From 9c8485b5492e7631782423da7374ed738ec9d220 Mon Sep 17 00:00:00 2001
From: Philipp Herzog <ph@flyingcircus.io>
Date: Fri, 21 Jun 2024 10:08:42 +0200
Subject: [PATCH] [FC-36891] fix varnish monitoring

The default monitoring check relied on varnish to run on a specific
address.
Since this address can be changed, the Sensu check needs to be adjusted
to correctly infer the host and port that varnish is running on

The listen address can only be reliably queried at runtime
(without reimplementing Varnishd's command line parsing logic in nix)
hence why multiple checks - one per address - are not possible.
---
 nixos/roles/webproxy.nix           | 11 ++++++++++-
 nixos/services/varnish/default.nix |  6 ++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/nixos/roles/webproxy.nix b/nixos/roles/webproxy.nix
index d28274701..7df93bd05 100644
--- a/nixos/roles/webproxy.nix
+++ b/nixos/roles/webproxy.nix
@@ -63,7 +63,16 @@ in
         };
         varnish_http = {
           notification = "varnish port 8008 HTTP response";
-          command = "check_http -H localhost -p 8008 -c 10 -w 3 -t 20 -e HTTP";
+          command = "${pkgs.writeShellScript "check-varnish-http" ''
+            ADDRS=$(${cfg.package}/bin/varnishadm debug.listen_address | awk '/([0-9.]+\.)+/ { print $2":"$3; }')
+            for ADDR in $ADDRS; do
+              host=$(echo $ADDR | cut -d ":" -f 1)
+              port=$(echo $ADDR | cut -d ":" -f 2)
+
+              echo "checking host '$host' on port '$port'"
+              ${pkgs.monitoring-plugins}/bin/check_http -H $host -p $port -c 10 -w 3 -t 20 -e HTTP
+            done
+          ''}";
         };
       };
 
diff --git a/nixos/services/varnish/default.nix b/nixos/services/varnish/default.nix
index 5278ab206..39d706b38 100644
--- a/nixos/services/varnish/default.nix
+++ b/nixos/services/varnish/default.nix
@@ -120,6 +120,12 @@ in {
     http_address = mkOption {
       type = types.str;
       default = "*:8008";
+      description = ''
+        The http address for the varnish service to listen on.
+        Unix sockets can technically be used for varnish, but are not currently supported on the FCIO platform due to monitoring constraints.
+        Multiple addressess can be specified in a comma-separated fashion in the form of `address[:port][,address[:port][...]`.
+        See `varnishd(1)` for details.
+      '';
     };
     virtualHosts = mkOption {
       type = types.attrsOf (types.submodule ({ name, config, ... }: {