From 0129b83a02516278fdcf123343034f6744767ad6 Mon Sep 17 00:00:00 2001 From: Christian Theune Date: Tue, 14 Jan 2025 16:56:17 +0100 Subject: [PATCH 1/4] varnish76: init at 7.6.1 --- nixos/tests/all-tests.nix | 1 + pkgs/servers/varnish/default.nix | 5 +++++ pkgs/servers/varnish/modules.nix | 4 ++++ pkgs/servers/varnish/packages.nix | 5 +++++ pkgs/top-level/all-packages.nix | 4 ++-- 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 837bdc7e9fdda..9c40a78094fa3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1139,6 +1139,7 @@ in { v2ray = handleTest ./v2ray.nix {}; varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; }; varnish75 = handleTest ./varnish.nix { package = pkgs.varnish75; }; + varnish76 = handleTest ./varnish.nix { package = pkgs.varnish76; }; vault = handleTest ./vault.nix {}; vault-agent = handleTest ./vault-agent.nix {}; vault-dev = handleTest ./vault-dev.nix {}; diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix index d1d67d74b1532..fd969f35f3be1 100644 --- a/pkgs/servers/varnish/default.nix +++ b/pkgs/servers/varnish/default.nix @@ -99,4 +99,9 @@ in version = "7.5.0"; hash = "sha256-/KYbmDE54arGHEVG0SoaOrmAfbsdgxRXHjFIyT/3K10="; }; + # EOL 2025-09-15 + varnish76 = common { + version = "7.6.1"; + hash = "sha256-Wpu1oUn/J4Z7VKZs4W0qS5Pt/6VHPLh8nHH3aZz4Rbo="; + }; } diff --git a/pkgs/servers/varnish/modules.nix b/pkgs/servers/varnish/modules.nix index 225d5c5e9f42e..d51a2dae3f7c8 100644 --- a/pkgs/servers/varnish/modules.nix +++ b/pkgs/servers/varnish/modules.nix @@ -59,4 +59,8 @@ in version = "0.24.0"; hash = "sha256-2MfcrhhkBz9GyQxEWzjipdn1CBEqnCvC3t1G2YSauak="; }; + modules25 = common { + version = "0.25.0"; + hash = "sha256-m/7moizVyvoP8xnpircAFVUqCmCfTGkgVyRc6zkdVsk="; + }; } diff --git a/pkgs/servers/varnish/packages.nix b/pkgs/servers/varnish/packages.nix index f5d72f8226da1..114e3db4b1312 100644 --- a/pkgs/servers/varnish/packages.nix +++ b/pkgs/servers/varnish/packages.nix @@ -3,6 +3,7 @@ callPackage, varnish60, varnish75, + varnish76, }: { varnish60Packages = rec { @@ -23,4 +24,8 @@ varnish = varnish75; modules = (callPackages ./modules.nix { inherit varnish; }).modules24; }; + varnish76Packages = rec { + varnish = varnish76; + modules = (callPackages ./modules.nix { inherit varnish; }).modules25; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 68b022b96e8f6..f9a464997b2b2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5493,9 +5493,9 @@ with pkgs; unzipNLS = lowPrio (unzip.override { enableNLS = true; }); inherit (callPackages ../servers/varnish { }) - varnish60 varnish75; + varnish60 varnish75 varnish76; inherit (callPackages ../servers/varnish/packages.nix { }) - varnish60Packages varnish75Packages; + varnish60Packages varnish75Packages varnish76Packages; varnishPackages = varnish75Packages; varnish = varnishPackages.varnish; From 75ad720f775dad2cef4697d3baef1acf4630ccd8 Mon Sep 17 00:00:00 2001 From: Christian Theune Date: Tue, 14 Jan 2025 15:01:28 +0100 Subject: [PATCH 2/4] varnish: add flying circus as maintainer --- pkgs/servers/varnish/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix index fd969f35f3be1..b9e4b0de6c3ec 100644 --- a/pkgs/servers/varnish/default.nix +++ b/pkgs/servers/varnish/default.nix @@ -83,7 +83,7 @@ let description = "Web application accelerator also known as a caching HTTP reverse proxy"; homepage = "https://www.varnish-cache.org"; license = licenses.bsd2; - maintainers = [ ]; + maintainers = lib.teams.flyingcircus.members; platforms = platforms.unix; }; }; From ba79b6d68b191c8bb5b83dd6df1efc0834680c64 Mon Sep 17 00:00:00 2001 From: Christian Theune Date: Thu, 16 Jan 2025 18:47:14 +0100 Subject: [PATCH 3/4] nixos/varnish: reduce overusage of `lib` (#208242) --- .../services/web-servers/varnish/default.nix | 48 +++++++++---------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/nixos/modules/services/web-servers/varnish/default.nix b/nixos/modules/services/web-servers/varnish/default.nix index d2b035b7cc5f7..033dc631289ba 100644 --- a/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixos/modules/services/web-servers/varnish/default.nix @@ -5,65 +5,62 @@ ... }: -with lib; - let cfg = config.services.varnish; commandLine = "-f ${pkgs.writeText "default.vcl" cfg.config}" + - optionalString (cfg.extraModules != [ ]) + lib.optionalString (cfg.extraModules != [ ]) " -p vmod_path='${ - makeSearchPathOutput "lib" "lib/varnish/vmods" ([ cfg.package ] ++ cfg.extraModules) + lib.makeSearchPathOutput "lib" "lib/varnish/vmods" ([ cfg.package ] ++ cfg.extraModules) }' -r vmod_path"; in { options = { services.varnish = { - enable = mkEnableOption "Varnish Server"; + enable = lib.mkEnableOption "Varnish Server"; - enableConfigCheck = mkEnableOption "checking the config during build time" // { + enableConfigCheck = lib.mkEnableOption "checking the config during build time" // { default = true; }; - package = mkPackageOption pkgs "varnish" { }; + package = lib.mkPackageOption pkgs "varnish" { }; - http_address = mkOption { - type = types.str; + http_address = lib.mkOption { + type = lib.types.str; default = "*:6081"; description = '' HTTP listen address and port. ''; }; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; description = '' Verbatim default.vcl configuration. ''; }; - stateDir = mkOption { - type = types.path; + stateDir = lib.mkOption { + type = lib.types.path; default = "/run/varnish/${config.networking.hostName}"; - defaultText = literalExpression ''"/run/varnish/''${config.networking.hostName}"''; + defaultText = lib.literalExpression ''"/run/varnish/''${config.networking.hostName}"''; description = '' Directory holding all state for Varnish to run. Note that this should be a tmpfs in order to avoid performance issues and crashes. ''; }; - - extraModules = mkOption { - type = types.listOf types.package; + extraModules = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - example = literalExpression "[ pkgs.varnishPackages.geoip ]"; + example = lib.literalExpression "[ pkgs.varnishPackages.geoip ]"; description = '' Varnish modules (except 'std'). ''; }; - extraCommandLine = mkOption { - type = types.str; + extraCommandLine = lib.mkOption { + type = lib.types.str; default = ""; example = "-s malloc,256M"; description = '' @@ -74,17 +71,16 @@ in }; - config = mkIf cfg.enable { - + config = lib.mkIf cfg.enable { systemd.services.varnish = { description = "Varnish"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' + preStart = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' mkdir -p ${cfg.stateDir} chown -R varnish:varnish ${cfg.stateDir} ''; - postStop = mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' + postStop = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' rm -rf ${cfg.stateDir} ''; serviceConfig = { @@ -95,7 +91,7 @@ in RestartSec = "5s"; User = "varnish"; Group = "varnish"; - RuntimeDirectory = mkIf (lib.hasPrefix "/run/" cfg.stateDir) ( + RuntimeDirectory = lib.mkIf (lib.hasPrefix "/run/" cfg.stateDir) ( lib.removePrefix "/run/" cfg.stateDir ); AmbientCapabilities = "cap_net_bind_service"; @@ -107,7 +103,7 @@ in environment.systemPackages = [ cfg.package ]; # check .vcl syntax at compile time (e.g. before nixops deployment) - system.checks = mkIf cfg.enableConfigCheck [ + system.checks = lib.mkIf cfg.enableConfigCheck [ (pkgs.runCommand "check-varnish-syntax" { } '' ${cfg.package}/bin/varnishd -C ${commandLine} 2> $out || (cat $out; exit 1) '') From 0640622eb1fb3ca4182e71aa3a48def88458ecec Mon Sep 17 00:00:00 2001 From: Christian Theune Date: Tue, 14 Jan 2025 16:44:08 +0100 Subject: [PATCH 4/4] nixos/varnish: fix stateDir to allow direct use of `varnishadm` --- .../services/web-servers/varnish/default.nix | 47 +++++++++++-------- nixos/tests/varnish.nix | 8 +++- pkgs/servers/varnish/default.nix | 2 +- 3 files changed, 35 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/web-servers/varnish/default.nix b/nixos/modules/services/web-servers/varnish/default.nix index 033dc631289ba..6b3ff33d23487 100644 --- a/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixos/modules/services/web-servers/varnish/default.nix @@ -8,6 +8,24 @@ let cfg = config.services.varnish; + # Varnish has very strong opinions and very complicated code around handling + # the stateDir. After a lot of back and forth, we decided that we a) + # do not want a configurable option here, as most of the handling depends + # on the version and the compile time options. Putting everything into + # /var/run (RAM backed) is absolutely recommended by Varnish anyways. + # We do need to pay attention to the version-dependend variations, though! + stateDir = + if + (lib.versionOlder cfg.package.version "7") + # Remove after Varnish 6.0 is gone. In 6.0 varnishadm always appends the + # hostname (by default) and can't be nudged to not use any name. This has + # long changed by 7.5 and can be used without the host name. + then + "/var/run/varnish/${config.networking.hostName}" + # Newer varnish uses this: + else + "/var/run/varnishd"; + commandLine = "-f ${pkgs.writeText "default.vcl" cfg.config}" + @@ -17,6 +35,14 @@ let }' -r vmod_path"; in { + imports = [ + (lib.mkRemovedOptionModule [ + "services" + "varnish" + "stateDir" + ] "The `stateDir` option never was functional or useful. varnish uses compile-time settings.") + ]; + options = { services.varnish = { enable = lib.mkEnableOption "Varnish Server"; @@ -42,14 +68,6 @@ in ''; }; - stateDir = lib.mkOption { - type = lib.types.path; - default = "/run/varnish/${config.networking.hostName}"; - defaultText = lib.literalExpression ''"/run/varnish/''${config.networking.hostName}"''; - description = '' - Directory holding all state for Varnish to run. Note that this should be a tmpfs in order to avoid performance issues and crashes. - ''; - }; extraModules = lib.mkOption { type = lib.types.listOf lib.types.package; default = [ ]; @@ -76,24 +94,15 @@ in description = "Varnish"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' - mkdir -p ${cfg.stateDir} - chown -R varnish:varnish ${cfg.stateDir} - ''; - postStop = lib.mkIf (!(lib.hasPrefix "/run/" cfg.stateDir)) '' - rm -rf ${cfg.stateDir} - ''; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; - ExecStart = "${cfg.package}/sbin/varnishd -a ${cfg.http_address} -n ${cfg.stateDir} -F ${cfg.extraCommandLine} ${commandLine}"; + ExecStart = "${cfg.package}/sbin/varnishd -a ${cfg.http_address} -n ${stateDir} -F ${cfg.extraCommandLine} ${commandLine}"; Restart = "always"; RestartSec = "5s"; User = "varnish"; Group = "varnish"; - RuntimeDirectory = lib.mkIf (lib.hasPrefix "/run/" cfg.stateDir) ( - lib.removePrefix "/run/" cfg.stateDir - ); + RuntimeDirectory = lib.removePrefix "/var/run/" stateDir; AmbientCapabilities = "cap_net_bind_service"; NoNewPrivileges = true; LimitNOFILE = 131072; diff --git a/nixos/tests/varnish.nix b/nixos/tests/varnish.nix index ec9f058537374..ee60a9e392fa4 100644 --- a/nixos/tests/varnish.nix +++ b/nixos/tests/varnish.nix @@ -56,8 +56,12 @@ import ./make-test-python.nix ( client.wait_until_succeeds("curl -f http://varnish/nix-cache-info"); - client.wait_until_succeeds("nix-store -r ${testPath}"); - client.succeed("${testPath}/bin/hello"); + client.wait_until_succeeds("nix-store -r ${testPath}") + client.succeed("${testPath}/bin/hello") + + output = varnish.succeed("varnishadm status") + print(output) + assert "Child in state running" in output, "Unexpected varnishadm response" ''; } ) diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix index b9e4b0de6c3ec..4c0a7afb09865 100644 --- a/pkgs/servers/varnish/default.nix +++ b/pkgs/servers/varnish/default.nix @@ -54,7 +54,7 @@ let ++ lib.optional stdenv.hostPlatform.isDarwin libunwind ++ lib.optional stdenv.hostPlatform.isLinux jemalloc; - buildFlags = [ "localstatedir=/var/spool" ]; + buildFlags = [ "localstatedir=/var/run" ]; postPatch = '' substituteInPlace bin/varnishtest/vtc_main.c --replace /bin/rm "${coreutils}/bin/rm"