From d76ad79b4ddfaea3dfd5dc01f72e5fd345591b07 Mon Sep 17 00:00:00 2001 From: Matthew Croughan Date: Fri, 28 Jun 2024 23:16:36 +0300 Subject: [PATCH] nixos/scion: use RuntimeDirectory instead of StateDirectory (#323200) It was wrong to use StateDirectory to keep the scion-control and scion-router runtime databases on disk for the next run. I observed that doing this means a reboot, or power outage can corrupt the temporary runtime databases for the next service start, leading scion ping and other functionality to stop working permanently, since those files are not managed in an atomic manner by the golang code. --- .../services/networking/scion/scion-control.nix | 10 +++++----- .../modules/services/networking/scion/scion-daemon.nix | 8 ++++---- .../services/networking/scion/scion-dispatcher.nix | 2 +- .../modules/services/networking/scion/scion-router.nix | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/networking/scion/scion-control.nix b/nixos/modules/services/networking/scion/scion-control.nix index b86f1ef26b35..95d78a87ac85 100644 --- a/nixos/modules/services/networking/scion/scion-control.nix +++ b/nixos/modules/services/networking/scion/scion-control.nix @@ -12,13 +12,13 @@ let reconnect_to_dispatcher = true; }; beacon_db = { - connection = "/var/lib/scion-control/control.beacon.db"; + connection = "/run/scion-control/control.beacon.db"; }; path_db = { - connection = "/var/lib/scion-control/control.path.db"; + connection = "/run/scion-control/control.path.db"; }; trust_db = { - connection = "/var/lib/scion-control/control.trust.db"; + connection = "/run/scion-control/control.trust.db"; }; log.console = { level = "info"; @@ -35,7 +35,7 @@ in example = literalExpression '' { path_db = { - connection = "/var/lib/scion-control/control.path.db"; + connection = "/run/scion-control/control.path.db"; }; log.console = { level = "info"; @@ -62,7 +62,7 @@ in DynamicUser = true; Restart = "on-failure"; BindPaths = [ "/dev/shm:/run/shm" ]; - StateDirectory = "scion-control"; + RuntimeDirectory = "scion-control"; }; }; }; diff --git a/nixos/modules/services/networking/scion/scion-daemon.nix b/nixos/modules/services/networking/scion/scion-daemon.nix index a9c0c80f101f..8528bec1d52e 100644 --- a/nixos/modules/services/networking/scion/scion-daemon.nix +++ b/nixos/modules/services/networking/scion/scion-daemon.nix @@ -12,10 +12,10 @@ let reconnect_to_dispatcher = true; }; path_db = { - connection = "/var/lib/scion-daemon/sd.path.db"; + connection = "/run/scion-daemon/sd.path.db"; }; trust_db = { - connection = "/var/lib/scion-daemon/sd.trust.db"; + connection = "/run/scion-daemon/sd.trust.db"; }; log.console = { level = "info"; @@ -32,7 +32,7 @@ in example = literalExpression '' { path_db = { - connection = "/var/lib/scion-daemon/sd.path.db"; + connection = "/run/scion-daemon/sd.path.db"; }; log.console = { level = "info"; @@ -57,7 +57,7 @@ in ExecStart = "${pkgs.scion}/bin/scion-daemon --config ${configFile}"; Restart = "on-failure"; DynamicUser = true; - StateDirectory = "scion-daemon"; + RuntimeDirectory = "scion-daemon"; }; }; }; diff --git a/nixos/modules/services/networking/scion/scion-dispatcher.nix b/nixos/modules/services/networking/scion/scion-dispatcher.nix index 9118ebefa18f..7c9f5e6a385e 100644 --- a/nixos/modules/services/networking/scion/scion-dispatcher.nix +++ b/nixos/modules/services/networking/scion/scion-dispatcher.nix @@ -66,7 +66,7 @@ in ExecStartPre = "${pkgs.coreutils}/bin/rm -rf /run/shm/dispatcher"; ExecStart = "${pkgs.scion}/bin/scion-dispatcher --config ${configFile}"; Restart = "on-failure"; - StateDirectory = "scion-dispatcher"; + RuntimeDirectory = "scion-dispatcher"; }; }; }; diff --git a/nixos/modules/services/networking/scion/scion-router.nix b/nixos/modules/services/networking/scion/scion-router.nix index 3579005a429e..2cac44ab767e 100644 --- a/nixos/modules/services/networking/scion/scion-router.nix +++ b/nixos/modules/services/networking/scion/scion-router.nix @@ -42,7 +42,7 @@ in ExecStart = "${pkgs.scion}/bin/scion-router --config ${configFile}"; Restart = "on-failure"; DynamicUser = true; - StateDirectory = "scion-router"; + RuntimeDirectory = "scion-router"; }; }; };