nixos/scion: use RuntimeDirectory instead of StateDirectory (#323200)

It was wrong to use StateDirectory to keep the scion-control and scion-router runtime databases on disk for the next run. I observed that doing this means a reboot, or power outage can corrupt the temporary runtime databases for the next service start, leading scion ping and other functionality to stop working permanently, since those files are not managed in an atomic manner by the golang code.
2025-07-13 21:50:33 +03:00 · 2024-06-28 23:16:36 +03:00 · 2024-06-28 23:16:36 +03:00 · d76ad79b4d
commit d76ad79b4d
parent c81ecdf95b
4 changed files with 11 additions and 11 deletions
--- a/nixos/modules/services/networking/scion/scion-control.nix
+++ b/nixos/modules/services/networking/scion/scion-control.nix
@ -12,13 +12,13 @@ let
      reconnect_to_dispatcher = true;
    };
    beacon_db = {
-      connection = "/var/lib/scion-control/control.beacon.db";
+      connection = "/run/scion-control/control.beacon.db";
    };
    path_db = {
-      connection = "/var/lib/scion-control/control.path.db";
+      connection = "/run/scion-control/control.path.db";
    };
    trust_db = {
-      connection = "/var/lib/scion-control/control.trust.db";
+      connection = "/run/scion-control/control.trust.db";
    };
    log.console = {
      level = "info";
@ -35,7 +35,7 @@ in
      example = literalExpression ''
        {
          path_db = {
-            connection = "/var/lib/scion-control/control.path.db";
+            connection = "/run/scion-control/control.path.db";
          };
          log.console = {
            level = "info";
@ -62,7 +62,7 @@ in
        DynamicUser = true;
        Restart = "on-failure";
        BindPaths = [ "/dev/shm:/run/shm" ];
-        StateDirectory = "scion-control";
+        RuntimeDirectory = "scion-control";
      };
    };
  };
--- a/nixos/modules/services/networking/scion/scion-daemon.nix
+++ b/nixos/modules/services/networking/scion/scion-daemon.nix
@ -12,10 +12,10 @@ let
      reconnect_to_dispatcher = true;
    };
    path_db = {
-      connection = "/var/lib/scion-daemon/sd.path.db";
+      connection = "/run/scion-daemon/sd.path.db";
    };
    trust_db = {
-      connection = "/var/lib/scion-daemon/sd.trust.db";
+      connection = "/run/scion-daemon/sd.trust.db";
    };
    log.console = {
      level = "info";
@ -32,7 +32,7 @@ in
      example = literalExpression ''
        {
          path_db = {
-            connection = "/var/lib/scion-daemon/sd.path.db";
+            connection = "/run/scion-daemon/sd.path.db";
          };
          log.console = {
            level = "info";
@ -57,7 +57,7 @@ in
        ExecStart = "${pkgs.scion}/bin/scion-daemon --config ${configFile}";
        Restart = "on-failure";
        DynamicUser = true;
-        StateDirectory = "scion-daemon";
+        RuntimeDirectory = "scion-daemon";
      };
    };
  };
--- a/nixos/modules/services/networking/scion/scion-dispatcher.nix
+++ b/nixos/modules/services/networking/scion/scion-dispatcher.nix
@ -66,7 +66,7 @@ in
        ExecStartPre = "${pkgs.coreutils}/bin/rm -rf /run/shm/dispatcher";
        ExecStart = "${pkgs.scion}/bin/scion-dispatcher --config ${configFile}";
        Restart = "on-failure";
-        StateDirectory = "scion-dispatcher";
+        RuntimeDirectory = "scion-dispatcher";
      };
    };
  };
--- a/nixos/modules/services/networking/scion/scion-router.nix
+++ b/nixos/modules/services/networking/scion/scion-router.nix
@ -42,7 +42,7 @@ in
        ExecStart = "${pkgs.scion}/bin/scion-router --config ${configFile}";
        Restart = "on-failure";
        DynamicUser = true;
-        StateDirectory = "scion-router";
+        RuntimeDirectory = "scion-router";
      };
    };
  };