search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.18k stars 14.19k forks source link

keybase fails to start #72324

Open domenkozar opened 5 years ago

domenkozar commented 5 years ago 
$ keybase chat read
▶ INFO Starting keybase.service.
▶ ERROR dial unix /run/user/499/keybase/keybased.sock: connect: no such file or directory
  systemd.user.services.keybase.unitConfig.ConditionUser = lib.mkForce null;

fixes it

coreyoconnor commented 5 years ago

Is this due to the ConditionUser = !@system?

I'm suspect of what systemd classifies as @system on nixos :)

domenkozar commented 5 years ago

Yes - maybe because I'm in wheel group.

coreyoconnor commented 5 years ago

Funny enough: I learned about this aspect the same day you posted the issue. :)

Systemd units also have a ConditionGroup which I suspect is more appropriate that @system. I haven't checked in detail, but I'm fairly sure we could change keybase to use ConditionGroup and have a more reliable experience.

domenkozar commented 5 years ago

I wonder though what's even the intention behind this. If it's to prevent from running as root, then it should be just !root.

domenkozar commented 5 years ago

cc @peterhoeg per 8b846473be221e19275badab3d521692bc5207c3

peterhoeg commented 5 years ago

That's strange - here I have this:

$ systemctl --user status keybase
● keybase.service - Keybase service
   Loaded: loaded (/nix/store/0qc32vgnad8grmkh5z0b1mhla6wli3gv-unit-keybase.service/keybase.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-11-04 19:58:04 +08; 24min ago
 Main PID: 1142 (keybase)
    Tasks: 14
   Memory: 178.6M
      CPU: 6.416s
   CGroup: /user.slice/user-1000.slice/user@1000.service/keybase.slice/keybase.service
           └─1142 /nix/store/7hfqb3s2fi8xz3qhkdjmfnghdv0jw3h5-keybase-4.6.0-bin/bin/keybase service --auto-forked

and then:

$ groups
users wheel cdrom dialout libvirtd vboxusers wireshark

There must be some other groups that's messing with things. @domenkozar, what does groups show on your side?

domenkozar commented 5 years ago 
$ groups
ielectric wheel networkmanager docker
peterhoeg commented 5 years ago

How about uid? Is it by chance < 1000 ?

The special value "@system" can be used to check if the user id is within the system user range.

domenkozar commented 5 years ago

Yes, it's 499. I think this has long roots of me using NixOS from 2013, but I'm not going to change that now :)

Not sure really how to improve this mess, I honestly believe the error message is terrible and there's little reason to prevent running keybase for "system" users.

coreyoconnor commented 4 years ago

Given the ease of managing groups and restricting systemd units to specific groups: How about adding a "keybase" group that implies "the keybase service, if enabled, will be started for this user"?

stale[bot] commented 4 years ago

Thank you for your contributions. This has been automatically marked as stale because it has had no activity for 180 days. If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity. Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on irc.freenode.net.
Mindavi commented 2 years ago

Triage: still relevant?