Arch package has difficulties starting #916

Closed
opened 2025-08-01 23:21:52 +00:00 by nex · 6 comments
Owner

This is seemingly related to #867 - some users are reporting that their configuration files are not loading (manifesting as the server crashing on startup, complaining the server name isn't set). Further investigation is needed as to why this is.

Currently the workaround is to remove the LoadCredential and revert the CONTINUWUITY_CONFIG environment back to /etc/conduwuit/conduwuit.toml. Obviously if you rely on your config being encrypted by systemd, this won't work for you.

This is seemingly related to #867 - some users are reporting that their configuration files are not loading (manifesting as the server crashing on startup, complaining the server name isn't set). Further investigation is needed as to *why* this is. Currently the workaround is to remove the `LoadCredential` and revert the `CONTINUWUITY_CONFIG` environment back to `/etc/conduwuit/conduwuit.toml`. Obviously if you rely on your config being encrypted by systemd, this won't work for you.
nex added the
Bug
Meta/Packaging
Status
Confirmed
labels 2025-08-01 23:21:52 +00:00
nex added
Status
Needs Investigation
and removed
Status
Confirmed
labels 2025-08-03 02:53:26 +00:00
Author
Owner

confirmed -> needs investigation: haven't had chance to repro this myself so unsure if it's an arch or packaging issue

confirmed -> needs investigation: haven't had chance to repro this myself so unsure if it's an arch or packaging issue
Contributor

I actually ran into this yesterday. To solve the issue, I had to tweak the systemd service file.

### Editing /etc/systemd/system/continuwuity.service.d/override.conf
### Anything between here and the comment below will become the contents of the drop-in file

[Service]
#DynamicUser=no
#User=continuwuity
#Group=continuwuity

LoadCredential=config.toml:/etc/conduwuit/conduwuit.toml
Environment=CONDUWUIT_CONFIG=%d/config.toml
StateDirectory=continuwuity
StateDirectory=continuwuity_db
RuntimeDirectoryMode=0755

### Edits below this comment will be discarded

%d will expand to the credentials folder.

I haven't found a way to have the RocksDB directory be outside /var/lib/ without turning DynamicUser off (thats why I added the StateDirectory-ies).
The RuntimeDirectoryMode is to make the socket directory world-readable.

I actually ran into this yesterday. To solve the issue, I had to tweak the systemd service file. ``` ### Editing /etc/systemd/system/continuwuity.service.d/override.conf ### Anything between here and the comment below will become the contents of the drop-in file [Service] #DynamicUser=no #User=continuwuity #Group=continuwuity LoadCredential=config.toml:/etc/conduwuit/conduwuit.toml Environment=CONDUWUIT_CONFIG=%d/config.toml StateDirectory=continuwuity StateDirectory=continuwuity_db RuntimeDirectoryMode=0755 ### Edits below this comment will be discarded ``` `%d` will expand to the credentials folder. I haven't found a way to have the RocksDB directory be outside /var/lib/ without turning `DynamicUser` off (thats why I added the `StateDirectory`-ies). The `RuntimeDirectoryMode` is to make the socket directory world-readable.
Author
Owner

@Kimiblock Have you got any input on this? considering #867

@Kimiblock Have you got any input on this? considering #867
Contributor

Haven't seen that on AUR, no one is seemingly reporting anything.

I'll investigate further on this in hours. The service file is straight stolen from my own server so it should in theory work fine 🤔

Haven't seen that on AUR, no one is seemingly reporting anything. I'll investigate further on this in hours. The service file is straight stolen from my own server so it should in theory work fine 🤔
Contributor

So I just scanned the docs:

In order to reference the path a credential may be read from within a ExecStart= command line use "${CREDENTIALS_DIRECTORY}/mycred", e.g. "ExecStart=cat ${CREDENTIALS_DIRECTORY}/mycred". In order to reference the path a credential may be read from within a Environment= line use "%d/mycred", e.g. "Environment=MYCREDPATH=%d/mycred". For system services the path may also be referenced as "/run/credentials/UNITNAME" in cases where no interpolation is possible, e.g. configuration files of software that does not yet support credentials natively. $CREDENTIALS_DIRECTORY is considered the primary interface to look for credentials, though, since it also works for user services.

And yes it looks like we have to use %d to expand the credentials, maybe that was changed during recent releases.

So I just scanned the docs: ``` In order to reference the path a credential may be read from within a ExecStart= command line use "${CREDENTIALS_DIRECTORY}/mycred", e.g. "ExecStart=cat ${CREDENTIALS_DIRECTORY}/mycred". In order to reference the path a credential may be read from within a Environment= line use "%d/mycred", e.g. "Environment=MYCREDPATH=%d/mycred". For system services the path may also be referenced as "/run/credentials/UNITNAME" in cases where no interpolation is possible, e.g. configuration files of software that does not yet support credentials natively. $CREDENTIALS_DIRECTORY is considered the primary interface to look for credentials, though, since it also works for user services. ``` And yes it looks like we have to use %d to expand the credentials, maybe that was changed during recent releases.
Contributor

@ysidler wrote in #916 (comment):

I haven't found a way to have the RocksDB directory be outside /var/lib/ without turning DynamicUser off.

You can, by adding a bind-mount unit. It will be automatically activated because we have RequiresMountsFor set.

Here's a snippet of bash code to generate such bind unit: ./genBind <source> <dest>

#!/bin/bash

file="$(systemd-escape --path $2).mount"

echo "[Mount]" >"${file}"
echo "What=$1" >>"${file}"
echo "Where=$2" >>"${file}"
echo "Options=bind,noauto" >>"${file}"

echo "RequiresMountsFor=$2"
@ysidler wrote in https://forgejo.ellis.link/continuwuation/continuwuity/issues/916#issuecomment-17071: > I haven't found a way to have the RocksDB directory be outside /var/lib/ without turning `DynamicUser` off. You can, by adding a bind-mount unit. It will be automatically activated because we have `RequiresMountsFor` set. Here's a snippet of bash code to generate such bind unit: `./genBind <source> <dest>` ```bash #!/bin/bash file="$(systemd-escape --path $2).mount" echo "[Mount]" >"${file}" echo "What=$1" >>"${file}" echo "Where=$2" >>"${file}" echo "Options=bind,noauto" >>"${file}" echo "RequiresMountsFor=$2" ```
nex closed this issue 2025-08-07 15:55:46 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#916
No description provided.