varnish: final version of the fix to manage the state dir properly

a) use the real varnish upstream state directory b) only reload if it's a pure VCL change, restart otherwise For channel upgrades (e.g. when this statedir change is rolled out) this happens in maintenance anyway. We'll provide better public docs about the restart conditions in the near future. PL-132901
flyingcircusio · Sep 12, 2024 · 173e7fc · 173e7fc
1 parent 20a9585
commit 173e7fc
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 20 deletions.
diff --git a/nixos/roles/webproxy.nix b/nixos/roles/webproxy.nix
@@ -121,13 +121,6 @@ in
       systemd.tmpfiles.rules = [
         "d /etc/local/varnish 2775 varnish service"
         "f /var/log/varnish.log 644 varnish varnish"
-        # Link the default dir expected by varnish tools to
-        # the actual location of the state dir. This makes the commands
-        # usable without specifying the -n option every time.
-
-        ### XXX: where do we rely on this symlink? Can be problematic when changing the state dir.
-        ### XXX: I think that platform code should explicitly set the work dir to force service restarts after changes.
-        "L /run/varnishd - - - - ${cfg.stateDir}"
       ];
 
       users.groups.varnish.members = [

diff --git a/nixos/services/varnish/default.nix b/nixos/services/varnish/default.nix
@@ -103,7 +103,9 @@ in {
     services.varnish = {
       enable = true;
       enableConfigCheck = false;
-      extraCommandLine = lib.concatStringsSep " " [ cfg.extraCommandLine "-I ${commandsfile}" ];
+
+      stateDir = "/run/varnishd";
+      extraCommandLine = lib.concatStringsSep " " [ cfg.extraCommandLine "-I /etc/varnish/startup" ];
       inherit (cfg) http_address;
       config = ''
         vcl 4.0;
@@ -120,19 +122,14 @@ in {
       '';
     };
 
-    systemd.services.varnish = let
-      vcfg = config.services.varnish;
-    in {
-      reloadIfChanged = true;
-      restartTriggers = [ cfg.extraCommandLine vcfg.package cfg.http_address ];
+    environment.etc."varnish/startup".source = commandsfile;
+
+    systemd.services.varnish = {
+      stopIfChanged = false;
+      reloadTriggers = [ commandsfile ];
       reload = ''
-        if [ -d "${vcfg.stateDir}" ]; then
-          statedir="${vcfg.stateDir}"
-        else
-          statedir="/var/spool/varnish/${config.networking.hostName}" #temporary migration
-        fi
-        vadm="${vcfg.package}/bin/varnishadm -n $statedir"
-        cat ${commandsfile} | $vadm
+        vadm="${vcfg.package}/bin/varnishadm -n ${vcfg.stateDir}"
+        cat /etc/varnish/startup | $vadm
 
         coldvcls=$($vadm vcl.list | grep " cold " | ${pkgs.gawk}/bin/awk {'print $5'})