Ah, I think the makefile is trying to set capabilities in the nix store directory.
That's exactly it. https://github.com/loki-project/loki-network/blob/master/CMakeLists.txt#L305

Nope, can't set those capabilities no matter what it seems.
If anyone has any ideas, I'd appreciate it.

Presumably you want to run this as a systemd service. Modify the Makefile to get rid of that line and then add the capabilities to the systemd service in a NixOS module.

After a quick scan of the Makefile you may want to review some of the options available. For example:

https://github.com/loki-project/loki-network/blob/47109c4191d9230f7a9a9472a23101694bb215da/CMakeLists.txt#L31

I did want to make this as a systemd service, but from what I could tell from the readme, it's to not be run as root, and I think it's meant to be run as the user.

Also no need to get rid of the line in the makefile or cmakelists, just remove libcap and it doesn't show up.

If the program allows running as a dedicated non root user you can use something like serviceConfig.AmbientCapabilities = [ "cap_net_admin" ...

I'm not familiar with the program though, so I'm not sure what they intend.

Also this does not build with WARNINGS_AS_ERRORS=ON, since there's some shadowed variables, so I don't think I should enable that.

The service has some issues building in a vm, not sure what's wrong.
value is a boolean while a set was expected, at /mnt/hdd1/home/okina/Documents/Development/nixpkgs/lib/modules.nix:219:25
Seems to be only for the bool and int options, I have no idea what I'm missing.

Okay, some new problems.
This is relatively new territory for me.

building Nix...
building the system configuration...
error: evaluation aborted with the following error message: 'generators.mkValueStringDefault: attrsets not supported: { "_type" = "if"; "condition" = false; "content" = "/var/lib/lokinet/log"; }'
(use '--show-trace' to show detailed location information)

Fixed that problem, but now the lokinet service just doesn't want to start, something about a logic error, that seems to indicate an issue with the code?

Sorry I've been swamped with a few things lately. I'll try to checkout your branch and look through when I get a chance but in the meantime can you possibly attach the output log including the error? Maybe something will jump out at me.

No problem at all, no rush here. ^^
I would, but the error was so ambiguous anyway it wouldn't have mattered, and it was also in a virtual machine.
Maybe in a few hours when I have time, I'll take a screenshot of it.

It's a bit late, sorry about that. Image was clean and newly generated, of course.

Got all that fixed, but there's yet another issue.
Lokinet cannot use /dev/net/tun unless it's as the root user, regardless of combinations of capabilities and other things.
I'm at a loss, not sure what to do.

https://github.com/loki-project/loki-network/blob/master/readme.md#running-on-linux

DO NOT RUN AS ROOT, run as normal user. This requires the binary to have the proper setcaps set by make install on the binary.

If following upstream instructions isn't working (I also had an error when I tried) I bet if you file an issue or use any support mediums they have upstream can probably help you out. If you open an issue link here and we can all work through the problem together.

Is there a way to run this in its current form? Perhaps manually, without the systemd service?

you may want to bump the version for lokinet to 0.8.0 when that is tagged as the 0.5.x and 0.6.x do not work on the network currently, only 0.7.x function at the moment and we are pretty close to tagging 0.8.0.

Only problems left are the [ exitAuth blacklistSnode upstream addNode ] options, because they don't support lists or something.

cc @aanderse

@Chiiruno I'm sorry but due to some RL obligations I've been very busy lately and I'm having trouble finding the time to sit down and familiarize myself with this PR again, because of the size. If @infinisil is not able to review it at this time maybe we could ping the marvin bot to find a capable reviewer.

I marked this as stale due to inactivity. → More info

#175335