I’m having an issue starting the Technitium DNS server.
I have this fragment in my configuration:
services.technitium-dns-server = {
enable = true;
openFirewall = true;
};
I can rebuild my configuration without error. However, when I switch to the configuration, the service fails to start. I can observe this output with sudo journalctl -xeu technitium-dns-server.service:
May 23 15:08:03 wyseguy systemd[1]: technitium-dns-server.service: Scheduled restart job, >
Subject: Automatic restarting of a unit has been scheduled
Defined-By: systemd
Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Automatic restarting of the unit technitium-dns-server.service has been scheduled, as t>
the configured Restart= setting for the unit.
May 23 15:08:03 wyseguy systemd[1]: Started Technitium DNS Server.
Subject: A start job for unit technitium-dns-server.service has finished successfully
Defined-By: systemd
Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
A start job for unit technitium-dns-server.service has finished successfully.
The job identifier is 52512.
May 23 15:19:37 wyseguy technitium-dns-server[14963]: System.UnauthorizedAccessException: Access to the path '/var/lib/technitium-dns-server/blocklists' is denied.
May 23 15:19:37 wyseguy technitium-dns-server[14963]: ---> System.IO.IOException: Permission denied
May 23 15:19:37 wyseguy technitium-dns-server[14963]: --- End of inner exception stack trace ---
May 23 15:19:37 wyseguy technitium-dns-server[14963]: at System.IO.FileSystem.CreateDirectory(String fullPath, UnixFileMode unixCreateMode)
May 23 15:19:37 wyseguy technitium-dns-server[14963]: at System.IO.Directory.CreateDirectory(String path)
May 23 15:19:37 wyseguy technitium-dns-server[14963]: at DnsServerCore.DnsWebService..ctor(String configFolder, Uri updateCheckUri, Uri appStoreUri) in /build/technitium-dns-server-13.6.0/DnsServerCore/DnsWebService.cs:line 141
May 23 15:19:37 wyseguy technitium-dns-server[14963]: at DnsServerApp.Program.Main(String[] args) in /build/technitium-dns-server-13.6.0/DnsServerApp/Program.cs:line 62
May 23 15:19:37 wyseguy technitium-dns-server[14963]:
May 23 15:19:37 wyseguy technitium-dns-server[14963]: Technitium DNS Server is stopping...
May 23 15:19:37 wyseguy technitium-dns-server[14963]: Technitium DNS Server was stopped successfully.
May 23 15:19:37 wyseguy systemd[1]: technitium-dns-server.service: Deactivated successfully.
Subject: Unit succeeded
Defined-By: systemd
Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
The unit technitium-dns-server.service has successfully entered the 'dead' state.
This output repeats as long as the service is enabled.
To me, this looks like a permissions issue at the path /var/lib/technitium-dns-server. The permissions currently look like this:
~/.nixos: sudo ls /var/lib/ -ahl | grep technitium
lrwxrwxrwx 1 root root 29 May 23 14:10 technitium-dns-server -> private/technitium-dns-server
~/.nixos: sudo ls /var/lib/private/ -ahl
total 16K
drwx------ 4 root root 4.0K May 23 14:10 .
drwxr-xr-x 26 root root 4.0K May 23 15:00 ..
drwxr-xr-x 2 nobody nogroup 4.0K May 23 14:10 technitium-dns-server
By reviewing both the generated service definition and the NixOS service definition, I’ve noticed that this service uses a dynamic user. My issue seems slightly similar to this reported issue with the dendrite package, but the OP of that issue never responded after posting the issue, and I don’t think I understand the suggestion to use systemd.tmpfiles.rules.
I have tried manually removing the directory /var/lib/private/technitium-dns-server and allowing systemd to recreate it. The permissions end up looking exactly the same, and I get the same exception in the journalctl logs.
I am using Nixpkgs unstable, and I am not using impermanence.
Is this an issue with the Technitium package that I need to report on GitHub, or am I doing something wrong with my permissions or something? What might cause a permission denied error for a service accessing its own config directory?