override daemon setting for templated instances #101

pennae · 2025-12-15T21:38:08Z

pennae commented

2025-12-15 21:38:08 +00:00

this is necessary for socket activation of daemons connections.

cc @alois31

this is necessary for socket activation of daemons connections. cc @alois31

pennae added 1 commit

2025-12-15 21:38:09 +00:00

override daemon setting for templated instances

/ build (aarch64-linux) (pull_request) Failing after 8s

Details

/ build (x86_64-linux) (pull_request) Successful in 19s

Details

378b571249

this is necessary for socket activation of daemons connections.

pennae commented

2025-12-15 21:50:36 +00:00

we've tested this with https://gerrit.lix.systems/c/lix/+/4719 on our machines and it worked as expected. this should be sufficient for a while too, if we add any more socket we'll add them as named alternatives to the one socket unit we have now instead of adding more socket units

alois31 reviewed

2025-12-20 13:21:50 +00:00

module.nix Outdated

					
				@ -17,0 +41,4 @@

				        ExecStop = "/bin/sh -c :";

				      };

				    };

				    systemd.sockets.nix-daemon.partOf = [ "nix-daemon-socket-update.service" ];

Why is it needed to restart the socket unit when the nix.conf changes to begin with? Systemd doesn't read it, only the Lix it will spawn.

Why is it needed to restart the socket unit when the `nix.conf` changes to begin with? Systemd doesn't read it, only the Lix it will spawn.

preparation for the future. we'll want to set posix acls on daemon sockets in the near future. if we use ExecStartPost on the socket unit we need to trigger a restart of the socket unit somehow (which we do here), but we could also move the permission setting into an entirely separate service that is started by the socket unit and changes permissions when nix.conf changes. both have pros and cons, we chose this method because it'll let us drop the extra service once stc can restart socket units. we can also change it though, anything is fine as long as we can update socket acls when nix.conf changes

preparation for the future. we'll want to set posix acls on daemon sockets in the near future. if we use ExecStartPost on the socket unit we need to trigger a restart of the socket unit somehow (which we do here), but we could also move the permission setting into an entirely separate service that is started by the socket unit and changes permissions when `nix.conf` changes. both have pros and cons, we chose this method because it'll let us drop the extra service once stc can restart socket units. we can also change it though, anything is fine as long as we can update socket acls when `nix.conf` changes

No it's fine, just missed that the ACL service is going to happen after all. I will put something similar in the NixOS module then.

no, you make a good point actually. we should check whether the socket is deleted and recreated during restart, because that would be an avoidable service interruption. if it's deleted we should use the acl-setting service instead

should be good now. once we add acls we'll set lix-daemon-socket-permissions as wantedby/partof the actual socket and things should just work as expected

should be good now. once we add acls we'll set `lix-daemon-socket-permissions` as wantedby/partof the actual socket and things should just work as expected

Of course I cannot test a change like this, but it looks reasonable and inert for now. Do you think it would be reasonable (with respect to the timing, as I don't know about the plans) to ship a similar change in the NixOS module or should that wait for later?