Modifying/adding to systemd.services.<name> attributes

ppenguin · January 24, 2023, 10:18pm

I’m trying to deploy a systemd service that is supported as a nix module, but need to add additional ExecStartPre commands.

From this topic I gathered that this should be trivial, but it didn’t work for me:

    services = {
        pdnsd = {
            enable = false;
            serverConfig =
                ''
                primary = yes
                launch = gpgsql
                include-dir = /run/secrets/services/pdns/conf
                '';
        }; #<pdns
    }; #<services

    systemd.services.pdnsd.serviceConfig.ExecStartPre = lib.mkBefore [
        "${MkDbInitScript {
            ...
            };
        }}"
        "${MkDbExecSQLScript {
            ...
            };
        }}"
    ];

results in

# cat /etc/systemd/system/pdnsd.service
[Unit]

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/rjhvd1l14d3bncbwxwcdvnqz859pxr9a-glibc-locales-2.35-224/lib/locale/locale-archive"
Environment="PATH=/nix/store/ngw3m00r391w31n13q4m2x06amx4mqri-coreutils- ...."
Environment="TZDIR=/nix/store/p9h078icxj3axz7f6vxyb1jmi2yx94wa-tzdata-2022g/share/zoneinfo"

ExecStartPre=/nix/store/f5y3n8g4pgvjmjn5vxfkqlr5x5cwf2sg-aregsvc-initdb.sh/bin/pdns-initdb.sh
ExecStartPre=/nix/store/cpr7fkv6i28vska0y8hfxj5hyn7hy9dh-pdns-initdb.sh/bin/pdns-createschema.sh

So in other words the values that are in the original module have been cleared.

How to achieve correct merge of the attributes as intended?

tejing · January 24, 2023, 10:32pm

Put your commands in systemd.services.pdnsd.preStart, like the original module did. It has a type that will merge by concatenating strings with a newline in between.

ppenguin · January 24, 2023, 11:26pm

After making the changes no luck, but I forgot:

Oh no, I had temporarily set enable = false; because after a deeper update it effected starting of other services, and forgotten to set it to true again. That in fact results in (only) the ExecStart line missing apparently.

Interesting detail:
with preStart a wrapper is generated for pre-start, which only has my lines (and not the original code) in it.
If I go back to ...ExecStartPre = lib.mkBefore [ ... ] it now gives me the correct script…

I suppose one could experiment whether preStart supports mkBefore etc., but since I like the list format better I went with that.

forgondolin · April 24, 2023, 5:33pm

Hey there, I’m having a similar problem but with pdns service.

services = {
      powerdns = {
        enable = true;
        extraConfig = "
          include-dir=${cfg.configDir}
          local-address=0.0.0.0, ::
          default-soa-content=dns1.company.systems hostmaster.company.codes 0 10800 3600 604800 3600
          launch=gpgsql
          resolver=1.1.1.1
          expand-alias=yes
        ";
      };
    }

But everytime I deploy, the CGroup slice displays this gray color, and it says it’s running as a standalone pdns server

also everytime I run some pdnsutil command it returns:
pdnsutil list-all-zones Warning: unable to read configuration file '/nix/store/rxpwx1n3b6xmb7236k0wkxwqxvizdjz6-pdns-4.7.2/etc/pdns.conf': No such file or directory Error: No database backends configured for launch, unable to function

The problem is that, the config file is not in this path (check the image above, it’s a different nix/store path).

ppenguin · April 24, 2023, 9:20pm

I’m not sure, but I think include-dir is supposed to only contain a /path/to/pdns.d/ in which simply all files with .conf extension are included.

Since I am using nix-sops and couldn’t get files in my /run/secrets/... that have an extension since I cannot have literal dots in my yaml keys, I settled for the following construct:

        powerdns = {
            enable = true;
            extraConfig =
                ''
                primary = yes
                local-port = 5353
                allow-axfr-ips = ....

                launch = gpgsql

                gpgsql-host = ${host_pg1.ip}
                gpgsql-dbname = $DBNAME
                gpgsql-user = $DBUSER
                gpgsql-password = $DBPASS
                '';
            secretFile = "/run/secrets/services/powerdns/env";
        }; #<powerdns

If I remember correctly the stable version was kind of ancient(?), so I had to overlay it with unstable to get the functionality I needed (I think it was the secretFile support, which reads the env and uses envsubst on the file from extraConfig during service start).

forgondolin · April 24, 2023, 10:16pm

Oh, yes, this variable on include-dir points to "/etc/powerdns/pdns.d"
I already have inside of them two files, db.conf and api.conf, both with the psql config, user, and all credentials… it used to work on 4.3 tho. But, maybe could be the best to pass all of them inside of extraConfig… I’ll try that, tks.

forgondolin · April 26, 2023, 9:48pm

Looks like the problem is that, my Drop-in: /nix/store/5h9a6jpgjpwq4viiaq1d4bz81s6dsipy-system-units/pdns.service.d/override.conf in the pdns.service file is not working for some weird reason… it’s the same configuration that I use for 4.3, the same nixos image, same database, the only difference is that powerdns 4.7 has some deprecated variables that I managed to modify, I’ll try to investigate a little bit more.