nixos/scion: use RuntimeDirectory instead of StateDirectory (#323200)

It was wrong to use StateDirectory to keep the scion-control and scion-router runtime databases on disk for the next run. I observed that doing this means a reboot, or power outage can corrupt the temporary runtime databases for the next service start, leading scion ping and other functionality to stop working permanently, since those files are not managed in an atomic manner by the golang code.
author: Matthew Croughan <matt@croughan.sh> 2024-06-28 23:16:36 +0300
committer: GitHub <noreply@github.com> 2024-06-28 22:16:36 +0200
commit: d76ad79b4ddfaea3dfd5dc01f72e5fd345591b07 (patch)
tree: 98820c78568b889d43c359e5d1a94b8661b6a4e3 /nixos/modules/services
parent: c81ecdf95b3a0f73ded448f14416cd66beeb5e1a (diff)
4 files changed, 11 insertions, 11 deletions
diff --git a/nixos/modules/services/networking/scion/scion-control.nix b/nixos/modules/services/networking/scion/scion-control.nix
index b86f1ef26b35..95d78a87ac85 100644
--- a/nixos/modules/services/networking/scion/scion-control.nix
+++ b/nixos/modules/services/networking/scion/scion-control.nix
@@ -12,13 +12,13 @@ let
       reconnect_to_dispatcher = true;
     };
     beacon_db = {
-      connection = "/var/lib/scion-control/control.beacon.db";
+      connection = "/run/scion-control/control.beacon.db";
     };
     path_db = {
-      connection = "/var/lib/scion-control/control.path.db";
+      connection = "/run/scion-control/control.path.db";
     };
     trust_db = {
-      connection = "/var/lib/scion-control/control.trust.db";
+      connection = "/run/scion-control/control.trust.db";
     };
     log.console = {
       level = "info";
@@ -35,7 +35,7 @@ in
       example = literalExpression ''
         {
           path_db = {
-            connection = "/var/lib/scion-control/control.path.db";
+            connection = "/run/scion-control/control.path.db";
           };
           log.console = {
             level = "info";
@@ -62,7 +62,7 @@ in
         DynamicUser = true;
         Restart = "on-failure";
         BindPaths = [ "/dev/shm:/run/shm" ];
-        StateDirectory = "scion-control";
+        RuntimeDirectory = "scion-control";
       };
     };
   };
diff --git a/nixos/modules/services/networking/scion/scion-daemon.nix b/nixos/modules/services/networking/scion/scion-daemon.nix
index a9c0c80f101f..8528bec1d52e 100644
--- a/nixos/modules/services/networking/scion/scion-daemon.nix
+++ b/nixos/modules/services/networking/scion/scion-daemon.nix
@@ -12,10 +12,10 @@ let
       reconnect_to_dispatcher = true;
     };
     path_db = {
-      connection = "/var/lib/scion-daemon/sd.path.db";
+      connection = "/run/scion-daemon/sd.path.db";
     };
     trust_db = {
-      connection = "/var/lib/scion-daemon/sd.trust.db";
+      connection = "/run/scion-daemon/sd.trust.db";
     };
     log.console = {
       level = "info";
@@ -32,7 +32,7 @@ in
       example = literalExpression ''
         {
           path_db = {
-            connection = "/var/lib/scion-daemon/sd.path.db";
+            connection = "/run/scion-daemon/sd.path.db";
           };
           log.console = {
             level = "info";
@@ -57,7 +57,7 @@ in
         ExecStart = "${pkgs.scion}/bin/scion-daemon --config ${configFile}";
         Restart = "on-failure";
         DynamicUser = true;
-        StateDirectory = "scion-daemon";
+        RuntimeDirectory = "scion-daemon";
       };
     };
   };
diff --git a/nixos/modules/services/networking/scion/scion-dispatcher.nix b/nixos/modules/services/networking/scion/scion-dispatcher.nix
index 9118ebefa18f..7c9f5e6a385e 100644
--- a/nixos/modules/services/networking/scion/scion-dispatcher.nix
+++ b/nixos/modules/services/networking/scion/scion-dispatcher.nix
@@ -66,7 +66,7 @@ in
         ExecStartPre = "${pkgs.coreutils}/bin/rm -rf /run/shm/dispatcher";
         ExecStart = "${pkgs.scion}/bin/scion-dispatcher --config ${configFile}";
         Restart = "on-failure";
-        StateDirectory = "scion-dispatcher";
+        RuntimeDirectory = "scion-dispatcher";
       };
     };
   };
diff --git a/nixos/modules/services/networking/scion/scion-router.nix b/nixos/modules/services/networking/scion/scion-router.nix
index 3579005a429e..2cac44ab767e 100644
--- a/nixos/modules/services/networking/scion/scion-router.nix
+++ b/nixos/modules/services/networking/scion/scion-router.nix
@@ -42,7 +42,7 @@ in
         ExecStart = "${pkgs.scion}/bin/scion-router --config ${configFile}";
         Restart = "on-failure";
         DynamicUser = true;
-        StateDirectory = "scion-router";
+        RuntimeDirectory = "scion-router";
       };
     };
   };
author	Matthew Croughan <matt@croughan.sh>	2024-06-28 23:16:36 +0300
committer	GitHub <noreply@github.com>	2024-06-28 22:16:36 +0200
commit	d76ad79b4ddfaea3dfd5dc01f72e5fd345591b07 (patch)
tree	98820c78568b889d43c359e5d1a94b8661b6a4e3 /nixos/modules/services
parent	c81ecdf95b3a0f73ded448f14416cd66beeb5e1a (diff)