Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-10 Thread Luca Boccassi
On Mon, 10 Oct 2022 at 04:00, Duncan Gibson wrote: > > Final update, hopefully. Here's a gist with a script, service unit, and > readme. Again, that is not safe and it will fail at some point as it is open to race conditions. You have to use ExtensionImages= instead. > On Sun, Oct 9, 2022 at

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-09 Thread Duncan Gibson
Final update, hopefully. Here's a gist with a script, service unit, and readme. On Sun, Oct 9, 2022 at 11:10 AM Duncan Gibson wrote: > After doing some more looking, it seems like the /etc folder is overlaid > with

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-09 Thread Duncan Gibson
After doing some more looking, it seems like the /etc folder is overlaid with /var/lib/overlays/etc/upper, meaning that changes to /etc/ get saved in the overlay, which should survive updates. I've added the service definition there and the binaries to my home directory (and updated the service

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-08 Thread Duncan Gibson
Oh, now that's a new way of doing it. I'll definitely give that a shot. That sounds like it has the best chance of working. On Sat, Oct 8, 2022 at 12:20 PM Luca Boccassi wrote: > On Sat, 2022-10-08 at 11:13 -0400, Duncan Gibson wrote: > > The problem wasn't mounting the system extension

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-08 Thread Luca Boccassi
On Sat, 2022-10-08 at 11:13 -0400, Duncan Gibson wrote: > The problem wasn't mounting the system extension automatically. That > worked > just fine. It was that systemd would try to start the service before > the > system extension mounted, which would fail, for obvious reasons. This > weekend I

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-08 Thread Duncan Gibson
The problem wasn't mounting the system extension automatically. That worked just fine. It was that systemd would try to start the service before the system extension mounted, which would fail, for obvious reasons. This weekend I think I'm going to try the BindReadOnlyPaths option and see if I can

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-07 Thread David Anderson
Yeah, so far we (tailscale) haven't found a good way to run on the Steam Deck at bootup, and also survive the A/B OS updates. Systemd system extensions _can_ be activated during bootup, if you place the extension in one of the well-known locations (/var/lib/extensions would be the one to use on

Re: [systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-06 Thread Arian van Putten
Afaik Portable services run in an isolated root and dont have access to the hosts rootfs. You'd have go include iptables and all its dependencies in the portable services directory. If you don't want to do that you'd have to use BindReadOnlyPaths= to give the service access to the required host

[systemd-devel] Setting up a VPN daemon as a Portable Service

2022-10-06 Thread Duncan Gibson
Hi, everyone. The high-level overview: I'm trying to install Tailscale as a portable service on my Steam Deck. Tailscale is a point-to-point VPN service, essentially a wrapper around Wireguard that helps with network setup and management. The Steam Deck is Valve's