Build failure: Jitsi

[naturallaw777]

Steps To Reproduce

Steps to reproduce the behavior:

1. Set Flake input to NixOS Unstable
2. Add Jitsi Modules (Jitsi-Meet; Jitsi-Videobridge; Jitsi-Meet-Caddy; Jisti-Meet-Nginx - Disabled)
3. Run cd /etc/nixos/ && nix flake update && nixos-rebuild switch

Build log

error: builder for '/nix/store/rnlhvsmxjsnsdzbhpva6ah4wyg3bmqcb-templated-jitsi-meet.drv' failed with exit code 1;
       last 4 log lines:
       > error: failed processing files:
       >   FailedJobs(
       >    "static/404.html": Permission denied (os error 13) at path "/build/static/.tmpLS7ja7"
       > )
       For full logs, run 'nix log /nix/store/rnlhvsmxjsnsdzbhpva6ah4wyg3bmqcb-templated-jitsi-meet.drv'.
error: 1 dependencies of derivation '/nix/store/22xsndawfcbd78v52sldmmc1lna924y1-Caddyfile.drv' failed to build
error: 1 dependencies of derivation '/nix/store/n9p7iwg8d7yridq14zqv55s2nzy5dn90-Caddyfile-formatted.drv' failed to build
error: 1 dependencies of derivation '/nix/store/74nqsqzn0r6g4n69v05dn250jb6wcaf1-etc.drv' failed to build
error: 1 dependencies of derivation '/nix/store/1smrxka2kl4v5d4rlgfn45llryrp9als-nixos-system-nixos-23.11.20231117.c757e9b.drv' failed to build

Additional context

Add any other context about the problem here.

Notify maintainers

@Cleeyv @ryantm @camillemndn @SomeoneSerge @SuperSandro2000

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.6.1, NixOS, 23.11 (Tapir), 23.11.20231117.c757e9b`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.1`
 - channels(root): `"nixos"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

[naturallaw777]

With NixOS unstable, I was able to further pinpoint the issue...

It will NOT build when the nginx option is set to true (which is it's default) OR if the caddy option is set to true.

If both are set to false, then it will build just fine. But obviously, that doesn't work because Jitsi needs to be served over the web.

Therefore, it seems something with connecting to the webserver feature in the module is preventing the whole Jitsi module from building.

[SuperSandro2000]

Please post the entire build failure log. The 3 lines are not helpful.

[naturallaw777]

Please post the entire build failure log. The 3 lines are not helpful.

Sure thing. This was the output from nixos-rebuilt switch

Hold on...

[naturallaw777]

Here is the log after running nix log /nix/store/rnlhvsmxjsnsdzbhpva6ah4wyg3bmqcb-templated-jitsi-meet.drv from terminal. Hopefully, this is what you are looking for.

warning: The interpretation of store paths arguments ending in `.drv` recently changed. If this command is now failing try again with '/nix/store/rnlhvsmxjsnsdzbhpva6ah4wyg3bmqcb-templated-jitsi-meet.drv^*'
error: failed processing files:
        FailedJobs(
        "static/404.html": Permission denied (os error 13) at path "/build/static/.tmp4wVNXb"
)

[naturallaw777]

@SuperSandro2000 is the log posted above helpful for you? Are you looking for a dmesg log as well?

[naturallaw777]

Upon further testing it is a Caddy issue regarding the Caddy module option services.jitsi-meet.caddy.enable

I will include the maintainers in this ticket.

@emilylange @Br1ght0ne

[emilylange]

This breakage is not a fault of services.caddy itself, but rather how @happysalada originally implemented services.jitsi-meet.caddy.enable two years ago in #140495.

https://github.com/NixOS/nixpkgs/blame/5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8/nixos/modules/services/web-apps/jitsi-meet.nix#L484

I suspect it's due to the recent sd bump from 0.7.6 to 1.0.0 (#266185), which got merged roughly 3 weeks ago. But I haven't looked that closely.

Not sure how much input I can provide here. The resulting Caddyfile certainly provides lots of room for improvement.

[happysalada]

I checked the changelog for sd but i couldnt see anything related.

@emilylange do you have suggestions for how to improve the caddyfile ?

[emilylange]

I checked the changelog for sd but i couldnt see anything related.

1.0.0 started to return a proper non-zero exit code when a replacement fails. See https://github.com/chmln/sd/pull/186

sd@0.7.6 (successful, with errors):

Error processing static/404.html: Permission denied (os error 13) at path "/build/static/.tmpijC4qJ"
Error processing static/authError.html: Permission denied (os error 13) at path "/build/static/.tmpObojfU"
Error processing static/close.html: Permission denied (os error 13) at path "/build/static/.tmpWsC7vW"
Error processing static/close2.html: Permission denied (os error 13) at path "/build/static/.tmp6S3N7c"
Error processing static/dialInInfo.html: Permission denied (os error 13) at path "/build/static/.tmpL74SZO"
Error processing static/msredirect.html: Permission denied (os error 13) at path "/build/static/.tmp8W8OzG"
Error processing static/oauth.html: Permission denied (os error 13) at path "/build/static/.tmpvw1RWl"
Error processing static/offline.html: Permission denied (os error 13) at path "/build/static/.tmp2gm87h"
Error processing static/prejoin.html: Permission denied (os error 13) at path "/build/static/.tmpxSfBYm"
Error processing static/recommendedBrowsers.html: Permission denied (os error 13) at path "/build/static/.tmpZsJLX4"
Error processing static/settingsToolbarAdditionalContent.html: Permission denied (os error 13) at path "/build/static/.tmpIhx6cW"
Error processing static/welcomePageAdditionalCard.html: Permission denied (os error 13) at path "/build/static/.tmpTAWocS"
Error processing static/welcomePageAdditionalContent.html: Permission denied (os error 13) at path "/build/static/.tmp4kMnZh"
/nix/store/81f9ff2ghb6inq3xw65i6f6y5shv156i-templated-jitsi-meet

sd@1.0.0 (hard-errors):

error: failed processing files:
        FailedJobs(
        "static/404.html": Permission denied (os error 13) at path "/build/static/.tmpRMzDXu"
)

Which leads me to believe this has been broken for a long time. It's just that no-one noticed, as it used to """silently""" error.

---

@emilylange do you have suggestions for how to improve the caddyfile ?

Given the Caddyfile currently is

handle /http-bind {
  header Host ${cfg.hostName}
  reverse_proxy 127.0.0.1:5280
}
handle /xmpp-websocket {
  reverse_proxy 127.0.0.1:5280
}
handle {
  templates
  root * ${templatedJitsiMeet}
  try_files {path} {path}
  try_files {path} /index.html
  file_server
}

header Host ${cfg.hostName}

This is passed by default and shouldn't be needed. See https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#defaults

And given /http-bind and /xmpp-websocket have the same upstream, they could get merged into a single block (but this is more of a nitpick). Or their handle could be dropped entirely (and passed directly into reverse_proxy).

So my initial

The resulting Caddyfile certainly provides lots of room for improvement.

isn't that fair and I should have phrased this differently. Sorry @happysalada.

[emilylange]

diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix
index c0f9d785eea2..0c0eb66e65b7 100644
--- a/nixos/modules/services/web-apps/jitsi-meet.nix
+++ b/nixos/modules/services/web-apps/jitsi-meet.nix
@@ -479,7 +479,7 @@ in
         extraConfig =
         let
           templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" { } ''
-            cp -R ${pkgs.jitsi-meet}/* .
+            cp -R --no-preserve=all ${pkgs.jitsi-meet}/* .
             for file in *.html **/*.html ; do
               ${pkgs.sd}/bin/sd '<!--#include virtual="(.*)" -->' '{{ include "$1" }}' $file
             done

Adding --no-preserve=all resolves the error.

[naturallaw777]

Thank you everyone for the help! Yes, it seems it is a simple fix with the --no-preserve=all? If so, how to merge this into the main jitsi-meet module so jitsi-meet can build with the caddy option enabled?

[emilylange]

• 271039

[naturallaw777]

• nixos/jitsi-meet: fix cfg.caddy.enable, nixosTests.jitsi-meet: test cfg.caddy.enable #271039

Ahhh! You are the best!! Thanks so much!!