Conversation
6bc88d7 to
1c3ebc2
Compare
Package requested in NixOS#122208
Service definition for logiops, which was requested in NixOS#122208.
1c3ebc2 to
15d7e69
Compare
aanderse
left a comment
There was a problem hiding this comment.
Looking good. Just a few minor points you might want to consider.
| Restart = "on-failure"; | ||
| }; | ||
| wantedBy = [ "multi-user.target" ]; | ||
| restartTriggers = [ pkgs.logiops ]; |
There was a problem hiding this comment.
This is redundant. Maybe you wanted cfg.extraConfig here, but I'm not sure.
There was a problem hiding this comment.
Is it redundant because I'm already referencing the package in the ExecStart line?
Restarting on cfg.extraConfig is a good idea, as a user I would expect changes to the config to take effect once I've rebuilt NixOS (currently it doesn't).
There was a problem hiding this comment.
Exactly! You understand perfectly now 👍
| }; | ||
|
|
||
| config = mkIf cfg.enable { | ||
| systemd.services.logiops = { |
There was a problem hiding this comment.
I think you should reuse the upstream systemd unit and then customize it. If you're not familiar how to do that please feel free to ask questions and I can go over in detail. From a high level you just add the package to systemd.packages and that will include any units in the resulting system. From there you can add customizations as needed. Be sure to keep the wantedBy directive because NixOS can't parse that out of upstream units.
You'll also want to patch the location of /usr/bin/kill in the upstream unit.
There was a problem hiding this comment.
I must admit I haven't the foggiest clue how I would reuse the upstream systemd unit and then customize it, but I agree that it is a better approach. I am very keen to learn, though!
Initially, my derivation wouldn't build because the upstream unit file installation failed, so I looked around nixpkgs for what other packages had done and found this: https://github.com/NixOS/nixpkgs/blob/85784a66c8848de93c6ee3d0fb47ec425491f404/pkgs/servers/monitoring/icinga2/no-systemd-service.patch, and I copied that approach. Specifically, when I don't apply my CMake patch, the error I get is:
…
[ 93%] Building CXX object src/logid/CMakeFiles/logid.dir/util/worker_thread.cpp.o
[ 95%] Building CXX object src/logid/CMakeFiles/logid.dir/util/task.cpp.o
[ 96%] Building CXX object src/logid/CMakeFiles/logid.dir/util/thread.cpp.o
[ 98%] Building CXX object src/logid/CMakeFiles/logid.dir/util/ExceptionHandler.cpp.o
[100%] Linking CXX executable ../../logid
[100%] Built target logid
installing
install flags: SHELL=/nix/store/xvvgw9sb8wk6d2c0j3ybn7sll67s3s4z-bash-4.4-p23/bin/bash install
[100%] Built target logid
Install the project...
-- Install configuration: "Release"
-- Installing: /nix/store/vi59a2gy74cg81vd2smk920jiqz36nvl-logiops-0.2.3/bin/logid
CMake Error at src/logid/cmake_install.cmake:70 (file):
file cannot create directory:
/nix/store/71lqc2a8cslg4wxj6ypla7gvflphjhn0-systemd-247.6/lib/systemd/system.
Maybe need administrative privileges.
Call Stack (most recent call first):
cmake_install.cmake:47 (include)
make: *** [Makefile:105: install] Error 1
builder for '/nix/store/hjxy35w6xkwb5hivml15y9m7kwng0x90-logiops-0.2.3.drv' failed with exit code 2
cannot build derivation '/nix/store/diz9yg8vxxaisfdisiqxhpm5fazsx8pf-unit-logiops.service.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/x88mi1xav2csv6n5nzdf4xwc9hl8gj2f-system-units.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/i6s5n1700gcq8xlqxwj57cfabh3h74rn-etc.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/67l36cbh1gfxnh2xig67y3v5hmwm37dv-nixos-system-monarch-21.05.2549.a1007637cea.drv': 1 dependencies couldn't be built
error: build of '/nix/store/67l36cbh1gfxnh2xig67y3v5hmwm37dv-nixos-system-monarch-21.05.2549.a1007637cea.drv' failed
There was a problem hiding this comment.
@zeorin this looks like a "bug" (intended feature which was never properly implemented?) from upstream to me:
If you set the value of SYSTEMD_SERVICES_INSTALL_DIR then upstream doesn't do install the .service file, which seems wrong.
I would propose that you create a PR upstream to fix this with the following commit: https://github.com/aanderse/logiops/commit/c723d0fb6bcc647ee35fe3eeb728e21ba93e1c90
I tested the above commit with this commit on top of your PR in nixpkgs and it all built as expected with the desired outcome: https://github.com/zeorin/nixpkgs/compare/feature/logiops-init...aanderse:logiops?expand=1
Let me know if you have any questions or need a hand on this.
| serviceConfig = { | ||
| Type = "simple"; | ||
| ExecStart = "${pkgs.logiops}/bin/logid"; | ||
| User = "root"; |
There was a problem hiding this comment.
Hi, I've also been tooling around with writing a service for logiops and I found out how to get around running the service as root. This is my config so far:
services.udev.extraRules = ''
KERNEL=="uinput", GROUP="input", MODE:="0660", OPTIONS+="static_node=uinput"
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="046d", MODE="0660", GROUP="input"
'';
And in the service:
DynamicUser = true;
SupplementaryGroups = "input";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateMounts = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
Which seems to be working, as far as the Systemd restrictions go. Any thoughts?
|
Any news on that? |
Supersedes NixOS#124158 since it seems dead and things have changed[0]. This is a follow up on my NixOS#165936. [0] https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
|
I want this too... What is the blocker? |
|
Tentatively closing this since it hasn't been updated since the package itself landed in #165936. Happy to reopen if I'm overstepping. (That said, the draft PR #167388 covers the service/config component of this, and ckiee@094fd26 suggests that there are acute reasons to prefer helping land that approach over reheating this one?) |
Motivation for this change
logiopswas requested in #122208.Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)To do
The service definition doesn't really specify any options, other than
enableandextraConfig.@hawkw, you mentioned that you'd started on a config for this. Would you like to contribute that to this module?
There's also the accepted settings RFC to consider. I think that the
libconfig-style configs would lend themselves well to this approach, but there doesn't seem to be a parser yet for this in nixpkgs. I had started on this approach before just usingextraConfig. The code for that is still in the file, commented out. This should be removed before submitting the PR.