nixos/services.glance: "Server Stats" module is broken

[anotherhadi]

Nixpkgs version

• Unstable (25.05)

Describe the bug

We can't use the module "Server Stats" with the service provided. (https://github.com/glanceapp/glance/blob/main/docs/configuration.md#server-stats)
WARN Getting system info: getting host info: open /proc/stat: no such file or directory
Don't know if this is due to the service hardening.

Steps to reproduce

Use:

{
    services.glance = {
      enable = true;
      settings = {
        pages = [{
          columns = [
            {
              size = "full";
              widgets = [
                {
                  type = "server-stats";
                  servers = [{
                    type = "local";
                    name = "Jack";
                  }];
                }
          ];
          name = "Home";
        }];
        server = { port = 5678; };
      };
    };
}

Then go to the dashboard

Expected behaviour

Get the stats in the dashboard

Screenshots

No response

Relevant log output

● glance.service - Glance feed dashboard server
     Loaded: loaded (/etc/systemd/system/glance.service; enabled; preset: ignored)
     Active: active (running) since Wed 2025-03-19 16:35:16 CET; 44min ago
 Invocation: cbd9362ea23e4ec798ad0c3da59243d7
   Main PID: 67243 (glance)
         IP: 97.4K in, 59.5K out
         IO: 0B read, 0B written
      Tasks: 18 (limit: 37640)
     Memory: 9.3M (peak: 12.8M)
        CPU: 217ms
     CGroup: /system.slice/glance.service
             └─67243 /nix/store/hxv9in44kx5wcil2m848f6nhzp0h9gc1-glance-0.7.3/bin/glance --config /nix/store/id4076iqshqii6k2fpd9jccaljf5xlly-glance.yaml
mars 19 16:35:16 jack systemd[1]: Started Glance feed dashboard server.
mars 19 16:35:16 jack glance[67243]: 2025/03/19 16:35:16 Starting server on 127.0.0.1:5678 (base-url: "", assets-path: "")
mars 19 16:35:19 jack glance[67243]: 2025/03/19 16:35:19 WARN Getting system info: getting host info: open /proc/stat: no such file or directory
mars 19 16:35:19 jack glance[67243]: 2025/03/19 16:35:19 WARN Getting system info: getting core count: open /proc/stat: no such file or directory
mars 19 16:35:19 jack glance[67243]: 2025/03/19 16:35:19 WARN Getting system info: getting filesystems: open /proc/filesystems: no such file or directory
mars 19 17:17:26 jack glance[67243]: 2025/03/19 17:17:26 WARN Getting system info: getting host info: open /proc/stat: no such file or directory
mars 19 17:17:26 jack glance[67243]: 2025/03/19 17:17:26 WARN Getting system info: getting core count: open /proc/stat: no such file or directory
mars 19 17:17:26 jack glance[67243]: 2025/03/19 17:17:26 WARN Getting system info: getting filesystems: open /proc/filesystems: no such file or directory

Additional context

No response

System metadata

• system: "x86_64-linux"
• host os: Linux 6.13.7, NixOS, 25.05 (Warbler), 25.05.20250315.c80f6a7
• multi-user?: yes
• sandbox: yes
• version: nix-env (Nix) 2.24.12
• nixpkgs: /nix/store/alzxn3hjisc84hrlv44x6hni48crww26-source

Notify maintainers

@drupol

---

Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)

I assert that this issue is relevant for Nixpkgs

• I assert that this is a bug and not a support request.
• I assert that this is not a duplicate of an existing issue.
• I assert that I have read the NixOS Code of Conduct and agree to abide by it.

Is this issue important to you?

Add a 👍 reaction to issues you find important.

[drupol]

I'm wondering if just adding:

ReadOnlyPaths = [
  "/proc/filesystems"
  "/proc/stats"
];

in the systemd definition (nixos/modules/services/web-apps/glance.nix) would fix the issue. Do you mind testing if it does?

[anotherhadi]

in the systemd definition (nixos/modules/services/web-apps/glance.nix) would fix the issue. Do you mind testing if it does?

I'm not sure how to test this, however I tried with sudo systemctl edit --runtime glance.service and get the output glance.service: Failed to set up mount namespacing: /proc/filesystems: No such file or directory

[suzana2314]

I'm wondering if just adding:

ReadOnlyPaths = [
"/proc/filesystems"
"/proc/stats"
];

in the systemd definition (nixos/modules/services/web-apps/glance.nix) would fix the issue. Do you mind testing if it does?

Hey, I tried using ReadOnlyPaths but got this error:

glance.service: Main process exited, code=exited, status=226/NAMESPACE
mar 20 17:42:36 byrgenwerth systemd[1]: glance.service: Failed with result 'exit-code'.
mar 20 17:42:37 byrgenwerth systemd[1]: Started Glance feed dashboard server.
mar 20 17:42:37 byrgenwerth (glance)[406679]: glance.service: Failed to set up mount namespacing: /proc/filesystems: No such file or directory

Then I tried a quick fix by using:

systemd.services.glance = {
  serviceConfig = {
    ProcSubset = lib.mkForce "all";
  };
};

Which fixed the issue, however I don't think it's the best choice for a fix, because it gives full access to /proc by the service

[drupol]

Just out of curiosity, is this working?

systemd.services.glance = {
  serviceConfig = {
    ProcSubset = lib.mkForce "pid";
  };
};

[suzana2314]

Just out of curiosity, is this working?

systemd.services.glance = {
serviceConfig = {
ProcSubset = lib.mkForce "pid";
};
};

No, tried it just now.
This is the default value in the module if I'm not mistaken?

It gives the same error as described in this issue:

mar 20 19:33:25 byrgenwerth glance[413928]: 2025/03/20 19:33:25 WARN Getting system info: getting host info: open /proc/stat: no such file or directory
mar 20 19:33:25 byrgenwerth glance[413928]: 2025/03/20 19:33:25 WARN Getting system info: getting core count: open /proc/stat: no such file or directory
mar 20 19:33:25 byrgenwerth glance[413928]: 2025/03/20 19:33:25 WARN Getting system info: getting filesystems: open /proc/filesystems: no such file or directory