[docs/server,sqlite] Locked database, likely due to SystemD unit #442

New Issue

adam · 2025-12-29T01:29:26+01:00

adam commented

2025-12-29 01:29:26 +01:00

Originally created by @IngwiePhoenix on GitHub (Mar 20, 2023).

Bug description

After following the documentation for creating a Headscale instance on Linux, I used the recommended method of running it in the background - https://github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md#running-headscale-in-the-background-with-systemd - and successfuly saw my instance started. I did only change the permissions of /etc/headscale recursively to the headscale:headscale user.

Problem is though, I can not create a new user now.

root@drachennetz:/var/lib/headscale# ls -la .
total 12
drwxr-xr-x  2 headscale headscale 4096 Mar 20 14:06 .
drwxr-xr-x 55 root      root      4096 Mar 20 12:44 ..
-rw-------  1 headscale headscale  120 Mar 20 14:06 .bash_history
-rw-r--r--  1 headscale headscale    0 Mar 20 12:46 db.sqlite
root@drachennetz:/etc/headscale# ls -la .
total 88
drwxr-xr-x   2 headscale headscale  4096 Mar 20 13:55 .
drwxr-xr-x 116 root      root      12288 Mar 20 13:06 ..
-rw-r--r--   1 headscale headscale 11554 Mar 20 13:53 config.yaml
-rw-r--r--   1 headscale headscale 49152 Mar 20 13:50 db.sqlite
-rw-------   1 headscale headscale    72 Mar 20 13:08 noise_private.key
-rw-------   1 headscale headscale    72 Mar 20 13:08 private.key

I copied the systemd unit as-is.

[Unit]
Description=headscale controller
After=syslog.target
After=network.target

[Service]
Type=simple
User=headscale
Group=headscale
ExecStart=/usr/local/bin/headscale serve
Restart=always
RestartSec=5

# Optional security enhancements
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
WorkingDirectory=/var/lib/headscale
ReadWritePaths=/var/lib/headscale /var/run/headscale
AmbientCapabilities=CAP_NET_BIND_SERVICE
RuntimeDirectory=headscale

[Install]
WantedBy=multi-user.target

To Reproduce

Follow the instructions for Linux top to bottom.

Context info

root@drachennetz:~# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@drachennetz:~# headscale version
v0.20.0

My use-case is very small: three maschines and two users. I want to allow my friend in Berlin to access my SMB share on my NAS, as well as myself on my laptop when away. :)

Originally created by @IngwiePhoenix on GitHub (Mar 20, 2023). **Bug description** After following the documentation for creating a Headscale instance on Linux, I used the recommended method of running it in the background - https://github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md#running-headscale-in-the-background-with-systemd - and successfuly saw my instance started. I did only change the permissions of `/etc/headscale` recursively to the `headscale:headscale` user. Problem is though, I can not create a new user now. ``` root@drachennetz:/var/lib/headscale# ls -la . total 12 drwxr-xr-x 2 headscale headscale 4096 Mar 20 14:06 . drwxr-xr-x 55 root root 4096 Mar 20 12:44 .. -rw------- 1 headscale headscale 120 Mar 20 14:06 .bash_history -rw-r--r-- 1 headscale headscale 0 Mar 20 12:46 db.sqlite root@drachennetz:/etc/headscale# ls -la . total 88 drwxr-xr-x 2 headscale headscale 4096 Mar 20 13:55 . drwxr-xr-x 116 root root 12288 Mar 20 13:06 .. -rw-r--r-- 1 headscale headscale 11554 Mar 20 13:53 config.yaml -rw-r--r-- 1 headscale headscale 49152 Mar 20 13:50 db.sqlite -rw------- 1 headscale headscale 72 Mar 20 13:08 noise_private.key -rw------- 1 headscale headscale 72 Mar 20 13:08 private.key ``` I copied the systemd unit as-is. ```systemd [Unit] Description=headscale controller After=syslog.target After=network.target [Service] Type=simple User=headscale Group=headscale ExecStart=/usr/local/bin/headscale serve Restart=always RestartSec=5 # Optional security enhancements NoNewPrivileges=yes PrivateTmp=yes ProtectSystem=strict ProtectHome=yes WorkingDirectory=/var/lib/headscale ReadWritePaths=/var/lib/headscale /var/run/headscale AmbientCapabilities=CAP_NET_BIND_SERVICE RuntimeDirectory=headscale [Install] WantedBy=multi-user.target ``` **To Reproduce** Follow the instructions for Linux top to bottom. **Context info** ``` root@drachennetz:~# cat /etc/os-release NAME="Ubuntu" VERSION="20.04.6 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.6 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal root@drachennetz:~# headscale version v0.20.0 ``` My use-case is very small: three maschines and two users. I want to allow my friend in Berlin to access my SMB share on my NAS, as well as myself on my laptop when away. :)

adam added the bug label 2025-12-29 01:29:26 +01:00

adam closed this issue

2025-12-29 01:29:26 +01:00

adam commented

2025-12-29 01:29:27 +01:00

@IngwiePhoenix commented on GitHub (Mar 20, 2023):

I later realized that my DB was set to a relative path. Might want to address that in the guide as well - it does mention changing the socket path, but not the DB. :)

@IngwiePhoenix commented on GitHub (Mar 20, 2023): I later realized that my DB was set to a relative path. Might want to address that in the guide as well - it does mention changing the socket path, but not the DB. :)

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#442