A few beginner questions

Pumilio · June 4, 2022, 1:00pm

Hello Nix community,
I came across you through a post and am very enthusiastic about the concept of nix.
Accordingly, I wanted to integrate it into our company because we are just revising our infrastructure.

My boss was skeptical from the beginning and the difficulties I had with Nix has his interest against 0 dwindle what I find a pity.

Therefore, I wanted to ask here if I could be a little explained to my observations and problems that had / have to convince my boss but that we use Nixos.

The basic structure is always the same only the applications change always correspond We use Rootwebserver from Hetzner have this runs a self-installed Proxmox not the template from Hetzner.
In this Proxmos installation we create corresponding VM.
The goal of our test was to set up a mail server with roundcube and ssl connections.

The whole thing worked fine, except for a few small things.

1. the biggest problem which my boss has but I also see. Is to be an unreliable domain resolution, more precisely to have difficulties with the virtual network card.

How I come up with this guess.
◦ In order for us to get Nixos installed at all we had to put a nameserver in etc/resolv.conf as well as ip for card etc.
I see as not bad, since it is in the installation and there Nix probably simply still that can not yet read properly, vllt it was also due to the minimal installation in combination with the VM.
◦ In the process, we had then already determined that ipv6 does not work and we have adjusted our setting accordingly from.
from: networking.nameserver = [ “8.8.8.8” ]
to networking.nameserver = [ “8.8.8.8” " " 2001:4860:4860::8888" ]
With this setting Nixos also runs very well, mailserver runs sends email as wanted etc.
◦ Now however the disturbing why Nixos is rejected. After some time 2-3 days we perform a reboot, after this reboot nix can no longer process ipv4 properly.
We get only in info host is not reachable.
Neither a new reboot nor a rebuild fixes the problem, so that it runs again, I save on the virtual network card around and change version from Intel to Realtek or vmswitch etc. and reboot again and again so that nixos this correctly and at some point then suddenly the ipv4 resolution works again without problems.
If someone here could give me approaches or has the puzzle solution I would be very open. Observed we have that with nix os 21.11 we have now on nixos 22.05 geupdate and will continue to observe it.
2nd difficulty, roundcube did not want to work with minimal settings on ssl correspond I have had in nixos config, several setting which I commented out with #.
Nixos then writes to the roundcube settings file on rebuild. config.inc.php , problem that arises Nixos convert # not to //. Which is why all settings were always active, which worked with different settings than expected, until I found this out, several hours went by.
Is this intentional, bug or wanted, do I have to make sure that I comment out doubles (# //) in other packages in the future ?
If this is a bug where do I report it to nix because it happens during rebuild or to package creator because his parameter passes it wrong ?
3. my current problem i have is that roundcube doesn’t want to send email. But via normal client it works. My guess is somewhere in the certificates between server and roundcube application.
I would like to debug this, but I can’t find a log.
That’s the question how do you go schematically in Nixos on the search for wrong setting?
4. and the last with the update to 22.05 I get with rebbuild that an obsolete function is used, I looked in my settings but did not find this so it is used somewhere in a subproject, how can I find out which package uses the obsolete function here ?

About answers also to single points I would be pleased very much, gladly one can take up also by PN contact If the explanation or solution ansetze the forum would blow up.
I hope we manage to convince my boss and that my optimism was not in vain

Sandro · June 4, 2022, 4:05pm

NixOS uses journalctl for almost everything.

You probably need to find the nix file and see whats going on there.

--show-trace should give you a better idea from where that is happening.

Either dhcpd is acting up or you interfaces are not configured correct. You can rerun nixos-generate-config in another directory to get a new configuration.nix and hardware-configuration.nix file. If you do that with working network interfaces then you should be able to see what the correct settings for interfaces should be.

Extraction from one hetzner server I have

  networking = {
    interfaces.ens3 = {
      ipv4.addresses = [
        { address = "X.X.X.X"; prefixLength = 32; }
      ];
      ipv6.addresses = [
        { address = "XX:X:X:X"; prefixLength = 64; }
      ];
    };
    defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
    defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
  };
};

See also https://docs.hetzner.com/cloud/servers/static-configuration/

Could be a bug but I don’t know roundcube well enough to know that.

rgoulter · June 4, 2022, 5:46pm

You tried NixOS, ran into problems that you didn’t face with non-NixOS, and you weren’t able to resolve those problems. – Those are some fairly compelling downsides to consider regarding whether to adopt NixOS (even if the problems aren’t specific to NixOS).

Rather, change is risky. You wouldn’t want to adopt a new tool that’s harder to fix when things don’t work. You wouldn’t want to adopt a tool that’s harder to use without significant benefits that alleviate problems you’re facing.

TLATER · June 4, 2022, 5:57pm

To add to @Sandro 's answer, you’re looking for journalctl --pager-end --catalog --unit phpfpm-roundcube or journalctl --pager-end --catalog --unit roundcube-setup.

If you’re not sure what the name of the unit is, there are a few ways (but guessing often works, and using tab for completion can really help):

systemctl status will show you all running services, you might be able to spot it there.
journalctl --pager-end --catalog without a unit will show the whole log for everything happening, scrolling through there will almost certainly contain the name of the service you’re looking for.
Most service files live in /etc/systemd/system, the file names are the names of the units.
You can search for systemd.services the source code for your module, which is how I got the two unit names for roundcube, they are here and here.

It’s worth getting familiar with the various systemd tools, they underpin the function of practically all Linux distributions out there these days.

Sandro · June 4, 2022, 6:30pm

The fact that most other distros do not have any configuration management that is easily usable at all means you need to use something else. IMO Ansible, Chef, etc have the same traps and pitfalls if you don’t know them.

PS You can do configuration through Debian packages but I have no been able to build one yet with the official upstream tooling or patch software with a deb package and I consider myself an advanced user that should be able to do that.

Pumilio · June 5, 2022, 3:00pm

Thank you for the many an quick answers,
They have already brought me much further and I’m still testing and implementing.
For some things I have but already clearly more insights which I would like to share with you and ask for further feedback.

Roundcube now stand out the ngixn settings are not yet fit in the connection with ssl TLS, in addition, my boss and I have presented that we currently so not active it would be directly an improvement to the predecessor.

The much interesting problem with the network I have also come further.
I proceed with the following assumptions:

ProxmosHost works without problems, otherwise the other VMs running there would have the same problems.
My configuration is correct, otherwise it would not work at all. Who would like to convince itself of it this here is it.

#ip4 Config
#####
networking.interfaces.enp6s18.ipv4.address = [ {
  address = "<ipv4>";
  prefixLength = 27;
}];
networking.defaultGateway = "<ipv4-Gateway>";
networking.nameserver = [ "8.8.8.8" "2001:4860:4860::8888" ]
#ipv6
#######
networking.interfaces.enp6s18.ipv6.address = [ {
  address = "<ipv6>";
  prefixLength = 64;
}];
networking.defaultGateway6 = {
	Address = "<ipv6-Gateway>";
      interfaces = "enp6s18";
};

###
networking.useDHCP = false;
netwokring.interfaces.enp6s18.useDHCP = true;

I know it’s an unkind code, please have a look as it’s meant to be broken.

What I could observe now is.
I do a reboot → ping ipv4 / domain → v4 does not work → I check the service everything okay → I restart the service → ping ipv4 / domain → everything works.
For this the screenshots.

My guess is that there is a problem with the order between the network service and the DNS service.
This would explain why a subsequent restart of the network fixes the problem, a rebuild does the same if there are changes.
Or is there another explanation?

Edit:Oh, I almost forgot --show-trace is not working. I don’t get any output where I can search for the obsolete function.
Probably it is because of the introduction of the configuration, but I am not sure.

{config, pkgs, lin, ...}
with lib;
let releas = "nixos-21-11";

in { imports = [ ...]; ..... 
}

Pumilio · July 15, 2022, 10:03pm

Push
@Sandro do you have any idea why this is the case with the service ?

Sandro · July 16, 2022, 12:13am

no, not really. You can probably add a a systemd dependency on networking though.

misuzu · July 16, 2022, 7:05pm

You should probably remove this.

Pumilio · July 20, 2022, 11:18pm

@Sandro Thank you very much for your support even if you did not have any further tips.

@misuzu Thank you that was the solution. Although I was convinced that I had already tested it. Can’t see the wood for the trees

And to all the others who participated also a big thank you

We are now going into the long term test with Nixos and hope to use it in the future.