😄 | 00:56:04 |
| hexa (clat on linux when) | * but it isn't protected, it is fucking 0755 😄 | 00:56:09 |
| Zhaofeng Li | /var/run/private is protected, right? | 00:57:42 |
| hexa (clat on linux when) | uhhh yeah | 00:58:46 |
| hexa (clat on linux when) | I think so | 00:58:54 |
| hexa (clat on linux when) | Zhaofeng Li: Restart = "on-failure" 🫣 | 01:14:38 |
| Zhaofeng Li | do we need to disable the start limit as well? | 01:15:32 |
| Zhaofeng Li | * do we need to disable the restart limit as well? | 01:16:32 |
| hexa (clat on linux when) | both services only failed once, so I don't think we do 😄 | 01:16:43 |
| Zhaofeng Li | * do we need to disable the restart limit as well? also Restart = "on-failure" should be the default? | 01:16:48 |
| hexa (clat on linux when) | yeah, they fail just the first time round | 01:17:28 |
| * hexa (clat on linux when) screams | 01:17:32 |
| Zhaofeng Li | * do we need to disable the restart limit as well? also Restart = "on-failure" should be the default? no, it isn't aaaa | 01:18:27 |
| Zhaofeng Li | theoretically there is still a chance that systemd will keep fighting against itself forever 🤓 | 01:19:59 |
|  alina arielle amelie🏳️⚧️🐾 changed their profile picture. | 21:01:32 |
| alina arielle amelie🏳️⚧️🐾 changed their display name from alina to alina arielle amelie🏳️⚧️🐾. | 21:02:18 |
| 10 Jul 2025 |
|  maciel310 joined the room. | 02:58:34 |
| maciel310 | Hey all, hoping someone might be able to help with an issue I'm hitting configuring VLANs. Use case is pretty simple, the only connection should be over the vlan, no untagged traffic or IP assigned. Following the docs (https://nixos.wiki/wiki/Systemd-networkd#VLAN) I came up with this systemd-networkd config, but pinging even local addresses returns unreachable. Any thoughts, or ideas on how to debug?
systemd.network = {
enable = true;
netdevs = {
"20-vlan30" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan30";
};
vlanConfig.Id = 30;
};
};
networks = {
"30-enp0s20f0u1u2" = {
matchConfig.Name = "enp0s20f0u1u2";
vlan = [ "vlan30" ];
networkConfig.LinkLocalAddressing = "no";
linkConfig.RequiredForOnline = "carrier";
};
"40-vlan30" = {
matchConfig.Name = "vlan30";
address = [ "192.168.30.7/24" ];
routes = [
{ Gateway = "192.168.30.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
};
};
| 04:43:33 |
