Kea DHCP server doesn't find configFile, refuses to start

kwinz · April 26, 2025, 2:25pm

Hi,

I want to use Kea DHCP v4 server. I chose to use the configFile approach for now istead of providing a config directly in the configuration.nix.

Part of my configuration.nix:

  services.kea.dhcp4 = {
    enable = true;
    configFile = "/home/john/my-dhcp/kea-dhcp4.conf";
  };

However when I try to switch to the new configuration starting the service fails with:

building the system configuration...
activating the configuration...
setting up /etc...
reloading user units for markus...
restarting sysinit-reactivation.target
warning: the following units failed: kea-dhcp4-server.service
× kea-dhcp4-server.service - Kea DHCP4 Server
     Loaded: loaded (/etc/systemd/system/kea-dhcp4-server.service; enabled; preset: ignored)
     Active: failed (Result: exit-code) since Sat 2025-04-26 16:13:17 CEST; 213ms ago
   Duration: 52ms
 Invocation: d28742515a2f40558235761d40fa3719
       Docs: man:kea-dhcp4(8)
             https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp4-srv.html
    Process: 3654 ExecStart=/nix/store/r3yss1239zgikhcgai8nn3mjy9sxbq9z-kea-2.6.1/bin/kea-dhcp4 -c /etc/kea/dhcp4-server.conf (code=exited, status=1/FAILURE)
   Main PID: 3654 (code=exited, status=1/FAILURE)
         IP: 0B in, 0B out
         IO: 0B read, 0B written
   Mem peak: 3M
        CPU: 39ms

Apr 26 16:13:17 nixos-dhcp systemd[1]: Started Kea DHCP4 Server.
Apr 26 16:13:17 nixos-dhcp kea-dhcp4[3654]: 2025-04-26 16:13:17.901 INFO  [kea-dhcp4.dhcp4/3654.139860041856192] DHCP4_STARTING Kea DHCPv4 server version 2.6.1 (stable) starting
Apr 26 16:13:17 nixos-dhcp kea-dhcp4[3654]: 2025-04-26 16:13:17.902 ERROR [kea-dhcp4.dhcp4/3654.139860041856192] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/dhcp4-server.conf, reason: Unable to open file /etc/kea/dhcp4-server.conf
Apr 26 16:13:17 nixos-dhcp kea-dhcp4[3654]: 2025-04-26 16:13:17.902 ERROR [kea-dhcp4.dhcp4/3654.139860041856192] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/dhcp4-server.conf': Unable to open file /etc/kea/dhcp4-server.conf
Apr 26 16:13:17 nixos-dhcp systemd[1]: kea-dhcp4-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 16:13:17 nixos-dhcp systemd[1]: kea-dhcp4-server.service: Failed with result 'exit-code'.
warning: error(s) occurred while switching to the new configuration

The log contains multiple entries like:

Apr 26 03:42:25 nixos-dhcp systemd[1]: Started Kea DHCP4 Server.
Apr 26 03:42:25 nixos-dhcp kea-dhcp4[3036]: 2025-04-26 03:42:25.638 INFO  [kea-dhcp4.dhcp4/3036.140217096762560] DHCP4_STARTING Kea DHCPv4 server version 2.6.1 (stable) starting
Apr 26 03:42:25 nixos-dhcp kea-dhcp4[3036]: 2025-04-26 03:42:25.639 ERROR [kea-dhcp4.dhcp4/3036.140217096762560] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/dhcp4-server.conf, reason: Unable to open file /etc/kea/dhcp4-server.conf
Apr 26 03:42:25 nixos-dhcp kea-dhcp4[3036]: 2025-04-26 03:42:25.639 ERROR [kea-dhcp4.dhcp4/3036.140217096762560] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/dhcp4-server.conf': Unable to open file /etc/kea/dhcp4-server.conf
Apr 26 03:42:25 nixos-dhcp systemd[1]: kea-dhcp4-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 03:42:25 nixos-dhcp systemd[1]: kea-dhcp4-server.service: Failed with result 'exit-code'.

But the config files exists in the right place:

$ ls -la /etc/kea/dhcp4-server.conf 
lrwxrwxrwx 1 root root 33 26. Apr 16:13 /etc/kea/dhcp4-server.conf -> /etc/static/kea/dhcp4-server.conf

$ ls -la /etc/static/kea/dhcp4-server.conf
lrwxrwxrwx 1 root root 41  1. Jän 1970  /etc/static/kea/dhcp4-server.conf -> /home/john/my-dhcp/kea-dhcp4.conf

$ ls -la /home/john/my-dhcp/kea-dhcp4.conf
-rw-r--r-- 1 john users 27262 26. Apr 03:28 /home/john/my-dhcp/kea-dhcp4.conf

Since the file is in the right path, what is the problem?
Does the config file need to be owned by a special user?
Does it need more than read permission?
Is the Kea service running in some sort of sandbox where it can’t access /home?

kwinz · April 26, 2025, 3:05pm

Okay by adding the kea config file git repository to the configuration flake git as a submodule and copying the config file to /etc/ i got it to work:

  services.kea.dhcp4 = {
    enable = true;
    configFile = "/etc/my-kea-dhcp4.conf";
  };

  environment.etc."my-kea-dhcp4.conf".source = ./my-dhcp/kea-dhcp4.conf;

gives me

$ ls -la /etc/kea/dhcp4-server.conf
lrwxrwxrwx 1 root root 33 26. Apr 16:56 /etc/kea/dhcp4-server.conf -> /etc/static/kea/dhcp4-server.conf

$ ls -la /etc/static/kea/dhcp4-server.conf
lrwxrwxrwx 1 root root 22  1. Jän 1970  /etc/static/kea/dhcp4-server.conf -> /etc/my-kea-dhcp4.conf

$ ls -la /etc/my-kea-dhcp4.conf
lrwxrwxrwx 1 root root 29 26. Apr 16:56 /etc/my-kea-dhcp4.conf -> /etc/static/my-kea-dhcp4.conf

$ ls -la /etc/static/my-kea-dhcp4.conf
lrwxrwxrwx 1 root root 58  1. Jän 1970  /etc/static/my-kea-dhcp4.conf -> /nix/store/wb2svx2gz3zw6id0095zajayi0swrrc2-kea-dhcp4.conf

$ ls -la /nix/store/wb2svx2gz3zw6id0095zajayi0swrrc2-kea-dhcp4.conf
-r--r--r-- 1 root root 27262  1. Jän 1970  /nix/store/wb2svx2gz3zw6id0095zajayi0swrrc2-kea-dhcp4.conf

Remember to use ?submodules=1 like sudo nixos-rebuild switch --flake .?submodules=1