Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#systemd

16 posts15 participants1 post today
Public
Atomic Kate

cool, i now get push notifications via #ntfy when any #systemd service fails and it will include the logs as well! this is a lot better than manually checking the status and logs every morning.

i thought this would be impossible in #nix due to infinite recursion and that i would have to manually set OnFailure= for every service, but i found a blog post with an easy workaround instead:
medium.com/red6-es/systemd-ser

red6 · Systemd Service Failure Notification System - red6 - MediumBy Pascal Wittmann
Public
Cyrik

Working with a volunteer group who has a relatively simple Python app deployed via Docker Compose.

What did they get from this? "Automatic restarts."

Wrote them a #systemd service definition to run the app out of a plain virtualenv. All the same benefits, way fewer moving parts in production.

Continued thread
Public *
T_X

And I'm daring to make a bold statement: This seems to me that here #systemd actually enhances and helps with the application of the #UnixPhilosophy of using a modular design with multiple, small services and interconnecting them.
By creating reliable connections between them. Or if some connection breaks unrecoverably to properly propagate this to all affected users. And by using a simple, short, descriptive, non-programmatic language for service files.

Public
T_X

I have to say, I'm getting more comfortable with #systemd services. And I find it fascinating how with its templates and powerful dependency feature I could achieve some wild, very dynamic stacking of @gstreamer, @pipewire, #mpd, #mpv and #SAP / #RFC2974 with only a few lines for various systemd services. So for instance a #multicast SAP announcement of @schenklradio will only appear if something plays on that pipewire device, which only happens if that radio is on air and reachable.

Public *
EmpathicQubit

I setup #systemd-boot on my computer, but there were a couple of annoyances:

  • The #kernel isn't signed for whatever reason. I wired in sbctl sign to the install script, but that wasn't completely straightforward.

  • Since #Windows is installed in a separate #EFI (because Windows likes to fuck up the entire EFI partition sometimes) it couldn't "see" the Windows Boot Manager. I copied it to the other partition, but it will have to be manually updated whenever Microsoft changes it. Maybe that doesn't happen that often idk.

Side problem is that #Ubuntu's nvidia-lowlatency kernel isn't set up to reject unsigned modules, so it's a bit of a security hole, but also means that I don't have to figure out getting #DKMS to use the correct key. Right now I don't have a dependency on a DKMS-built driver. I used to use one for my dock and NVidia, but it seems that #NVidia doesn't need it now? and I don't use the video in my dock anymore because the #DisplayLink driver is annoying regardless of secure boot issues, because it doesn't work from power on. This isn't a problem with Linux, just DisplayLink in general.

Public
hyperreal

I've been looking into hardening systemd and I'm curious why so many units are not hardened by default. Like why isn't it a standard practice to harden systemd units? Do the exposed parts shown in the output of `systemd analyze security <unit>` have that much of an impact on the overall security of the unit? I would think these exposure points would add up to a vulnerability that shouldn't be neglected.

blog.sergeantbiggs.net/posts/h

SergeantBiggs Blog · Hardening Applications with systemdBecause we live in the day and age where the new gods have taken over Linux, it’s a good idea to familiarize ourselves with their rituals. Some of them might seem strange to us, but some of them are actually very nice features. One of the features I really like about systemd are the built-in hardening capabilities. The built-in options for hardening are quite extensive, and can best be compared to something like firejail. They both have similar capabilities, but firejail focuses more on desktop applications, whereas systemd hardening applies to systemd units. The hardening options are configured in the units service file, in the [Service] section.
#systemd#FOSS#infosec
Continued thread
Public
T_X

@schenklradio @ffhl @videolan @tokudan entweder muss ich mir vll. noch was mit #systemd basteln, dass das nicht per #SAP (#RFC2974) announced wird, wenn gerade keine Sendung läuft. Weil so ist es außerhalb der Sendezeiten dann komplett still, wenn man's auswählt, was Leute verwirren könnte. Oder gibt es zufällig alternativ sonst noch einen Zwischeneinspieler? Hatte letzten Samstag zum ersten mal reingehört und das klang so, als ob es da am Ende was voraufgezeichnetes gab?

Public *
Feu d'jais 🥑

J'ai un problème avec systemd et mes recherches n'ont menées à rien. J'explique le problème, ce que j'ai fait et si vous avez une idée pour m'aider, n'hésitez pas !

Le problème :

Dans le status :
code=exited, status=226/NAMESPACE

Dans journalctl :
radicale.service: Failed to set up mount namespacing: /run/systemd/unit-root/var/cache/radicale: No such file or directory
radicale.service: Failed at step NAMESPACE spawning radicale: No such file or director

J'ai essayé de retirer une partie des options de sécurité de mon fichier unit :

# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=/var/lib/radicale/ /var/cache/radicale/

J'ai essayé d'en passer une partie à false (j'ai vu ça sur Internet j'ai pas trop cherché à comprendre) et ça n'a pas fonctionné.

Si vous avez une idée pour m'aider, merci !

#Sysadmin#Systemd#Linux
Public
Gerard Braad

To download the latest web Remote Extension Host of #VSCodium

github.com/gbraad-devenv/fedor

and to run with #systemd:

github.com/gbraad-vscode/code-

After this, you can open http://[ipaddress]:8000

Note: if you want to restrict this, you can modify the service to bind to only host 127.0.0.1 or something like your Tailscale IP address.

GitHubAdd Codium (web) option · Issue #77 · gbraad-devenv/fedoraBy gbraad
#vscode#development
Public
[[nodiscard]] constexpr auto Herz() noexcept -> 🐰

I just found this website about systemd: systemd-by-example.com/

It's a teaching website and playground to learn how to do dependency management with systemd units.

You can follow the instructions locally with a podman container or play with how the example systemd units interact on the website.

systemd-by-example.comsystemd by example - the systemd playground
More from Sebastian Jambor
#systemd#linux#podman
Public
Nik | Klampfradler 🎸🚲

makadamia:~ # mount -o bind / /mnt
makadamia:~ # mount -o bind / /mnt
Broadcast message from systemd-journald@makadamia (Sat 2025-04-05 22:32:53 CEST):

#systemd[1]: Caught <ABRT>, from our own process.

Broadcast message from systemd-journald@makadamia (Sat 2025-04-05 22:32:53 CEST):

systemd[1]: Freezing execution.

@pid_eins I can imagine why it happens. But is it expected? Or should it be handled more gracefully?

ExploreLive feeds
About