NixOS power.ups module does not generate all needed config files

[cmm]

Describe the bug
The following configuration.nix snippet:

power.ups = {
  enable = true;
  mode = "standalone";
  ups = {
    usb-ups = {
      driver = "usbhid-ups";
      port = "auto"; 
      description = "A cheapo USB UPS";
    };
  };
};

results in services failing to start due to missing config files etc.
upsmon: Can't open /etc/nut//upsmon.conf: No such file or directory
upsd: stat /etc/nut//upsd.conf: No such file or directory

(upsdrv fails too, but that could be down to the fact that I haven't plugged the UPS in yet -- but for the record, it complains Can't chdir to /var/lib/nut/: No such file or directory)

Expected behavior
I'd expect the services to start successfully (and probably complain about the missing actual UPS).

Notify maintainers
(The UPS module appears to have received only drive-by changes for the last several years, so no idea who to bug personally).

Metadata

• system: "x86_64-linux"
• host os: Linux 5.4.48, NixOS, 20.03.2351.f8248ab6d9e (Markhor)
• multi-user?: yes
• sandbox: yes
• version: nix-env (Nix) 2.3.6
• channels(root): "nixos-20.03.2351.f8248ab6d9e"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: services.monitoring.ups

[cmm]

OK, should've read the whole module: I'm supposed to supply the missing /etc/nut files myself because it's unwise to keep them in the store (they could contain passwords and whatnot, I guess?).

Declaring (in the service definitions) the state directory to be /var/lib/nut but creating /var/state/ups for the purpose appears to be a real bug, though :)

[cmm]

Also (sorry for the semi-off-topic) what are best practices for referencing hand-written config files without their contents winding up in the store? Double-symlinking?

If this is documented somewhere, then I haven't found where.

[lodi]

I was struggling with the same problem as @cmm until I noticed this bug report. After copying and editing upsd.conf.sample, upsd.users.sample, and upsmon.conf.sample from /nix/store/...nut-2.7.4/etc/ to /etc/nut/ (and setting chmod 600 on all those files), I was able to get it to work.

I think this should be more discoverable. If it's not appropriate to copy those sample files to /etc/nut/ on the users behalf, there should at least be detailed instructions on the power.ups.enable option to explain what else needs to be done.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.47, NixOS, 20.09pre231796.22a81aa5fc1 (Nightingale)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.6`
 - channels(root): `"nixos-20.09pre231796.22a81aa5fc1"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

[stale]

I marked this as stale due to inactivity. → More info

[graham33]

Agreed this should be more discoverable. Perhaps at least upsd.conf could be defaulted to empty and written, since I seem to be getting away without anything in there.

In case it helps anyone, I got it working with something like this:

  systemd.services.upsd.preStart = let                                                                                                                                                                                                 
    upsd-conf = pkgs.writeText "upsd.conf" "";                                                                                                                                                                                                                                                                                                                                                                                    
  in ''                                                                                                                                                                                                                                
    mkdir -p $NUT_STATEPATH                                                                                                                                                                                                            
    chmod 700 $NUT_STATEPATH                                                                                                                                                                                                           
    mkdir -p /etc/nut                                                                                                                                                                                                                  
    ln -sf ${upsd-conf} /etc/nut/upsd.conf                                                                                                                                                                                             
    ln -sf <some secure file> /etc/nut/upsd.users                                                                                                                                                                                           
  '';                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                       
  systemd.services.upsmon.preStart = ''                                                                                                                                                                                                                                
    ln -sf <some secure file> /etc/nut/upsmon.conf                                                                                                                                                                                         
  '';                                                          

[zarelit]

I was hit this bug today, too. Maybe we can fix it by using a startup unit that handles the secrets and setup the state directories like nextcloud or syncthing do

[cyounkins]

Been working on nut today and wanted to put some notes here. Using version 2.7.4.

First, NUT_STATEPATH isn't used by upsd for PIDs and it will try to write to /var/state/ups/. ./configure flags --with-statepath, --with-altpidpath, --with-pidpath may be needed instead of environment variables until a 2.7.5 release. Ref: networkupstools/nut#473

Using upsd -D for debug makes it non-forking, requiring a change to the systemd unit Type.

I was able to get upsd to run as non-root:

  users.users.nut = {
    isSystemUser = true;
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTRS{idVendor}=="8087", ATTRS{idProduct}=="0024", OWNER="nut" SYMLINK+="usb/ups"
  '';

  systemd.services.upsd.serviceConfig.User = "nut";

I'm still working on understanding how to manage state directories in NixOS but this was needed:

  systemd.tmpfiles.rules = [
    "d '/var/lib/nut/'              0700 nut nogroup - -"
  ];

[newAM]

I set out to get my UPS (cyberpower CP1500 AVR UPS) working with NixOS today. This was the first issue I came across, I figured this was the best place to share my configuration.

I probably made this more complex than it needed to be because I have no idea what I am doing, and it is definitely not secure; one problem at a time.

let
  vid = "0764";
  pid = "0501";
  password = "TODO";
in
{
  # at some point something will make a /var/state/ups directory,
  # chown that to nut:
  # $ sudo chown nut:nut /var/state/ups
  power.ups = {
    enable = true;
    mode = "standalone";
    # debug by calling the driver:
    # $ sudo NUT_CONFPATH=/etc/nut/ usbhid-ups -u nut -D -a cyberpower
    ups.cyberpower = {
      # find your driver here:
      # https://networkupstools.org/docs/man/usbhid-ups.html
      driver = "usbhid-ups";
      description = "CP1500 AVR UPS";
      port = "auto";
      directives = [
        "vendorid = ${vid}"
        "productid = ${pid}"
      ];
      # this option is not valid for usbhid-ups
      maxStartDelay = null;
    };
    maxStartDelay = 10;
  };

  users = {
    users.nut = {
      isSystemUser = true;
      group = "nut";
      # it does not seem to do anything with this directory
      # but something errored without it, so whatever
      home = "/var/lib/nut";
      createHome = true;
    };
    groups.nut = { };
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTRS{idVendor}=="${vid}", ATTRS{idProduct}=="${pid}", MODE="664", GROUP="nut", OWNER="nut"
  '';

  systemd.services.upsd.serviceConfig = {
    User = "nut";
    Group = "nut";
  };

  systemd.services.upsdrv.serviceConfig = {
    User = "nut";
    Group = "nut";
  };

  # reference: https://github.com/networkupstools/nut/tree/master/conf
  environment.etc = {
    # all this file needs to do is exist
    upsdConf = {
      text = "";
      target = "nut/upsd.conf";
      mode = "0440";
      group = "nut";
      user = "nut";
    };
    upsdUsers = {
      # update upsmonConf MONITOR to match
      text = ''
      [upsmon]
        password = ${password}
        upsmon master
      '';
      target = "nut/upsd.users";
      mode = "0440";
      group = "nut";
      user = "nut";
    };
    # RUN_AS_USER is not a default
    # the rest are from the sample
    # grep -v '#' /nix/store/8nciysgqi7kmbibd8v31jrdk93qdan3a-nut-2.7.4/etc/upsmon.conf.sample
    upsmonConf = {
      text = ''
        RUN_AS_USER nut

        MINSUPPLIES 1
        SHUTDOWNCMD "shutdown -h 0"
        POLLFREQ 5
        POLLFREQALERT 5
        HOSTSYNC 15
        DEADTIME 15
        RBWARNTIME 43200
        NOCOMMWARNTIME 300
        FINALDELAY 5
        MONITOR cyberpower@localhost 1 upsmon ${password} master
      '';
      target = "nut/upsmon.conf";
      mode = "0444";
    };
  };
}

[hacker1024]

Not stale; still relevant

[M3chanism]

Thanks @newAM for providing your standalone config! I learned a ton tweaking it into a netserver config! The below config creates a working NUT netserver that other machines on your local network can be connected to. The only thing I have yet to figure out is a secure way to include passwords in .nix files that won't show up if I push my local copy to github. Any ideas?

If you want to tweak when NUT shuts down your computers you can modify the values of "override.battery.charge.low = " and "override.battery.runtime.low = " under "directives". SHUTDOWNCMD will be triggered when both conditions are met. The "ignorelb" directive is necessary to have NUT ignore the UPS's defaults.

Anyone using this config may want to make sure SHUTDOWNCMD and NOTIFYCMD point to the correct binaries in their filesystem.

One other thing of note is to check the value of the "schedulerRules" field under power.ups below. You must give it the path to your upssched.conf file. I just put a copy of it inside my /etc/nixos. Could probably add another variable to hold the path for convenience.

let
  vid = "051D";
  pid = "0003";
  upsname = "apcsmx1500-a";
  pass-master = "masterMonitorPassword"; # master password for nut
  pass-local = "localMonitorPassword"; # slave/local password for nut
in
{
  # at some point something will make a /var/state/ups directory,
  # chown that to nut:
  # $ sudo chown nut:nut /var/state/ups
  power.ups = {
    enable = true;
    mode = "netserver";
    schedulerRules = "/etc/nixos/.config/nut/upssched.conf";
    # debug by calling the driver:
    # $ sudo NUT_CONFPATH=/etc/nut/ usbhid-ups -u nut -D -a apcsmx1500-a
    ups.${upsname} = {
      # find your driver here:
      # https://networkupstools.org/docs/man/usbhid-ups.html
      driver = "usbhid-ups";
      shutdownOrder = 0;
      description = "APC SMX1500RM2UNC UPS";
      port = "auto";
      directives = [
        "vendorid = ${vid}"
        "productid = ${pid}"
        "ignorelb"
        "override.battery.charge.low = 50"
        "override.battery.runtime.low = 1200"
      ];
      # this option is not valid for usbhid-ups
      maxStartDelay = null;
    };
    maxStartDelay = 30;
  };

  users = {
    users.nut = {
      isSystemUser = true;
      group = "nut";
      # it does not seem to do anything with this directory
      # but something errored without it, so whatever
      home = "/var/lib/nut";
      createHome = true;
    };
    groups.nut = { };
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTRS{idVendor}=="${vid}", ATTRS{idProduct}=="${pid}", MODE="664", GROUP="nut", OWNER="nut"
  '';

  systemd.services.upsd.serviceConfig = {
    #User = "nut";
    #Group = "nut";
    User = "root";
    Group = "nut";
  };

  systemd.services.upsdrv.serviceConfig = {
    #User = "nut";
    #Group = "nut";
    User = "root";
    Group = "nut";
  };

  # reference: https://github.com/networkupstools/nut/tree/master/conf
  environment.etc = {
    # tells upsd to listen on local network (0.0.0.0) for client machines
    upsdConf = {
      text = ''
        LISTEN 127.0.0.1 3493
        LISTEN 0.0.0.0 3493
      '';
      target = "nut/upsd.conf";
      mode = "0440";
      group = "nut";
      user = "root";
    };
    upsdUsers = {
      # update upsmonConf MONITOR to match
      text = ''
        [monmaster]
            password = "${pass-master}"
            upsmon master

        [monslave]
            password = "${pass-local}"
            upsmon slave
      '';
    target = "nut/upsd.users";
    mode = "0440";
    group = "nut";
    user = "root";
    };
    # RUN_AS_USER is not a default
    # the rest are from the sample
    # grep -v '#' /nix/store/8nciysgqi7kmbibd8v31jrdk93qdan3a-nut-2.7.4/etc/upsmon.conf.sample
    upsmonConf = {
      text = ''
        MONITOR ${upsname}@127.0.0.1 1 monmaster "${pass-master}" master

        RUN_AS_USER root

        MINSUPPLIES 1
        SHUTDOWNCMD "/run/current-system/sw/bin/shutdown -h +0"
        NOTIFYCMD /run/current-system/sw/bin/upssched
        POLLFREQ 5
        POLLFREQALERT 5
        HOSTSYNC 15
        DEADTIME 15
        POWERDOWNFLAG /etc/killpower

        NOTIFYMSG ONLINE  "UPS %s on line power"
        NOTIFYMSG ONBATT  "UPS %s on battery"
        NOTIFYMSG LOWBATT "UPS %s battery is low"
        NOTIFYMSG FSD   "UPS %s: forced shutdown in progress"
        NOTIFYMSG COMMOK  "Communications with UPS %s established"
        NOTIFYMSG COMMBAD "Communications with UPS %s lost"
        NOTIFYMSG SHUTDOWN  "Auto logout and shutdown proceeding"
        NOTIFYMSG REPLBATT  "UPS %s battery needs to be replaced"
        NOTIFYMSG NOCOMM  "UPS %s is unavailable"
        NOTIFYMSG NOPARENT  "upsmon parent process died - shutdown impossible"

        NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC
        NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC
        NOTIFYFLAG LOWBATT  SYSLOG+WALL+EXEC
        NOTIFYFLAG FSD    SYSLOG+WALL+EXEC
        NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC
        NOTIFYFLAG COMMBAD  SYSLOG+WALL+EXEC
        NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC
        NOTIFYFLAG REPLBATT SYSLOG+WALL+EXEC
        NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC
        NOTIFYFLAG NOPARENT SYSLOG+WALL

        RBWARNTIME 43200

        NOCOMMWARNTIME 300

        FINALDELAY 5
      '';
      target = "nut/upsmon.conf";
      mode = "0444";
      group = "nut";
      user = "root";
    };
  };
}

[cyounkins]

@justinmakes For secrets in nix config, I think the current recommendation is to put it in a separate file and not include it in the repo. See also #24288

[newAM]

I have been using sops-nix to commit encrypted passwords to my NixOS repo, but I have yet to put in the elbow grease to make this work with my upsmon password.

[Majiir]

#213006 is my attempt at making power.ups generate the config files necessary for basic operation. If you are using power.ups, could you try out the changes and leave a review? Thanks!