New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/murmur: log to systemd journal, expose wrapper #50333
Conversation
instead of /var/log/murmur/murmurd.log. Achieved by having systemd run the daemon in foreground instead of letting it fork to background.
@GrahamcOfBorg test mumble |
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: tests.mumble Partial log (click to expand)
|
No attempt on x86_64-linux (full log) The following builds were skipped because they don't evaluate on x86_64-linux: tests.mumble Partial log (click to expand)
|
Seems like I don't have the required permissions to run the tests through ofBorg, and when I try to run the tests locally I get a kernel panic, which does not seem to be related to the tests themselves, though. Probably issues with my nested virtualization setup or something. |
@GrahamcOfBorg test mumble |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to completely ignore my request to remove PermissionsStartOnly = true;
... but it would be super awesome if you added an extra commit doing so! 😄
@@ -251,19 +273,13 @@ in | |||
after = [ "network-online.target "]; | |||
|
|||
serviceConfig = { | |||
Type = "forking"; | |||
Type = "simple"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simple is the default type so this isn't actually necessary.
Restart = "always"; | ||
User = "murmur"; | ||
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}"; | ||
ExecStart = "${cli-wrapper}/bin/murmurd-service -fg"; | ||
PermissionsStartOnly = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know #56265 isn't related to this PR at all... but would you be willing to do me a solid and remove PermissionsStartOnly = true;
in an extra commit here? It looks like the only other things to do would be to add StateDirectory = "murmur";
and remove the call to createHome = true;
and you would be good to go...
Since #38775 was merged, I guess this can be closed now? |
Motivation for this change
Everything I have on my server logs to systemd journal by default - except murmur.
This takes murmur in line with all other services by changing that.
On the very first start, murmur writes the password of the SuperUser into the log file.
To change this if desired or if that entry is not available anymore, this exposes a wrapper combining the binary and the service config file as the
murmurd-service
executable. (open to better naming propositions!).As long as it's in the journal, the initial SuperUser password is now readable for all users in the
journal
group instead ofroot
andmurmur
only. In case that group is not equal with the murmur administrators, the password can be changed with the new wrapper.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)