How to start systemd services provided by packages installed through `nix` on an alien distro?

Fineness9214 · November 7, 2022, 1:40am

I am on Debain 11. I use home-manager to install and manage apps.

But the app I installed needs a systemd service to be started.

Trying to start using sudo systemctl start service or systemctl --user start service doesn’t work. Obviously because it’s in a different location. So how can I start it?

The app I want to run is cloudflare-warp.
It creates a VPN of sorts to encrypt internet traffic on my system.
Will installing this app through nix encrypt internet traffic for my whole system or only apps in nix setup?

The systemd file is located in

/nix/store/<cloudflare-warp>/lib/systemd/system/warp-svc.service

$ cat lib/systemd/system/warp-svc.service
[Unit]
Description=Cloudflare Zero Trust Client Daemon
After=pre-network.target

[Service]
Type=simple
ExecStart=/nix/store/w1m15pzzpp3fm8i3c8kyyyc1l3cy6fx6-cloudflare-warp-2022.8.936/bin/warp-svc
DynamicUser=no
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE
StateDirectory=cloudflare-warp
RuntimeDirectory=cloudflare-warp
LogsDirectory=cloudflare-warp
Restart=always

[Install]
WantedBy=multi-user.target

teh · November 7, 2022, 2:52pm

You can copy the .service file to /etc/systemd/system/ and then run systemctl daemon-reload

Atemu · November 7, 2022, 9:58pm

That could lead to unexpected breakage after the next update and gc.

I’ve never used a setup like this but you could create an environment via nix-env that has the service and its etc dir in it and then symlink the unit file from there. This way you can update this managed nix-env as expected.

aanderse · November 7, 2022, 10:56pm

Better yet SYSTEMD_UNIT_PATH. I’ve done this before, at least for user units, and it works really well.

Fineness9214 · November 10, 2022, 3:06pm

nix-env solution seems more interesting; I will test the feasibility of the solution suggesting soon.

Fineness9214 · November 11, 2022, 3:01am

Is this option anyway related to the issue?

Home Manager has an option to automatically set some environment variables that will ease usage of software installed with nix on non-NixOS linux (fixing local issues, settings XDG_DATA_DIRS, etc.):

targets.genericLinux.enable = true;

When I included in my home.nix it even said “Activating reloadSystemd” but nothing happened.

Fineness9214 · December 11, 2022, 7:08am

First one need to create a service file for cloudflare-warp. For inspiration and guidance look at the services directory on the home-manager repo.

For example look at easyeffects.nix:

[...]
    systemd.user.services.easyeffects = {
      Unit = {
        Description = "Easyeffects daemon";
        Requires = [ "dbus.service" ];
        After = [ "graphical-session-pre.target" ];
        PartOf = [ "graphical-session.target" "pipewire.service" ];
      };

      Install.WantedBy = [ "graphical-session.target" ];

      Service = {
        ExecStart =
          "${pkgs.easyeffects}/bin/easyeffects --gapplication-service ${presetOpts}";
        ExecStop = "${pkgs.easyeffects}/bin/easyeffects --quit";
        Restart = "on-failure";
        RestartSec = 5;
      };
    };
[...]

Unfortunately there isn’t one for cloudflare-warp and I am not knowledgeable enough to create on myself (let me know if you do). So I use the app by other means.*

But if there is one it will work like this:

cloudflare-warp needs to be installed as a service like so in your home.nix:

services.cloudflare-warp.enable = true;

and after you switch your configuration:

home-manager switch

you will see a prompt letting you know how to start the systemd service.

*A quick solution for now would be:

$ sudo which(warp-svc)

# on another terminal

$ warp-cli register #for first time
$ warp-cli connect