|
8 | 8 | let |
9 | 9 | cfg = config.services.varnish; |
10 | 10 |
|
| 11 | + # Varnish has very strong opinions and very complicated code around handling |
| 12 | + # the stateDir. After a lot of back and forth, we decided that we a) |
| 13 | + # do not want a configurable option here, as most of the handling depends |
| 14 | + # on the version and the compile time options. Putting everything into |
| 15 | + # /var/run (RAM backed) is absolutely recommended by Varnish anyways. |
| 16 | + # We do need to pay attention to the version-dependend variations, though! |
| 17 | + stateDir = |
| 18 | + if |
| 19 | + (lib.versionOlder cfg.package.version "7") |
| 20 | + # Remove after Varnish 6.0 is gone. In 6.0 varnishadm always appends the |
| 21 | + # hostname (by default) and can't be nudged to not use any name. This has |
| 22 | + # long changed by 7.5 and can be used without the host name. |
| 23 | + then |
| 24 | + "/var/run/varnish/${config.networking.hostName}" |
| 25 | + # Newer varnish uses this: |
| 26 | + else |
| 27 | + "/var/run/varnishd"; |
| 28 | + |
11 | 29 | commandLine = |
12 | 30 | "-f ${pkgs.writeText "default.vcl" cfg.config}" |
13 | 31 | + |
|
17 | 35 | }' -r vmod_path"; |
18 | 36 | in |
19 | 37 | { |
| 38 | + imports = [ |
| 39 | + (lib.mkRemovedOptionModule [ |
| 40 | + "services" |
| 41 | + "varnish" |
| 42 | + "stateDir" |
| 43 | + ] "The `stateDir` option never was functional or useful. varnish uses compile-time settings.") |
| 44 | + ]; |
| 45 | + |
20 | 46 | options = { |
21 | 47 | services.varnish = { |
22 | 48 | enable = lib.mkEnableOption "Varnish Server"; |
|
42 | 68 | ''; |
43 | 69 | }; |
44 | 70 |
|
45 | | - stateDir = lib.mkOption { |
46 | | - type = lib.types.path; |
47 | | - default = "/run/varnish/${config.networking.hostName}"; |
48 | | - defaultText = lib.literalExpression ''"/run/varnish/''${config.networking.hostName}"''; |
49 | | - description = '' |
50 | | - Directory holding all state for Varnish to run. Note that this should be a tmpfs in order to avoid performance issues and crashes. |
51 | | - ''; |
52 | | - }; |
53 | 71 | extraModules = lib.mkOption { |
54 | 72 | type = lib.types.listOf lib.types.package; |
55 | 73 | default = [ ]; |
|
76 | 94 | description = "Varnish"; |
77 | 95 | wantedBy = [ "multi-user.target" ]; |
78 | 96 | after = [ "network.target" ]; |
79 | | - preStart = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' |
80 | | - mkdir -p ${cfg.stateDir} |
81 | | - chown -R varnish:varnish ${cfg.stateDir} |
82 | | - ''; |
83 | | - postStop = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' |
84 | | - rm -rf ${cfg.stateDir} |
85 | | - ''; |
86 | 97 | serviceConfig = { |
87 | 98 | Type = "simple"; |
88 | 99 | PermissionsStartOnly = true; |
89 | | - ExecStart = "${cfg.package}/sbin/varnishd -a ${cfg.http_address} -n ${cfg.stateDir} -F ${cfg.extraCommandLine} ${commandLine}"; |
| 100 | + ExecStart = "${cfg.package}/sbin/varnishd -a ${cfg.http_address} -n ${stateDir} -F ${cfg.extraCommandLine} ${commandLine}"; |
90 | 101 | Restart = "always"; |
91 | 102 | RestartSec = "5s"; |
92 | 103 | User = "varnish"; |
93 | 104 | Group = "varnish"; |
94 | | - RuntimeDirectory = lib.mkIf (lib.hasPrefix "/run/" cfg.stateDir) ( |
95 | | - lib.removePrefix "/run/" cfg.stateDir |
96 | | - ); |
| 105 | + RuntimeDirectory = lib.removePrefix "/var/run/" stateDir; |
97 | 106 | AmbientCapabilities = "cap_net_bind_service"; |
98 | 107 | NoNewPrivileges = true; |
99 | 108 | LimitNOFILE = 131072; |
|
0 commit comments